分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-2 2019-08-08 15:38:40 2019-08-08 15:41:14 154 秒

魔盾分数

5.8

可疑的

文件详细信息

文件名 猎杀专员.exe
文件大小 1978368 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5b7993e3be6f7f5f8b8b984331a43f6d
SHA1 389ea60bbbe648684be0f5d14a788e6f3d83f242
SHA256 0095214e421cb6db98a95292bb62b5959df4b93e558a69f357ddfdf6fc637ae1
SHA512 f027cd8bbb3b4cc14cb10ee7baf27953be0d98e8c3e0599814db3941ec48d24d56be98b0f64083ee831e61095eaab8c3721602c80297338668434a3507df4261
CRC32 ABD66475
Ssdeep 24576:XTuS/nPZsyphlSLzNfOMaF7ETZaqdiXSp0c02uFG6dAk3HMf7fMexmO:XiSJsYOfNWMDTZaqdwk0c05HGia
Yara
  • Detected 32bit PE signature
  • Detected Entropy signature
  • Detected Rich Signature
  • Create a new process
  • Detected take screenshot function
  • Run a keylogger
  • Affect system registries
  • Change registries to affect system
  • Affect private profile
  • Affect private profile
  • Affect hook table
  • Detects malicious behaviors from a small size app
  • Detected no presence of any attachment
  • Detected the presence of an or several images
  • Detected the presence of an or several urls
  • Detected UPX. Commonly used by RAT!
  • Looks for big numbers 20:sized
  • Looks for big numbers 32:sized
  • Look for CRC32 [poly]
  • Look for CRC32 table
  • Look for MD5 constants
  • Detects program has the encryption or decription logic
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.80.24.200 中国
114.80.24.201 中国
119.3.65.116 香港
120.92.174.135 中国
150.138.97.253 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
space.bilibili.com A 120.92.174.135
CNAME interface.biliapi.com
A 119.3.65.116
at.alicdn.com CNAME at.alicdn.com.danuoyi.alicdn.com
A 150.138.97.253
A 150.138.97.254
A 183.136.135.241
A 183.136.135.242
s1.hdslb.com 未知 CNAME bstatic.hdslb.com
CNAME s1.hdslb.com.w.kunlunar.com
A 114.80.24.197
A 114.80.24.198
A 114.80.24.202
A 114.80.24.199
A 114.80.24.203
A 114.80.24.200
A 114.80.24.201
A 114.80.24.196

摘要

C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\SkinH_EL.dll
C:\
C:\Users\test\AppData\Local\Temp\MSIMG32.dll
C:\Windows\System32\msimg32.dll
C:\Users\test\AppData\Local\Temp\MSVFW32.dll
C:\Windows\System32\msvfw32.dll
C:\Users\test\AppData\Local\Temp\____________.exe
C:\Windows\Fonts\staticcache.dat
\??\MountPointManager
C:\Windows\SysWOW64\wininet.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\test\AppData\Local\Microsoft\Windows\History
C:\Users\test\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Program Files (x86)\Internet Explorer\dnsapi.DLL
C:\Windows\System32\dnsapi.dll
C:\Program Files (x86)\Internet Explorer\iphlpapi.DLL
C:\Windows\System32\IPHLPAPI.DLL
C:\Program Files (x86)\Internet Explorer\WINNSI.DLL
C:\Windows\System32\winnsi.dll
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\test\AppData\Local\Temp\SkinH_EL.dll
C:\Windows\System32\msimg32.dll
C:\Windows\System32\msvfw32.dll
C:\Users\test\AppData\Local\Temp\____________.exe
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\wininet.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\System32\dnsapi.dll
C:\Windows\System32\IPHLPAPI.DLL
C:\Windows\System32\winnsi.dll
\Device\KsecDD
C:\Users\test\AppData\Local\Temp\SkinH_EL.dll
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\VFW
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\SkinH_EL.dll
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\____________.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\____________.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Low Rights
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Setup
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Setup\HaveCreatedQuickLaunchItems
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\Feature_ClientAuthCertFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\RETRY_HEADERONLYPOST_ONCONNECTIONRESET
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BUFFERBREAKING_818408
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_CNAME_FOR_SPN_KB911149
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_LONG_INTERNATIONAL_FILENAMES
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DIGEST_NO_EXTRAS_IN_URI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RELEASE_KEYS_ON_UNLOAD_KB975619
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SECURITY_FLAG_IGNORE_REVOCATION_KB2275828
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Secondary Start Pages
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Secondary Start Pages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\HangResistance
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\HangResistance
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableToolbars
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CacheOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\SkinH_EL.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Setup\HaveCreatedQuickLaunchItems
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FromCacheTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableKeepAlive
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisablePassport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IdnEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CacheMode
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttp1_1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyHttp1.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableNegotiate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBasicOverClearChannel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_ClientAuthCertFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\Feature_ClientAuthCertFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ClientAuthBuiltInUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutoProxyResultCache
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisplayScriptDownloadFailureUI
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSServername
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\MBCSAPIforCrack
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UTF8ServerNameRes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableWorkerThreadHibernation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableReadRange
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketSendBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SocketReceiveBufferLength
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\KeepAliveTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxHttpRedirects
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ServerInfoTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectRetries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableNTLMPreAuth
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ScavengeCacheLowerBound
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CertCacheNoValidate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLifeTime
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\ScavengeCacheFileLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HttpDefaultExpiryTimeSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\FtpDefaultExpiryTimeSecs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK\*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\PerUserCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\LeashLegacyCookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DialupUseLanSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendExtraCRLF
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WpadSearchAllDomains
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassHTTPNoCacheCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\BypassSSLNoCacheCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnableHttpTrace
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoCheckAutodialOverRide
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DontUseDNSLoadBalancing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MimeExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\HeaderExclusionListForCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheEntries
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DnsCacheTimeout
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnAlwaysOnPost
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnZoneCrossing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnBadCertRecving
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AlwaysDrainOnRedirect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnHTTPSToHTTPRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TcpAutotuning
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\NoNetAutodial
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\BadProxyExpiresTime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableBranchCache
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Secondary Start Pages
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Secondary Start Pages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\HangResistance
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\HangResistance
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableToolbars
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019041020190411\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
kernel32.dll.IsProcessorFeaturePresent
cryptbase.dll.SystemFunction036
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.VirtualProtect
kernel32.dll.MulDiv
kernel32.dll.FlushInstructionCache
kernel32.dll.GetCurrentProcess
kernel32.dll.GetTickCount
kernel32.dll.VirtualQuery
kernel32.dll.SetFilePointer
kernel32.dll.GlobalAlloc
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalReAlloc
kernel32.dll.GlobalFree
kernel32.dll.FindResourceA
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.SizeofResource
kernel32.dll.FreeLibrary
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleHandleA
kernel32.dll.GetProcAddress
kernel32.dll.GetVersion
kernel32.dll.GetCurrentThreadId
kernel32.dll.CreateFileA
kernel32.dll.GetFileSize
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.SetLastError
comctl32.dll.ImageList_GetIcon
comctl32.dll.ImageList_GetImageInfo
comctl32.dll.ImageList_Draw
comctl32.dll.ImageList_GetIconSize
gdi32.dll.SetWindowExtEx
gdi32.dll.SetWindowOrgEx
gdi32.dll.SetMapMode
gdi32.dll.SelectClipPath
gdi32.dll.EndPath
gdi32.dll.BeginPath
gdi32.dll.TextOutA
gdi32.dll.GetClipRgn
gdi32.dll.GetPixel
gdi32.dll.CreatePatternBrush
gdi32.dll.CreateFontIndirectA
gdi32.dll.SetViewportOrgEx
gdi32.dll.GetStockObject
gdi32.dll.GetTextExtentPoint32A
gdi32.dll.CreateRoundRectRgn
gdi32.dll.CreateFontA
gdi32.dll.SetViewportExtEx
gdi32.dll.SelectClipRgn
gdi32.dll.SelectObject
gdi32.dll.CreateCompatibleDC
gdi32.dll.DeleteDC
gdi32.dll.OffsetRgn
gdi32.dll.CombineRgn
gdi32.dll.CreateRectRgn
gdi32.dll.CreatePen
gdi32.dll.ExtCreateRegion
gdi32.dll.DeleteObject
gdi32.dll.Rectangle
gdi32.dll.SetPixel
gdi32.dll.PtInRegion
gdi32.dll.SetTextColor
gdi32.dll.SetBkMode
gdi32.dll.BitBlt
gdi32.dll.PatBlt
gdi32.dll.CreateDIBSection
gdi32.dll.GetObjectA
gdi32.dll.CreateCompatibleBitmap
gdi32.dll.GetTextExtentPointA
gdi32.dll.ExtTextOutA
gdi32.dll.ExtTextOutW
gdi32.dll.SetBkColor
gdi32.dll.GetTextColor
gdi32.dll.CreateSolidBrush
msimg32.dll.TransparentBlt
msvcrt.dll.free
msvcrt.dll.??3@YAXPAX@Z
msvcrt.dll.__CxxFrameHandler
msvcrt.dll.??2@YAPAXI@Z
msvcrt.dll._ftol
msvcrt.dll._mbsstr
msvcrt.dll._mbscmp
msvcrt.dll.__dllonexit
msvcrt.dll.malloc
msvcrt.dll._initterm
msvcrt.dll._adjust_fdiv
msvcrt.dll._onexit
msvcrt.dll.memcpy
msvfw32.dll.DrawDibOpen
msvfw32.dll.DrawDibDraw
msvfw32.dll.DrawDibClose
user32.dll.SetWindowsHookExA
user32.dll.UnhookWindowsHookEx
user32.dll.CallNextHookEx
user32.dll.GetClassNameA
user32.dll.IsWindow
user32.dll.EnumThreadWindows
user32.dll.EnumChildWindows
user32.dll.LockWindowUpdate
user32.dll.DestroyIcon
user32.dll.DrawStateA
user32.dll.ShowWindow
user32.dll.GetMenuItemID
user32.dll.GetWindowRgn
user32.dll.SetMenu
user32.dll.GetMenu
user32.dll.GetSubMenu
user32.dll.TrackPopupMenu
user32.dll.CreateWindowExA
user32.dll.DestroyWindow
user32.dll.GetWindowInfo
user32.dll.SetWindowPos
user32.dll.GetClassLongA
user32.dll.ScreenToClient
user32.dll.SystemParametersInfoA
user32.dll.GetSystemMetrics
user32.dll.MenuItemFromPoint
user32.dll.GetMenuItemRect
user32.dll.GetMenuItemCount
user32.dll.SetMenuItemInfoA
user32.dll.IsMenu
user32.dll.GetUpdateRect
user32.dll.EqualRect
user32.dll.ShowScrollBar
user32.dll.SetWindowRgn
user32.dll.WindowFromDC
user32.dll.MoveWindow
user32.dll.GetSysColor
user32.dll.EnableScrollBar
user32.dll.GetScrollBarInfo
user32.dll.GetCapture
user32.dll.SetScrollPos
user32.dll.SetScrollInfo
user32.dll.GetScrollRange
user32.dll.GetScrollPos
user32.dll.GetScrollInfo
user32.dll.ReleaseDC
user32.dll.GetWindowDC
user32.dll.GetDCEx
user32.dll.GetDC
user32.dll.EndPaint
user32.dll.BeginPaint
user32.dll.GetWindowLongW
user32.dll.SetWindowLongW
user32.dll.SetWindowLongA
user32.dll.ClientToScreen
user32.dll.FindWindowExA
user32.dll.GetMenuItemInfoA
user32.dll.GetParent
user32.dll.GetComboBoxInfo
user32.dll.TrackMouseEvent
user32.dll.GetIconInfo
user32.dll.GetClientRect
user32.dll.GetFocus
user32.dll.InflateRect
user32.dll.InvalidateRect
user32.dll.SetPropA
user32.dll.RemovePropA
user32.dll.CallWindowProcA
user32.dll.GetPropA
user32.dll.SetTimer
user32.dll.OffsetRect
user32.dll.KillTimer
user32.dll.EnableWindow
user32.dll.GetWindowLongA
user32.dll.SetRectEmpty
user32.dll.DrawIconEx
user32.dll.GetWindowTextA
user32.dll.DrawTextA
user32.dll.IsRectEmpty
user32.dll.IsIconic
user32.dll.IsZoomed
user32.dll.GetSystemMenu
user32.dll.GetMenuState
user32.dll.ReleaseCapture
user32.dll.GetMessageA
user32.dll.SetScrollRange
user32.dll.DispatchMessageA
user32.dll.SetRect
user32.dll.IsWindowVisible
user32.dll.RegisterClassExA
user32.dll.DefWindowProcA
user32.dll.IsWindowEnabled
user32.dll.SendMessageA
user32.dll.GetCursorPos
user32.dll.LoadCursorA
user32.dll.SetCursor
user32.dll.GetWindowRect
user32.dll.PtInRect
user32.dll.SetCapture
user32.dll.UpdateLayeredWindow
user32.dll.SetLayeredWindowAttributes
dciman32.dll.DCIOpenProvider
dciman32.dll.DCICloseProvider
dciman32.dll.DCICreatePrimary
dciman32.dll.DCIEndAccess
dciman32.dll.DCIBeginAccess
dciman32.dll.DCIDestroy
skinh_el.dll.SkinH_AttachRes
skinh_el.dll.SkinH_SetAero
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GetTextExtentExPointWPri
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
user32.dll.GetAsyncKeyState
user32.dll.MapVirtualKeyA
user32.dll.keybd_event
kernel32.dll.CreateWaitableTimerA
kernel32.dll.SetWaitableTimer
user32.dll.MsgWaitForMultipleObjects
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
shell32.dll.ShellExecuteA
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
advapi32.dll.EventWrite
advapi32.dll.EventRegister
advapi32.dll.EventUnregister
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.SetProcessDEPPolicy
user32.dll.SetProcessDPIAware
shell32.dll.SetCurrentProcessExplicitAppUserModelID
user32.dll.GetShellWindow
user32.dll.GetWindowThreadProcessId
ieframe.dll.#250
wininet.dll.InternetQueryOptionW
advapi32.dll.EventActivityIdControl
advapi32.dll.EventWriteTransfer
kernel32.dll.SetFileInformationByHandle
shell32.dll.SHGetFolderPathW
kernel32.dll.GetModuleHandleW
ws2_32.dll.accept
ws2_32.dll.bind
ws2_32.dll.closesocket
ws2_32.dll.connect
ws2_32.dll.getpeername
ws2_32.dll.getsockname
ws2_32.dll.getsockopt
ws2_32.dll.ntohl
ws2_32.dll.htonl
ws2_32.dll.htons
ws2_32.dll.inet_addr
ws2_32.dll.inet_ntoa
ws2_32.dll.ioctlsocket
ws2_32.dll.listen
ws2_32.dll.ntohs
ws2_32.dll.recv
ws2_32.dll.recvfrom
ws2_32.dll.select
ws2_32.dll.send
ws2_32.dll.sendto
ws2_32.dll.setsockopt
ws2_32.dll.shutdown
ws2_32.dll.socket
ws2_32.dll.gethostbyname
ws2_32.dll.gethostname
ws2_32.dll.WSAIoctl
ws2_32.dll.WSAGetLastError
ws2_32.dll.WSASetLastError
ws2_32.dll.WSAStartup
ws2_32.dll.WSACleanup
ws2_32.dll.__WSAFDIsSet
ws2_32.dll.getaddrinfo
ws2_32.dll.freeaddrinfo
ws2_32.dll.getnameinfo
ws2_32.dll.WSALookupServiceBeginW
ws2_32.dll.WSALookupServiceNextW
ws2_32.dll.WSALookupServiceEnd
ws2_32.dll.WSANSPIoctl
ws2_32.dll.WSAStringToAddressA
ws2_32.dll.WSAStringToAddressW
ws2_32.dll.WSAAddressToStringA
dnsapi.dll.DnsGetProxyInformation
dnsapi.dll.DnsFreeProxyName
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.FreeMibTable
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.ResolveIpNetEntry2
iphlpapi.dll.GetIpNetEntry2
shlwapi.dll.#260
ws2_32.dll.#115
urlmon.dll.CreateUri
comctl32.dll.PropertySheetW
comctl32.dll.PropertySheetA
comdlg32.dll.PageSetupDlgW
comdlg32.dll.PrintDlgW
urlmon.dll.#101
kernel32.dll.WerRegisterMemoryBlock
kernel32.dll.WerUnregisterMemoryBlock
user32.dll.RegisterWindowMessageW
rpcrt4.dll.UuidCreateSequential
user32.dll.PostMessageW
oleaut32.dll.#500
ws2_32.dll.#116
iexplore.exe https://space.bilibili.com/88408117?from=search&seid=18428643537172597226
Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!test!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!test!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!test!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex

PE 信息

初始地址 0x00400000
入口地址 0x00466bff
声明校验值 0x00000000
实际校验值 0x001e818a
最低操作系统版本要求 4.0
编译时间 2019-04-08 18:44:50
载入哈希 4fb9dd0d24b2fd41c253bac48ef1a907

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00084fae 0x00085000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x00086000 0x001036c6 0x00104000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.87
.data 0x0018a000 0x0002ec48 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.06
.rsrc 0x001b9000 0x00046e58 0x00047000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.61

导入

库: KERNEL32.dll:
0x486198 GlobalLock
0x48619c GlobalAlloc
0x4861a0 Sleep
0x4861a4 CreateEventA
0x4861a8 CreateThread
0x4861b0 SetStdHandle
0x4861b4 GlobalUnlock
0x4861b8 IsBadCodePtr
0x4861bc IsBadReadPtr
0x4861c0 CompareStringW
0x4861c4 CompareStringA
0x4861cc GetStringTypeW
0x4861d0 GetStringTypeA
0x4861d4 IsBadWritePtr
0x4861d8 VirtualAlloc
0x4861dc LCMapStringW
0x4861e0 LCMapStringA
0x4861e8 VirtualFree
0x4861ec HeapCreate
0x4861f0 HeapDestroy
0x4861f8 GetFileType
0x4861fc GetStdHandle
0x486200 SetHandleCount
0x486218 GetACP
0x48621c HeapSize
0x486220 TerminateProcess
0x486224 GetLocalTime
0x486228 GetSystemTime
0x48622c GetCurrentProcess
0x486230 DuplicateHandle
0x486234 lstrcpynA
0x486238 SetLastError
0x486244 LocalFree
0x486248 MultiByteToWideChar
0x48624c WideCharToMultiByte
0x486254 CreateSemaphoreA
0x486258 ResumeThread
0x48625c ReleaseSemaphore
0x486268 GetProfileStringA
0x48626c WriteFile
0x486270 ReadFile
0x486274 GetLastError
0x48627c CreateFileA
0x486280 SetEvent
0x486284 FindResourceA
0x486288 LoadResource
0x48628c LockResource
0x486290 GetModuleFileNameA
0x486294 GetCurrentThreadId
0x486298 ExitProcess
0x48629c GlobalSize
0x4862a0 GlobalFree
0x4862ac lstrcatA
0x4862b0 lstrlenA
0x4862b4 WinExec
0x4862b8 lstrcpyA
0x4862bc FindNextFileA
0x4862c0 GlobalReAlloc
0x4862c4 HeapFree
0x4862c8 HeapReAlloc
0x4862cc GetProcessHeap
0x4862d0 HeapAlloc
0x4862d4 GetFullPathNameA
0x4862d8 FreeLibrary
0x4862dc LoadLibraryA
0x4862e0 GetVersionExA
0x4862e8 RaiseException
0x4862ec RtlUnwind
0x4862f0 GetStartupInfoA
0x4862f4 GetOEMCP
0x4862f8 GetCPInfo
0x4862fc GetProcessVersion
0x486300 SetErrorMode
0x486304 GlobalFlags
0x486308 GetCurrentThread
0x48630c GetFileTime
0x486310 GetFileSize
0x486314 TlsGetValue
0x486318 LocalReAlloc
0x48631c TlsSetValue
0x486320 TlsFree
0x486324 GlobalHandle
0x486328 TlsAlloc
0x48632c LocalAlloc
0x486330 lstrcmpA
0x486334 GetVersion
0x486338 FindFirstFileA
0x48633c FindClose
0x486340 SetFileAttributesA
0x486344 GetFileAttributesA
0x486348 GlobalGetAtomNameA
0x48634c GlobalAddAtomA
0x486350 GlobalFindAtomA
0x486354 GlobalDeleteAtom
0x486358 lstrcmpiA
0x48635c SetEndOfFile
0x486360 UnlockFile
0x486364 LockFile
0x486368 FlushFileBuffers
0x48636c SetFilePointer
0x486378 GetModuleHandleA
0x48637c GetProcAddress
0x486380 MulDiv
0x486384 GetCommandLineA
0x486388 GetTickCount
0x48638c WaitForSingleObject
0x486390 CloseHandle
库: USER32.dll:
0x4863c4 EmptyClipboard
0x4863c8 GetSystemMetrics
0x4863cc GetCursorPos
0x4863d0 MessageBoxA
0x4863d4 SetWindowPos
0x4863d8 SendMessageA
0x4863dc DestroyCursor
0x4863e0 SetParent
0x4863e4 IsWindow
0x4863e8 SetClipboardData
0x4863ec GetTopWindow
0x4863f0 GetParent
0x4863f4 GetFocus
0x4863f8 GetClientRect
0x4863fc InvalidateRect
0x486400 ValidateRect
0x486404 UpdateWindow
0x486408 OpenClipboard
0x48640c EqualRect
0x486410 GetWindowRect
0x486414 SetForegroundWindow
0x486418 DestroyMenu
0x48641c GetClipboardData
0x486420 CloseClipboard
0x486424 wsprintfA
0x486428 PostMessageA
0x48642c IsChild
0x486430 ReleaseDC
0x486434 IsRectEmpty
0x486438 FillRect
0x48643c GetDC
0x486440 SetCursor
0x486444 LoadCursorA
0x486448 SetCursorPos
0x48644c SetActiveWindow
0x486450 GetSysColor
0x486454 SetWindowLongA
0x486458 GetWindowLongA
0x48645c RedrawWindow
0x486460 EnableWindow
0x486464 IsWindowVisible
0x486468 OffsetRect
0x48646c PtInRect
0x486470 DestroyIcon
0x486474 IntersectRect
0x486478 InflateRect
0x48647c SetRect
0x486480 SetScrollPos
0x486484 SetScrollRange
0x486488 GetScrollRange
0x48648c SetCapture
0x486490 GetCapture
0x486494 UnregisterHotKey
0x486498 RegisterHotKey
0x48649c CreateWindowExA
0x4864a0 CallWindowProcA
0x4864a4 LoadIconA
0x4864a8 TranslateMessage
0x4864ac DrawFrameControl
0x4864b0 DrawEdge
0x4864b4 DrawFocusRect
0x4864b8 WindowFromPoint
0x4864bc GetMessageA
0x4864c0 DispatchMessageA
0x4864c4 SetRectEmpty
0x4864d4 DrawIconEx
0x4864d8 CreatePopupMenu
0x4864dc AppendMenuA
0x4864e0 ModifyMenuA
0x4864e4 CreateMenu
0x4864ec GetDlgCtrlID
0x4864f0 GetSubMenu
0x4864f4 EnableMenuItem
0x4864f8 ClientToScreen
0x486500 LoadImageA
0x486508 ShowWindow
0x48650c IsWindowEnabled
0x486514 GetKeyState
0x48651c PostQuitMessage
0x486520 IsZoomed
0x486524 GetClassInfoA
0x486528 GetWindowTextA
0x486530 CharUpperA
0x486534 GetWindowDC
0x486538 BeginPaint
0x48653c EndPaint
0x486540 TabbedTextOutA
0x486544 DrawTextA
0x486548 GrayStringA
0x48654c GetDlgItem
0x486550 DestroyWindow
0x486558 EndDialog
0x48655c GetNextDlgTabItem
0x486560 GetWindowPlacement
0x486568 GetForegroundWindow
0x48656c GetLastActivePopup
0x486570 GetMessageTime
0x486574 RemovePropA
0x486578 GetPropA
0x48657c UnhookWindowsHookEx
0x486580 SetPropA
0x486584 GetClassLongA
0x486588 CallNextHookEx
0x48658c SetWindowsHookExA
0x486590 GetMenuItemID
0x486594 GetMenuItemCount
0x486598 RegisterClassA
0x48659c GetScrollPos
0x4865a0 UnregisterClassA
0x4865a4 AdjustWindowRectEx
0x4865a8 MapWindowPoints
0x4865ac SendDlgItemMessageA
0x4865b0 ScrollWindowEx
0x4865b4 IsDialogMessageA
0x4865b8 SetWindowTextA
0x4865bc MoveWindow
0x4865c0 CheckMenuItem
0x4865c4 SetMenuItemBitmaps
0x4865c8 GetMenuState
0x4865d0 GetClassNameA
0x4865d4 GetDesktopWindow
0x4865d8 LoadStringA
0x4865dc GetSysColorBrush
0x4865e0 DefWindowProcA
0x4865e4 GetSystemMenu
0x4865e8 DeleteMenu
0x4865ec GetMenu
0x4865f0 SetMenu
0x4865f4 PeekMessageA
0x4865f8 IsIconic
0x4865fc SetFocus
0x486600 GetActiveWindow
0x486604 GetWindow
0x48660c SetWindowRgn
0x486610 GetMessagePos
0x486614 ScreenToClient
0x48661c CopyRect
0x486620 LoadBitmapA
0x486624 WinHelpA
0x486628 KillTimer
0x48662c SetTimer
0x486630 ReleaseCapture
库: GDI32.dll:
0x486044 SetWindowOrgEx
0x48604c CreateFontA
0x486050 SetBkColor
0x486058 SetStretchBltMode
0x48605c GetClipRgn
0x486060 CreatePolygonRgn
0x486064 SelectClipRgn
0x486068 DeleteObject
0x48606c CreateDIBitmap
0x486074 CreatePalette
0x486078 StretchBlt
0x48607c SelectPalette
0x486080 RealizePalette
0x486084 GetDIBits
0x486088 GetWindowExtEx
0x48608c GetViewportOrgEx
0x486090 GetWindowOrgEx
0x486094 BeginPath
0x486098 EndPath
0x48609c PathToRegion
0x4860a0 CreateEllipticRgn
0x4860a4 CreateRoundRectRgn
0x4860a8 GetTextColor
0x4860ac GetBkMode
0x4860b0 GetBkColor
0x4860b4 GetROP2
0x4860b8 GetStretchBltMode
0x4860bc GetPolyFillMode
0x4860c4 CreateDCA
0x4860c8 CreateBitmap
0x4860cc SelectObject
0x4860d0 GetObjectA
0x4860d4 CreatePen
0x4860d8 PatBlt
0x4860dc CombineRgn
0x4860e0 CreateRectRgn
0x4860e4 FillRgn
0x4860e8 CreateSolidBrush
0x4860ec GetStockObject
0x4860f0 CreateFontIndirectA
0x4860f4 EndPage
0x4860f8 EndDoc
0x4860fc DeleteDC
0x486100 StartDocA
0x486104 StartPage
0x486108 BitBlt
0x48610c CreateCompatibleDC
0x486110 Ellipse
0x486114 Rectangle
0x486118 LPtoDP
0x48611c DPtoLP
0x486120 GetCurrentObject
0x486124 RoundRect
0x48612c GetDeviceCaps
0x486130 SaveDC
0x486134 RestoreDC
0x486138 SetBkMode
0x48613c SetPolyFillMode
0x486140 SetROP2
0x486144 SetTextColor
0x486148 SetMapMode
0x48614c SetViewportOrgEx
0x486150 OffsetViewportOrgEx
0x486154 SetViewportExtEx
0x486158 ScaleViewportExtEx
0x48615c GetTextMetricsA
0x486160 Escape
0x486164 ExtTextOutA
0x486168 TextOutA
0x48616c RectVisible
0x486170 PtVisible
0x486174 GetViewportExtEx
0x486178 ExtSelectClipRgn
0x48617c LineTo
0x486180 MoveToEx
0x486184 ExcludeClipRect
0x486188 GetClipBox
0x48618c ScaleWindowExtEx
0x486190 SetWindowExtEx
库: WINMM.dll:
0x486638 midiStreamRestart
0x48663c midiStreamClose
0x486640 midiOutReset
0x486644 midiStreamStop
0x486648 midiStreamOut
0x486650 midiStreamProperty
0x486654 midiStreamOpen
0x48665c waveOutOpen
0x486660 waveOutGetNumDevs
0x486664 waveOutClose
0x486668 waveOutReset
0x48666c waveOutPause
0x486670 waveOutWrite
库: WINSPOOL.DRV:
0x486680 ClosePrinter
0x486684 DocumentPropertiesA
0x486688 OpenPrinterA
库: ADVAPI32.dll:
0x486000 RegCreateKeyExA
0x486004 RegCloseKey
0x486008 RegOpenKeyExA
0x48600c RegSetValueExA
0x486010 RegQueryValueA
库: SHELL32.dll:
0x4863ac ShellExecuteA
0x4863b0 DragAcceptFiles
0x4863b4 DragFinish
0x4863b8 DragQueryFileA
0x4863bc Shell_NotifyIconA
库: ole32.dll:
0x4866cc OleUninitialize
0x4866d0 OleInitialize
0x4866d4 CLSIDFromString
库: OLEAUT32.dll:
0x48639c RegisterTypeLib
0x4863a0 LoadTypeLib
0x4863a4 UnRegisterTypeLib
库: COMCTL32.dll:
0x486018 ImageList_EndDrag
0x486020 ImageList_DragMove
0x486024 ImageList_DragLeave
0x486028 ImageList_DragEnter
0x48602c ImageList_Destroy
0x486030 ImageList_Create
0x486034 ImageList_BeginDrag
0x486038 ImageList_Add
0x48603c None
库: WS2_32.dll:
0x486690 recvfrom
0x486694 ioctlsocket
0x486698 recv
0x48669c getpeername
0x4866a0 accept
0x4866a4 WSAAsyncSelect
0x4866a8 closesocket
0x4866ac WSACleanup
0x4866b0 inet_ntoa
库: comdlg32.dll:
0x4866b8 GetFileTitleA
0x4866bc GetSaveFileNameA
0x4866c0 GetOpenFileNameA
0x4866c4 ChooseColorA

.text
`.rdata
@.data
.rsrc
8`}<j
DRQPj
T$|Vj
T$th
|$TVj
|$|Vj
T$\Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
没有防病毒引擎扫描信息!

进程树


____________.exe, PID: 2656, 上一级进程 PID: 2292
iexplore.exe, PID: 2768, 上一级进程 PID: 2656
iexplore.exe, PID: 2972, 上一级进程 PID: 2656
iexplore.exe, PID: 2516, 上一级进程 PID: 2656
iexplore.exe, PID: 724, 上一级进程 PID: 2656
iexplore.exe, PID: 2644, 上一级进程 PID: 2656
iexplore.exe, PID: 1336, 上一级进程 PID: 2656
iexplore.exe, PID: 2728, 上一级进程 PID: 2656
iexplore.exe, PID: 252, 上一级进程 PID: 2656
iexplore.exe, PID: 536, 上一级进程 PID: 2656
iexplore.exe, PID: 2512, 上一级进程 PID: 2656
iexplore.exe, PID: 2692, 上一级进程 PID: 2656

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.80.24.200 中国
114.80.24.201 中国
119.3.65.116 香港
120.92.174.135 中国
150.138.97.253 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49164 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49165 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49166 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49167 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49168 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49169 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49170 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49171 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49176 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49177 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49178 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49179 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49180 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49181 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49182 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49183 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49184 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49185 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49191 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49192 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49193 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49194 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49195 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49198 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49199 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49210 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49211 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49214 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49215 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49216 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49217 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49218 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49219 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49220 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49221 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49223 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49224 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49225 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49226 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49227 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49228 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49229 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49230 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49231 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49232 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49233 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49234 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49235 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49236 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49237 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49204 119.3.65.116 space.bilibili.com 443
192.168.122.202 49205 119.3.65.116 space.bilibili.com 443
192.168.122.202 49206 119.3.65.116 space.bilibili.com 443
192.168.122.202 49243 119.3.65.116 space.bilibili.com 443
192.168.122.202 49245 119.3.65.116 space.bilibili.com 443
192.168.122.202 49161 120.92.174.135 space.bilibili.com 443
192.168.122.202 49173 120.92.174.135 space.bilibili.com 443
192.168.122.202 49188 120.92.174.135 space.bilibili.com 443
192.168.122.202 49189 120.92.174.135 space.bilibili.com 443
192.168.122.202 49190 120.92.174.135 space.bilibili.com 443
192.168.122.202 49197 120.92.174.135 space.bilibili.com 443
192.168.122.202 49241 120.92.174.135 space.bilibili.com 443
192.168.122.202 49162 150.138.97.253 at.alicdn.com 443
192.168.122.202 49163 150.138.97.253 at.alicdn.com 443
192.168.122.202 49174 150.138.97.253 at.alicdn.com 443
192.168.122.202 49175 150.138.97.253 at.alicdn.com 443
192.168.122.202 49208 150.138.97.253 at.alicdn.com 443
192.168.122.202 49209 150.138.97.253 at.alicdn.com 443
192.168.122.202 49212 150.138.97.253 at.alicdn.com 443
192.168.122.202 49213 150.138.97.253 at.alicdn.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 51964 192.168.122.1 53
192.168.122.202 55285 192.168.122.1 53
192.168.122.202 58228 192.168.122.1 53
192.168.122.202 63408 192.168.122.1 53
192.168.122.202 64955 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
space.bilibili.com A 120.92.174.135
CNAME interface.biliapi.com
A 119.3.65.116
at.alicdn.com CNAME at.alicdn.com.danuoyi.alicdn.com
A 150.138.97.253
A 150.138.97.254
A 183.136.135.241
A 183.136.135.242
s1.hdslb.com 未知 CNAME bstatic.hdslb.com
CNAME s1.hdslb.com.w.kunlunar.com
A 114.80.24.197
A 114.80.24.198
A 114.80.24.202
A 114.80.24.199
A 114.80.24.203
A 114.80.24.200
A 114.80.24.201
A 114.80.24.196

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49164 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49165 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49166 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49167 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49168 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49169 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49170 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49171 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49176 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49177 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49178 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49179 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49180 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49181 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49182 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49183 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49184 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49185 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49191 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49192 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49193 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49194 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49195 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49198 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49199 114.80.24.200 s1.hdslb.com 443
192.168.122.202 49210 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49211 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49214 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49215 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49216 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49217 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49218 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49219 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49220 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49221 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49223 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49224 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49225 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49226 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49227 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49228 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49229 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49230 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49231 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49232 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49233 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49234 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49235 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49236 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49237 114.80.24.201 s1.hdslb.com 443
192.168.122.202 49204 119.3.65.116 space.bilibili.com 443
192.168.122.202 49205 119.3.65.116 space.bilibili.com 443
192.168.122.202 49206 119.3.65.116 space.bilibili.com 443
192.168.122.202 49243 119.3.65.116 space.bilibili.com 443
192.168.122.202 49245 119.3.65.116 space.bilibili.com 443
192.168.122.202 49161 120.92.174.135 space.bilibili.com 443
192.168.122.202 49173 120.92.174.135 space.bilibili.com 443
192.168.122.202 49188 120.92.174.135 space.bilibili.com 443
192.168.122.202 49189 120.92.174.135 space.bilibili.com 443
192.168.122.202 49190 120.92.174.135 space.bilibili.com 443
192.168.122.202 49197 120.92.174.135 space.bilibili.com 443
192.168.122.202 49241 120.92.174.135 space.bilibili.com 443
192.168.122.202 49162 150.138.97.253 at.alicdn.com 443
192.168.122.202 49163 150.138.97.253 at.alicdn.com 443
192.168.122.202 49174 150.138.97.253 at.alicdn.com 443
192.168.122.202 49175 150.138.97.253 at.alicdn.com 443
192.168.122.202 49208 150.138.97.253 at.alicdn.com 443
192.168.122.202 49209 150.138.97.253 at.alicdn.com 443
192.168.122.202 49212 150.138.97.253 at.alicdn.com 443
192.168.122.202 49213 150.138.97.253 at.alicdn.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 51964 192.168.122.1 53
192.168.122.202 55285 192.168.122.1 53
192.168.122.202 58228 192.168.122.1 53
192.168.122.202 63408 192.168.122.1 53
192.168.122.202 64955 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2019-08-08 15:39:30.515083+0800 192.168.122.202 49161 120.92.174.135 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:39:31.753722+0800 192.168.122.202 49163 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:39:31.832186+0800 192.168.122.202 49166 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:31.848506+0800 192.168.122.202 49164 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:31.861364+0800 192.168.122.202 49165 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:31.872932+0800 192.168.122.202 49169 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:31.885541+0800 192.168.122.202 49168 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:31.915535+0800 192.168.122.202 49167 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:31.934998+0800 192.168.122.202 49162 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:39:31.995356+0800 192.168.122.202 49170 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:33.324226+0800 192.168.122.202 49176 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:33.328247+0800 192.168.122.202 49175 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:39:33.203561+0800 192.168.122.202 49173 120.92.174.135 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:39:33.309412+0800 192.168.122.202 49177 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:33.310328+0800 192.168.122.202 49178 114.80.24.200 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:39:33.346583+0800 192.168.122.202 49174 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:39:43.128360+0800 192.168.122.202 49188 120.92.174.135 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:39:43.140439+0800 192.168.122.202 49190 120.92.174.135 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:39:43.156051+0800 192.168.122.202 49189 120.92.174.135 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:39:45.157815+0800 192.168.122.202 49197 120.92.174.135 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:40:09.471610+0800 192.168.122.202 49205 119.3.65.116 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:40:09.483514+0800 192.168.122.202 49204 119.3.65.116 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:40:09.474388+0800 192.168.122.202 49206 119.3.65.116 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:40:10.394259+0800 192.168.122.202 49209 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:40:10.480527+0800 192.168.122.202 49211 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.401072+0800 192.168.122.202 49208 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:40:10.485500+0800 192.168.122.202 49210 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.515130+0800 192.168.122.202 49214 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.571119+0800 192.168.122.202 49216 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.571785+0800 192.168.122.202 49217 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.521008+0800 192.168.122.202 49215 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.669225+0800 192.168.122.202 49218 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.538330+0800 192.168.122.202 49213 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:40:10.552217+0800 192.168.122.202 49212 150.138.97.253 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-08-08 15:40:10.692421+0800 192.168.122.202 49221 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.669860+0800 192.168.122.202 49219 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:10.688515+0800 192.168.122.202 49220 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.304414+0800 192.168.122.202 49226 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.265563+0800 192.168.122.202 49223 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.302442+0800 192.168.122.202 49227 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.277886+0800 192.168.122.202 49224 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.278821+0800 192.168.122.202 49225 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.357615+0800 192.168.122.202 49228 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.391696+0800 192.168.122.202 49229 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.450824+0800 192.168.122.202 49232 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.472489+0800 192.168.122.202 49234 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.416429+0800 192.168.122.202 49231 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.392986+0800 192.168.122.202 49230 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.458032+0800 192.168.122.202 49233 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.523665+0800 192.168.122.202 49235 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.549248+0800 192.168.122.202 49236 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:11.874931+0800 192.168.122.202 49237 114.80.24.201 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia OV TLS Pro CA C=CN, L=上海, O=上海幻电信息科技有限公司, OU=运维部, CN=*.hdslb.com 95:85:38:b2:53:c3:ea:1f:45:e7:d7:8a:79:75:6c:47:91:1a:57:aa
2019-08-08 15:40:42.323681+0800 192.168.122.202 49241 120.92.174.135 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:40:44.080361+0800 192.168.122.202 49243 119.3.65.116 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a
2019-08-08 15:40:46.479149+0800 192.168.122.202 49245 119.3.65.116 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=上海, L=上海, O=上海幻电信息科技有限公司, CN=*.bilibili.com 8f:52:9b:25:96:c7:16:25:4b:74:43:af:45:45:24:b7:6a:58:38:3a

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 45.976 seconds )

  • 15.73 NetworkAnalysis
  • 15.525 Suricata
  • 7.107 Static
  • 3.26 BehaviorAnalysis
  • 2.534 TargetInfo
  • 1.32 VirusTotal
  • 0.429 peid
  • 0.049 AnalysisInfo
  • 0.014 Strings
  • 0.005 config_decoder
  • 0.003 Memory

Signatures ( 1.23 seconds )

  • 0.169 api_spamming
  • 0.138 stealth_timeout
  • 0.123 stealth_decoy_document
  • 0.076 antiav_detectreg
  • 0.058 antivm_generic_scsi
  • 0.041 stealth_file
  • 0.037 antivm_generic_services
  • 0.034 mimics_filetime
  • 0.034 anormaly_invoke_kills
  • 0.031 md_domain_bl
  • 0.029 reads_self
  • 0.029 infostealer_ftp
  • 0.028 virus
  • 0.027 dridex_behavior
  • 0.027 antivm_generic_disk
  • 0.023 bootkit
  • 0.021 hancitor_behavior
  • 0.019 md_url_bl
  • 0.018 kovter_behavior
  • 0.017 infostealer_im
  • 0.016 antianalysis_detectreg
  • 0.015 antiemu_wine_func
  • 0.014 injection_createremotethread
  • 0.014 infostealer_browser_password
  • 0.01 antiav_detectfile
  • 0.01 infostealer_mail
  • 0.009 antivm_vbox_libs
  • 0.009 injection_runpe
  • 0.008 antidbg_windows
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_bitcoin
  • 0.007 ransomware_extensions
  • 0.007 ransomware_files
  • 0.006 maldun_suspicious
  • 0.005 geodo_banking_trojan
  • 0.004 antiav_avast_libs
  • 0.004 betabot_behavior
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 kibex_behavior
  • 0.004 exec_crash
  • 0.004 antivm_parallels_keys
  • 0.004 antivm_vbox_files
  • 0.004 antivm_xen_keys
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 injection_explorer
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 disables_browser_warn
  • 0.003 darkcomet_regkeys
  • 0.002 rat_nanocore
  • 0.002 antivm_vmware_libs
  • 0.002 cerber_behavior
  • 0.002 h1n1_behavior
  • 0.002 antivm_generic_diskreg
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 recon_fingerprint
  • 0.001 malicious_write_executeable_under_temp_to_regrun
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 antivm_vbox_window
  • 0.001 ursnif_behavior
  • 0.001 shifu_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 bypass_firewall
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_network_blacklist
  • 0.001 office_security
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.302 seconds )

  • 1.019 ReportHTMLSummary
  • 0.283 Malheur
Task ID 351644
Mongo ID 5d4bd27a2f8f2e1f417cdcc8
Cuckoo release 1.4-Maldun