魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2022-09-24 22:34:07 | 2022-09-24 22:36:18 | 131 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp02-1 | win7-sp1-x64-shaapp02-1 | KVM | 2022-09-24 22:34:08 | 2022-09-24 22:36:19 |
| 魔盾分数 |
|---|
2.525可疑的 |
文件详细信息
| 文件名 | CMWTAT_Digital_Release_2_6_2_0.exe |
|---|---|
| 文件大小 | 13385216 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| CRC32 | F38DC682 |
| MD5 | b3eb76220a557522e5e58a7a11c6f462 |
| SHA1 | bcb0b181f49bdf434f6c3912323803641f7013cb |
| SHA256 | 1834e6d6b9a50b753a36f8d0c2e54cd15f6850e1b1d18a76fa44f100fb63aeaa |
| SHA512 | a929cdeba86d79f41533a53e23bd5c57710112a1314b682f3f661dadc144b5df2602b1ad34d421493011dcfe7f8bec27fbe65b7ab79da7e9a3593fe69991ac54 |
| Ssdeep | 196608:PInBDceT/wcnJ45/9iD54+V11bFv4zPE:Y+014 |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | VirusTotal查询失败 |
特征
创建RWX内存
在加密调用中发现至少一个IP地址,域名,或文件名
ioc: 4.0.0.0
ioc: 3.5.0.0
ioc: http://schemas.microsoft.com/netfx/2009/xaml/presentation
ioc: http://schemas.microsoft.com/winfx/2006/xaml/presentation
ioc: http://schemas.microsoft.com/netfx/2007/xaml/presentation
通过进程尝试延迟分析任务
Process: CMWTAT_Digital_Release_2_6_2_0.exe tried to sleep 60 seconds, actually delayed analysis time by 0 seconds
魔盾安全Yara规则检测结果 - 安全告警
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Looks for advapi API functions
Informational: PowerShell Detected
运行截图
网络分析
TCP连接
| IP地址 | 端口 |
|---|---|
| 23.192.228.78 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x01061d5e |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00ccb2a9 |
| 最低操作系统版本要求 | 4.0 |
| PDB路径 | D:\Projects\CMWTAT_Digital_Edition\CMWTAT_DIGITAL\obj\Release\CMWTAT_DIGITAL.pdb |
| 编译时间 | 2022-09-11 19:26:05 |
| 载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
版本信息
| Translation: | 0x0000 0x04b0 |
| LegalCopyright: | Copyright \xa9 CloudMoe Saltfish Studio 2022 |
| Assembly Version: | 2.6.2.0 |
| InternalName: | CMWTAT_DIGITAL.exe |
| FileVersion: | 2.6.2.0 |
| CompanyName: | CloudMoe Network |
| LegalTrademarks: | CloudMoe Saltfish Studio |
| Comments: | CloudMoe Windows 10 Activation Toolkit V2 |
| ProductName: | CMWTAT Digital Edition V2 |
| ProductVersion: | 2.6.2.0 |
| FileDescription: | CMWTAT Digital Edition V2 |
| OriginalFilename: | CMWTAT_DIGITAL.exe |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x00c5fd64 | 0x00c5fe00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.06 |
| .rsrc | 0x00c62000 | 0x00063a40 | 0x00063c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.90 |
| .reloc | 0x00cc6000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.10 |
导入
库 mscoree.dll:
• 0x402000 - _CorExeMain
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
CMWTAT_Digital_Release_2_6_2_0.exe PID: 2608, 上一级进程 PID: 2268
访问的文件
- C:\Windows\sysnative\MSCOREE.DLL.local
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- C:\Windows\Microsoft.NET\Framework64\*
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- C:\Users\test\AppData\Local\Temp\CMWTAT_Digital_Release_2_6_2_0.exe.config
- C:\Users\test\AppData\Local\Temp\CMWTAT_Digital_Release_2_6_2_0.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSVCR120_CLR0400.dll
- C:\Windows\sysnative\MSVCR120_CLR0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll.aux
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ole32.dll
- \Device\KsecDD
- C:\Windows\assembly\NativeImages_v4.0.30319_64\CMWTAT_DIGITAL\*
- C:\Users\test\AppData\Local\Temp\CMWTAT_Digital_Release_2_6_2_0.INI
- C:\Windows\assembly\pubpol49.dat
- C:\Windows\assembly\GAC\PublisherPolicy.tme
- C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\bbc645f39adb98788815ae3bc5b4ccfd\PresentationFramework.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\bbc645f39adb98788815ae3bc5b4ccfd\PresentationFramework.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_64\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\3af6769b9e2d18fa66c370d824cfc745\WindowsBase.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\3af6769b9e2d18fa66c370d824cfc745\WindowsBase.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_64\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\6334bb877f82486e6cbdace680c75bf2\PresentationCore.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\6334bb877f82486e6cbdace680c75bf2\PresentationCore.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df20bb545888609f896fa3210a7db5de\System.Xaml.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df20bb545888609f896fa3210a7db5de\System.Xaml.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\MSVCR120_CLR0400.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\SHLWAPI.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
- C:\Windows\assembly\GAC_64
- C:\Windows\assembly\GAC_64\mscorlib.resources
- C:\Windows\assembly\GAC_32
- C:\Windows\assembly\GAC_32\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\GAC
- C:\Windows\assembly\GAC\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32
- C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.INI
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-CN\mscorrc.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-CN\mscorrc.dll.DLL
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-Hans\mscorrc.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\PresentationNative_v0400.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-CN\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-CHS\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-CHS\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-Hans\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-Hans\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\zh\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\zh\CMWTAT_DIGITAL.resources\CMWTAT_DIGITAL.resources.exe
- C:\Users\test\AppData\Local\Temp\MaterialDesignThemes.Wpf.dll
- C:\Users\test\AppData\Local\Temp\MaterialDesignThemes.Wpf\MaterialDesignThemes.Wpf.dll
- C:\Users\test\AppData\Local\Temp\MaterialDesignThemes.Wpf.exe
- C:\Users\test\AppData\Local\Temp\MaterialDesignThemes.Wpf\MaterialDesignThemes.Wpf.exe
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignThemes.Wpf\v4.0_4.5.0.0__df2a72020bd7962a\MaterialDesignThemes.Wpf.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignThemes.Wpf\4.5.0.0__df2a72020bd7962a\MaterialDesignThemes.Wpf.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-CN_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-CN_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-CN_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-CN_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-CN_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-CN_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignThemes.Wpf.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-CHS_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-CHS_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-CHS_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-CHS_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-CHS_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-CHS_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignThemes.Wpf.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-Hans_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-Hans_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh-Hans_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-Hans_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-Hans_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh-Hans_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignThemes.Wpf.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignThemes.Wpf.resources\v4.0_4.5.0.0_zh_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignThemes.Wpf.resources\4.5.0.0_zh_df2a72020bd7962a\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignThemes.Wpf.resources.exe
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignThemes.Wpf.resources\MaterialDesignThemes.Wpf.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\uxtheme.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationFramework.classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.classic.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework.classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.classic.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\5771a1b5d38bd31ed5203dd78e0ba484\PresentationFramework.classic.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\5771a1b5d38bd31ed5203dd78e0ba484\PresentationFramework.classic.ni.dll.aux
- C:\Windows\assembly\GAC_64\PresentationFramework.Classic.resources
- C:\Windows\assembly\GAC_32\PresentationFramework.Classic.resources
- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Classic.resources
- C:\Windows\assembly\GAC\PresentationFramework.Classic.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationFramework.Classic.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32\PresentationFramework.Classic.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework.Classic.resources
- C:\Users\test\AppData\Local\Temp\MaterialDesignColors.dll
- C:\Users\test\AppData\Local\Temp\MaterialDesignColors\MaterialDesignColors.dll
- C:\Users\test\AppData\Local\Temp\MaterialDesignColors.exe
- C:\Users\test\AppData\Local\Temp\MaterialDesignColors\MaterialDesignColors.exe
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignColors\v4.0_2.0.6.0__df2a72020bd7962a\MaterialDesignColors.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignColors\2.0.6.0__df2a72020bd7962a\MaterialDesignColors.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-CN_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-CN_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-CN_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignColors.resources\2.0.6.0_zh-CN_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignColors.resources\2.0.6.0_zh-CN_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignColors.resources\2.0.6.0_zh-CN_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignColors.resources\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignColors.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-CN\MaterialDesignColors.resources\MaterialDesignColors.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-CHS_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-CHS_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-CHS_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignColors.resources\2.0.6.0_zh-CHS_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignColors.resources\2.0.6.0_zh-CHS_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignColors.resources\2.0.6.0_zh-CHS_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignColors.resources\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignColors.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-CHS\MaterialDesignColors.resources\MaterialDesignColors.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-Hans_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-Hans_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignColors.resources\v4.0_2.0.6.0_zh-Hans_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignColors.resources\2.0.6.0_zh-Hans_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignColors.resources\2.0.6.0_zh-Hans_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignColors.resources\2.0.6.0_zh-Hans_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignColors.resources\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignColors.resources.exe
- C:\Users\test\AppData\Local\Temp\zh-Hans\MaterialDesignColors.resources\MaterialDesignColors.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignColors.resources\v4.0_2.0.6.0_zh_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\MaterialDesignColors.resources\v4.0_2.0.6.0_zh_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignColors.resources\v4.0_2.0.6.0_zh_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_64\MaterialDesignColors.resources\2.0.6.0_zh_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC_MSIL\MaterialDesignColors.resources\2.0.6.0_zh_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Windows\assembly\GAC\MaterialDesignColors.resources\2.0.6.0_zh_df2a72020bd7962a\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignColors.resources\MaterialDesignColors.resources.dll
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignColors.resources.exe
- C:\Users\test\AppData\Local\Temp\zh\MaterialDesignColors.resources\MaterialDesignColors.resources.exe
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignThemes.Wpf\v4.0_4.5.0.0__df2a72020bd7962a\MaterialDesignThemes.Wpf.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignThemes.Wpf\v4.0_4.5.0.0__df2a72020bd7962a\MaterialDesignThemes.Wpf.dll
- C:\Windows\assembly\GAC_64\MaterialDesignThemes.Wpf\4.5.0.0__df2a72020bd7962a\MaterialDesignThemes.Wpf.dll
- C:\Windows\assembly\GAC\MaterialDesignThemes.Wpf\4.5.0.0__df2a72020bd7962a\MaterialDesignThemes.Wpf.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\MaterialDesignColors\v4.0_2.0.6.0__df2a72020bd7962a\MaterialDesignColors.dll
- C:\Windows\Microsoft.Net\assembly\GAC\MaterialDesignColors\v4.0_2.0.6.0__df2a72020bd7962a\MaterialDesignColors.dll
- C:\Windows\assembly\GAC_64\MaterialDesignColors\2.0.6.0__df2a72020bd7962a\MaterialDesignColors.dll
- C:\Windows\assembly\GAC\MaterialDesignColors\2.0.6.0__df2a72020bd7962a\MaterialDesignColors.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Runtime.WindowsRuntime\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.WindowsRuntime\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll
- C:\Windows\Microsoft.Net\assembly\GAC\System.Runtime.WindowsRuntime\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll
- C:\Windows\assembly\GAC_64\System.Runtime.WindowsRuntime\4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll
- C:\Windows\assembly\GAC_MSIL\System.Runtime.WindowsRuntime\4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll
- C:\Windows\assembly\GAC\System.Runtime.WindowsRuntime\4.0.0.0__b77a5c561934e089\System.Runtime.WindowsRuntime.dll
- C:\Users\test\AppData\Local\Temp\System.Runtime.WindowsRuntime.dll
- C:\Users\test\AppData\Local\Temp\System.Runtime.WindowsRuntime\System.Runtime.WindowsRuntime.dll
- C:\Users\test\AppData\Local\Temp\System.Runtime.WindowsRuntime.exe
- C:\Users\test\AppData\Local\Temp\System.Runtime.WindowsRuntime\System.Runtime.WindowsRuntime.exe
- C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
- C:\Windows\assembly\GAC_64\System.Xaml.resources
- C:\Windows\assembly\GAC_32\System.Xaml.resources
- C:\Windows\assembly\GAC_MSIL\System.Xaml.resources
- C:\Windows\assembly\GAC\System.Xaml.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Xaml.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Xaml.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Xaml.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Xaml.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Xaml.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml9d23c3a1#\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Xaml.resources.INI
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
读取的文件
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- C:\Users\test\AppData\Local\Temp\CMWTAT_Digital_Release_2_6_2_0.exe.config
- C:\Users\test\AppData\Local\Temp\CMWTAT_Digital_Release_2_6_2_0.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- C:\Windows\sysnative\MSVCR120_CLR0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll
- \Device\KsecDD
- C:\Windows\assembly\pubpol49.dat
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\bbc645f39adb98788815ae3bc5b4ccfd\PresentationFramework.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\3af6769b9e2d18fa66c370d824cfc745\WindowsBase.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\3af6769b9e2d18fa66c370d824cfc745\WindowsBase.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\6334bb877f82486e6cbdace680c75bf2\PresentationCore.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\6334bb877f82486e6cbdace680c75bf2\PresentationCore.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\bbc645f39adb98788815ae3bc5b4ccfd\PresentationFramework.ni.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df20bb545888609f896fa3210a7db5de\System.Xaml.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\df20bb545888609f896fa3210a7db5de\System.Xaml.ni.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-Hans\mscorrc.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\5771a1b5d38bd31ed5203dd78e0ba484\PresentationFramework.classic.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatiod51afaa5#\5771a1b5d38bd31ed5203dd78e0ba484\PresentationFramework.classic.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll
- C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Xaml.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll
修改的文件
无信息
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v4.0.30319
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CMWTAT_Digital_Release_2_6_2_0.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_CURRENT_USER\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
- HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.PresentationFramework__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.PresentationFramework__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.WindowsBase__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.WindowsBase__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xaml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xaml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.PresentationCore__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.PresentationCore__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.UIAutomationTypes__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.UIAutomationTypes__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Input.Manipulations__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Input.Manipulations__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.UIAutomationProvider__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.UIAutomationProvider__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.ReachFramework__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.ReachFramework__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.PresentationUI__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.PresentationUI__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Printing__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Printing__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
- HKEY_LOCAL_MACHINE\Software\Microsoft\Net Framework Setup\NDP\v4\Client
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\InstallPath
- HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics
- HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_CURRENT_USER\Software\Microsoft\Tracing\WPF
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\AppID\CMWTAT_Digital_Release_2_6_2_0.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D4DA46D5
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2280033686-3172497658-3481507381-1000\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|CMWTAT_Digital_Release_2_6_2_0.exe
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|CMWTAT_Digital_Release_2_6_2_0.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|test|AppData|Local|Temp|CMWTAT_Digital_Release_2_6_2_0.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2280033686-3172497658-3481507381-1000\Installer\Assemblies\Global
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.5.MaterialDesignThemes.Wpf__df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.5.MaterialDesignThemes.Wpf__df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.5.MaterialDesignThemes.Wpf.resources_zh-CN_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.5.MaterialDesignThemes.Wpf.resources_zh-CN_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.5.MaterialDesignThemes.Wpf.resources_zh-CHS_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.5.MaterialDesignThemes.Wpf.resources_zh-CHS_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.5.MaterialDesignThemes.Wpf.resources_zh-Hans_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.5.MaterialDesignThemes.Wpf.resources_zh-Hans_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.5.MaterialDesignThemes.Wpf.resources_zh_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.5.MaterialDesignThemes.Wpf.resources_zh_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.PresentationFramework.classic__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.PresentationFramework.classic__31bf3856ad364e35
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.2.0.MaterialDesignColors__df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.MaterialDesignColors__df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.2.0.MaterialDesignColors.resources_zh-CN_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.MaterialDesignColors.resources_zh-CN_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.2.0.MaterialDesignColors.resources_zh-CHS_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.MaterialDesignColors.resources_zh-CHS_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.2.0.MaterialDesignColors.resources_zh-Hans_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.MaterialDesignColors.resources_zh-Hans_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.2.0.MaterialDesignColors.resources_zh_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.MaterialDesignColors.resources_zh_df2a72020bd7962a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Pen\SysEventParameters
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Pen\SysEventParameters\DblDist
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Pen\SysEventParameters\DblTime
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Pen\SysEventParameters\Cancel
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Touch
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Touch\TouchModeN_DtapDist
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Touch\TouchModeN_DtapTime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.WindowsRuntime__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.WindowsRuntime__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xaml.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xaml.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\InstallPath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D4DA46D5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Pen\SysEventParameters\DblDist
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Pen\SysEventParameters\DblTime
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Pen\SysEventParameters\Cancel
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Touch\TouchModeN_DtapDist
- HKEY_CURRENT_USER\Software\Microsoft\Wisp\Touch\TouchModeN_DtapTime
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryInfoKeyW
- advapi32.dll.RegEnumKeyExW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegCloseKey
- advapi32.dll.RegQueryValueExW
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsFree
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.CreateEventExW
- kernel32.dll.CreateSemaphoreExW
- kernel32.dll.SetThreadStackGuarantee
- kernel32.dll.CreateThreadpoolTimer
- kernel32.dll.SetThreadpoolTimer
- kernel32.dll.WaitForThreadpoolTimerCallbacks
- kernel32.dll.CloseThreadpoolTimer
- kernel32.dll.CreateThreadpoolWait
- kernel32.dll.SetThreadpoolWait
- kernel32.dll.CloseThreadpoolWait
- kernel32.dll.FlushProcessWriteBuffers
- kernel32.dll.FreeLibraryWhenCallbackReturns
- kernel32.dll.GetCurrentProcessorNumber
- kernel32.dll.GetLogicalProcessorInformation
- kernel32.dll.CreateSymbolicLinkW
- kernel32.dll.EnumSystemLocalesEx
- kernel32.dll.CompareStringEx
- kernel32.dll.GetDateFormatEx
- kernel32.dll.GetLocaleInfoEx
- kernel32.dll.GetTimeFormatEx
- kernel32.dll.GetUserDefaultLocaleName
- kernel32.dll.IsValidLocaleName
- kernel32.dll.LCMapStringEx
- kernel32.dll.GetTickCount64
- kernel32.dll.AcquireSRWLockExclusive
- kernel32.dll.ReleaseSRWLockExclusive
- advapi32.dll.EventRegister
- mscoree.dll.#142
- mscoreei.dll.RegisterShimImplCallback
- mscoreei.dll.OnShimDllMainCalled
- mscoreei.dll._CorExeMain
- shlwapi.dll.UrlIsW
- version.dll.GetFileVersionInfoSizeW
- version.dll.GetFileVersionInfoW
- version.dll.VerQueryValueW
- clr.dll.SetRuntimeInfo
- clr.dll._CorExeMain
- mscoree.dll.CreateConfigStream
- mscoreei.dll.CreateConfigStream
- kernel32.dll.GetNumaHighestNodeNumber
- ntdll.dll.RtlVirtualUnwind
- kernel32.dll.GetSystemWindowsDirectoryW
- advapi32.dll.AllocateAndInitializeSid
- advapi32.dll.OpenProcessToken
- advapi32.dll.GetTokenInformation
- advapi32.dll.InitializeAcl
- advapi32.dll.AddAccessAllowedAce
- advapi32.dll.FreeSid
- kernel32.dll.AddSIDToBoundaryDescriptor
- kernel32.dll.CreateBoundaryDescriptorW
- kernel32.dll.CreatePrivateNamespaceW
- kernel32.dll.OpenPrivateNamespaceW
- kernel32.dll.DeleteBoundaryDescriptor
- kernel32.dll.WerRegisterRuntimeExceptionModule
- kernel32.dll.RaiseException
- mscoree.dll.#24
- mscoreei.dll.#24
- psapi.dll.GetProcessMemoryInfo
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- ole32.dll.CoInitializeEx
- cryptbase.dll.SystemFunction036
- cryptsp.dll.CryptImportKey
- cryptsp.dll.CryptHashData
- cryptsp.dll.CryptGetHashParam
- cryptsp.dll.CryptDestroyHash
- cryptsp.dll.CryptDestroyKey
- clrjit.dll.sxsJitStartup
- clrjit.dll.getJit
- kernel32.dll.LocalAlloc
- msvcr120_clr0400.dll.??2@YAPEAX_K@Z
- user32.dll.SetProcessDPIAware
- kernel32.dll.GetEnvironmentVariableW
- shlwapi.dll.PathAppendW
- kernel32.dll.GetModuleHandleW
- kernel32.dll.GetProcAddress
- kernel32.dll.LoadLibraryW
- dwrite.dll.DWriteCreateFactory
- shlwapi.dll.PathCombineW
- gdi32.dll.GdiEntry13
- advapi32.dll.EventWrite
- advapi32.dll.EventUnregister
- cryptsp.dll.CryptReleaseContext
- kernel32.dll.LocaleNameToLCID
- kernel32.dll.LCIDToLocaleName
- kernel32.dll.GetUserPreferredUILanguages
- nlssorting.dll.SortGetHandle
- nlssorting.dll.SortCloseHandle
- kernel32.dll.IsDebuggerPresent
- mscoree.dll.GetProcessExecutableHeap
- mscoreei.dll.GetProcessExecutableHeap
- kernel32.dll.CompareStringOrdinal
- kernel32.dll.GetFullPathNameW
- kernel32.dll.SetThreadErrorMode
- kernel32.dll.GetFileAttributesExW
- clr.dll.CreateAssemblyNameObject
- ole32.dll.CoGetContextToken
- ole32.dll.CoGetObjectContext
- sechost.dll.LookupAccountNameLocalW
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptGenRandom
- ole32.dll.NdrOleInitializeExtension
- ole32.dll.CoGetClassObject
- ole32.dll.CoGetMarshalSizeMax
- ole32.dll.CoMarshalInterface
- ole32.dll.CoUnmarshalInterface
- ole32.dll.StringFromIID
- ole32.dll.CoGetPSClsid
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CoTaskMemFree
- ole32.dll.CoCreateInstance
- ole32.dll.CoReleaseMarshalData
- ole32.dll.DcomChannelSetHResult
- rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
- clr.dll.CreateAssemblyEnum
- kernel32.dll.ResolveLocaleName
- user32.dll.RegisterWindowMessageW
- kernel32.dll.WideCharToMultiByte
- user32.dll.DefWindowProcW
- gdi32.dll.GetStockObject
- ole32.dll.CoCreateGuid
- user32.dll.RegisterClassExW
- user32.dll.CreateWindowExW
- presentationnative_v0400.dll.SetWindowLongPtrWrapper
- user32.dll.CallWindowProcW
- user32.dll.PostMessageW
- user32.dll.GetSystemMetrics
- user32.dll.SystemParametersInfoW
- user32.dll.GetDC
- gdi32.dll.GetDeviceCaps
- user32.dll.ReleaseDC
- uxtheme.dll.IsThemeActive
- ole32.dll.CoWaitForMultipleHandles
- user32.dll.GetSysColor
- user32.dll.GetMessageW
- user32.dll.TranslateMessage
- user32.dll.DispatchMessageW
- user32.dll.MsgWaitForMultipleObjectsEx
- kernel32.dll.GetTempPathW
- kernel32.dll.GetVersionExA
- kernel32.dll.GetProductInfo
- user32.dll.GetDoubleClickTime