魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2022-07-05 16:59:55 | 2022-07-05 17:02:11 | 136 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp02-1 | win7-sp1-x64-shaapp02-1 | KVM | 2022-07-05 16:59:56 | 2022-07-05 17:02:12 |
| 魔盾分数 |
|---|
10.0恶意的 |
文件详细信息
| 文件名 | XiaoXin ToolBox V1.0.3.exe |
|---|---|
| 文件大小 | 8377336 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | 39A2515F |
| MD5 | 716a8a81305922a720bbf4ec7ff2b32f |
| SHA1 | b4f18b544fac498a459158a9053871b1ae6681eb |
| SHA256 | eca4aeec1175b9f48f0a612a452a2814a3f04345fad45016889f33b9868acdd8 |
| SHA512 | 08e487d4e387b4dfb9397417e93d32f04994a1a72457079f8e71fa2df8f99fe5c3c9cf6ed6b25d7bc68fdcd9e06606f1c589678200d25bd1d3c133820be5396d |
| Ssdeep | 196608:SP1Tid4/4hBhBNsUvf+1Zg3hjX2yY8JXej+BxCGcMJJNA3:dqgsU+1oT287BJs3 |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | VirusTotal查询失败 |
特征
通过进程尝试延迟分析任务
Process: XiaoXin ToolBox V1.0.3.exe tried to sleep 68 seconds, actually delayed analysis time by 0 seconds
创建RWX内存
在加密调用中发现至少一个IP地址,域名,或文件名
ioc: www.digicert.com1
魔盾wping.org IP地址信誉系统
Greylist: 103.205.252.104
Greylist: 47.96.130.35
发起了一些HTTP请求
URL: http://q1.qlogo.cn/g?b=qq&nk=&s=640
URL: http://103.205.252.104:9969/api/xiaoxin/gonggao.html
二进制文件可能包含加密或压缩数据
section: name: , entropy: 7.99, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00111fd3, virtual_size: 0x003ca4cd
section: name: , entropy: 7.98, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x001322b8, virtual_size: 0x002754d1
section: name: , entropy: 7.98, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x000334f3, virtual_size: 0x00128c76
section: name: , entropy: 8.00, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x002e1000, virtual_size: 0x002e0bac
section: name: .boot, entropy: 7.96, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0029e3f8, virtual_size: 0x0029f000
样本投放可执行文件到临时目录
魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
对一个无法找到的进程进行重复搜索,可能希望以startbrowser=1选项运行
检查是否存在常见排错或检验程序的窗口
Window: FilemonClass
Window: File Monitor - Sysinternals: www.sysinternals.com
Window: PROCMON_WINDOW_CLASS
Window: Process Monitor - Sysinternals: www.sysinternals.com
Window: RegmonClass
Window: Registry Monitor - Sysinternals: www.sysinternals.com
Window: 18467-41
Window: Regmonclass
Window: Filemonclass
开始系统监听0.0.0.0:51787
创建一个隐藏文件或系统文件
file: C:\Users\test\AppData\Local\Temp\zlibwapi.dll
HTTP数据流中包含可疑的恶意软件数据
ip_hostname: HTTP connection was made to an IP address rather than domain name
suspicious_request: http://103.205.252.104:9969/api/xiaoxin/gonggao.html
建立TCP连接到一个外部IP地址的非标准端口
Connection: 103.205.252.104:9969
异常的二进制特征
anomaly: Found duplicated section names
对一些具体的运行中的进程呈现出兴趣
process: taskhost.exe
检查Bios版本,可能被用来实现反虚拟机
通过ACPI技术检测VirtualBox系统
检测到样本尝试模糊或欺骗文件类型
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 是 | 103.205.252.104 | China |
| 否 | 180.111.199.93 | China |
| 否 | 47.96.130.35 | China |
域名解析
| 域名 | 响应 |
|---|---|
| gitclone.com | A 47.96.130.35 |
| q1.qlogo.cn |
CNAME q.qlogo.cn
A 180.111.199.93 A 180.111.198.52 A 180.111.199.110 A 180.111.198.158 A 180.111.199.109 A 180.111.199.184 A 180.111.199.95 A 180.111.198.41 A 180.111.198.106 A 180.111.198.198 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 103.205.252.104 | 9969 |
| 180.111.199.93 | 80 |
| 184.28.235.201 | 80 |
| 47.96.130.35 | 443 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
| http://103.205.252.104:9969/api/xiaoxin/gonggao.html | GET /api/xiaoxin/gonggao.html HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 103.205.252.104:9969 |
| http://q1.qlogo.cn/g?b=qq&nk=&s=640 | GET /g?b=qq&nk=&s=640 HTTP/1.1 Accept: */* Referer: http://q1.qlogo.cn/g?b=qq&nk=&s=640 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: q1.qlogo.cn Cache-Control: no-cache |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0129c058 |
| 声明校验值 | 0x008080bb |
| 实际校验值 | 0x008080bb |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2022-07-04 01:14:19 |
| 载入哈希 | e59d7c7e8285eee901e619ad01d97421 |
| 导出DLL库名称 | \x38\x31\x39\x31\x38\x31\x31\x38\x31\x31\x31\x36\x31\x31\x34\x31\x31\x31 |
版本信息
| LegalCopyright: | XiaoXinToolBox |
| FileVersion: | 1.0.1.0 |
| CompanyName: | XiaoXinToolBox |
| Comments: | XiaoXinToolBox |
| ProductName: | XiaoXinToolBox |
| ProductVersion: | 1.0.1.0 |
| FileDescription: | XiaoXinToolBox |
| Translation: | 0x0804 0x04b0 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| 0x00001000 | 0x003ca4cd | 0x00111fd3 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.99 | |
| 0x003cc000 | 0x002754d1 | 0x001322b8 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.98 | |
| 0x00642000 | 0x00128c76 | 0x000334f3 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.98 | |
| 0x0076b000 | 0x002e0bac | 0x002e1000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 8.00 | |
| .exports | 0x00a4c000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.76 |
| .imports | 0x00a4d000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.17 |
| .rsrc | 0x00a4e000 | 0x00002000 | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.88 |
| .themida | 0x00a50000 | 0x0044c000 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .boot | 0x00e9c000 | 0x0029f000 | 0x0029e3f8 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.96 |
导入
库 kernel32.dll:
• 0xe4d2d8 - GetModuleHandleA
库 user32.dll:
• 0xe4d2e0 - TranslateMessage
库 gdi32.dll:
• 0xe4d2e8 - PtVisible
库 gdiplus.dll:
• 0xe4d2f0 - GdipCreateBitmapFromScan0
库 ole32.dll:
• 0xe4d2f8 - CLSIDFromProgID
库 imm32.dll:
• 0xe4d300 - ImmGetCompositionStringW
库 shell32.dll:
• 0xe4d308 - ShellExecuteA
库 shlwapi.dll:
• 0xe4d310 - PathFileExistsA
库 winmm.dll:
• 0xe4d318 - timeKillEvent
库 winspool.drv:
• 0xe4d320 - DocumentPropertiesA
库 advapi32.dll:
• 0xe4d328 - CreateServiceA
库 comctl32.dll:
• 0xe4d330 - None
库 WS2_32.dll:
• 0xe4d338 - htons
库 comdlg32.dll:
• 0xe4d340 - GetSaveFileNameA
库 OLEAUT32.dll:
• 0xe4d348 - UnRegisterTypeLib
导出
| 序列 | 地址 | 名称 |
|---|---|---|
| 1 | 0x729720 | e2ee_CacheClear |
| 2 | 0x729760 | e2ee_CacheDecr |
| 3 | 0x729700 | e2ee_CacheDelete |
| 4 | 0x7296e0 | e2ee_CacheExists |
| 5 | 0x729620 | e2ee_CacheGet |
| 6 | 0x7296a0 | e2ee_CacheGetMulti |
| 7 | 0x7296c0 | e2ee_CacheGetMultiText |
| 8 | 0x729640 | e2ee_CacheGetText |
| 9 | 0x729740 | e2ee_CacheIncr |
| 10 | 0x729660 | e2ee_CacheSet |
| 11 | 0x729780 | e2ee_CacheSetExpire |
| 12 | 0x729680 | e2ee_CacheSetText |
投放文件
行为分析
互斥量(Mutexes)
- Local\MSCTF.Asm.MutexDefault1
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
XiaoXin ToolBox V1.0.3.exe PID: 2600, 上一级进程 PID: 2272
访问的文件
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\System32\tzres.dll
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Windows\Fonts\AGENCYR.TTF
- C:\Windows\Fonts\simsun.ttc
- C:\Windows\Fonts\msyh.ttf
- C:\Windows\Fonts\msyhbd.ttf
- C:\Users\test\AppData\Local\Temp\ExuiKrnln.dll
- C:\Users\test\AppData\Local\Temp\lib\ExuiKrnln\ExuiKrnln.dll
- C:\Windows\System32\ExuiKrnln.dll
- C:\Windows\system\ExuiKrnln.dll
- C:\Windows\ExuiKrnln.dll
- C:\ProgramData\Oracle\Java\javapath\ExuiKrnln.dll
- C:\Windows\System32\wbem\ExuiKrnln.dll
- C:\Windows\System32\WindowsPowerShell\v1.0\ExuiKrnln.dll
- C:\Program Files (x86)\WinRAR\ExuiKrnln.dll
- C:\Windows\System32\lib\ExuiKrnln\ExuiKrnln.dll
- C:\Windows\system\lib\ExuiKrnln\ExuiKrnln.dll
- C:\Windows\lib\ExuiKrnln\ExuiKrnln.dll
- C:\ProgramData\Oracle\Java\javapath\lib\ExuiKrnln\ExuiKrnln.dll
- C:\Windows\System32\wbem\lib\ExuiKrnln\ExuiKrnln.dll
- C:\Windows\System32\WindowsPowerShell\v1.0\lib\ExuiKrnln\ExuiKrnln.dll
- C:\Program Files (x86)\WinRAR\lib\ExuiKrnln\ExuiKrnln.dll
- C:\ExuiKrnln.ini
- C:\Users\test\AppData\Local\Temp\E2EECore.2.7.2.dll
- C:\Users\test\AppData\Local\Temp\E2EE.dll
- C:\Users\test\AppData\Local\Temp\E2EE.fne
- C:\Users\test\AppData\Local\Temp\dbghelp.dll
- C:\Windows\System32\dbghelp.dll
- C:\Users\test\AppData\Local\Temp\MSWSOCK.dll
- C:\Windows\System32\mswsock.dll
- C:\Users\test\AppData\Local\Temp\IPHLPAPI.DLL
- C:\Windows\System32\IPHLPAPI.DLL
- C:\Users\test\AppData\Local\Temp\WINNSI.DLL
- C:\Windows\System32\winnsi.dll
- C:\Users\test\AppData\Local\Temp\zlibwapi.dll
- C:\
- C:\Users\test\AppData\Local\Temp\kernel32.dll
- C:\Users\test\AppData\Local\Temp\user32.DLL
- C:\Users\test\AppData\Local\Temp\gdiplus.dll
- C:\Users\test\AppData\Local\Temp\a5ee3c.tmp
- \Device\Afd\AsyncSelectHlp
- C:\Users\test\AppData\Local\Temp\0\HOOK
- C:\Users\test\AppData\Local\Temp\0\HOOK\WPFLauncherLibInjector.exe
- C:\Users\test\AppData\Local\Temp\0\HOOK\FastWin32.dll
- C:\Users\test\AppData\Local\Temp\0\HOOK\Newtonsoft.Json.dll
- C:\Users\test\AppData\Local\Temp\shlwapi.dll
- C:\Users\test\AppData\Local\Temp\.minecraft\versions
- C:\Users\test\AppData\Local\Temp\user32.dll
- C:\Users\test\AppData\Local\Temp\ole32.dll
- C:\Users\test\AppData\Local\Temp\Winhttp.dll
- C:\Users\test\AppData\Local\Temp\Kernel32.dll
- C:\Windows\System32\p2pcollab.dll
- C:\Windows\System32\qagentrt.dll
- C:\Windows\System32\dnsapi.dll
- C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
- C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
- C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
- C:\Users\test\AppData\Local\Temp\ntdll.dll
- C:\Windows\SysWOW64\stdole2.tlb
- C:\Users\test\AppData\Local\Temp\XiaoXin\Config.ini
- C:\Users\test\AppData\Local\Temp\XiaoXin
- C:\Users\test\AppData\Local\Temp\wininet.dll
- C:\Users\test\AppData\Local\Temp\Wininet.dll
读取的文件
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\System32\tzres.dll
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Windows\Fonts\simsun.ttc
- C:\Windows\Fonts\msyh.ttf
- C:\Windows\Fonts\msyhbd.ttf
- C:\ExuiKrnln.ini
- C:\Users\test\AppData\Local\Temp\E2EECore.2.7.2.dll
- C:\Windows\System32\dbghelp.dll
- C:\Windows\System32\mswsock.dll
- C:\Windows\System32\IPHLPAPI.DLL
- C:\Windows\System32\winnsi.dll
- \Device\Afd\AsyncSelectHlp
- C:\Windows\SysWOW64\stdole2.tlb
- C:\Users\test\AppData\Local\Temp\XiaoXin\Config.ini
修改的文件
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Users\test\AppData\Local\Temp\E2EECore.2.7.2.dll
- C:\Users\test\AppData\Local\Temp\zlibwapi.dll
- \Device\Afd\AsyncSelectHlp
- C:\Users\test\AppData\Local\Temp\0\HOOK\WPFLauncherLibInjector.exe
- C:\Users\test\AppData\Local\Temp\0\HOOK\FastWin32.dll
- C:\Users\test\AppData\Local\Temp\0\HOOK\Newtonsoft.Json.dll
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
- HKEY_LOCAL_MACHINE\Hardware\description\System
- HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
- HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
- HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\E2EECore.2.7.2.dll
- HKEY_CURRENT_USER\Software\FlySky\E\Install
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\XiaoXin ToolBox V1.0.3.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
- HKEY_CURRENT_USER\Software\Netease\MCLauncher
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\AAF68885
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\p2pcollab.dll,-8042
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\dnsapi.dll,-103
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
- HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Keys
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
- HKEY_CURRENT_USER\
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
- HKEY_LOCAL_MACHINE\System\Setup
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllVerifyEncodedSignature
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllVerifyEncodedSignature
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
- HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\TypeLib
- HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
- HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
- HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\E2EECore.2.7.2.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\p2pcollab.dll,-8042
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\dnsapi.dll,-103
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
修改的注册表键
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
删除的注册表键
无信息
API解析
- kernel32.dll.SetLastError
- kernel32.dll.GetLastError
- shell32.dll.IsUserAnAdmin
- ntdll.dll.NtQuerySystemInformation
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- ntdll.dll.RtlInitializeCriticalSection
- oleaut32.dll.#186
- ntdll.dll.RtlAllocateHeap
- ws2_32.dll.#1
- ntdll.dll.RtlEnterCriticalSection
- ws2_32.dll.#116
- comctl32.dll.#17
- ws2_32.dll.#3
- oleaut32.dll.#20
- oleaut32.dll.#24
- oleaut32.dll.#163
- oleaut32.dll.#11
- ws2_32.dll.#14
- ws2_32.dll.#17
- ws2_32.dll.#5
- oleaut32.dll.#2
- ws2_32.dll.#10
- oleaut32.dll.#9
- ws2_32.dll.#2
- oleaut32.dll.#161
- oleaut32.dll.#17
- oleaut32.dll.#16
- ws2_32.dll.#115
- ws2_32.dll.#101
- ws2_32.dll.#13
- oleaut32.dll.#23
- ntdll.dll.RtlDeleteCriticalSection
- oleaut32.dll.#15
- oleaut32.dll.#19
- ws2_32.dll.#8
- ws2_32.dll.#16
- oleaut32.dll.#12
- oleaut32.dll.#25
- ws2_32.dll.#23
- ntdll.dll.RtlLeaveCriticalSection
- ws2_32.dll.#12
- ws2_32.dll.#9
- oleaut32.dll.#26
- oleaut32.dll.#165
- oleaut32.dll.#8
- oleaut32.dll.#10
- ntdll.dll.RtlReAllocateHeap
- ntdll.dll.RtlSizeHeap
- ntdll.dll.RtlMoveMemory
- kernel32.dll.IsProcessorFeaturePresent
- cryptbase.dll.SystemFunction036
- user32.dll.GetWindowInfo
- user32.dll.GetAncestor
- user32.dll.GetMonitorInfoA
- user32.dll.EnumDisplayMonitors
- user32.dll.EnumDisplayDevicesA
- gdi32.dll.ExtTextOutW
- gdi32.dll.GdiIsMetaPrintDC
- msimg32.dll.AlphaBlend
- gdi32.dll.CreateSolidBrush
- user32.dll.LoadCursorA
- gdiplus.dll.GdipCreateStringFormat
- gdiplus.dll.GdipCreateFontFamilyFromName
- kernel32.dll.RegOpenKeyExW
- kernel32.dll.RegQueryInfoKeyA
- kernel32.dll.RegCloseKey
- kernel32.dll.RegCreateKeyExW
- kernel32.dll.RegQueryValueExW
- gdiplus.dll.GdipCreateFont
- gdiplus.dll.GdipDeleteFontFamily
- gdiplus.dll.GdipSetStringFormatAlign
- gdiplus.dll.GdipSetStringFormatLineAlign
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.VirtualProtectEx
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsFree
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.CreateEventExW
- kernel32.dll.CreateSemaphoreExW
- kernel32.dll.SetThreadStackGuarantee
- kernel32.dll.CreateThreadpoolTimer
- kernel32.dll.SetThreadpoolTimer
- kernel32.dll.WaitForThreadpoolTimerCallbacks
- kernel32.dll.CloseThreadpoolTimer
- kernel32.dll.CreateThreadpoolWait
- kernel32.dll.SetThreadpoolWait
- kernel32.dll.CloseThreadpoolWait
- kernel32.dll.FlushProcessWriteBuffers
- kernel32.dll.FreeLibraryWhenCallbackReturns
- kernel32.dll.GetCurrentProcessorNumber
- kernel32.dll.GetLogicalProcessorInformation
- kernel32.dll.CreateSymbolicLinkW
- kernel32.dll.EnumSystemLocalesEx
- kernel32.dll.CompareStringEx
- kernel32.dll.GetDateFormatEx
- kernel32.dll.GetLocaleInfoEx
- kernel32.dll.GetTimeFormatEx
- kernel32.dll.GetUserDefaultLocaleName
- kernel32.dll.IsValidLocaleName
- kernel32.dll.LCMapStringEx
- kernel32.dll.GetTickCount64
- kernel32.dll.CreateHardLinkW
- ws2_32.dll.WSACleanup
- ws2_32.dll.__WSAFDIsSet
- ws2_32.dll.WSAGetLastError
- ws2_32.dll.WSAGetOverlappedResult
- ws2_32.dll.WSADuplicateSocketW
- ws2_32.dll.WSAIoctl
- ws2_32.dll.WSARecv
- ws2_32.dll.WSASocketW
- ws2_32.dll.WSASend
- ws2_32.dll.WSAStartup
- ws2_32.dll.ioctlsocket
- ws2_32.dll.accept
- ws2_32.dll.bind
- ws2_32.dll.closesocket
- ws2_32.dll.connect
- ws2_32.dll.freeaddrinfo
- ws2_32.dll.getaddrinfo
- ws2_32.dll.gethostbyname
- ws2_32.dll.getpeername
- ws2_32.dll.getsockname
- ws2_32.dll.getsockopt
- ws2_32.dll.htonl
- ws2_32.dll.htons
- ws2_32.dll.listen
- ws2_32.dll.ntohs
- ws2_32.dll.ntohl
- ws2_32.dll.recv
- ws2_32.dll.select
- ws2_32.dll.send
- ws2_32.dll.setsockopt
- ws2_32.dll.socket
- e2eecore.2.7.2.dll.e2ee_ProcessNotifyLib
- e2eecore.2.7.2.dll.GetNewInf
- kernel32.dll.VirtualAlloc
- kernel32.dll.RtlMoveMemory
- user32.dll.RegisterWindowMessageA
- gdiplus.dll.GdiplusStartup
- user32.dll.RegisterClassExA
- user32.dll.DefWindowProcA
- user32.dll.SetPropA
- user32.dll.GetPropA
- gdi32.dll.CreateRectRgn
- kernel32.dll.GlobalUnlock
- windowscodecs.dll.DllGetClassObject
- kernel32.dll.WerRegisterMemoryBlock
- gdi32.dll.SetRectRgn
- kernel32.dll.GetProcessHeap
- kernel32.dll.HeapAlloc
- gdiplus.dll.GdipMeasureString
- gdiplus.dll.GdipDrawString
- gdiplus.dll.GdipSetInterpolationMode
- gdiplus.dll.GdipSetPixelOffsetMode
- gdiplus.dll.GdipDrawImageRectRectI
- gdiplus.dll.GdipGraphicsClear
- gdiplus.dll.GdipDrawImageRectI
- gdiplus.dll.GdipDeleteGraphics
- gdiplus.dll.GdipCreateCachedBitmap
- gdiplus.dll.GdipDrawCachedBitmap
- gdiplus.dll.GdipSetClipRectI
- gdiplus.dll.GdipResetClip
- user32.dll.SetWindowRgn
- user32.dll.GetClassLongA
- user32.dll.SetClassLongA
- user32.dll.GetWindowLongA
- user32.dll.SetWindowLongA
- user32.dll.SetWindowPos
- ole32.dll.CoInitializeEx
- ole32.dll.CoUninitialize
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- user32.dll.FillRect
- gdi32.dll.SelectClipRgn
- gdi32.dll.CombineRgn
- gdi32.dll.FillRgn
- gdiplus.dll.GdipCreateHBITMAPFromBitmap
- gdiplus.dll.GdipGetPropertyItemSize
- gdiplus.dll.GdipImageGetFrameCount
- gdiplus.dll.GdipImageSelectActiveFrame
- gdiplus.dll.GdipCreatePath
- gdiplus.dll.GdipAddPathArc
- gdiplus.dll.GdipClosePathFigure
- gdiplus.dll.GdipCreateTexture
- gdiplus.dll.GdipFillPath
- gdiplus.dll.GdipDeletePath
- comctl32.dll.RegisterClassNameW
- uxtheme.dll.EnableThemeDialogTexture
- gdiplus.dll.GdipAddPathPie
- gdiplus.dll.GdipSetStringFormatMeasurableCharacterRanges
- gdiplus.dll.GdipCreateRegion
- gdiplus.dll.GdipMeasureCharacterRanges
- gdiplus.dll.GdipDeleteRegion
- user32.dll.GetParent
- user32.dll.EnumChildWindows
- user32.dll.SetParent
- shlwapi.dll.PathIsDirectoryA
- kernel32.dll.GetSystemWow64DirectoryA
- user32.dll.SetTimer
- kernel32.dll.HeapFree
- ole32.dll.CoInitialize
- winhttp.dll.WinHttpCheckPlatform
- kernel32.dll.MultiByteToWideChar
- winhttp.dll.WinHttpCrackUrl
- shlwapi.dll.StrCmpNW
- kernel32.dll.WideCharToMultiByte
- winhttp.dll.WinHttpOpen
- winhttp.dll.WinHttpSetTimeouts
- winhttp.dll.WinHttpConnect
- winhttp.dll.WinHttpOpenRequest
- winhttp.dll.WinHttpSetOption
- winhttp.dll.WinHttpAddRequestHeaders
- shlwapi.dll.#153
- winhttp.dll.WinHttpSendRequest
- ws2_32.dll.GetAddrInfoW
- ws2_32.dll.#21
- ws2_32.dll.FreeAddrInfoW
- ws2_32.dll.#6
- schannel.dll.SpUserModeInitialize
- advapi32.dll.RegCreateKeyExW
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegCloseKey
- secur32.dll.FreeContextBuffer
- ncrypt.dll.SslOpenProvider
- ncrypt.dll.GetSChannelInterface
- bcryptprimitives.dll.GetHashInterface
- ncrypt.dll.SslIncrementProviderReferenceCount
- ncrypt.dll.SslImportKey
- bcryptprimitives.dll.GetCipherInterface
- ncrypt.dll.SslLookupCipherSuiteInfo
- user32.dll.LoadStringW
- ncrypt.dll.BCryptOpenAlgorithmProvider
- ncrypt.dll.BCryptGetProperty
- ncrypt.dll.BCryptCreateHash
- ncrypt.dll.BCryptHashData
- ncrypt.dll.BCryptFinishHash
- ncrypt.dll.BCryptDestroyHash
- crypt32.dll.CertGetCertificateChain
- userenv.dll.GetUserProfileDirectoryW
- sechost.dll.ConvertSidToStringSidW
- sechost.dll.ConvertStringSidToSidW
- userenv.dll.RegisterGPNotification
- gpapi.dll.RegisterGPNotificationInternal
- sechost.dll.OpenSCManagerW
- sechost.dll.OpenServiceW
- sechost.dll.CloseServiceHandle
- sechost.dll.QueryServiceConfigW
- cryptsp.dll.CryptAcquireContextA
- cryptsp.dll.CryptCreateHash
- cryptsp.dll.CryptHashData
- cryptsp.dll.CryptVerifySignatureA
- cryptsp.dll.CryptDestroyKey
- cryptsp.dll.CryptDestroyHash
- bcryptprimitives.dll.GetAsymmetricEncryptionInterface
- ncrypt.dll.BCryptImportKeyPair
- ncrypt.dll.BCryptVerifySignature
- ncrypt.dll.BCryptDestroyKey
- crypt32.dll.CertVerifyCertificateChainPolicy
- crypt32.dll.CertFreeCertificateChain
- crypt32.dll.CertDuplicateCertificateContext
- ncrypt.dll.SslEncryptPacket
- ncrypt.dll.SslDecryptPacket
- winhttp.dll.WinHttpReceiveResponse
- winhttp.dll.WinHttpQueryDataAvailable
- winhttp.dll.WinHttpReadData
- winhttp.dll.WinHttpQueryHeaders
- kernel32.dll.CreateToolhelp32Snapshot
- kernel32.dll.Process32First
- kernel32.dll.Process32Next
- kernel32.dll.CloseHandle
- ntdll.dll.RtlAdjustPrivilege
- user32.dll.GetInputState
- kernel32.dll.GlobalMemoryStatusEx
- kernel32.dll.GetNativeSystemInfo
- kernel32.dll.GlobalAlloc
- kernel32.dll.GlobalFree
- winhttp.dll.WinHttpCloseHandle
- crypt32.dll.CertFreeCertificateContext
- rpcrt4.dll.RpcBindingFree
- user32.dll.GetDesktopWindow
- user32.dll.GetWindow
- user32.dll.GetWindowTextLengthA
- user32.dll.GetWindowTextA
- wininet.dll.InternetOpenA
- wininet.dll.InternetConnectA
- wininet.dll.HttpOpenRequestA
- wininet.dll.InternetSetOptionA
- wininet.dll.HttpSendRequestA
- rasapi32.dll.RasConnectionNotificationW
- sechost.dll.NotifyServiceStatusChangeA
- wininet.dll.InternetReadFile
- wininet.dll.HttpQueryInfoA
- wininet.dll.InternetCloseHandle
- user32.dll.KillTimer
- ws2_32.dll.#22
- ncrypt.dll.SslDecrementProviderReferenceCount
- ncrypt.dll.SslFreeObject