魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2023-06-07 22:28:47 2023-06-07 22:29:25 38 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp03-1 win7-sp1-x64-shaapp03-1 KVM 2023-06-07 22:28:50 2023-06-07 22:29:28
魔盾分数

4.825

可疑的

文件详细信息

文件名 Diswater.exe
文件大小 2066768 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 5507CCEE
MD5 04340835c59a7ed913b2e432a64fbc7b
SHA1 1572c0c40a9f4cb21834bf5cfeeba6139092126e
SHA256 b578edbd97db3d31db4717035c137c8f85cf0d7692e12bfea268e7741b322864
SHA512 7fa6af71a33f8f36c2027cf6dfb2efd779ed7649d532fe7f4508210d6add19a486ff95fb382add6cfabfd041f212105427c436d4bde03404c213000386b3a5ee
Ssdeep 49152:SPQC0PSBsvDIkz4mZf32MPloDyWuKpYl52ayOPy7NridNeTTExbFZ:0QCSSCDpz4GxPzli77Nrq1
PEiD 无匹配
Yara
  • GenerateTLSClientHelloPacket_Test (Detected TLS Client Hello Module from an known APT sample)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • BLOWFISH_Constants (Look for Blowfish constants)
  • MD5_Constants (Look for MD5 constants)
  • RIPEMD160_Constants (Look for RIPEMD-160 constants)
  • SHA1_Constants (Look for SHA1 constants)
  • SHA512_Constants (Look for SHA384/SHA512 constants)
  • WHIRLPOOL_Constants (Look for WhirlPool constants)
  • DES_Long (Look for DES [long])
  • DES_sbox (Look for DES [sbox])
  • RijnDael_AES (Look for RijnDael AES)
  • BASE64_table (Look for Base64 table)
  • with_images (Detected the presence of an or several images)
  • with_urls (Detected the presence of an or several urls)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasOverlay (Detected Overlay signature)
  • HasDebugData (Detected Debug Data)
  • HasRichSignature (Detected Rich Signature)
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • DebuggerException__SetConsoleCtrl ()
  • Check_OutputDebugStringA_iat (Detect in IAT OutputDebugstringA)
  • anti_dbg (Detected self protection if being debugged)
  • network_tcp_listen (Listen for incoming communication)
  • network_smtp_raw (Detect SMTP ability in RAW)
  • network_tcp_socket (Detected network communications over RAW socket)
  • network_dns (Detected network communications use DNS)
  • network_dga (Detected network communication using dga)
  • win_mutex (Create or check mutex)
  • create_process (Detection function for creating a new process)
  • win_registry (Detected system registries modification function)
  • win_token (Affect system token)
  • win_files_operation (Affect private profile)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
VirusTotal VirusTotal查询失败

特征

样本的签名证书合法
魔盾安全Yara检测结果 - 普通
Critical: Detected TLS Client Hello Module from an known APT sample
Informational: Detect SMTP ability in RAW
Informational: Detected network communication using dga
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
收集系统安装程序信息
查询磁盘信息,可能被用来实现反虚拟机
对一个无法找到的进程进行重复搜索,可能希望以startbrowser=1选项运行
可疑的样本异常终止

运行截图

无运行截图

网络分析

TCP连接

IP地址 端口
23.219.38.64 80

UDP连接

IP地址 端口
192.168.122.1 53

HTTP请求

URL HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x0041f7cb
声明校验值 0x001f9f58
实际校验值 0x001f9f58
最低操作系统版本要求 5.1
编译时间 2022-11-07 19:29:43
载入哈希 51955a2c8f4808327f51ed3ff99dca1c
图标
图标精确哈希值 b269b2bb7ef448b4420bc5e179a723e0
图标相似性哈希值 430548e201c4d4e39e2e14e276c68d45

版本信息

LegalCopyright: Copyright (C) 2020
InternalName: \xe4\xe8\xe5\xe7\xe5\xe5
CompanyName: \xe4\xe6\xe6\xe5\xe4\xe4\xe7\xe7\xe5\xe4\xe4\xe4
ProductName: \xe4\xe8\xe5\xe7\xe5\xe5
ProductVersion: 1,5,6,21107
FileDescription: \xe4\xe8\xe5\xe7\xe5\xe5
OriginalFilename: WnSvceous.exe
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0016edb1 0x0016ee00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x00170000 0x00064980 0x00064a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.94
.data 0x001d5000 0x000118f4 0x0000b600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.19
.gfids 0x001e7000 0x000001b4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.54
.tls 0x001e8000 0x00000009 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x001e9000 0x00004300 0x00004400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.21
.reloc 0x001ee000 0x00012444 0x00012600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.63

覆盖

偏移量: 0x001f6000
大小: 0x00002950

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x001ea950 0x000025a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.06 dBase IV DBT of `.DBF, block length 18432, next free block index 40
RT_ICON 0x001ea950 0x000025a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.06 dBase IV DBT of `.DBF, block length 18432, next free block index 40
RT_ICON 0x001ea950 0x000025a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.06 dBase IV DBT of `.DBF, block length 18432, next free block index 40
RT_GROUP_ICON 0x001ecef8 0x00000030 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.46 MS Windows icon resource - 3 icons, 16x16
RT_VERSION 0x001e91c0 0x0000027c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.85 data
RT_MANIFEST 0x001ecf28 0x00000258 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.06 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
RT_MANIFEST 0x001ecf28 0x00000258 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.06 XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators

导入

库 KERNEL32.dll:
0x570090 - IsProcessorFeaturePresent
0x570094 - IsDebuggerPresent
0x570098 - GetStartupInfoW
0x57009c - QueryPerformanceCounter
0x5700a0 - GetCurrentProcessId
0x5700a4 - GetCurrentThreadId
0x5700a8 - GetSystemTimeAsFileTime
0x5700ac - InitializeSListHead
0x5700b0 - GetFileSize
0x5700b4 - WriteFile
0x5700b8 - ReadFile
0x5700bc - FindClose
0x5700c0 - lstrcpyW
0x5700c4 - GetTempPathW
0x5700c8 - CreateFileW
0x5700cc - GetFileAttributesW
0x5700d0 - GetFileAttributesExW
0x5700d4 - DeleteFileW
0x5700d8 - FindFirstFileW
0x5700dc - FindNextFileW
0x5700e0 - CopyFileW
0x5700e4 - MoveFileExW
0x5700e8 - GetTickCount
0x5700ec - DecodePointer
0x5700f0 - HeapReAlloc
0x5700f4 - HeapSize
0x5700f8 - RaiseException
0x5700fc - GetLastError
0x570100 - InitializeCriticalSectionAndSpinCount
0x570104 - MultiByteToWideChar
0x570108 - WideCharToMultiByte
0x57010c - CreateDirectoryW
0x570110 - FileTimeToSystemTime
0x570114 - GetSystemInfo
0x570118 - ReleaseMutex
0x57011c - CreateMutexW
0x570120 - GetVolumeInformationW
0x570124 - GetLongPathNameW
0x570128 - GlobalAlloc
0x57012c - GlobalFree
0x570130 - OpenProcess
0x570134 - GetExitCodeProcess
0x570138 - CreateProcessW
0x57013c - CreateToolhelp32Snapshot
0x570140 - Process32FirstW
0x570144 - Process32NextW
0x570148 - DeviceIoControl
0x57014c - OutputDebugStringA
0x570150 - SetPriorityClass
0x570154 - EncodePointer
0x570158 - RtlUnwind
0x57015c - TlsAlloc
0x570160 - TlsGetValue
0x570164 - TlsSetValue
0x570168 - TlsFree
0x57016c - LoadLibraryExW
0x570170 - ExitProcess
0x570174 - GetModuleHandleExW
0x570178 - TerminateProcess
0x57017c - GetStdHandle
0x570180 - GetACP
0x570184 - GetStringTypeW
0x570188 - CompareStringW
0x57018c - LCMapStringW
0x570190 - GetLocaleInfoW
0x570194 - IsValidLocale
0x570198 - GetUserDefaultLCID
0x57019c - EnumSystemLocalesW
0x5701a0 - GetFileType
0x5701a4 - GetConsoleMode
0x5701a8 - ReadConsoleW
0x5701ac - SetFilePointerEx
0x5701b0 - FindFirstFileExW
0x5701b4 - IsValidCodePage
0x5701b8 - GetOEMCP
0x5701bc - GetCPInfo
0x5701c0 - GetCommandLineA
0x5701c4 - GetCommandLineW
0x5701c8 - GetEnvironmentStringsW
0x5701cc - FreeEnvironmentStringsW
0x5701d0 - SetEnvironmentVariableA
0x5701d4 - SetConsoleCtrlHandler
0x5701d8 - OutputDebugStringW
0x5701dc - SetStdHandle
0x5701e0 - GetConsoleCP
0x5701e4 - GetTimeZoneInformation
0x5701e8 - FlushFileBuffers
0x5701ec - WriteConsoleW
0x5701f0 - SetEndOfFile
0x5701f4 - GetPrivateProfileIntW
0x5701f8 - GetModuleFileNameW
0x5701fc - GetSystemDirectoryW
0x570200 - LoadLibraryW
0x570204 - CreateEventW
0x570208 - GetPrivateProfileStringW
0x57020c - Sleep
0x570210 - GetCurrentProcess
0x570214 - SetUnhandledExceptionFilter
0x570218 - UnhandledExceptionFilter
0x57021c - GetModuleHandleW
0x570220 - SetConsoleMode
0x570224 - ReadConsoleInputA
0x570228 - WaitForSingleObject
0x57022c - SetEvent
0x570230 - DeleteCriticalSection
0x570234 - LeaveCriticalSection
0x570238 - EnterCriticalSection
0x57023c - InitializeCriticalSection
0x570240 - CreateThread
0x570244 - OpenFileMappingW
0x570248 - UnmapViewOfFile
0x57024c - FlushViewOfFile
0x570250 - MapViewOfFile
0x570254 - CloseHandle
0x570258 - IsBadReadPtr
0x57025c - LoadLibraryA
0x570260 - GlobalMemoryStatus
0x570264 - FlushConsoleInputBuffer
0x570268 - SystemTimeToFileTime
0x57026c - GetSystemTime
0x570270 - GetNativeSystemInfo
0x570274 - SetLastError
0x570278 - GetProcessHeap
0x57027c - HeapFree
0x570280 - GetVersionExW
0x570284 - HeapAlloc
0x570288 - VirtualProtect
0x57028c - VirtualFree
0x570290 - VirtualAlloc
0x570294 - GetProcAddress
0x570298 - FreeLibrary
0x57029c - WritePrivateProfileStringW
0x5702a0 - GetFullPathNameW
0x5702a4 - GetCurrentDirectoryW
0x5702a8 - SystemTimeToTzSpecificLocalTime
0x5702ac - GetDriveTypeW
0x5702b0 - FreeLibraryAndExitThread
0x5702b4 - ExitThread
0x5702b8 - PeekNamedPipe
0x5702bc - WaitForMultipleObjects
0x5702c0 - ExpandEnvironmentStringsA
0x5702c4 - VerifyVersionInfoA
0x5702c8 - GetSystemDirectoryA
0x5702cc - GetModuleHandleA
0x5702d0 - VerSetConditionMask
0x5702d4 - SleepEx
0x5702d8 - GetFileAttributesExA
0x5702dc - FormatMessageA
0x5702e0 - QueryPerformanceFrequency
库 ADVAPI32.dll:
0x570000 - CryptEnumProvidersA
0x570004 - CryptGetUserKey
0x570008 - CryptExportKey
0x57000c - CryptDecrypt
0x570010 - CryptCreateHash
0x570014 - CryptDestroyHash
0x570018 - CryptSignHashA
0x57001c - DuplicateTokenEx
0x570020 - SetSecurityDescriptorDacl
0x570024 - InitializeSecurityDescriptor
0x570028 - RegOpenKeyW
0x57002c - RegEnumKeyW
0x570030 - RegCreateKeyExW
0x570034 - RegQueryValueExW
0x570038 - OpenProcessToken
0x57003c - ImpersonateLoggedOnUser
0x570040 - RevertToSelf
0x570044 - DeregisterEventSource
0x570048 - RegisterEventSourceA
0x57004c - ReportEventA
0x570050 - CryptAcquireContextA
0x570054 - CryptReleaseContext
0x570058 - CryptDestroyKey
0x57005c - CryptSetHashParam
0x570060 - RegCloseKey
0x570064 - RegOpenKeyExW
0x570068 - CryptGetProvParam
库 SHELL32.dll:
0x5702e8 - SHGetFolderPathW
0x5702ec - SHGetSpecialFolderPathW
库 SHLWAPI.dll:
0x5702f4 - PathIsDirectoryW
0x5702f8 - PathFileExistsW
库 USER32.dll:
0x570300 - MessageBoxA
0x570304 - GetUserObjectInformationW
0x570308 - GetProcessWindowStation
0x57030c - LoadStringW
0x570310 - wsprintfW
库 ole32.dll:
0x570400 - CoCreateInstance
0x570404 - CoUninitialize
0x570408 - CoInitialize
库 CRYPT32.dll:
0x570070 - CertGetCertificateContextProperty
0x570074 - CertDuplicateCertificateContext
0x570078 - CertEnumCertificatesInStore
0x57007c - CertOpenStore
0x570080 - CertCloseStore
0x570084 - CertFindCertificateInStore
0x570088 - CertFreeCertificateContext
库 WININET.dll:
0x570318 - InternetCloseHandle
0x57031c - InternetQueryOptionW
0x570320 - InternetReadFile
0x570324 - InternetOpenUrlW
0x570328 - InternetSetOptionW
0x57032c - InternetOpenW
0x570330 - HttpQueryInfoW
库 WLDAP32.dll:
0x570338 - None
0x57033c - None
0x570340 - None
0x570344 - None
0x570348 - None
0x57034c - None
0x570350 - None
0x570354 - None
0x570358 - None
0x57035c - None
0x570360 - None
0x570364 - None
0x570368 - None
0x57036c - None
0x570370 - None
0x570374 - None
0x570378 - None
库 WS2_32.dll:
0x570380 - htonl
0x570384 - gethostbyname
0x570388 - getservbyname
0x57038c - htons
0x570390 - getsockopt
0x570394 - shutdown
0x570398 - getpeername
0x57039c - connect
0x5703a0 - closesocket
0x5703a4 - bind
0x5703a8 - send
0x5703ac - recv
0x5703b0 - WSASetLastError
0x5703b4 - select
0x5703b8 - __WSAFDIsSet
0x5703bc - socket
0x5703c0 - WSAGetLastError
0x5703c4 - ntohs
0x5703c8 - setsockopt
0x5703cc - WSAIoctl
0x5703d0 - WSAStartup
0x5703d4 - WSACleanup
0x5703d8 - getaddrinfo
0x5703dc - freeaddrinfo
0x5703e0 - accept
0x5703e4 - listen
0x5703e8 - recvfrom
0x5703ec - sendto
0x5703f0 - ioctlsocket
0x5703f4 - gethostname
0x5703f8 - getsockname

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

Diswater.exe PID: 2628, 上一级进程 PID: 2304

访问的文件
  • C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\Program Files (x86)\WinRAR\api-ms-win-core-fibers-l1-1-1.DLL
  • D:\opensource\openssl-dist-1.0.2l-vs2015\openssl-x86-static-release-vs2015\ssl\openssl.cnf
  • C:\Users\test\AppData\Local\Temp\Diswater.exe
  • C:\Users\test\AppData\Local\Temp\Eleglate.ini
  • C:\Users\test\AppData\Local\Temp\SoftConfig\Eleglate.ini
  • C:\Users\test\AppData\Local\Temp
  • C:\Users
  • C:\Users\test
  • C:\Users\test\AppData
  • C:\Users\test\AppData\Local
  • C:\Users\test\AppData\Local\Temp\SoftConfig
  • C:\Users\test\AppData\Local\Temp\Infodidel.ini
  • \??\PhysicalDrive0
  • \??\PhysicalDrive1
  • \??\PhysicalDrive2
  • \??\PhysicalDrive3
  • \??\PhysicalDrive4
  • \??\PhysicalDrive5
  • \??\PhysicalDrive6
  • \??\PhysicalDrive7
  • \??\PhysicalDrive8
  • \??\PhysicalDrive9
  • \??\PhysicalDrive10
  • \??\PhysicalDrive11
  • \??\PhysicalDrive12
  • \??\PhysicalDrive13
  • \??\PhysicalDrive14
  • \??\PhysicalDrive15
  • C:\
  • C:\Users\test\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Windows\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Program Files (x86)\WinRAR\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Users\test\AppData\Local\Temp\ext-ms-win-kernel32-package-current-l1-1-0.DLL
读取的文件
  • C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
  • C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
  • D:\opensource\openssl-dist-1.0.2l-vs2015\openssl-x86-static-release-vs2015\ssl\openssl.cnf
  • C:\Users\test\AppData\Local\Temp\Infodidel.ini
  • C:\Users\test\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-1.DLL
  • C:\Users\test\AppData\Local\Temp\ext-ms-win-kernel32-package-current-l1-1-0.DLL
修改的文件 无信息
删除的文件 无信息
注册表键
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63DF5C4B-E3BF-3346-A033-C57B22F44C9E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63DF5C4B-E3BF-3346-A033-C57B22F44C9E}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-1000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-1000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0804-1000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0804-1000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CA44204-CCC7-337A-B039-3ABF998AB8A9}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CA44204-CCC7-337A-B039-3ABF998AB8A9}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B0037450-526D-3448-A370-CACBD87769A0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B0037450-526D-3448-A370-CACBD87769A0}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13B3E11-1555-353F-A63A-8933EE104FBD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13B3E11-1555-353F-A63A-8933EE104FBD}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security control_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security control_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security plugin_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security plugin_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 10.0.9 (x86 zh-CN)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 10.0.9 (x86 zh-CN)\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1b103cea-f037-4504-81de-956057b442c3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1b103cea-f037-4504-81de-956057b442c3}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9bd48a22-fe5a-457c-8f10-da6c2be89eee}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9bd48a22-fe5a-457c-8f10-da6c2be89eee}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2052-7B44-AB0000000001}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2052-7B44-AB0000000001}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2530-0000-A00000000049}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2530-0000-A00000000049}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D93BD08F-2C69-4FD6-8538-09B6597ADA8C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D93BD08F-2C69-4FD6-8538-09B6597ADA8C}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
读取的注册表键
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63DF5C4B-E3BF-3346-A033-C57B22F44C9E}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-1000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0804-1000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CA44204-CCC7-337A-B039-3ABF998AB8A9}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B0037450-526D-3448-A370-CACBD87769A0}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B13B3E11-1555-353F-A63A-8933EE104FBD}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security control_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security plugin_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 10.0.9 (x86 zh-CN)\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1b103cea-f037-4504-81de-956057b442c3}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9bd48a22-fe5a-457c-8f10-da6c2be89eee}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2052-7B44-AB0000000001}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2530-0000-A00000000049}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D93BD08F-2C69-4FD6-8538-09B6597ADA8C}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
修改的注册表键 无信息
删除的注册表键 无信息
API解析
  • kernel32.dll.FlsAlloc
  • kernel32.dll.FlsSetValue
  • kernel32.dll.FlsGetValue
  • api-ms-win-core-localization-l1-2-1.dll.LCMapStringEx
  • kernel32.dll.InitializeConditionVariable
  • kernel32.dll.SleepConditionVariableCS
  • kernel32.dll.WakeAllConditionVariable
  • kernel32.dll.FlsFree
  • kernel32.dll.InitializeCriticalSectionEx
  • kernel32.dll.InitOnceExecuteOnce
  • kernel32.dll.CreateEventExW
  • kernel32.dll.CreateSemaphoreW
  • kernel32.dll.CreateSemaphoreExW
  • kernel32.dll.CreateThreadpoolTimer
  • kernel32.dll.SetThreadpoolTimer
  • kernel32.dll.WaitForThreadpoolTimerCallbacks
  • kernel32.dll.CloseThreadpoolTimer
  • kernel32.dll.CreateThreadpoolWait
  • kernel32.dll.SetThreadpoolWait
  • kernel32.dll.CloseThreadpoolWait
  • kernel32.dll.FlushProcessWriteBuffers
  • kernel32.dll.FreeLibraryWhenCallbackReturns
  • kernel32.dll.GetCurrentProcessorNumber
  • kernel32.dll.CreateSymbolicLinkW
  • kernel32.dll.GetTickCount64
  • kernel32.dll.GetFileInformationByHandleEx
  • kernel32.dll.SetFileInformationByHandle
  • kernel32.dll.WakeConditionVariable
  • kernel32.dll.InitializeSRWLock
  • kernel32.dll.AcquireSRWLockExclusive
  • kernel32.dll.TryAcquireSRWLockExclusive
  • kernel32.dll.ReleaseSRWLockExclusive
  • kernel32.dll.SleepConditionVariableSRW
  • kernel32.dll.CreateThreadpoolWork
  • kernel32.dll.SubmitThreadpoolWork
  • kernel32.dll.CloseThreadpoolWork
  • kernel32.dll.CompareStringEx
  • kernel32.dll.GetLocaleInfoEx
  • kernel32.dll.LCMapStringEx
  • kernel32.dll.AreFileApisANSI
  • ext-ms-win-kernel32-package-current-l1-1-0.dll.GetCurrentPackageId