魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2023-06-07 19:16:07 | 2023-06-07 19:18:18 | 131 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp02-1 | win7-sp1-x64-shaapp02-1 | KVM | 2023-06-07 19:16:09 | 2023-06-07 19:18:19 |
| 魔盾分数 |
|---|
10.0恶意的 |
文件详细信息
| 文件名 | new.exe |
|---|---|
| 文件大小 | 7909376 字节 |
| 文件类型 | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows |
| CRC32 | B73B69D1 |
| MD5 | 5108d8fc42b484b9937fe879eeb5d293 |
| SHA1 | 7eba63a3e006b203c967ed4265c781aa849a2551 |
| SHA256 | 77eac3291d2d424026be860871be19893b1970a9a47ccf3d3dd396bc9c63d270 |
| SHA512 | 238857545038c690af7b8556b8b64994cef745e35364a69bee9cc7968f2544eb508e75c3ae5d982bb4ae9e56bc3c977c35a83803f5c1f354c80ee1ce76483b3b |
| Ssdeep | 49152:k2Ymzd3hQgIvI6ml8x42hyHRUOE/uLfu9jkfZeSxjPFfS7tVd7xbtEveku+jNbYH:kUd3hQgIvVk36rzd |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | VirusTotal查询失败 |
特征
创建RWX内存
通过进程尝试延迟分析任务
Process: wqfwq.exe tried to sleep 78 seconds, actually delayed analysis time by 0 seconds
魔盾wping.org IP地址信誉系统
Greylist: 121.40.115.108
Greylist: 154.92.14.6
发起了一些HTTP请求
URL: http://www.01happy.com/demo/accept.php
生成可疑网络流量,可能被用来进行恶意活动
signature: ET USER_AGENTS Go HTTP Client User-Agent
对一个无法找到的进程进行重复搜索,可能希望以startbrowser=1选项运行
HTTP数据流中包含可疑的恶意软件数据
post_no_referer: HTTP traffic contains a POST request with no referer header
suspicious_request: http://www.01happy.com/demo/accept.php
建立TCP连接到一个外部IP地址的非标准端口
Connection: 154.92.14.6:8000
可疑的样本异常终止
魔盾安全Yara规则检测结果 - 高危
Informational: Possibly employs anti-virtualization techniques
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
Warning: Look for RijnDael AES
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 121.40.115.108 | China |
| 是 | 154.92.14.6 | Seychelles |
域名解析
| 域名 | 响应 |
|---|---|
| www.01happy.com | A 121.40.115.108 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 104.99.238.48 | 80 |
| 121.40.115.108 | 80 |
| 154.92.14.6 | 8000 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
| http://www.01happy.com/demo/accept.php | POST /demo/accept.php HTTP/1.1 Host: www.01happy.com User-Agent: Go-http-client/1.1 Content-Length: 8 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip name=cjb |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00469fc0 |
| 声明校验值 | 0x0079915b |
| 实际校验值 | 0x00794b31 |
| 最低操作系统版本要求 | 6.1 |
| 编译时间 | 1970-01-01 08:00:00 |
| 载入哈希 | 4035d2883e01d64f3e7a9dccb1d63af5 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000ba325 | 0x000ba400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.92 |
| .rdata | 0x000bc000 | 0x005c9db8 | 0x005c9e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.29 |
| .data | 0x00686000 | 0x00061cd0 | 0x00018c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.49 |
| /4 | 0x006e8000 | 0x00000119 | 0x00000200 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 4.83 |
| /19 | 0x006e9000 | 0x00020c8b | 0x00020e00 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 8.00 |
| /32 | 0x0070a000 | 0x00006980 | 0x00006a00 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 7.93 |
| /46 | 0x00711000 | 0x00000030 | 0x00000200 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.86 |
| /65 | 0x00712000 | 0x000385c8 | 0x00038600 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 8.00 |
| /78 | 0x0074b000 | 0x0001d6a0 | 0x0001d800 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 7.99 |
| /90 | 0x00769000 | 0x0000b0ec | 0x0000b200 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 7.81 |
| .idata | 0x00775000 | 0x00000476 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.53 |
| .reloc | 0x00776000 | 0x00007c2a | 0x00007e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.43 |
| .symtab | 0x0077e000 | 0x0001a58a | 0x0001a600 | IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.16 |
| .rsrc | 0x00799000 | 0x000424b9 | 0x00042600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.21 |
导入
库 kernel32.dll:
• 0xa86020 - WriteFile
• 0xa86028 - WriteConsoleW
• 0xa86030 - WaitForMultipleObjects
• 0xa86038 - WaitForSingleObject
• 0xa86040 - VirtualQuery
• 0xa86048 - VirtualFree
• 0xa86050 - VirtualAlloc
• 0xa86058 - SwitchToThread
• 0xa86060 - SuspendThread
• 0xa86068 - Sleep
• 0xa86070 - SetWaitableTimer
• 0xa86078 - SetUnhandledExceptionFilter
• 0xa86080 - SetProcessPriorityBoost
• 0xa86088 - SetEvent
• 0xa86090 - SetErrorMode
• 0xa86098 - SetConsoleCtrlHandler
• 0xa860a0 - ResumeThread
• 0xa860a8 - PostQueuedCompletionStatus
• 0xa860b0 - LoadLibraryA
• 0xa860b8 - LoadLibraryW
• 0xa860c0 - SetThreadContext
• 0xa860c8 - GetThreadContext
• 0xa860d0 - GetSystemInfo
• 0xa860d8 - GetSystemDirectoryA
• 0xa860e0 - GetStdHandle
• 0xa860e8 - GetQueuedCompletionStatusEx
• 0xa860f0 - GetProcessAffinityMask
• 0xa860f8 - GetProcAddress
• 0xa86100 - GetEnvironmentStringsW
• 0xa86108 - GetConsoleMode
• 0xa86110 - FreeEnvironmentStringsW
• 0xa86118 - ExitProcess
• 0xa86120 - DuplicateHandle
• 0xa86128 - CreateWaitableTimerExW
• 0xa86130 - CreateThread
• 0xa86138 - CreateIoCompletionPort
• 0xa86140 - CreateEventA
• 0xa86148 - CloseHandle
• 0xa86150 - AddVectoredExceptionHandler
投放文件
行为分析
互斥量(Mutexes)
- 154.92.14.6:8000:Rssieg mauqauys
执行的命令
- C:\Users\Public\wqfwq.exe
创建的服务
无信息
启动的服务
无信息
进程
new.exe PID: 2608, 上一级进程 PID: 2248
wqfwq.exe PID: 2840, 上一级进程 PID: 2608
访问的文件
- \Device\KsecDD
- C:\Windows\sysnative\WSHTCPIP.DLL
- C:\Windows\sysnative\wship6.dll
- C:\Windows\sysnative\wshqos.dll
- C:\Users\test\AppData\Local\Temp\new.exe
- C:\Users\Public\asdwfdgfhdgnfhgjkh
- C:\Users\Public\wqfwq.exe
- \??\NUL
- C:\Windows\System32\WSHTCPIP.DLL
- C:\Windows\System32\wship6.dll
- C:\Windows\System32\wshqos.dll
- C:\Users\Public\ChatUi.dll
- C:\Users\Public\WChat.exe
- C:\Windows\System32\tzres.dll
- C:\Users\test\AppData\Local\Temp\tzres.dll
- C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
- C:\Windows\SysWOW64\taskschd.dll
- C:\Windows\SysWOW64\stdole2.tlb
- B:
- C:\
- D:
- E:
- F:
- G:
- H:
- I:
- J:
- K:
- L:
- M:
- N:
- O:
- P:
- Q:
- R:
- S:
- T:
- U:
- V:
- W:
- X:
- Y:
- Z:
- [:
读取的文件
- \Device\KsecDD
- C:\Windows\sysnative\WSHTCPIP.DLL
- C:\Windows\sysnative\wship6.dll
- C:\Windows\sysnative\wshqos.dll
- C:\Users\test\AppData\Local\Temp\new.exe
- C:\Users\Public\wqfwq.exe
- \??\NUL
- C:\Windows\System32\WSHTCPIP.DLL
- C:\Windows\System32\wship6.dll
- C:\Windows\System32\wshqos.dll
- C:\Users\Public\ChatUi.dll
- C:\Users\Public\WChat.exe
- C:\Windows\System32\tzres.dll
- C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
- C:\Windows\SysWOW64\taskschd.dll
- C:\Windows\SysWOW64\stdole2.tlb
修改的文件
- C:\Users\Public\asdwfdgfhdgnfhgjkh
- C:\Users\Public\wqfwq.exe
- \??\NUL
- C:\Users\Public\ChatUi.dll
- C:\Users\Public\WChat.exe
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Std
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\AAF68885
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-462
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-461
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-222
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-221
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-392
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-391
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-442
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-441
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-402
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-401
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-842
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-841
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-82
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-81
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-652
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-651
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-672
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-671
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-449
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-448
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1022
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1021
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-142
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-141
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-22
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-21
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-452
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-451
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-662
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-661
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-152
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-151
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-512
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-511
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-105
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-104
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-282
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-281
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-292
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-291
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-722
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-721
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-162
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-161
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-172
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-171
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-572
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-571
- HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\TypeLib
- HKEY_CURRENT_USER\Software\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}\1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}\1.0\804
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}\1.0\4
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}\1.0\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}\1.0\0\win32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}\1.0\0\win32\(Default)
- HKEY_CURRENT_USER\Software\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\Dynamic DST
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rssieg mauqauys
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\ConnectGroup
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\MarkTime
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\Host
- HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
- HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz
- HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
- HKEY_CLASSES_ROOT\CLSID
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance
- HKEY_CLASSES_ROOT\DirectShow\MediaObjects
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\DirectShow\MediaObjects\Categories\860bb310-5d01-11d0-bd3b-00a0c911ce86
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo3
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo4
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo5
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo6
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo8
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo9
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Std
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-462
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Afghanistan Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-461
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-222
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Alaskan Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-221
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-392
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arab Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-391
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-442
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabian Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-441
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-402
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Arabic Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-401
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-842
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Argentina Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-841
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-82
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Atlantic Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-81
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-652
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Central Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-651
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-672
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-671
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-449
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azerbaijan Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-448
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Azores Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1022
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Bangladesh Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1021
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-142
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Canada Central Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-141
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-22
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cape Verde Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-21
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-452
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Caucasus Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-451
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-662
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Cen. Australia Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-661
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-152
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central America Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-151
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-512
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Asia Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-511
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-105
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Brazilian Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-104
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-282
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Europe Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-281
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-292
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-291
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-722
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Pacific Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-721
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-162
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-161
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-172
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central Standard Time (Mexico)\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-171
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Std
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-572
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Dlt
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-571
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E34CB9F1-C7F7-424C-BE29-027DCC09363A}\1.0\0\win32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\ConnectGroup
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\Host
- HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo2
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo3
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo4
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo5
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo6
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo7
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo8
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\msvideo9
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\MarkTime
修改的注册表键
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-462
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-461
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-222
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-221
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-392
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-391
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-442
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-441
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-402
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-401
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-842
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-841
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-82
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-81
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-652
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-651
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-672
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-671
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-449
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-448
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-12
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-11
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1022
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-1021
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-142
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-141
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-22
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-21
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-452
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-451
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-662
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-661
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-152
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-151
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-512
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-511
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-105
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-104
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-282
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-281
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-292
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-291
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-722
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-721
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-162
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-161
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-172
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-171
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-572
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\C:\Windows\system32\,@tzres.dll,-571
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rssieg mauqauys
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\ConnectGroup
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rssieg mauqauys\MarkTime
删除的注册表键
无信息
API解析
- kernel32.dll.AddVectoredContinueHandler
- kernel32.dll.LoadLibraryExA
- kernel32.dll.LoadLibraryExW
- advapi32.dll.SystemFunction036
- ntdll.dll.NtWaitForSingleObject
- winmm.dll.timeBeginPeriod
- winmm.dll.timeEndPeriod
- ws2_32.dll.WSAGetOverlappedResult
- cryptbase.dll.SystemFunction001
- cryptbase.dll.SystemFunction002
- cryptbase.dll.SystemFunction003
- cryptbase.dll.SystemFunction004
- cryptbase.dll.SystemFunction005
- cryptbase.dll.SystemFunction028
- cryptbase.dll.SystemFunction029
- cryptbase.dll.SystemFunction034
- cryptbase.dll.SystemFunction036
- cryptbase.dll.SystemFunction040
- cryptbase.dll.SystemFunction041
- kernel32.dll.GetStdHandle
- kernel32.dll.SetHandleInformation
- kernel32.dll.GetSystemDirectoryW
- ws2_32.dll.WSAStartup
- kernel32.dll.SetFileCompletionNotificationModes
- ws2_32.dll.WSAEnumProtocolsW
- kernel32.dll.GetConsoleMode
- kernel32.dll.GetFileType
- kernel32.dll.GetCommandLineW
- kernel32.dll.GetModuleFileNameW
- kernel32.dll.GetCurrentDirectoryW
- kernel32.dll.MoveFileExW
- kernel32.dll.CreateFileW
- kernel32.dll.WriteFile
- kernel32.dll.CloseHandle
- kernel32.dll.GetEnvironmentVariableW
- kernel32.dll.GetFileAttributesExW
- kernel32.dll.GetEnvironmentStringsW
- kernel32.dll.FreeEnvironmentStringsW
- kernel32.dll.GetCurrentProcess
- kernel32.dll.DuplicateHandle
- kernel32.dll.CreateProcessW
- kernel32.dll.WriteConsoleW
- kernel32.dll.WaitForMultipleObjects
- kernel32.dll.WaitForSingleObject
- kernel32.dll.VirtualQuery
- kernel32.dll.VirtualFree
- kernel32.dll.VirtualAlloc
- kernel32.dll.SwitchToThread
- kernel32.dll.SuspendThread
- kernel32.dll.SetWaitableTimer
- kernel32.dll.SetUnhandledExceptionFilter
- kernel32.dll.SetProcessPriorityBoost
- kernel32.dll.SetEvent
- kernel32.dll.SetErrorMode
- kernel32.dll.SetConsoleCtrlHandler
- kernel32.dll.ResumeThread
- kernel32.dll.PostQueuedCompletionStatus
- kernel32.dll.LoadLibraryA
- kernel32.dll.LoadLibraryW
- kernel32.dll.SetThreadContext
- kernel32.dll.GetThreadContext
- kernel32.dll.GetSystemInfo
- kernel32.dll.GetSystemDirectoryA
- kernel32.dll.GetQueuedCompletionStatusEx
- kernel32.dll.GetProcessAffinityMask
- kernel32.dll.GetProcAddress
- kernel32.dll.ExitProcess
- kernel32.dll.CreateWaitableTimerExW
- kernel32.dll.CreateThread
- kernel32.dll.CreateIoCompletionPort
- kernel32.dll.CreateFileA
- kernel32.dll.CreateEventA
- kernel32.dll.AddVectoredExceptionHandler
- ntdll.dll.RtlGetCurrentPeb
- ntdll.dll.RtlGetNtVersionNumbers
- kernel32.dll.RtlMoveMemory
- ws2_32.dll.GetAddrInfoW
- ws2_32.dll.FreeAddrInfoW
- ws2_32.dll.WSASocketW
- ws2_32.dll.bind
- ws2_32.dll.socket
- ws2_32.dll.WSAIoctl
- ws2_32.dll.setsockopt
- ws2_32.dll.getsockname
- ws2_32.dll.getpeername
- ws2_32.dll.WSARecv
- ws2_32.dll.WSASend
- ws2_32.dll.closesocket
- kernel32.dll.GetTimeZoneInformation
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegEnumKeyExW
- advapi32.dll.RegLoadMUIStringW
- kernel32.dll.ExpandEnvironmentStringsW
- advapi32.dll.RegCloseKey
- kernel32.dll.FormatMessageW
- ole32.dll.CoInitialize
- ole32.dll.CLSIDFromProgID
- ole32.dll.CoCreateInstance
- kernel32.dll.GetUserDefaultLCID
- sxs.dll.SxsOleAut32RedirectTypeLibrary
- advapi32.dll.RegOpenKeyW
- advapi32.dll.RegQueryValueW
- sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
- oleaut32.dll.VariantInit
- oleaut32.dll.SysAllocStringLen
- sspicli.dll.GetUserNameExW
- oleaut32.dll.SysFreeString
- kernel32.dll.GetComputerNameExW
- advapi32.dll.OpenProcessToken
- advapi32.dll.GetTokenInformation
- advapi32.dll.ConvertSidToStringSidW
- kernel32.dll.LocalFree
- userenv.dll.GetUserProfileDirectoryW
- sechost.dll.ConvertSidToStringSidW
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- netapi32.dll.NetGetJoinInformation
- netapi32.dll.NetApiBufferFree
- netapi32.dll.NetUserGetInfo
- advapi32.dll.LookupAccountNameW
- sechost.dll.LookupAccountNameLocalW
- xmllite.dll.CreateXmlWriter
- xmllite.dll.CreateXmlWriterOutputWithEncodingName
- shlwapi.dll.PathFindFileNameW
- oleaut32.dll.SysStringLen
- oleaut32.dll.VariantTimeToSystemTime
- xmllite.dll.CreateXmlReader
- sechost.dll.ConvertStringSidToSidW
- oleaut32.dll.VariantClear
- ole32.dll.CoUninitialize
- oleaut32.dll.#500
- kernel32.dll.VirtualProtect
- kernel32.dll.FlushInstructionCache
- kernel32.dll.GetNativeSystemInfo
- kernel32.dll.Sleep
- user32.dll.FindWindowA
- user32.dll.GetClassNameA
- user32.dll.GetWindow
- user32.dll.GetKeyState
- user32.dll.GetAsyncKeyState
- user32.dll.MessageBoxA
- user32.dll.GetWindowTextA
- user32.dll.GetInputState
- user32.dll.PostThreadMessageA
- user32.dll.GetMessageA
- user32.dll.GetLastInputInfo
- user32.dll.wsprintfA
- user32.dll.EmptyClipboard
- user32.dll.SetClipboardData
- user32.dll.ExitWindowsEx
- user32.dll.OpenClipboard
- user32.dll.GetClipboardData
- user32.dll.CloseClipboard
- user32.dll.SendMessageA
- user32.dll.IsWindowVisible
- user32.dll.EnumWindows
- user32.dll.GetForegroundWindow
- iphlpapi.dll.GetIfTable
- advapi32.dll.OpenSCManagerA
- advapi32.dll.RegSetValueExA
- advapi32.dll.DeleteService
- advapi32.dll.OpenEventLogA
- advapi32.dll.ClearEventLogA
- advapi32.dll.CloseEventLog
- advapi32.dll.StartServiceCtrlDispatcherA
- advapi32.dll.RegisterServiceCtrlHandlerA
- advapi32.dll.DuplicateTokenEx
- advapi32.dll.SetTokenInformation
- advapi32.dll.CreateProcessAsUserA
- advapi32.dll.SetServiceStatus
- advapi32.dll.RegOpenKeyExA
- advapi32.dll.StartServiceA
- advapi32.dll.CreateServiceA
- advapi32.dll.LockServiceDatabase
- advapi32.dll.ChangeServiceConfig2A
- advapi32.dll.UnlockServiceDatabase
- advapi32.dll.OpenServiceA
- advapi32.dll.AdjustTokenPrivileges
- advapi32.dll.LookupPrivilegeValueA
- advapi32.dll.RegQueryValueExA
- advapi32.dll.RegOpenKeyA
- advapi32.dll.CloseServiceHandle
- setupapi.dll.SetupDiGetClassDevsA
- setupapi.dll.SetupDiEnumDeviceInfo
- setupapi.dll.SetupDiGetDeviceRegistryPropertyA
- setupapi.dll.SetupDiSetClassInstallParamsA
- setupapi.dll.SetupDiCallClassInstaller
- setupapi.dll.SetupDiDestroyDeviceInfoList
- kernel32.dll.GetStartupInfoW
- kernel32.dll.QueryPerformanceCounter
- kernel32.dll.GetCurrentProcessId
- kernel32.dll.GetSystemTimeAsFileTime
- kernel32.dll.HeapSize
- kernel32.dll.GetStringTypeW
- kernel32.dll.GetConsoleCP
- kernel32.dll.SetStdHandle
- kernel32.dll.FlushFileBuffers
- kernel32.dll.InterlockedExchange
- kernel32.dll.CancelIo
- kernel32.dll.ResetEvent
- kernel32.dll.GlobalUnlock
- kernel32.dll.GlobalLock
- kernel32.dll.FindNextFileA
- kernel32.dll.FindFirstFileA
- kernel32.dll.GetVersion
- kernel32.dll.DeviceIoControl
- kernel32.dll.SetLastError
- kernel32.dll.GetLastError
- kernel32.dll.GlobalAlloc
- kernel32.dll.LocalAlloc
- kernel32.dll.ReadFile
- kernel32.dll.GetFileSize
- kernel32.dll.DeleteFileA
- kernel32.dll.FreeLibrary
- kernel32.dll.lstrlenA
- kernel32.dll.lstrcpyA
- kernel32.dll.lstrcatA
- kernel32.dll.lstrcmpiA
- kernel32.dll.GetTickCount
- kernel32.dll.GetDiskFreeSpaceExA
- kernel32.dll.GetDriveTypeA
- kernel32.dll.GlobalMemoryStatusEx
- kernel32.dll.GetVersionExA
- kernel32.dll.GetLocalTime
- kernel32.dll.CreateDirectoryA
- kernel32.dll.ReleaseMutex
- kernel32.dll.CreateMutexA
- kernel32.dll.MoveFileExA
- kernel32.dll.MoveFileA
- kernel32.dll.GetModuleFileNameA
- kernel32.dll.SetFileAttributesA
- kernel32.dll.CopyFileA
- kernel32.dll.ExpandEnvironmentStringsA
- kernel32.dll.SetThreadPriority
- kernel32.dll.GetCurrentThread
- kernel32.dll.SetPriorityClass
- kernel32.dll.GetEnvironmentVariableA
- kernel32.dll.GetShortPathNameA
- kernel32.dll.DefineDosDeviceA
- kernel32.dll.GetFileAttributesA
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.SetFilePointer
- kernel32.dll.CreateProcessA
- kernel32.dll.TerminateThread
- kernel32.dll.HeapFree
- kernel32.dll.GetProcessHeap
- kernel32.dll.HeapAlloc
- kernel32.dll.SetHandleCount
- kernel32.dll.MultiByteToWideChar
- kernel32.dll.LCMapStringW
- kernel32.dll.WideCharToMultiByte
- kernel32.dll.IsValidCodePage
- kernel32.dll.GetOEMCP
- kernel32.dll.GetACP
- kernel32.dll.GetCPInfo
- kernel32.dll.HeapDestroy
- kernel32.dll.HeapCreate
- kernel32.dll.TerminateProcess
- kernel32.dll.IsDebuggerPresent
- kernel32.dll.UnhandledExceptionFilter
- kernel32.dll.EnterCriticalSection
- kernel32.dll.LeaveCriticalSection
- kernel32.dll.DeleteCriticalSection
- kernel32.dll.InitializeCriticalSectionAndSpinCount
- kernel32.dll.InterlockedDecrement
- kernel32.dll.InterlockedIncrement
- kernel32.dll.TlsFree
- kernel32.dll.TlsSetValue
- kernel32.dll.TlsGetValue
- kernel32.dll.TlsAlloc
- kernel32.dll.RtlUnwind
- kernel32.dll.RaiseException
- kernel32.dll.GetModuleHandleW
- kernel32.dll.HeapReAlloc
- kernel32.dll.ExitThread
- kernel32.dll.GetCommandLineA
- kernel32.dll.IsProcessorFeaturePresent
- ws2_32.dll.#6
- ws2_32.dll.#57
- ws2_32.dll.#23
- ws2_32.dll.#52
- ws2_32.dll.#9
- ws2_32.dll.#4
- ws2_32.dll.#18
- ws2_32.dll.#16
- ws2_32.dll.#116
- ws2_32.dll.#19
- ws2_32.dll.#21
- ws2_32.dll.#3
- ws2_32.dll.#115
- shell32.dll.SHChangeNotify
- shell32.dll.ShellExecuteExA
- shell32.dll.ShellExecuteA
- shell32.dll.SHGetSpecialFolderPathA
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.FlsFree
- advapi32.dll.RegEnumValueA
- advapi32.dll.RegEnumKeyExA
- advapi32.dll.RegCreateKeyExA
- advapi32.dll.RegDeleteKeyA
- advapi32.dll.RegDeleteValueA
- user32.dll.OpenInputDesktop
- user32.dll.OpenDesktopA
- user32.dll.CloseDesktop
- user32.dll.GetThreadDesktop
- user32.dll.GetUserObjectInformationA
- user32.dll.SetThreadDesktop
- wintrust.dll.WinVerifyTrust
- msdmo.dll.DMOEnum
- msdmo.dll.DMOGetTypes
- msdmo.dll.DMOGetName
- avicap32.dll.capGetDriverDescriptionW
- kernel32.dll.IsWow64Process
- kernel32.dll.CreateToolhelp32Snapshot
- kernel32.dll.Process32First
- kernel32.dll.Process32Next