魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2019-06-20 01:33:18 2019-06-20 01:36:00 162 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-hpdapp01-1 win7-sp1-x64-hpdapp01-1 KVM 2019-06-20 01:33:39 2019-06-20 01:36:02
魔盾分数

9.15

恶意的

文件详细信息

文件名 csrss.exe
文件大小 13496320 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 58DF65CF
MD5 88fa9aa47df560876c435648451025d1
SHA1 eb4b57f4e112937950389d968089a758fffb237d
SHA256 44a1b2ce4d39aec271f8e750b7eed2c9cad88549ab6d2e5399514b37bf7c731f
SHA512 8419030d618fa72389709f173bffa718fb32398999c0001aee67d69de0370c16e425b26d80a32e2000b498781780b6fb64f45a184d2d66e369e177b96a03f763
Ssdeep 196608:xk3hGpOJ2k3+FZ4DQH5alQ+3qgZ0YYbFDvViNB:0hGA4UU5D+3qgvYbFgNB
PEiD 无匹配
Yara 无Yara规则匹配
VirusTotal 无此文件扫描结果

特征

创建RWX内存
魔盾wping.org IP地址信誉系统
Neutral: 123.57.142.8
发起了一些HTTP请求
url: http://qm.qq.com/cgi-bin/qm/qr?k=zc0Z7gQP6CTy_LEug6Zn5cnP-Vx_Tbwf&authKey=p8U57s%2F6cl2KKPh1r8EcyACOlmPky1Xi7Ou75%2B2gT2iwPT54vtszwEeCZeEHOT0i&group_code=853395455
二进制文件可能包含加密或压缩数据
section: name: .rdata, entropy: 7.28, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00ba6000, virtual_size: 0x00ba5a22
强制将一个创建的进程加载为另一个不相关进程的子进程
装载一个驱动器
driver service name: \Registry\Machine\System\CurrentControlSet\Services\DD81200x64
对一个无法找到的进程进行重复搜索,可能希望以startbrowser=1选项运行
从文件自身的二进制镜像中读取数据
self_read: process: csrss.exe, pid: 2652, offset: 0x00000000, length: 0x00000040
self_read: process: csrss.exe, pid: 2652, offset: 0x00000100, length: 0x00000020
self_read: process: csrss.exe, pid: 2652, offset: 0x00000183, length: 0x00080000
创建一个隐藏文件或系统文件
file: C:\Users\test\AppData\Local\Temp\Q\xe7\xbe\xa4436801101.dll
file: C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8
file: C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8\\xe5\x90\xa8\xe8\x93\x89\xe8\xbf\x90\xe5\xb8\x98\xe4\xbf\xbe.lnk
建立TCP连接到一个外部IP地址的非标准端口
重置WinSock配置
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
data: C:\Windows\system32\ESPI11.dll\x00ll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x06\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\xeb\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00t\x00c\x00p\x00i\x00p\x00.\x00d\x00l\x00l\x00,\x00-\x006\x000\x001\x000\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
data: C:\Windows\system32\ESPI11.dll\x00ll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00f\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\xe9\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00t\x00c\x00p\x00i\x00p\x00.\x00d\x00l\x00l\x00,\x00-\x006\x000\x001\x000\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\ESPI11
data: unknown
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
data: C:\Windows\system32\ESPI11.dll\x00ll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00f \x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xe0\xa9`\x9dz3\xd0\x11\xbd\x88\x00\x00\xc0\x82\xe6\x9a\xf0\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00q\x00o\x00s\x00.\x00d\x00l\x00l\x00,\x00-\x001\x000\x001\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
data: C:\Windows\system32\ESPI11.dll\x00ll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x06\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\xea\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x02\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf7\xff\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00t\x00c\x00p\x00i\x00p\x00.\x00d\x00l\x00l\x00,\x00-\x006\x000\x001\x000\x001\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\FileName
data: C:\Windows\system32\ESPI11.dll
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
data: C:\Windows\system32\ESPI11.dll\x00ll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 &\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xe0\xa9`\x9dz3\xd0\x11\xbd\x88\x00\x00\xc0\x82\xe6\x9a\xf2\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x02\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf7\xff\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00q\x00o\x00s\x00.\x00d\x00l\x00l\x00,\x00-\x001\x000\x003\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1008
data: %SystemRoot%\system32\mswsock.dll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00f \x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xe0\xa9`\x9dz3\xd0\x11\xbd\x88\x00\x00\xc0\x82\xe6\x9a\xf0\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00q\x00o\x00s\x00.\x00d\x00l\x00l\x00,\x00-\x001\x000\x001\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1010
data: %SystemRoot%\system32\mswsock.dll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 &\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xe0\xa9`\x9dz3\xd0\x11\xbd\x88\x00\x00\xc0\x82\xe6\x9a\xf2\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x02\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf7\xff\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00q\x00o\x00s\x00.\x00d\x00l\x00l\x00,\x00-\x001\x000\x003\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1003
data: %SystemRoot%\system32\mswsock.dll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x06\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\xeb\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00t\x00c\x00p\x00i\x00p\x00.\x00d\x00l\x00l\x00,\x00-\x006\x000\x001\x000\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1002
data: %SystemRoot%\system32\mswsock.dll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x06\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\xea\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x02\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf7\xff\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00t\x00c\x00p\x00i\x00p\x00.\x00d\x00l\x00l\x00,\x00-\x006\x000\x001\x000\x001\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1001
data: %SystemRoot%\system32\mswsock.dll\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00f\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\xa0\x1a\x0f\xe7\x8b\xab\xcf\x11\x8c\xa3\x00\x80_H\xa1\x92\xe9\x03\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00w\x00s\x00h\x00t\x00c\x00p\x00i\x00p\x00.\x00d\x00l\x00l\x00,\x00-\x006\x000\x001\x000\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
尝试断开连接或更改沙箱进程监控的Windows功能
unhook: function_name: SetWindowLongA, type: modification
unhook: function_name: SetWindowLongW, type: modification

运行截图

网络分析

访问主机记录

直接访问 IP地址 国家名
123.57.142.8 China
14.215.158.24 China
183.3.226.29 China

域名解析

域名 响应
jq.qq.com A 14.215.158.24
qm.qq.com A 183.3.226.29

TCP连接

IP地址 端口
123.57.142.8 16688
14.215.158.24 443
183.3.226.29 80

UDP连接

IP地址 端口
192.168.122.1 53
192.168.122.1 53

HTTP请求

URL HTTP数据
http://qm.qq.com/cgi-bin/qm/qr?k=zc0Z7gQP6CTy_LEug6Zn5cnP-Vx_Tbwf&authKey=p8U57s%2F6cl2KKPh1r8EcyACOlmPky1Xi7Ou75%2B2gT2iwPT54vtszwEeCZeEHOT0i&group_code=853395455
GET /cgi-bin/qm/qr?k=zc0Z7gQP6CTy_LEug6Zn5cnP-Vx_Tbwf&authKey=p8U57s%2F6cl2KKPh1r8EcyACOlmPky1Xi7Ou75%2B2gT2iwPT54vtszwEeCZeEHOT0i&group_code=853395455 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: qm.qq.com
Connection: Keep-Alive

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x00496f98
声明校验值 0x00000000
最低操作系统版本要求 4.0
编译时间 2019-06-17 23:46:53
载入哈希 25643c902d7efbe182378c325743e581

版本信息

LegalCopyright: QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823 \u7248\u6743\u6240\u6709
FileVersion: 1.0.0.0
CompanyName: QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823
Comments: QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823
ProductName: \u6613\u8bed\u8a00\u7a0b\u5e8f
ProductVersion: 1.0.0.0
FileDescription: QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823QQ2831103823
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b642a 0x000b7000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x000b8000 0x00ba5a22 0x00ba6000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.28
.data 0x00c5e000 0x00060b2a 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.40
.rsrc 0x00cbf000 0x00064b64 0x00065000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.21

导入

库 WINMM.dll:
0x4b8674 - midiStreamOut
0x4b8678 - midiOutPrepareHeader
0x4b867c - waveOutUnprepareHeader
0x4b8680 - waveOutPrepareHeader
0x4b8684 - waveOutWrite
0x4b8688 - waveOutPause
0x4b868c - waveOutReset
0x4b8690 - waveOutClose
0x4b8694 - waveOutGetNumDevs
0x4b8698 - midiStreamStop
0x4b869c - midiOutReset
0x4b86a0 - midiStreamClose
0x4b86a4 - midiStreamRestart
0x4b86a8 - waveOutOpen
0x4b86ac - midiOutUnprepareHeader
0x4b86b0 - midiStreamOpen
0x4b86b4 - midiStreamProperty
0x4b86b8 - waveOutRestart
库 WS2_32.dll:
0x4b86d0 - closesocket
0x4b86d4 - WSACleanup
0x4b86d8 - WSAAsyncSelect
0x4b86dc - accept
0x4b86e0 - ntohs
0x4b86e4 - ntohl
0x4b86e8 - htons
0x4b86ec - recvfrom
0x4b86f0 - ioctlsocket
0x4b86f4 - recv
0x4b86f8 - inet_ntoa
0x4b86fc - getpeername
库 KERNEL32.dll:
0x4b818c - ReleaseMutex
0x4b8190 - OpenFileMappingA
0x4b8194 - UnmapViewOfFile
0x4b8198 - MapViewOfFile
0x4b819c - CreateFileMappingA
0x4b81a0 - SetFilePointer
0x4b81a4 - GetFileSize
0x4b81a8 - TerminateProcess
0x4b81ac - SetLastError
0x4b81b0 - GetTimeZoneInformation
0x4b81b4 - GetVersion
0x4b81b8 - TerminateThread
0x4b81bc - SuspendThread
0x4b81c0 - GetACP
0x4b81c4 - HeapSize
0x4b81c8 - RaiseException
0x4b81cc - GetLocalTime
0x4b81d0 - GetSystemTime
0x4b81d4 - RtlUnwind
0x4b81d8 - GetStartupInfoA
0x4b81dc - GetOEMCP
0x4b81e0 - GetCPInfo
0x4b81e4 - GetProcessVersion
0x4b81e8 - SetErrorMode
0x4b81ec - GlobalFlags
0x4b81f0 - GetCurrentThread
0x4b81f4 - GetFileTime
0x4b81f8 - TlsGetValue
0x4b81fc - LocalReAlloc
0x4b8200 - TlsSetValue
0x4b8204 - TlsFree
0x4b8208 - GlobalHandle
0x4b820c - TlsAlloc
0x4b8210 - LocalAlloc
0x4b8214 - lstrcmpA
0x4b8218 - GlobalGetAtomNameA
0x4b821c - GlobalAddAtomA
0x4b8220 - GlobalFindAtomA
0x4b8224 - GlobalDeleteAtom
0x4b8228 - lstrcmpiA
0x4b822c - SetEndOfFile
0x4b8230 - UnlockFile
0x4b8234 - LockFile
0x4b8238 - FlushFileBuffers
0x4b823c - DuplicateHandle
0x4b8240 - lstrcpynA
0x4b8244 - FileTimeToLocalFileTime
0x4b8248 - FileTimeToSystemTime
0x4b824c - LocalFree
0x4b8250 - InterlockedDecrement
0x4b8254 - InterlockedIncrement
0x4b8258 - CreateMutexA
0x4b825c - WideCharToMultiByte
0x4b8260 - MultiByteToWideChar
0x4b8264 - GetCurrentProcess
0x4b8268 - GetWindowsDirectoryA
0x4b826c - GetSystemDirectoryA
0x4b8270 - CreateSemaphoreA
0x4b8274 - ResumeThread
0x4b8278 - ReleaseSemaphore
0x4b827c - EnterCriticalSection
0x4b8280 - LeaveCriticalSection
0x4b8284 - GetProfileStringA
0x4b8288 - WriteFile
0x4b828c - WaitForMultipleObjects
0x4b8290 - CreateFileA
0x4b8294 - SetEvent
0x4b8298 - FindResourceA
0x4b829c - LoadResource
0x4b82a0 - LockResource
0x4b82a4 - ReadFile
0x4b82a8 - RemoveDirectoryA
0x4b82ac - GetModuleFileNameA
0x4b82b0 - GetCurrentThreadId
0x4b82b4 - ExitProcess
0x4b82b8 - GlobalSize
0x4b82bc - GlobalFree
0x4b82c0 - DeleteCriticalSection
0x4b82c4 - InitializeCriticalSection
0x4b82c8 - lstrcatA
0x4b82cc - lstrlenA
0x4b82d0 - WinExec
0x4b82d4 - lstrcpyA
0x4b82d8 - FindNextFileA
0x4b82dc - InterlockedExchange
0x4b82e0 - GlobalReAlloc
0x4b82e4 - HeapFree
0x4b82e8 - HeapReAlloc
0x4b82ec - GetProcessHeap
0x4b82f0 - HeapAlloc
0x4b82f4 - GetFullPathNameA
0x4b82f8 - FreeLibrary
0x4b82fc - LoadLibraryA
0x4b8300 - GetLastError
0x4b8304 - GetVersionExA
0x4b8308 - WritePrivateProfileStringA
0x4b830c - CreateThread
0x4b8310 - CreateEventA
0x4b8314 - Sleep
0x4b8318 - ExpandEnvironmentStringsA
0x4b831c - GlobalAlloc
0x4b8320 - GlobalLock
0x4b8324 - GlobalUnlock
0x4b8328 - GetTempPathA
0x4b832c - FindFirstFileA
0x4b8330 - FindClose
0x4b8334 - SetFileAttributesA
0x4b8338 - GetFileAttributesA
0x4b833c - MoveFileA
0x4b8340 - DeleteFileA
0x4b8344 - CopyFileA
0x4b8348 - CreateDirectoryA
0x4b834c - SetCurrentDirectoryA
0x4b8350 - GetVolumeInformationA
0x4b8354 - GetModuleHandleA
0x4b8358 - GetProcAddress
0x4b835c - MulDiv
0x4b8360 - GetCommandLineA
0x4b8364 - GetTickCount
0x4b8368 - CreateProcessA
0x4b836c - WaitForSingleObject
0x4b8370 - CloseHandle
0x4b8374 - UnhandledExceptionFilter
0x4b8378 - FreeEnvironmentStringsA
0x4b837c - FreeEnvironmentStringsW
0x4b8380 - GetEnvironmentStrings
0x4b8384 - GetEnvironmentStringsW
0x4b8388 - SetHandleCount
0x4b838c - GetStdHandle
0x4b8390 - GetFileType
0x4b8394 - GetEnvironmentVariableA
0x4b8398 - HeapDestroy
0x4b839c - HeapCreate
0x4b83a0 - VirtualFree
0x4b83a4 - SetEnvironmentVariableA
0x4b83a8 - LCMapStringA
0x4b83ac - LCMapStringW
0x4b83b0 - VirtualAlloc
0x4b83b4 - IsBadWritePtr
0x4b83b8 - SetUnhandledExceptionFilter
0x4b83bc - GetStringTypeA
0x4b83c0 - GetStringTypeW
0x4b83c4 - CompareStringA
0x4b83c8 - CompareStringW
0x4b83cc - IsBadReadPtr
0x4b83d0 - IsBadCodePtr
0x4b83d4 - SetStdHandle
库 USER32.dll:
0x4b83fc - SetWindowRgn
0x4b8400 - DestroyAcceleratorTable
0x4b8404 - GetWindow
0x4b8408 - GetActiveWindow
0x4b840c - SetFocus
0x4b8410 - IsIconic
0x4b8414 - PeekMessageA
0x4b8418 - SetMenu
0x4b841c - GetMenu
0x4b8420 - GetMessagePos
0x4b8424 - ScreenToClient
0x4b8428 - ChildWindowFromPointEx
0x4b842c - CopyRect
0x4b8430 - LoadBitmapA
0x4b8434 - WinHelpA
0x4b8438 - KillTimer
0x4b843c - SetTimer
0x4b8440 - CopyAcceleratorTableA
0x4b8444 - GetKeyState
0x4b8448 - TranslateAcceleratorA
0x4b844c - IsWindowEnabled
0x4b8450 - ShowWindow
0x4b8454 - SystemParametersInfoA
0x4b8458 - LoadImageA
0x4b845c - EnumDisplaySettingsA
0x4b8460 - ClientToScreen
0x4b8464 - EnableMenuItem
0x4b8468 - GetSubMenu
0x4b846c - GetDlgCtrlID
0x4b8470 - CreateAcceleratorTableA
0x4b8474 - CreateMenu
0x4b8478 - AppendMenuA
0x4b847c - CreatePopupMenu
0x4b8480 - DrawIconEx
0x4b8484 - CreateIconFromResource
0x4b8488 - CreateIconFromResourceEx
0x4b848c - UnregisterClassA
0x4b8490 - RegisterClipboardFormatA
0x4b8494 - SetRectEmpty
0x4b8498 - ReleaseCapture
0x4b849c - GetCapture
0x4b84a0 - SetCapture
0x4b84a4 - GetScrollRange
0x4b84a8 - SetScrollRange
0x4b84ac - SetScrollPos
0x4b84b0 - SetRect
0x4b84b4 - InflateRect
0x4b84b8 - IntersectRect
0x4b84bc - DestroyIcon
0x4b84c0 - PtInRect
0x4b84c4 - OffsetRect
0x4b84c8 - GetSysColorBrush
0x4b84cc - LoadStringA
0x4b84d0 - DeleteMenu
0x4b84d4 - EnableWindow
0x4b84d8 - RedrawWindow
0x4b84dc - GetWindowLongA
0x4b84e0 - SetWindowLongA
0x4b84e4 - GetSysColor
0x4b84e8 - SetActiveWindow
0x4b84ec - SetCursorPos
0x4b84f0 - LoadCursorA
0x4b84f4 - SetCursor
0x4b84f8 - GetDC
0x4b84fc - FillRect
0x4b8500 - IsRectEmpty
0x4b8504 - ReleaseDC
0x4b8508 - IsChild
0x4b850c - DestroyMenu
0x4b8510 - SetForegroundWindow
0x4b8514 - GetWindowRect
0x4b8518 - EqualRect
0x4b851c - UpdateWindow
0x4b8520 - ValidateRect
0x4b8524 - InvalidateRect
0x4b8528 - GetClientRect
0x4b852c - GetFocus
0x4b8530 - GetParent
0x4b8534 - GetTopWindow
0x4b8538 - PostMessageA
0x4b853c - IsWindow
0x4b8540 - SetParent
0x4b8544 - DestroyCursor
0x4b8548 - SendMessageA
0x4b854c - SetWindowPos
0x4b8550 - MessageBoxA
0x4b8554 - GetCursorPos
0x4b8558 - GetSystemMetrics
0x4b855c - EmptyClipboard
0x4b8560 - SetClipboardData
0x4b8564 - OpenClipboard
0x4b8568 - GetClipboardData
0x4b856c - CloseClipboard
0x4b8570 - wsprintfA
0x4b8574 - WaitForInputIdle
0x4b8578 - GetSystemMenu
0x4b857c - DispatchMessageA
0x4b8580 - GetMessageA
0x4b8584 - WindowFromPoint
0x4b8588 - DrawFocusRect
0x4b858c - DrawEdge
0x4b8590 - DrawFrameControl
0x4b8594 - TranslateMessage
0x4b8598 - LoadIconA
0x4b859c - GetForegroundWindow
0x4b85a0 - GetDesktopWindow
0x4b85a4 - GetClassNameA
0x4b85a8 - GetKeyboardState
0x4b85ac - GetDlgItem
0x4b85b0 - FindWindowExA
0x4b85b4 - GetWindowTextA
0x4b85b8 - DefWindowProcA
0x4b85bc - GetClassInfoA
0x4b85c0 - IsZoomed
0x4b85c4 - IsWindowVisible
0x4b85c8 - PostQuitMessage
0x4b85cc - ModifyMenuA
0x4b85d0 - GetWindowTextLengthA
0x4b85d4 - CharUpperA
0x4b85d8 - GetWindowDC
0x4b85dc - BeginPaint
0x4b85e0 - EndPaint
0x4b85e4 - TabbedTextOutA
0x4b85e8 - DrawTextA
0x4b85ec - GrayStringA
0x4b85f0 - DestroyWindow
0x4b85f4 - CreateDialogIndirectParamA
0x4b85f8 - EndDialog
0x4b85fc - GetNextDlgTabItem
0x4b8600 - GetWindowPlacement
0x4b8604 - RegisterWindowMessageA
0x4b8608 - GetLastActivePopup
0x4b860c - GetMessageTime
0x4b8610 - RemovePropA
0x4b8614 - CallWindowProcA
0x4b8618 - GetPropA
0x4b861c - UnhookWindowsHookEx
0x4b8620 - SetPropA
0x4b8624 - GetClassLongA
0x4b8628 - CallNextHookEx
0x4b862c - SetWindowsHookExA
0x4b8630 - CreateWindowExA
0x4b8634 - GetMenuItemID
0x4b8638 - GetMenuItemCount
0x4b863c - RegisterClassA
0x4b8640 - GetScrollPos
0x4b8644 - AdjustWindowRectEx
0x4b8648 - MapWindowPoints
0x4b864c - SendDlgItemMessageA
0x4b8650 - ScrollWindowEx
0x4b8654 - IsDialogMessageA
0x4b8658 - SetWindowTextA
0x4b865c - MoveWindow
0x4b8660 - CheckMenuItem
0x4b8664 - SetMenuItemBitmaps
0x4b8668 - GetMenuState
0x4b866c - GetMenuCheckMarkDimensions
库 GDI32.dll:
0x4b8040 - Escape
0x4b8044 - ExtTextOutA
0x4b8048 - TextOutA
0x4b804c - RectVisible
0x4b8050 - PtVisible
0x4b8054 - GetViewportExtEx
0x4b8058 - ExtSelectClipRgn
0x4b805c - LineTo
0x4b8060 - BitBlt
0x4b8064 - CreateCompatibleDC
0x4b8068 - Ellipse
0x4b806c - Rectangle
0x4b8070 - LPtoDP
0x4b8074 - DPtoLP
0x4b8078 - GetCurrentObject
0x4b807c - RoundRect
0x4b8080 - GetTextMetricsA
0x4b8084 - GetTextExtentPoint32A
0x4b8088 - GetDeviceCaps
0x4b808c - GetSystemPaletteEntries
0x4b8090 - CreateDIBitmap
0x4b8094 - DeleteObject
0x4b8098 - SelectClipRgn
0x4b809c - CreatePolygonRgn
0x4b80a0 - GetClipRgn
0x4b80a4 - SetStretchBltMode
0x4b80a8 - CreateRectRgnIndirect
0x4b80ac - SetBkColor
0x4b80b0 - MoveToEx
0x4b80b4 - ExcludeClipRect
0x4b80b8 - GetClipBox
0x4b80bc - ScaleWindowExtEx
0x4b80c0 - SetWindowExtEx
0x4b80c4 - SetWindowOrgEx
0x4b80c8 - ScaleViewportExtEx
0x4b80cc - SetViewportExtEx
0x4b80d0 - OffsetViewportOrgEx
0x4b80d4 - StartPage
0x4b80d8 - StartDocA
0x4b80dc - DeleteDC
0x4b80e0 - EndDoc
0x4b80e4 - EndPage
0x4b80e8 - CreateFontIndirectA
0x4b80ec - GetStockObject
0x4b80f0 - CreateSolidBrush
0x4b80f4 - FillRgn
0x4b80f8 - CreateRectRgn
0x4b80fc - CombineRgn
0x4b8100 - PatBlt
0x4b8104 - CreatePen
0x4b8108 - GetObjectA
0x4b810c - SelectObject
0x4b8110 - CreateBitmap
0x4b8114 - CreateDCA
0x4b8118 - CreateCompatibleBitmap
0x4b811c - GetPolyFillMode
0x4b8120 - GetStretchBltMode
0x4b8124 - GetROP2
0x4b8128 - GetBkColor
0x4b812c - GetBkMode
0x4b8130 - GetTextColor
0x4b8134 - CreateRoundRectRgn
0x4b8138 - SetViewportOrgEx
0x4b813c - SetMapMode
0x4b8140 - SetTextColor
0x4b8144 - SetROP2
0x4b8148 - SetPolyFillMode
0x4b814c - SetBkMode
0x4b8150 - RestoreDC
0x4b8154 - SaveDC
0x4b8158 - CreateEllipticRgn
0x4b815c - PathToRegion
0x4b8160 - EndPath
0x4b8164 - BeginPath
0x4b8168 - GetWindowOrgEx
0x4b816c - GetViewportOrgEx
0x4b8170 - GetWindowExtEx
0x4b8174 - CreatePalette
0x4b8178 - RealizePalette
0x4b817c - SelectPalette
0x4b8180 - GetDIBits
0x4b8184 - StretchBlt
库 WINSPOOL.DRV:
0x4b86c0 - OpenPrinterA
0x4b86c4 - DocumentPropertiesA
0x4b86c8 - ClosePrinter
库 ADVAPI32.dll:
0x4b8000 - RegQueryValueExA
0x4b8004 - RegOpenKeyExA
0x4b8008 - RegSetValueExA
0x4b800c - RegDeleteValueA
0x4b8010 - RegDeleteKeyA
0x4b8014 - RegQueryValueA
0x4b8018 - RegCloseKey
0x4b801c - InitializeSecurityDescriptor
0x4b8020 - SetSecurityDescriptorDacl
0x4b8024 - RegOpenKeyA
0x4b8028 - RegEnumKeyA
0x4b802c - RegCreateKeyExA
库 SHELL32.dll:
0x4b83ec - Shell_NotifyIconA
0x4b83f0 - ShellExecuteA
0x4b83f4 - SHGetSpecialFolderPathA
库 ole32.dll:
0x4b8718 - CLSIDFromString
0x4b871c - OleUninitialize
0x4b8720 - OleInitialize
库 OLEAUT32.dll:
0x4b83dc - LoadTypeLib
0x4b83e0 - RegisterTypeLib
0x4b83e4 - UnRegisterTypeLib
库 COMCTL32.dll:
0x4b8034 - None
0x4b8038 - ImageList_Destroy
库 comdlg32.dll:
0x4b8704 - ChooseColorA
0x4b8708 - GetFileTitleA
0x4b870c - GetSaveFileNameA
0x4b8710 - GetOpenFileNameA

投放文件

无信息

行为分析

互斥量(Mutexes)
  • ESPI_GMEM_MUTEX 1.0
  • Local\MSCTF.Asm.MutexDefault1
  • Local\!IETld!Mutex
  • Local\!BrowserEmulation!SharedMemory!Mutex
  • Local\!IECompat!Mutex
  • Local\c:!users!test!appdata!roaming!microsoft!windows!iecompatcache!
  • ConnHashTable<2044>_HashTable_Mutex
  • Local\c:!users!test!appdata!local!microsoft!feeds cache!
  • Groove.Mutex.WebServices.Status
  • Groove.Mutex.SystemServices.Lock
  • Groove:PathMutex:huJZ0a1oPtB4yGzDQW9lw0niEfg=
执行的命令
  • https://jq.qq.com/?_wv=1027&k=5bVMLvZ
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
  • C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  • C:\Windows\system32\sppsvc.exe
创建的服务
  • DD81200x64
启动的服务
  • DD81200x64

进程

csrss.exe PID: 2652, 上一级进程 PID: 2296

services.exe PID: 428, 上一级进程 PID: 332

iexplore.exe PID: 2328, 上一级进程 PID: 2044

mscorsvw.exe PID: 2488, 上一级进程 PID: 428

mscorsvw.exe PID: 1964, 上一级进程 PID: 428

访问的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Users\test\AppData\Local\Temp\\xe6\xb7\xa1Tw
  • C:\Users\test\AppData\Local\Temp\csrss.exe
  • C:\Users\test\AppData\Local\Temp\\xe5\x8c\x85\x18
  • C:\Windows\Fonts\staticcache.dat
  • C:\
  • C:\Users\test\AppData\Local\Temp\Q\xe7\xbe\xa4436801101.dll
  • C:\Windows\System32\ESPI11.dll
  • C:\Users\test\AppData\Local\Temp\Q\xef\xbf\x88\xef\xbe\xba436801101.dll
  • C:\Windows\System32\mswsock.dll
  • C:\Users\test\AppData\Local\Temp\\xe5\xb9\xbb\xe5\xbd\xb1\xe5\xbe\xae\xe7\xac\x91.dll
  • C:\Users\test\AppData\Local\Temp\\xe7\xa6\x81\xe6\xad\xa2\xe5\x88\xb7\xe6\x96\xb0\xe6\xa1\x8c\xe9\x9d\xa2.dll
  • C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8
  • C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8\\xe5\x90\xa8\xe8\x93\x89\xe8\xbf\x90\xe5\xb8\x98\xe4\xbf\xbe.ink
  • C:\Users\test\AppData\Local\Temp\\xef\xbf\x94\xef\xbe\xbc\xef\xbe\xbf\xef\xbe\xb4\xef\xbf\x92\xef\xbe\xbc\xef\xbf\x8a\xef\xbf\x99\xef\xbe\xb8\xef\xbe\xbc\xef\xbf\x93\xef\xbf\x83\\xef\xbe\xb6\xef\xbf\x96\xef\xbf\x88\xef\xbf\x98\xef\xbf\x94\xef\xbf\x8b\xef\xbf\x81\xef\xbe\xb1\xef\xbf\x99\xef\xbf\x82.ink
  • C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8\\xe5\x90\xa8\xe8\x93\x89\xe8\xbf\x90\xe5\xb8\x98\xe4\xbf\xbe.lnk
  • C:\Users\test\AppData\Local\Temp\kernel32.dll
  • C:\Users\test\AppData\Local\Temp\3701728
  • C:\Users\test\AppData\Local\Temp\3701728\....\
  • C:\Users\test\AppData\Local\Temp\3701728\....\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\3701728\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\3701728\*.*
  • C:\Users\test\AppData\Local\Temp\3701728\TemporaryFile\*.*
  • C:\Users\test\AppData\Local\Temp\3701728\TemporaryFile\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\kernel32.DLL
  • C:\Users\test\AppData\Local\Temp\Kernel32.dll
  • C:\Users\test\AppData\Local\Temp\
  • C:\Users
  • C:\Users\test
  • C:\Users\test\AppData
  • C:\Users\test\AppData\Local
  • C:\Users\test\AppData\Local\Temp
  • C:\Users\test\AppData\Local\Temp\ddxoft.dll
  • C:\Users\test\AppData\Local\Temp\csrss.exe.Local\
  • C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
  • C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
  • C:\Users\test\AppData\Local\Temp\OLEACC.dll
  • C:\Windows\System32\oleacc.dll
  • C:\Users\test\AppData\Local\Temp\OLEACCRC.DLL
  • C:\Windows\System32\oleaccrc.dll
  • C:\Users\test\AppData\Local\Temp\ddxoftCHS.dll
  • C:\Users\test\AppData\Local\Temp\ddxoftENU.dll
  • C:\Users\test\AppData\Local\Temp\ddxoftLOC.dll
  • C:\Windows\System32\tzres.dll
  • C:\DD81200x64.sys
  • \??\DD81200x64
  • \??\pci#ven_10ec&dev_8139&subsys_11001af4&rev_20#3&13c0b0c5&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{33e35b0a-d1f6-4ab1-a1ae-56b8a256b787}
  • C:\Windows\SysWOW64\shell32.dll
  • C:\Windows\SysWOW64\ieframe.dll
  • C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
  • C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
  • C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
  • C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
  • C:\Windows\Temp
  • C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
  • C:\Windows\ServiceProfiles
  • C:\Windows\ServiceProfiles\LocalService
  • C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
  • C:\Windows\ServiceProfiles\NetworkService
  • C:\Windows\sysnative\LogFiles\Scm\da41de71-8431-42fb-9db0-eb64a961dead
  • \Device\Afd\Endpoint
  • C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\
  • C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
  • \Device\Afd\AsyncConnectHlp
  • C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
  • C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
  • C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\qr[1].txt
  • C:\Windows\WindowsShell.manifest
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\qr[1].htm
  • C:\Windows\Media\Windows Navigation Start.wav
  • C:\Windows\SysWOW64\urlmon.dll
  • C:\Windows
  • C:\Windows\SysWOW64
  • C:\Users\test\AppData\Local\Microsoft\Feeds Cache\
  • C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
  • C:\Users\test\AppData\Local\Microsoft\Feeds Cache\desktop.ini
  • C:\Program Files (x86)\Internet Explorer\ieframe.dll
  • C:\Users\test\Desktop\ieframe.dll
  • C:\Windows\System32\ieframe.dll
  • C:\Windows\System32
  • C:\Windows\System32\ieframe.dll:Zone.Identifier
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\unknownprotocol[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\errorPageStrings[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\info_48[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\background_gradient[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\bullet[1]
  • C:\Windows\sysnative\C_1250.NLS
  • C:\Windows\sysnative\C_1251.NLS
  • C:\Windows\sysnative\C_1253.NLS
  • C:\Windows\sysnative\C_1254.NLS
  • C:\Windows\sysnative\C_1255.NLS
  • C:\Windows\sysnative\C_1256.NLS
  • C:\Windows\sysnative\C_1257.NLS
  • C:\Windows\sysnative\C_1258.NLS
  • C:\Windows\sysnative\C_874.NLS
  • C:\Windows\sysnative\C_932.NLS
  • C:\Windows\sysnative\C_949.NLS
  • C:\Windows\sysnative\C_950.NLS
  • C:\Windows\sysnative\C_1361.NLS
  • C:\Users\test\AppData\Local\microsoft\Office\Groove\User\GFSConfig.xml
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ndpsetup.bat
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ndpsetup.bat
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
读取的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Users\test\AppData\Local\Temp\\xe6\xb7\xa1Tw
  • C:\Users\test\AppData\Local\Temp\csrss.exe
  • C:\Users\test\AppData\Local\Temp\\xe5\x8c\x85\x18
  • C:\Windows\Fonts\staticcache.dat
  • C:\Windows\System32\ESPI11.dll
  • C:\Users\test\AppData\Local\Temp\Q\xe7\xbe\xa4436801101.dll
  • C:\Users\test\AppData\Local\Temp\Q\xef\xbf\x88\xef\xbe\xba436801101.dll
  • C:\Windows\System32\mswsock.dll
  • C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8\\xe5\x90\xa8\xe8\x93\x89\xe8\xbf\x90\xe5\xb8\x98\xe4\xbf\xbe.ink
  • C:\Users\test\AppData\Local\Temp\3701728\....\
  • C:\Users\test\AppData\Local\Temp\ddxoft.dll
  • C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
  • C:\Windows\System32\oleacc.dll
  • C:\Windows\System32\oleaccrc.dll
  • C:\Windows\System32\tzres.dll
  • C:\DD81200x64.sys
  • \??\DD81200x64
  • C:\Windows\SysWOW64\shell32.dll
  • C:\Windows\SysWOW64\ieframe.dll
  • C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
  • C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
  • C:\Windows\sysnative\LogFiles\Scm\da41de71-8431-42fb-9db0-eb64a961dead
  • \Device\Afd\Endpoint
  • C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
  • \Device\Afd\AsyncConnectHlp
  • C:\Windows\WindowsShell.manifest
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\qr[1].htm
  • C:\Windows\Media\Windows Navigation Start.wav
  • C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
修改的文件
  • C:\Users\test\AppData\Local\Temp\Q\xe7\xbe\xa4436801101.dll
  • C:\Windows\System32\ESPI11.dll
  • C:\Users\test\AppData\Local\Temp\\xe5\xb9\xbb\xe5\xbd\xb1\xe5\xbe\xae\xe7\xac\x91.dll
  • C:\Users\test\AppData\Local\Temp\\xe7\xa6\x81\xe6\xad\xa2\xe5\x88\xb7\xe6\x96\xb0\xe6\xa1\x8c\xe9\x9d\xa2.dll
  • C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8\\xe5\x90\xa8\xe8\x93\x89\xe8\xbf\x90\xe5\xb8\x98\xe4\xbf\xbe.ink
  • C:\Users\test\AppData\Local\Temp\\xef\xbf\x94\xef\xbe\xbc\xef\xbe\xbf\xef\xbe\xb4\xef\xbf\x92\xef\xbe\xbc\xef\xbf\x8a\xef\xbf\x99\xef\xbe\xb8\xef\xbe\xbc\xef\xbf\x93\xef\xbf\x83\\xef\xbe\xb6\xef\xbf\x96\xef\xbf\x88\xef\xbf\x98\xef\xbf\x94\xef\xbf\x8b\xef\xbf\x81\xef\xbe\xb1\xef\xbf\x99\xef\xbf\x82.ink
  • C:\Users\test\AppData\Local\Temp\\xe7\xba\xa6\xe7\x9c\x8b\xe5\xa3\xb9\xe5\xaf\xbf\xe8\xae\xa3\xe7\x94\xa8\\xe5\x90\xa8\xe8\x93\x89\xe8\xbf\x90\xe5\xb8\x98\xe4\xbf\xbe.lnk
  • C:\Users\test\AppData\Local\Temp\3701728\....\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\3701728\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\ddxoft.dll
  • C:\DD81200x64.sys
  • \??\DD81200x64
  • C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
  • C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
  • \Device\Afd\Endpoint
  • C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
  • \Device\Afd\AsyncConnectHlp
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\qr[1].txt
  • C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\unknownprotocol[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\errorPageStrings[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\info_48[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\background_gradient[1]
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\bullet[1]
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenservicelock.dat
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenservicelock.dat
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
删除的文件
  • C:\Users\test\AppData\Local\Temp\3701728\TemporaryFile\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\3701728\TemporaryFile
  • C:\Users\test\AppData\Local\Temp\3701728
  • C:\DD81200x64.sys
  • C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\qr[1].htm
注册表键
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\\xe5\xbe\xae\xe8\xbd\xaf\xe9\x9b\x85\xe9\xbb\x91
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\Q\xe7\xbe\xa4436801101.dll
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\ESPI11
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1001
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1002
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1003
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1008
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1010
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\FileName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\csrss.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
  • HKEY_CURRENT_USER
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
  • HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WOW\boot
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
  • HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\csrss.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
  • HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
  • HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ieframe.dll
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\csrss.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\https\OpenWithProgids
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\Progid
  • HKEY_CLASSES_ROOT\IE.HTTPS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\CurVer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\NoStaticDefaultVerb
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\open
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\open\NeverDefault
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DD81200x64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DD81200x64\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\WOW64
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
  • HKEY_USERS\S-1-5-18
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_USERS\.DEFAULT\Environment
  • HKEY_USERS\.DEFAULT\Volatile Environment
  • HKEY_USERS\.DEFAULT\Volatile Environment\0
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
  • HKEY_USERS\S-1-5-19
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
  • HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
  • HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_USERS\S-1-5-19\Environment
  • HKEY_USERS\S-1-5-19\Volatile Environment
  • HKEY_USERS\S-1-5-19\Volatile Environment\0
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\WOW64
  • HKEY_USERS\S-1-5-20
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_USERS\S-1-5-20\Environment
  • HKEY_USERS\S-1-5-20\Volatile Environment
  • HKEY_USERS\S-1-5-20\Volatile Environment\0
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_Logging
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\Feature_Enable_Compat_Logging
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MediaTypeClass
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\No3DBorder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\https\
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
  • HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\AllSitesCompatibilityMode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\BrowserEmulation
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IntranetCompatibilityMode
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
  • HKEY_CURRENT_USER\Software\Classes
  • HKEY_CURRENT_USER\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\TabbedBrowsing
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
  • HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler
  • HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
  • HKEY_CURRENT_USER\Software\Classes\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
  • HKEY_CURRENT_USER\Software\Classes\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\iexplore.exe
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\MenuUserExpanded
  • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
  • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
  • HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
  • HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html;charset=utf-8
  • HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html;charset=utf-8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html;charset=utf-8
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*
  • HKEY_CLASSES_ROOT\.txt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\Floppy Access
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection
  • HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\about\
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\about
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Zoom
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Zoom
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnStartup
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnZoom
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetZoomOnStartup2
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PhishingFilter
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\SmartDithering
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SmartDithering
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseClearType
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Page_Transitions
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Display Inline Videos
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Stylesheets
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseThemes
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\XDomainRequest
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\International\Scripts
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\International\Scripts
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Settings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\Use My Stylesheet
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Flags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Contexts
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Flags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Contexts
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Version Vector
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\VML
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\IE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\WindowsEdition
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\BrowserEmulation
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableInPrivateBlocking
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableLogging
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CODEPAGE_INHERIT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CODEPAGE_INHERIT
  • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\DxTrans
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DxTrans
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\DxTrans
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\*
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  • HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoNavButtons
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
  • HKEY_CURRENT_USER\Software\Classes\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_STATUS_BAR_THROTTLING
  • HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BINARY_CALLER_SERVICE_PROVIDER
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BINARY_CALLER_SERVICE_PROVIDER
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_URLECHO
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  • HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2000
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feed Discovery
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feed Discovery
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Sound
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feed Discovery
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Enabled
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feed Discovery\
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feed Discovery\
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feeds
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Feeds
  • HKEY_CURRENT_USER\Software\Microsoft\Ftp
  • HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  • HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\tencent\OpenWithProgids
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tencent
  • HKEY_CLASSES_ROOT\tencent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DRIVERS32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi9
  • HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm
  • HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\NavigationDelay
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\tencent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tencent
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\CLSID
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Multimedia\MIDIMap
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
  • HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OptimisticBHO
  • HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ\*
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOAD_SHDOCLC_RESOURCES
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOAD_SHDOCLC_RESOURCES
  • HKEY_CLASSES_ROOT\.htm
  • HKEY_CURRENT_USER\Software\Classes\.htm\Content Type
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2100
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2301
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2301
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE\*
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\*
  • HKEY_CLASSES_ROOT\.css
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.css\Content Type
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/css
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/css
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default Behaviors
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default Behaviors\discovery
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1400
  • HKEY_CLASSES_ROOT\.js
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\Content Type
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\*
  • HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.current
  • HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.Current\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchProviders\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Safety\PrivacIE
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}
  • HKEY_CLASSES_ROOT\.png
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png\Content Type
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\image/png
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\image/png
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\*
  • HKEY_CLASSES_ROOT\.jpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg\Content Type
  • HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\image/jpeg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\image/jpeg
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1250
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1251
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1253
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1254
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1255
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1256
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1257
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1258
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\874
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1361
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Services
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services\SelectionActivityButtonDisable
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Activities
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Activities
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Activities
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGenServiceDebugLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client\Install
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DefaultVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ZapSet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v2.0.50727\NGenService\Roots
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NetFramework\v2.0.50727\NGENService\State
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueue\WIN32\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueueMSI\WIN32\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenServiceDebugLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NicPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\RegistryRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\Install
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DefaultVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\ZapSet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueue\WIN64\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenQueueMSI\WIN64\Default
读取的注册表键
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\Q\xe7\xbe\xa4436801101.dll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\FileName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
  • HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\csrss.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\NoStaticDefaultVerb
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\open\NeverDefault
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DD81200x64\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\WOW64
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
  • HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
  • HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\ImagePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\WOW64
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
  • HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc\Environment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\No3DBorder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\AllSitesCompatibilityMode
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IntranetCompatibilityMode
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\MenuUserExpanded
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html\Extension
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\Content Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInset
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollDelay
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragScrollInterval
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\about\CLSID
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2106
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomDisabled
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnStartup
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetTextSizeOnZoom
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ResetZoomOnStartup2
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\SmartDithering
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SmartDithering
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseClearType
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Page_Transitions
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Display Inline Videos
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Stylesheets
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Force Offscreen Composition
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseThemes
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\XDomainRequest
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Default_CodePage
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\Default_IEFontSizePrivate
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Hover
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\MiscFlags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\Use My Stylesheet
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Flags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\x8f\x91\xe9\x80\x81\xe8\x87\xb3 OneNote(&N)\Contexts
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Flags
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\\xe5\xaf\xbc\xe5\x87\xba\xe5\x88\xb0 Microsoft Excel(&X)\Contexts
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\950
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSize
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFontSizePrivate
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\VML
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\IE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Version Vector\WindowsEdition
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2700
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableInPrivateBlocking
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE\DisableLogging
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME\*
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2301
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1400
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SSLUX\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\NoNavButtons
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9D973E3B-F610-4F03-83D3-AED90C3237AC}\SynchronousInterface\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{332C4425-26CB-11D0-B483-00C04FD90119}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\COM+Enabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CoInternetCombineIUriCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Sound
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feed Discovery\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\FTP\Use Web Based FTP
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\wave9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\DRIVERS32\midi9
  • HKEY_CURRENT_USER\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\NavigationDelay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\CLSID
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
  • HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OptimisticBHO
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ\*
  • HKEY_CURRENT_USER\Software\Classes\.htm\Content Type
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2100
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2700
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2106
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2301
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2301
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.css\Content Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS\iexplore.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default Behaviors\discovery
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1400
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\Content Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\*
  • HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.Current\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1201
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.png\Content Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\iexplore.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.jpg\Content Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1250
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1251
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1253
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1254
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1255
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1256
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1257
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1258
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\874
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\932
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\949
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\1361
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Services\SelectionActivityButtonDisable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGenServiceDebugLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Client\Install
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DefaultVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\ZapSet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGenServiceDebugLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NicPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\RegistryRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AssemblyPath2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\Install
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGEN_USE_PRIVATE_STORE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DefaultVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\ZapSet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\WorkPending
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGENService\State\PendingUpdate
修改的注册表键
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\ESPI11
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1001
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1002
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1003
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1008
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\1010
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\ESPI11\FileName
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib
  • HKEY_CURRENT_USER\Software\Microsoft\Multimedia\DrawDib\ 800x600x24(BGR 0)
删除的注册表键 无信息
API解析
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • kernel32.dll.SortGetHandle
  • kernel32.dll.SortCloseHandle
  • kernel32.dll.lstrcpynA
  • kernel32.dll.RtlMoveMemory
  • kernel32.dll.VirtualAlloc
  • kernel32.dll.LoadLibraryA
  • kernel32.dll.GetProcAddress
  • kernel32.dll.VirtualProtect
  • kernel32.dll.VirtualFree
  • comctl32.dll.ImageList_Draw
  • gdi32.dll.BitBlt
  • msimg32.dll.TransparentBlt
  • msvcrt.dll.free
  • msvfw32.dll.DrawDibOpen
  • user32.dll.GetDC
  • kernel32.dll.MulDiv
  • kernel32.dll.FlushInstructionCache
  • kernel32.dll.GetCurrentProcess
  • kernel32.dll.GetTickCount
  • kernel32.dll.VirtualQuery
  • kernel32.dll.SetFilePointer
  • kernel32.dll.GlobalAlloc
  • kernel32.dll.GlobalLock
  • kernel32.dll.GlobalUnlock
  • kernel32.dll.GlobalReAlloc
  • kernel32.dll.GlobalFree
  • kernel32.dll.FindResourceA
  • kernel32.dll.LoadResource
  • kernel32.dll.LockResource
  • kernel32.dll.SizeofResource
  • kernel32.dll.FreeLibrary
  • kernel32.dll.GetModuleFileNameA
  • kernel32.dll.GetModuleHandleA
  • kernel32.dll.GetVersion
  • kernel32.dll.GetCurrentThreadId
  • kernel32.dll.CreateFileA
  • kernel32.dll.GetFileSize
  • kernel32.dll.CloseHandle
  • kernel32.dll.ReadFile
  • kernel32.dll.SetLastError
  • comctl32.dll.ImageList_GetIcon
  • comctl32.dll.ImageList_GetImageInfo
  • comctl32.dll.ImageList_GetIconSize
  • gdi32.dll.SetWindowExtEx
  • gdi32.dll.SetWindowOrgEx
  • gdi32.dll.SetMapMode
  • gdi32.dll.SelectClipPath
  • gdi32.dll.EndPath
  • gdi32.dll.BeginPath
  • gdi32.dll.TextOutA
  • gdi32.dll.GetClipRgn
  • gdi32.dll.GetPixel
  • gdi32.dll.CreatePatternBrush
  • gdi32.dll.CreateFontIndirectA
  • gdi32.dll.SetViewportOrgEx
  • gdi32.dll.GetStockObject
  • gdi32.dll.GetTextExtentPoint32A
  • gdi32.dll.CreateRoundRectRgn
  • gdi32.dll.CreateFontA
  • gdi32.dll.SetViewportExtEx
  • gdi32.dll.SelectClipRgn
  • gdi32.dll.SelectObject
  • gdi32.dll.CreateCompatibleDC
  • gdi32.dll.DeleteDC
  • gdi32.dll.OffsetRgn
  • gdi32.dll.CombineRgn
  • gdi32.dll.CreateRectRgn
  • gdi32.dll.CreatePen
  • gdi32.dll.ExtCreateRegion
  • gdi32.dll.DeleteObject
  • gdi32.dll.Rectangle
  • gdi32.dll.SetPixel
  • gdi32.dll.PtInRegion
  • gdi32.dll.SetTextColor
  • gdi32.dll.SetBkMode
  • gdi32.dll.PatBlt
  • gdi32.dll.CreateDIBSection
  • gdi32.dll.GetObjectA
  • gdi32.dll.CreateCompatibleBitmap
  • gdi32.dll.GetTextExtentPointA
  • gdi32.dll.ExtTextOutA
  • gdi32.dll.ExtTextOutW
  • gdi32.dll.SetBkColor
  • gdi32.dll.GetTextColor
  • gdi32.dll.CreateSolidBrush
  • msvcrt.dll.??3@YAXPAX@Z
  • msvcrt.dll.__CxxFrameHandler
  • msvcrt.dll.??2@YAPAXI@Z
  • msvcrt.dll._ftol
  • msvcrt.dll._mbsstr
  • msvcrt.dll._mbscmp
  • msvcrt.dll.__dllonexit
  • msvcrt.dll.malloc
  • msvcrt.dll._initterm
  • msvcrt.dll._adjust_fdiv
  • msvcrt.dll._onexit
  • msvcrt.dll.memcpy
  • msvfw32.dll.DrawDibDraw
  • msvfw32.dll.DrawDibClose
  • user32.dll.SetWindowsHookExA
  • user32.dll.UnhookWindowsHookEx
  • user32.dll.CallNextHookEx
  • user32.dll.GetClassNameA
  • user32.dll.IsWindow
  • user32.dll.EnumThreadWindows
  • user32.dll.EnumChildWindows
  • user32.dll.LockWindowUpdate
  • user32.dll.DestroyIcon
  • user32.dll.DrawStateA
  • user32.dll.ShowWindow
  • user32.dll.GetMenuItemID
  • user32.dll.GetWindowRgn
  • user32.dll.SetMenu
  • user32.dll.GetMenu
  • user32.dll.GetSubMenu
  • user32.dll.TrackPopupMenu
  • user32.dll.CreateWindowExA
  • user32.dll.DestroyWindow
  • user32.dll.GetWindowInfo
  • user32.dll.SetWindowPos
  • user32.dll.GetClassLongA
  • user32.dll.ScreenToClient
  • user32.dll.SystemParametersInfoA
  • user32.dll.GetSystemMetrics
  • user32.dll.MenuItemFromPoint
  • user32.dll.GetMenuItemRect
  • user32.dll.GetMenuItemCount
  • user32.dll.SetMenuItemInfoA
  • user32.dll.IsMenu
  • user32.dll.GetUpdateRect
  • user32.dll.EqualRect
  • user32.dll.ShowScrollBar
  • user32.dll.SetWindowRgn
  • user32.dll.WindowFromDC
  • user32.dll.MoveWindow
  • user32.dll.GetSysColor
  • user32.dll.EnableScrollBar
  • user32.dll.GetScrollBarInfo
  • user32.dll.GetCapture
  • user32.dll.SetScrollPos
  • user32.dll.SetScrollInfo
  • user32.dll.GetScrollRange
  • user32.dll.GetScrollPos
  • user32.dll.GetScrollInfo
  • user32.dll.ReleaseDC
  • user32.dll.GetWindowDC
  • user32.dll.GetDCEx
  • user32.dll.EndPaint
  • user32.dll.BeginPaint
  • user32.dll.GetWindowLongW
  • user32.dll.SetWindowLongW
  • user32.dll.SetWindowLongA
  • user32.dll.ClientToScreen
  • user32.dll.FindWindowExA
  • user32.dll.GetMenuItemInfoA
  • user32.dll.GetParent
  • user32.dll.GetComboBoxInfo
  • user32.dll.TrackMouseEvent
  • user32.dll.GetIconInfo
  • user32.dll.GetClientRect
  • user32.dll.GetFocus
  • user32.dll.InflateRect
  • user32.dll.InvalidateRect
  • user32.dll.SetPropA
  • user32.dll.RemovePropA
  • user32.dll.CallWindowProcA
  • user32.dll.GetPropA
  • user32.dll.SetTimer
  • user32.dll.OffsetRect
  • user32.dll.KillTimer
  • user32.dll.EnableWindow
  • user32.dll.GetWindowLongA
  • user32.dll.SetRectEmpty
  • user32.dll.DrawIconEx
  • user32.dll.GetWindowTextA
  • user32.dll.DrawTextA
  • user32.dll.IsRectEmpty
  • user32.dll.IsIconic
  • user32.dll.IsZoomed
  • user32.dll.GetSystemMenu
  • user32.dll.GetMenuState
  • user32.dll.ReleaseCapture
  • user32.dll.GetMessageA
  • user32.dll.SetScrollRange
  • user32.dll.DispatchMessageA
  • user32.dll.SetRect
  • user32.dll.IsWindowVisible
  • user32.dll.RegisterClassExA
  • user32.dll.DefWindowProcA
  • user32.dll.IsWindowEnabled
  • user32.dll.SendMessageA
  • user32.dll.GetCursorPos
  • user32.dll.LoadCursorA
  • user32.dll.SetCursor
  • user32.dll.GetWindowRect
  • user32.dll.PtInRect
  • user32.dll.SetCapture
  • user32.dll.UpdateLayeredWindow
  • user32.dll.SetLayeredWindowAttributes
  • dciman32.dll.DCIOpenProvider
  • dciman32.dll.DCICloseProvider
  • dciman32.dll.DCICreatePrimary
  • dciman32.dll.DCIEndAccess
  • dciman32.dll.DCIBeginAccess
  • dciman32.dll.DCIDestroy
  • comctl32.dll.RegisterClassNameW
  • uxtheme.dll.EnableThemeDialogTexture
  • uxtheme.dll.OpenThemeData
  • imm32.dll.ImmIsIME
  • gdi32.dll.GetLayout
  • gdi32.dll.GdiRealizationInfo
  • gdi32.dll.FontIsLinked
  • advapi32.dll.RegOpenKeyExW
  • advapi32.dll.RegQueryInfoKeyW
  • gdi32.dll.GetTextFaceAliasW
  • advapi32.dll.RegEnumValueW
  • advapi32.dll.RegCloseKey
  • advapi32.dll.RegQueryValueExW
  • advapi32.dll.RegQueryValueExA
  • advapi32.dll.RegEnumKeyExW
  • gdi32.dll.GetTextExtentExPointWPri
  • kernel32.dll.lstrcpyn
  • q\xe7\xbe\xa4436801101.dll.SetPara
  • q\xe7\xbe\xa4436801101.dll.GetNPMVersion
  • espi11.dll.SetPara
  • mswsock.dll.WSPStartup
  • espi11.dll.GetNPMVersion
  • ole32.dll.CoInitializeEx
  • ole32.dll.CoUninitialize
  • ole32.dll.CoRegisterInitializeSpy
  • ole32.dll.CoRevokeInitializeSpy
  • user32.dll.MonitorFromWindow
  • user32.dll.MonitorFromRect
  • user32.dll.MonitorFromPoint
  • user32.dll.EnumDisplayMonitors
  • user32.dll.GetMonitorInfoA
  • oleaut32.dll.SysAllocString
  • oleaut32.dll.SysStringLen
  • oleaut32.dll.SysFreeString
  • kernel32.dll.CreateDirectoryA
  • kernel32.dll.MoveFileA
  • kernel32.dll.GetTempPathA
  • kernel32.dll.GetLongPathNameA
  • kernel32.dll.GetSystemWow64DirectoryA
  • kernel32.dll.RegQueryValueExW
  • advapi32.dll.EventWrite
  • advapi32.dll.EventRegister
  • advapi32.dll.EventUnregister
  • kernel32.dll.FlsAlloc
  • kernel32.dll.FlsGetValue
  • kernel32.dll.FlsSetValue
  • kernel32.dll.FlsFree
  • uxtheme.dll.DrawThemeParentBackground
  • uxtheme.dll.DrawThemeTextEx
  • uxtheme.dll.BufferedPaintInit
  • uxtheme.dll.BufferedPaintUnInit
  • uxtheme.dll.BeginBufferedPaint
  • uxtheme.dll.EndBufferedPaint
  • dwmapi.dll.DwmExtendFrameIntoClientArea
  • dwmapi.dll.DwmDefWindowProc
  • dwmapi.dll.DwmIsCompositionEnabled
  • comctl32.dll.DllGetVersion
  • kernel32.dll.GetThreadPreferredUILanguages
  • wintrust.dll.WinVerifyTrust
  • ddxoft.dll.DD_movR
  • kernel32.dll.CreateToolhelp32Snapshot
  • kernel32.dll.Process32First
  • kernel32.dll.Process32Next
  • kernel32.dll.CreateWaitableTimerA
  • kernel32.dll.SetWaitableTimer
  • user32.dll.MsgWaitForMultipleObjects
  • ole32.dll.OleInitialize
  • ole32.dll.CreateBindCtx
  • ole32.dll.CoTaskMemAlloc
  • propsys.dll.PSCreateMemoryPropertyStore
  • propsys.dll.PSPropertyBag_WriteDWORD
  • ole32.dll.CoGetApartmentType
  • ole32.dll.CoTaskMemFree
  • comctl32.dll.#236
  • oleaut32.dll.#6
  • ole32.dll.CoGetMalloc
  • propsys.dll.PSPropertyBag_ReadDWORD
  • propsys.dll.PSPropertyBag_ReadGUID
  • comctl32.dll.#320
  • comctl32.dll.#324
  • comctl32.dll.#323
  • advapi32.dll.RegEnumKeyW
  • advapi32.dll.OpenThreadToken
  • ole32.dll.StringFromGUID2
  • apphelp.dll.ApphelpCheckShellObject
  • ole32.dll.CoCreateInstance
  • urlmon.dll.CreateUri
  • kernel32.dll.InitializeSRWLock
  • kernel32.dll.AcquireSRWLockExclusive
  • kernel32.dll.AcquireSRWLockShared
  • kernel32.dll.ReleaseSRWLockExclusive
  • kernel32.dll.ReleaseSRWLockShared
  • advapi32.dll.AddMandatoryAce
  • ntmarta.dll.GetMartaExtensionInterface
  • version.dll.GetFileVersionInfoSizeW
  • version.dll.GetFileVersionInfoW
  • version.dll.VerQueryValueW
  • urlmon.dll.#397
  • urlmon.dll.#441
  • urlmon.dll.#395
  • ole32.dll.OleUninitialize
  • comctl32.dll.#388
  • oleaut32.dll.#500
  • urlmon.dll.CreateURLMonikerEx
  • urlmon.dll.CreateAsyncBindCtxEx
  • urlmon.dll.RegisterBindStatusCallback
  • urlmon.dll.CreateFormatEnumerator
  • urlmon.dll.UrlMkGetSessionOption
  • urlmon.dll.CoInternetCreateSecurityManager
  • kernel32.dll.IsWow64Process
  • mlang.dll.#121
  • urlmon.dll.#444
  • urlmon.dll.#445
  • oleaut32.dll.DllGetClassObject
  • oleaut32.dll.DllCanUnloadNow
  • urlmon.dll.CreateIUriBuilder
  • urlmon.dll.IntlPercentEncodeNormalize
  • oleaut32.dll.#9
  • user32.dll.ChangeWindowMessageFilter
  • dwmapi.dll.DwmSetWindowAttribute
  • urlmon.dll.CoInternetCreateZoneManager
  • urlmon.dll.CoInternetIsFeatureEnabledForUrl
  • sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID
  • rpcrt4.dll.RpcStringBindingComposeW
  • rpcrt4.dll.RpcBindingFromStringBindingW
  • rpcrt4.dll.RpcBindingSetAuthInfoExW
  • rpcrt4.dll.NdrClientCall2
  • user32.dll.PostMessageW
  • user32.dll.SendMessageW
  • user32.dll.PeekMessageW
  • rpcrt4.dll.RpcBindingFree
  • cryptsp.dll.SystemFunction035
  • schannel.dll.SpUserModeInitialize
  • advapi32.dll.RegCreateKeyExW
  • imm32.dll.ImmGetContext
  • crypt32.dll.CertDuplicateStore
  • crypt32.dll.CertControlStore
  • crypt32.dll.CertCloseStore
  • secur32.dll.FreeContextBuffer
  • ncrypt.dll.SslOpenProvider
  • ncrypt.dll.GetSChannelInterface
  • bcryptprimitives.dll.GetHashInterface
  • ncrypt.dll.SslIncrementProviderReferenceCount
  • ncrypt.dll.SslImportKey
  • bcryptprimitives.dll.GetCipherInterface
  • ncrypt.dll.SslLookupCipherSuiteInfo
  • crypt32.dll.CertDuplicateCertificateContext
  • wintrust.dll.HTTPSCertificateTrust
  • wintrust.dll.HTTPSFinalProv
  • wintrust.dll.SoftpubInitialize
  • wintrust.dll.SoftpubLoadMessage
  • wintrust.dll.SoftpubLoadSignature
  • wintrust.dll.SoftpubCheckCert
  • wintrust.dll.SoftpubCleanup
  • cryptsp.dll.CryptAcquireContextA
  • crypt32.dll.CertDuplicateCertificateChain
  • crypt32.dll.CertGetCertificateContextProperty
  • cryptsp.dll.CryptReleaseContext
  • crypt32.dll.CertFreeCertificateChain
  • crypt32.dll.CertFreeCertificateContext
  • ncrypt.dll.SslLookupCipherLengths
  • ncrypt.dll.SslEncryptPacket
  • ncrypt.dll.SslDecryptPacket
  • wininet.dll.GetUrlCacheEntryInfoA
  • urlmon.dll.CoInternetQueryInfo
  • wininet.dll.CommitUrlCacheEntryA
  • oleaut32.dll.#7
  • oleaut32.dll.#8
  • ieframe.dll.#302
  • urlmon.dll.RegisterFormatEnumerator
  • urlmon.dll.RevokeBindStatusCallback
  • urlmon.dll.#101
  • oleaut32.dll.#2
  • oleaut32.dll.VariantClear
  • urlmon.dll.CoInternetIsFeatureEnabled
  • msimtf.dll.MsimtfIsWindowFiltered
  • oleacc.dll.LresultFromObject
  • user32.dll.GetGUIThreadInfo
  • user32.dll.GetCursorInfo
  • user32.dll.GetTitleBarInfo
  • user32.dll.GetAncestor
  • user32.dll.RealChildWindowFromPoint
  • user32.dll.RealGetWindowClassW
  • user32.dll.GetAltTabInfoW
  • user32.dll.GetListBoxInfo
  • user32.dll.GetMenuBarInfo
  • user32.dll.SendInput
  • user32.dll.BlockInput
  • user32.dll.LogicalToPhysicalPoint
  • user32.dll.PhysicalToLogicalPoint
  • user32.dll.WindowFromPhysicalPoint
  • user32.dll.GetPhysicalCursorPos
  • kernel32.dll.GetModuleFileNameW
  • kernel32.dll.VirtualAllocEx
  • kernel32.dll.VirtualFreeEx
  • ntdll.dll.NtQueryInformationProcess
  • ntdll.dll.NtAllocateVirtualMemory
  • ntdll.dll.NtFreeVirtualMemory
  • oleacc.dll.ObjectFromLresult
  • urlmon.dll.#335
  • oleaut32.dll.#19
  • oleaut32.dll.#17
  • oleaut32.dll.#20
  • oleaut32.dll.#23
  • oleaut32.dll.#22
  • oleaut32.dll.BSTR_UserSize
  • oleaut32.dll.BSTR_UserMarshal
  • oleaut32.dll.BSTR_UserUnmarshal
  • oleaut32.dll.BSTR_UserFree
  • oleaut32.dll.VARIANT_UserSize
  • oleaut32.dll.VARIANT_UserMarshal
  • oleaut32.dll.VARIANT_UserUnmarshal
  • oleaut32.dll.VARIANT_UserFree
  • oleaut32.dll.LPSAFEARRAY_UserSize
  • oleaut32.dll.LPSAFEARRAY_UserMarshal
  • oleaut32.dll.LPSAFEARRAY_UserUnmarshal
  • oleaut32.dll.LPSAFEARRAY_UserFree
  • ole32.dll.CoGetObjectContext
  • ole32.dll.CoInitialize
  • oleaut32.dll.#147
  • ieframe.dll.#310
  • sechost.dll.OpenSCManagerW
  • sechost.dll.OpenServiceW
  • sechost.dll.QueryServiceStatus
  • sechost.dll.CloseServiceHandle
  • rpcrt4.dll.RpcStringFreeW
  • mmdevapi.dll.#3
  • urlmon.dll.#111
  • dwmapi.dll.DwmInvalidateIconicBitmaps
  • wininet.dll.InternetConfirmZoneCrossingW
  • urlmon.dll.#330
  • oleaut32.dll.#3
  • wininet.dll.CreateUrlCacheEntryA
  • wininet.dll.InternetUnlockRequestFile
  • imgutil.dll.DecodeImage
  • kernel32.dll.GetThreadUILanguage
  • urlmon.dll.#414
  • msimg32.dll.AlphaBlend
  • gdi32.dll.GdiIsMetaPrintDC
  • ncrypt.dll.SslDecrementProviderReferenceCount
  • ncrypt.dll.SslFreeObject
  • advapi32.dll.StartServiceCtrlDispatcherW
  • advapi32.dll.RegisterServiceCtrlHandlerExW
  • advapi32.dll.SetServiceStatus