魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2021-04-21 22:33:34	2021-04-21 22:35:47	133 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp03-1	win7-sp1-x64-shaapp03-1	KVM	2021-04-21 22:33:37	2021-04-21 22:35:48

魔盾分数
9.445 恶意的

文件详细信息

文件名	pagent.exe
文件大小	9818112 字节
文件类型	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
CRC32	523E307A
MD5	a97169dddd2847717440d3d407f789d9
SHA1	b22d922344e04a49a6acf158fd2a50290af4b624
SHA256	4b3b6ab55df21435dd7b1a0737feda00454b352f0d3f73c4fb19881103f133fd
SHA512	e8a5999517dad642efccad7cd891314fe491793e334214681148c0a5078e2941715a739ab54d1c70be64030bcb8258aa260c9a132687637f7ccb5ecf1cacd6b4
Ssdeep	196608:ndH6//MuW8mwf7DPehBe2k6a1pj8Vrr82tAhc1w:96/pt2SjSr8N
PEiD	无匹配
Yara	CRC32c_poly_Constant (Look for CRC32c (Castagnoli) [poly]) CRC32_poly_Constant (Look for CRC32 [poly]) MD5_Constants (Look for MD5 constants) RIPEMD160_Constants (Look for RIPEMD-160 constants) SHA1_Constants (Look for SHA1 constants) SHA512_Constants (Look for SHA384/SHA512 constants) RijnDael_AES (Look for RijnDael AES) RijnDael_AES_CHAR (Look for RijnDael AES (check2) [char]) RijnDael_AES_LONG (Look for RijnDael AES) BASE64_table (Look for Base64 table) with_images (Detected the presence of an or several images) with_urls (Detected the presence of an or several urls) IsPE64 (Detected a 64bit PE sample) IsConsole (Detected a console program sample) DebuggerTiming__Ticks (Detected timing ticks function) DebuggerException__ConsoleCtrl () DebuggerException__SetConsoleCtrl () ThreadControl__Context () SEH__vectored () vmdetect (Possibly employs anti-virtualization techniques) create_service (Detected function for creating a windows service) network_udp_sock (Communications over UDP socket) network_tcp_listen (Listen for incoming communication) network_smtp_raw (Detect SMTP ability in RAW) network_tcp_socket (Detected network communications over RAW socket) network_dns (Detected network communications use DNS) win_mutex (Create or check mutex) create_process (Detection function for creating a new process) escalate_priv (Detected escalate priviledges function) win_registry (Detected system registries modification function) win_token (Affect system token) win_files_operation (Affect private profile) Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
VirusTotal	VirusTotal查询失败

特征

生成可疑网络流量，可能被用来进行恶意活动

signature: SURICATA Applayer Mismatch protocol both directions

对一些具体的运行中的进程呈现出兴趣

process: pagent.exe

魔盾安全Yara规则检测结果 - 高危

Warning: Look for RijnDael AES

Informational: Possibly employs anti-virtualization techniques

Warning: Detected function for creating a windows service

Informational: Detect SMTP ability in RAW

Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files

运行截图

网络分析

域名解析

域名	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 23.218.107.34 CNAME a1983.dscd.akamai.net A 23.218.107.43

TCP连接

IP地址	端口
110.185.114.161	443
112.17.54.141	443
112.29.199.35	443
119.147.227.22	443
180.96.32.88	443
223.111.96.25	443
23.218.107.43	80
27.152.185.145	443

UDP连接

IP地址	端口
192.168.122.1	53

HTTP请求

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

静态分析

PE 信息

初始地址	0x00400000
入口地址	0x0046f420
声明校验值	0x00000000
实际校验值	0x0095ed78
最低操作系统版本要求	6.1
编译时间	1970-01-01 08:00:00
载入哈希	4035d2883e01d64f3e7a9dccb1d63af5

PE数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0046712f	0x00467200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.85
.rdata	0x00469000	0x0046c750	0x0046c800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.60
.data	0x008d6000	0x000ad370	0x0005ea00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.08
.idata	0x00984000	0x00000476	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.54
.reloc	0x00985000	0x00029d90	0x00029e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.45
.symtab	0x009af000	0x00000004	0x00000200	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	0.02

导入

库 kernel32.dll:

• 0xcd6020 - WriteFile

• 0xcd6028 - WriteConsoleW

• 0xcd6030 - WaitForMultipleObjects

• 0xcd6038 - WaitForSingleObject

• 0xcd6040 - VirtualQuery

• 0xcd6048 - VirtualFree

• 0xcd6050 - VirtualAlloc

• 0xcd6058 - SwitchToThread

• 0xcd6060 - SuspendThread

• 0xcd6068 - Sleep

• 0xcd6070 - SetWaitableTimer

• 0xcd6078 - SetUnhandledExceptionFilter

• 0xcd6080 - SetProcessPriorityBoost

• 0xcd6088 - SetEvent

• 0xcd6090 - SetErrorMode

• 0xcd6098 - SetConsoleCtrlHandler

• 0xcd60a0 - ResumeThread

• 0xcd60a8 - PostQueuedCompletionStatus

• 0xcd60b0 - LoadLibraryA

• 0xcd60b8 - LoadLibraryW

• 0xcd60c0 - SetThreadContext

• 0xcd60c8 - GetThreadContext

• 0xcd60d0 - GetSystemInfo

• 0xcd60d8 - GetSystemDirectoryA

• 0xcd60e0 - GetStdHandle

• 0xcd60e8 - GetQueuedCompletionStatusEx

• 0xcd60f0 - GetProcessAffinityMask

• 0xcd60f8 - GetProcAddress

• 0xcd6100 - GetEnvironmentStringsW

• 0xcd6108 - GetConsoleMode

• 0xcd6110 - FreeEnvironmentStringsW

• 0xcd6118 - ExitProcess

• 0xcd6120 - DuplicateHandle

• 0xcd6128 - CreateWaitableTimerExW

• 0xcd6130 - CreateThread

• 0xcd6138 - CreateIoCompletionPort

• 0xcd6140 - CreateEventA

• 0xcd6148 - CloseHandle

• 0xcd6150 - AddVectoredExceptionHandler

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

进程

pagent.exe PID: 2568, 上一级进程 PID: 2260

访问的文件

\Device\KsecDD
C:\Windows\sysnative\WSHTCPIP.DLL
C:\Windows\sysnative\wship6.dll
C:\Windows\sysnative\wshqos.dll
C:\Windows\sysnative\tzres.dll
C:\Users\test\AppData\Local\Temp\tzres.dll

读取的文件

\Device\KsecDD
C:\Windows\sysnative\WSHTCPIP.DLL
C:\Windows\sysnative\wship6.dll
C:\Windows\sysnative\wshqos.dll
C:\Windows\sysnative\tzres.dll

修改的文件 无信息

删除的文件 无信息

注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\AAF68885
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-462
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-461
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-222
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-221
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-392
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-391
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-442
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-441
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-402
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-401
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-842
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-841
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-652
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-651
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-672
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-671
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-449
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-448
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1022
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1021
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-142
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-141
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-22
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-452
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-451
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-662
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-661
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-151
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-512
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-511
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-105
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-104
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-282
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-281
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-292
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-291
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-722
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-721
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-162
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-172
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-171
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-572
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-571

读取的注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-462
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-461
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-222
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-221
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-392
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-391
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-442
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-441
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-402
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-401
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-842
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-841
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-82
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-652
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-651
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-672
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-671
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-449
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-448
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1022
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1021
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-142
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-141
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-22
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-452
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-451
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-662
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-661
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-152
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-151
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-512
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-511
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-105
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-104
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-282
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-281
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-292
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-291
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-722
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-721
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-162
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-172
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-171
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Std
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-572
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-571

修改的注册表键

HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-462
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-461
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-222
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-221
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-392
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-391
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-442
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-441
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-402
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-401
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-842
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-841
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-82
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-81
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-652
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-651
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-672
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-671
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-449
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-448
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-12
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-11
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1022
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1021
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-142
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-141
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-22
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-21
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-452
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-451
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-662
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-661
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-152
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-151
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-512
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-511
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-105
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-104
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-282
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-281
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-292
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-291
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-722
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-721
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-162
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-161
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-172
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-171
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-572
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-571

删除的注册表键 无信息

API解析

kernel32.dll.AddVectoredContinueHandler
kernel32.dll.LoadLibraryExA
kernel32.dll.LoadLibraryExW
advapi32.dll.SystemFunction036
ntdll.dll.NtWaitForSingleObject
winmm.dll.timeBeginPeriod
winmm.dll.timeEndPeriod
ws2_32.dll.WSAGetOverlappedResult
cryptbase.dll.SystemFunction001
cryptbase.dll.SystemFunction002
cryptbase.dll.SystemFunction003
cryptbase.dll.SystemFunction004
cryptbase.dll.SystemFunction005
cryptbase.dll.SystemFunction028
cryptbase.dll.SystemFunction029
cryptbase.dll.SystemFunction034
cryptbase.dll.SystemFunction036
cryptbase.dll.SystemFunction040
cryptbase.dll.SystemFunction041
kernel32.dll.GetStdHandle
kernel32.dll.SetHandleInformation
kernel32.dll.GetSystemDirectoryW
ws2_32.dll.WSAStartup
kernel32.dll.SetFileCompletionNotificationModes
ws2_32.dll.WSAEnumProtocolsW
kernel32.dll.GetConsoleMode
kernel32.dll.GetFileType
kernel32.dll.GetCommandLineW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.GetConsoleScreenBufferInfo
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetCurrentProcessId
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32FirstW
kernel32.dll.Process32NextW
kernel32.dll.CloseHandle
ws2_32.dll.WSASocketW
ws2_32.dll.bind
ws2_32.dll.socket
ws2_32.dll.WSAIoctl
ws2_32.dll.setsockopt
ws2_32.dll.getsockname
ws2_32.dll.getpeername
ws2_32.dll.WSASend
ws2_32.dll.WSARecv
ws2_32.dll.closesocket
kernel32.dll.GetTimeZoneInformation
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegLoadMUIStringW
kernel32.dll.ExpandEnvironmentStringsW
advapi32.dll.RegCloseKey
kernel32.dll.WriteConsoleW