魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2019-08-30 11:34:37 | 2019-08-30 11:37:21 | 164 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp01-1 | win7-sp1-x64-hpdapp01-1 | KVM | 2019-08-30 11:35:04 | 2019-08-30 11:37:24 |
| 魔盾分数 |
|---|
9.25恶意的 |
文件详细信息
| 文件名 | virus.exe |
|---|---|
| 文件大小 | 5530624 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| CRC32 | C5E49AC9 |
| MD5 | 2e47cfecc1447bbb0ac1525d91c237fa |
| SHA1 | 009ab623d19b9e716c0d5bb263dee8663c61590d |
| SHA256 | a79321aabc84d9020f2dc34ebf9e1fb60d93a1f83a3f1e22d53ed082c1d99b00 |
| SHA512 | 61e911c16aca1a975666ea04f1a744de9d5eabf17d777d88db0e535b52041f015b33f5aa90dcb290d8f131a174e1604cce1ce0a28ef05ef4ab4a37463cd15c11 |
| Ssdeep | 98304:K1vPpRViGa3g+BN7rlcL7N5xstPG0yRoATcn+1P2ik9r2+yiE70c0:6HpbiGUg+BxrlGx4PWRo2cqP2iqq+yiP |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | 无此文件扫描结果 |
特征
创建RWX内存
通过进程尝试延迟分析任务
Process: virus.exe tried to sleep 60 seconds, actually delayed analysis time by 0 seconds
检测到网络活动但没有显示在API日志中
country_name: United States
ip: 199.168.187.66
inaddrarpa:
hostname: www.soft.enkeladress.com
score: unknown
ip: 199.168.187.66
domain: www.soft.enkeladress.com
发起了一些HTTP请求
url: http://www.soft.enkeladress.com/
url: http://www.soft.enkeladress.com/favicon.ico
二进制文件可能包含加密或压缩数据
section: name: .vmp1, entropy: 7.96, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00543e00, virtual_size: 0x00543d70
从文件自身的二进制镜像中读取数据
self_read: process: virus.exe, pid: 2660, offset: 0x00000000, length: 0x00000040
self_read: process: virus.exe, pid: 2660, offset: 0x00000080, length: 0x00000018
self_read: process: virus.exe, pid: 2660, offset: 0x00000178, length: 0x00000168
self_read: process: virus.exe, pid: 2660, offset: 0x00544200, length: 0x00000018
self_read: process: virus.exe, pid: 2660, offset: 0x00544230, length: 0x00000018
self_read: process: virus.exe, pid: 2660, offset: 0x00544290, length: 0x00000018
self_read: process: virus.exe, pid: 2660, offset: 0x005442f0, length: 0x00000010
self_read: process: virus.exe, pid: 2660, offset: 0x00544330, length: 0x00000010
魔盾安全Yara规则检测结果 - 安全告警
Informational: Detected Entropy signature
Warning: Create a new process
Warning: Run a keylogger
Warning: Affect system registries
Critical: Detects malicious behaviors from a small size app
Informational: Detected no presence of any attachment
Informational: Detected no presence of any image
Informational: Detected no presence of any url
可执行文件可能使用VMProtect打包
section: {'name': '.vmp0', 'characteristics': 'IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ', 'virtual_address': '0x00072000', 'size_of_data': '0x00000000', 'entropy': '0.00', 'virtual_size': '0x00325015', 'characteristics_raw': '0x60000060'}
异常的二进制特征
anomaly: Timestamp on binary predates the release date of the OS version it requires by at least a year
尝试阻止沙箱线程以防止恶意行为被记录
尝试断开连接或更改沙箱进程监控的Windows功能
unhook: function_name: NtProtectVirtualMemory, type: modification
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 199.168.187.66 | United States |
域名解析
| 域名 | 响应 |
|---|---|
| www.soft.enkeladress.com | A 199.168.187.66 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 199.168.187.66 | 80 |
| 199.168.187.66 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://www.soft.enkeladress.com/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.soft.enkeladress.com Connection: Keep-Alive |
| http://www.soft.enkeladress.com/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.soft.enkeladress.com Connection: Keep-Alive Cookie: PHPSESSID=08f803a69252d59da18de27a8d94a071 |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0089341c |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x005545ac |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 1992-06-20 06:22:17 |
| 载入哈希 | 466f8acb62ecab597efddde4b2152b2c |
版本信息
| LegalCopyright: | |
| InternalName: | |
| FileVersion: | 1.0.0.136 |
| CompanyName: | MAX!MEMZ |
| LegalTrademarks: | |
| Comments: | |
| ProductName: | MAX!MEMZ |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | |
| OriginalFilename: | |
| Translation: | 0x0804 0x03a8 |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| CODE | 0x00001000 | 0x00068de8 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| DATA | 0x0006a000 | 0x00001438 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| BSS | 0x0006c000 | 0x00000ca5 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .idata | 0x0006d000 | 0x00002758 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .tls | 0x00070000 | 0x00000010 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rdata | 0x00071000 | 0x00000018 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.00 |
| .vmp0 | 0x00072000 | 0x00325015 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .vmp1 | 0x00398000 | 0x00543d70 | 0x00543e00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.96 |
| .rsrc | 0x008dc000 | 0x0000215c | 0x00002200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 4.11 |
导入
库 kernel32.dll:
• 0x901000 - GetVersion
库 user32.dll:
• 0x901008 - GetKeyboardType
库 advapi32.dll:
• 0x901010 - RegQueryValueExA
库 oleaut32.dll:
• 0x901018 - SysFreeString
库 kernel32.dll:
• 0x901020 - TlsSetValue
库 advapi32.dll:
• 0x901028 - RegSetValueExA
库 kernel32.dll:
• 0x901030 - GetVersionExA
• 0x901034 - GetVersion
库 version.dll:
• 0x90103c - VerQueryValueA
库 gdi32.dll:
• 0x901044 - UnrealizeObject
库 user32.dll:
• 0x90104c - CreateWindowExA
库 kernel32.dll:
• 0x901054 - Sleep
库 oleaut32.dll:
• 0x90105c - SafeArrayPtrOfIndex
库 ole32.dll:
• 0x901064 - CreateStreamOnHGlobal
库 oleaut32.dll:
• 0x90106c - CreateErrorInfo
库 comctl32.dll:
• 0x901074 - ImageList_SetIconSize
库 shell32.dll:
• 0x90107c - ShellExecuteA
库 shell32.dll:
• 0x901084 - SHGetSpecialFolderLocation
库 comdlg32.dll:
• 0x90108c - GetSaveFileNameA
库 wsock32.dll:
• 0x901094 - WSACleanup
库 WTSAPI32.dll:
• 0x90109c - WTSSendMessageW
库 kernel32.dll:
• 0x9010a4 - VirtualQuery
库 user32.dll:
• 0x9010ac - GetUserObjectInformationW
库 kernel32.dll:
• 0x9010b4 - LocalAlloc
• 0x9010b8 - LocalFree
• 0x9010bc - GetModuleFileNameW
• 0x9010c0 - GetProcessAffinityMask
• 0x9010c4 - SetProcessAffinityMask
• 0x9010c8 - SetThreadAffinityMask
• 0x9010cc - Sleep
• 0x9010d0 - ExitProcess
• 0x9010d4 - FreeLibrary
• 0x9010d8 - LoadLibraryA
• 0x9010dc - GetModuleHandleA
• 0x9010e0 - GetProcAddress
库 user32.dll:
• 0x9010e8 - GetProcessWindowStation
• 0x9010ec - GetUserObjectInformationW
投放文件
行为分析
互斥量(Mutexes)
- Local\MSCTF.Asm.MutexDefault1
- Local\!IETld!Mutex
执行的命令
- http://www.soft.enkeladress.com/
- http://www.soft.enkeladress.com
创建的服务
无信息
启动的服务
无信息
进程
virus.exe PID: 2660, 上一级进程 PID: 2300
访问的文件
- C:\Users\test\AppData\Local\Temp\virus.exe
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- C:\Users\test\AppData\Local\Temp\virus.CHS
- C:\Users\test\AppData\Local\Temp\virus.CHS.DLL
- C:\Users\test\AppData\Local\Temp\virus.CH
- C:\Users\test\AppData\Local\Temp\virus.CH.DLL
- C:\Windows\Globalization\Sorting\sortdefault.nls
- \Device\KsecDD
- C:\Windows\Fonts\staticcache.dat
- C:\Users\test\AppData\Local\Temp\script.vbs
- C:\Users\test\AppData\Local\Temp\virus.tmp
- C:\Windows\SysWOW64\ieframe.dll
读取的文件
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Users\test\AppData\Local\Temp\virus.exe
- \Device\KsecDD
- C:\Windows\Fonts\staticcache.dat
- C:\Users\test\AppData\Local\Temp\virus.tmp
- C:\Windows\SysWOW64\ieframe.dll
修改的文件
- C:\Users\test\AppData\Local\Temp\virus.tmp
删除的文件
- C:\Users\test\AppData\Local\Temp\script.vbs
注册表键
- HKEY_CURRENT_USER\Software\Borland\Locales
- HKEY_CURRENT_USER\Software\Borland\Locales\C:\Users\test\AppData\Local\Temp\virus.exe
- HKEY_CURRENT_USER\Software\Borland\Locales\(Default)
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08040804
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\E0200804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\layout text
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\E0210804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0210804\layout text
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409
- HKEY_CURRENT_USER\Software\Classes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
- HKEY_CURRENT_USER\Software\Classes\TypeLib
- HKEY_CURRENT_USER\Software\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\FLAGS
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\FLAGS\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0\win32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0\win32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\HELPDIR
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\HELPDIR\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version
- HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veApi
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApi\(Default)
- HKEY_CLASSES_ROOT\runapp.veApi\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApi\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\TypeLib\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veMisc
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veMisc\(Default)
- HKEY_CLASSES_ROOT\runapp.veMisc\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veMisc\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\TypeLib\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veApp
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApp\(Default)
- HKEY_CLASSES_ROOT\runapp.veApp\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApp\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\TypeLib\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veFile\(Default)
- HKEY_CLASSES_ROOT\runapp.veFile\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veFile\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
- HKEY_CURRENT_USER\Software\Classes\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\InprocHandler
- HKEY_CURRENT_USER\Software\Classes\AppID\virus.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\37CA141D
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
- HKEY_CURRENT_USER\Software\Classes\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\InprocHandler
- HKEY_CURRENT_USER\Software\Classes\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\InprocHandler
- HKEY_CURRENT_USER\Software\Classes\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\InprocHandler
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\virus.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0804\00000804
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\virus.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
- HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- HKEY_CLASSES_ROOT\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
- HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
- HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
- HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ieframe.dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\virus.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\http\OpenWithProgids
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\Progid
- HKEY_CLASSES_ROOT\IE.HTTP
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\CurVer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\NoStaticDefaultVerb
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\open
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\open\NeverDefault
读取的注册表键
- HKEY_CURRENT_USER\Software\Borland\Locales\C:\Users\test\AppData\Local\Temp\virus.exe
- HKEY_CURRENT_USER\Software\Borland\Locales\(Default)
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0200804\layout text
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\E0210804\layout text
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\FLAGS\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0\win32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\HELPDIR\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\ProgID\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\37CA141D
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\ProgID\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\ProgID\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ProgID\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\(Default)
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{04731B67-D933-450a-90E6-4ACD2E9408FE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{11016101-E366-4D22-BC06-4ADA335C892B}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{26EE0668-A00A-44D7-9371-BEB064C98683}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{89D83576-6BD1-4c86-9454-BEB04E94C819}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{9343812e-1c37-4a49-a12e-4b2d810d956b}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B0FBD52D-C4A7-4a19-985D-11309D1AC8AE}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{daf95313-e44d-46af-be1b-cbacea2c3065}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{e345f35f-9397-435c-8f95-4e922c26259e}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\SuppressionPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{208D2C60-3AEA-1069-A2D7-08002B30309D}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\virus.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\NoStaticDefaultVerb
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\open\NeverDefault
修改的注册表键
- HKEY_CURRENT_USER\Software\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\FLAGS
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\FLAGS\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0\win32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\0\win32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\HELPDIR
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{777A3083-06F7-4AD3-940E-82D5BAA2C5DA}\1.0\HELPDIR\(Default)
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2BD2E3C-E05F-49D8-A0AC-A7DB58DED9B8}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D7DA33DE-2392-4663-A99D-D4F13F7C7839}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{68C01328-523A-48CE-A249-A5D057309121}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version
- HKEY_CURRENT_USER\Software\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE9E3A8C-FA3E-487D-81A8-DC26C1D113B9}\TypeLib\Version
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veApi
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApi\(Default)
- HKEY_CLASSES_ROOT\runapp.veApi\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApi\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EBF9144-C525-42FF-B499-C496C909FD83}\TypeLib\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veMisc
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veMisc\(Default)
- HKEY_CLASSES_ROOT\runapp.veMisc\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veMisc\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80CFBE22-7CED-4A89-B601-AAD10F00C88A}\TypeLib\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veApp
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApp\(Default)
- HKEY_CLASSES_ROOT\runapp.veApp\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veApp\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A52FC39D-429C-4371-AFE7-07122D128B94}\TypeLib\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\LocalServer32\(Default)
- HKEY_CLASSES_ROOT\runapp.veFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veFile\(Default)
- HKEY_CLASSES_ROOT\runapp.veFile\Clsid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\runapp.veFile\Clsid\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ProgID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\ProgID\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\Version
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\Version\(Default)
- HKEY_CLASSES_ROOT\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\TypeLib
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{125F2A7A-A23A-46AD-BE0B-50B1C7CE2CC7}\TypeLib\(Default)
删除的注册表键
无信息
API解析
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.FlsFree
- kernel32.dll.GetLongPathNameA
- kernel32.dll.GetDiskFreeSpaceExA
- oleaut32.dll.VariantChangeTypeEx
- oleaut32.dll.VarNeg
- oleaut32.dll.VarNot
- oleaut32.dll.VarAdd
- oleaut32.dll.VarSub
- oleaut32.dll.VarMul
- oleaut32.dll.VarDiv
- oleaut32.dll.VarIdiv
- oleaut32.dll.VarMod
- oleaut32.dll.VarAnd
- oleaut32.dll.VarOr
- oleaut32.dll.VarXor
- oleaut32.dll.VarCmp
- oleaut32.dll.VarI4FromStr
- oleaut32.dll.VarR4FromStr
- oleaut32.dll.VarR8FromStr
- oleaut32.dll.VarDateFromStr
- oleaut32.dll.VarCyFromStr
- oleaut32.dll.VarBoolFromStr
- oleaut32.dll.VarBstrFromCy
- oleaut32.dll.VarBstrFromDate
- oleaut32.dll.VarBstrFromBool
- user32.dll.WINNLSEnableIME
- imm32.dll.ImmGetContext
- imm32.dll.ImmReleaseContext
- imm32.dll.ImmGetConversionStatus
- imm32.dll.ImmSetConversionStatus
- imm32.dll.ImmSetOpenStatus
- imm32.dll.ImmSetCompositionWindow
- imm32.dll.ImmSetCompositionFontA
- imm32.dll.ImmGetCompositionStringA
- imm32.dll.ImmIsIME
- imm32.dll.ImmNotifyIME
- user32.dll.GetMonitorInfoA
- user32.dll.GetSystemMetrics
- user32.dll.EnumDisplayMonitors
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- user32.dll.AnimateWindow
- comctl32.dll.InitializeFlatSB
- comctl32.dll.UninitializeFlatSB
- comctl32.dll.FlatSB_GetScrollProp
- comctl32.dll.FlatSB_SetScrollProp
- comctl32.dll.FlatSB_EnableScrollBar
- comctl32.dll.FlatSB_ShowScrollBar
- comctl32.dll.FlatSB_GetScrollRange
- comctl32.dll.FlatSB_GetScrollInfo
- comctl32.dll.FlatSB_GetScrollPos
- comctl32.dll.FlatSB_SetScrollPos
- comctl32.dll.FlatSB_SetScrollInfo
- comctl32.dll.FlatSB_SetScrollRange
- user32.dll.SetLayeredWindowAttributes
- ole32.dll.CoCreateInstanceEx
- ole32.dll.CoInitializeEx
- ole32.dll.CoAddRefServerProcess
- ole32.dll.CoReleaseServerProcess
- ole32.dll.CoResumeClassObjects
- ole32.dll.CoSuspendClassObjects
- olepro32.dll.OleCreatePropertyFrame
- olepro32.dll.OleCreateFontIndirect
- olepro32.dll.OleCreatePictureIndirect
- olepro32.dll.OleLoadPicture
- sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
- cryptbase.dll.SystemFunction036
- ole32.dll.CLSIDFromOle1Class
- clbcatq.dll.GetCatalogObject
- clbcatq.dll.GetCatalogObject2
- sechost.dll.LookupAccountNameLocalW
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptGenRandom
- ole32.dll.NdrOleInitializeExtension
- ole32.dll.CoGetClassObject
- ole32.dll.CoGetMarshalSizeMax
- ole32.dll.CoMarshalInterface
- ole32.dll.CoUnmarshalInterface
- ole32.dll.StringFromIID
- ole32.dll.CoGetPSClsid
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CoTaskMemFree
- ole32.dll.CoCreateInstance
- ole32.dll.CoReleaseMarshalData
- ole32.dll.DcomChannelSetHResult
- rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
- uxtheme.dll.OpenThemeData
- uxtheme.dll.CloseThemeData
- uxtheme.dll.DrawThemeBackground
- uxtheme.dll.DrawThemeText
- uxtheme.dll.GetThemeBackgroundContentRect
- uxtheme.dll.GetThemePartSize
- uxtheme.dll.GetThemeTextExtent
- uxtheme.dll.GetThemeTextMetrics
- uxtheme.dll.GetThemeBackgroundRegion
- uxtheme.dll.HitTestThemeBackground
- uxtheme.dll.DrawThemeEdge
- uxtheme.dll.DrawThemeIcon
- uxtheme.dll.IsThemePartDefined
- uxtheme.dll.IsThemeBackgroundPartiallyTransparent
- uxtheme.dll.GetThemeColor
- uxtheme.dll.GetThemeMetric
- uxtheme.dll.GetThemeString
- uxtheme.dll.GetThemeBool
- uxtheme.dll.GetThemeInt
- uxtheme.dll.GetThemeEnumValue
- uxtheme.dll.GetThemePosition
- uxtheme.dll.GetThemeFont
- uxtheme.dll.GetThemeRect
- uxtheme.dll.GetThemeMargins
- uxtheme.dll.GetThemeIntList
- uxtheme.dll.GetThemePropertyOrigin
- uxtheme.dll.SetWindowTheme
- uxtheme.dll.GetThemeFilename
- uxtheme.dll.GetThemeSysColor
- uxtheme.dll.GetThemeSysColorBrush
- uxtheme.dll.GetThemeSysBool
- uxtheme.dll.GetThemeSysSize
- uxtheme.dll.GetThemeSysFont
- uxtheme.dll.GetThemeSysString
- uxtheme.dll.GetThemeSysInt
- uxtheme.dll.IsThemeActive
- uxtheme.dll.IsAppThemed
- uxtheme.dll.GetWindowTheme
- uxtheme.dll.EnableThemeDialogTexture
- uxtheme.dll.IsThemeDialogTextureEnabled
- uxtheme.dll.GetThemeAppProperties
- uxtheme.dll.SetThemeAppProperties
- uxtheme.dll.GetCurrentThemeName
- uxtheme.dll.GetThemeDocumentationProperty
- uxtheme.dll.DrawThemeParentBackground
- uxtheme.dll.EnableTheming
- gdi32.dll.GetLayout
- gdi32.dll.GdiRealizationInfo
- gdi32.dll.FontIsLinked
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryInfoKeyW
- gdi32.dll.GetTextFaceAliasW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegCloseKey
- advapi32.dll.RegQueryValueExW
- advapi32.dll.RegQueryValueExA
- advapi32.dll.RegEnumKeyExW
- gdi32.dll.GetTextExtentExPointWPri
- gdi32.dll.GetFontAssocStatus
- ole32.dll.CoUninitialize
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- oleaut32.dll.SysAllocString
- oleaut32.dll.SysStringLen
- oleaut32.dll.SysFreeString
- user32.dll.MonitorFromWindow
- ole32.dll.OleInitialize
- ole32.dll.CreateBindCtx
- propsys.dll.PSCreateMemoryPropertyStore
- propsys.dll.PSPropertyBag_WriteDWORD
- ole32.dll.CoGetApartmentType
- comctl32.dll.#236
- oleaut32.dll.#6
- ole32.dll.CoGetMalloc
- propsys.dll.PSPropertyBag_ReadDWORD
- propsys.dll.PSPropertyBag_ReadGUID
- comctl32.dll.#320
- comctl32.dll.#324
- comctl32.dll.#323
- advapi32.dll.RegEnumKeyW
- advapi32.dll.OpenThreadToken
- ole32.dll.StringFromGUID2
- apphelp.dll.ApphelpCheckShellObject
- urlmon.dll.CreateUri
- kernel32.dll.InitializeSRWLock
- kernel32.dll.AcquireSRWLockExclusive
- kernel32.dll.AcquireSRWLockShared
- kernel32.dll.ReleaseSRWLockExclusive
- kernel32.dll.ReleaseSRWLockShared
- advapi32.dll.AddMandatoryAce
- ntmarta.dll.GetMartaExtensionInterface
- version.dll.GetFileVersionInfoSizeW
- version.dll.GetFileVersionInfoW
- version.dll.VerQueryValueW
- urlmon.dll.#397
- urlmon.dll.#441
- urlmon.dll.#395
- ole32.dll.OleUninitialize
- comctl32.dll.#388
- oleaut32.dll.#500