魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2022-05-28 00:50:55 2022-05-28 00:51:19 24 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp02-1 win7-sp1-x64-shaapp02-1 KVM 2022-05-28 00:50:56 2022-05-28 00:51:21
魔盾分数

10.0

恶意的

文件详细信息

文件名 Win32.Trojan.Mbrlocker.Zvst2.0.exe
文件大小 950272 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 18C8FA20
MD5 5f60f9d3e31346fa84fed1cdd07c1d5a
SHA1 ae46596e78bf9c9a4a51e3e27065380480699fe5
SHA256 d736dd0f952b23741bde52f3335fc6683e455196edaacb8224ace15fa92ac4a8
SHA512 802b433c975a0b1068307195291e0a6a14a129689c8b01f1c94b2c03c313b6925e8ed045d5dcb57a6e544a468540b4b6a3136a7d8e4c0c52ac65bdaa8e52ba7d
Ssdeep 12288:OMQATyjkjvo/urby/QOdmY56OvUGSXVVMi0vYu2jtTxIG3ZuXd:OMQWyjiomrfIZ56Ov5SFV2vYu25TuG3c
PEiD 无匹配
Yara
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • anti_dbg (Detected self protection if being debugged)
  • anti_dbgtools (Checks for the presence of known debug tools)
  • disable_taskmanager (Disable Task Manager)
  • screenshot (Detected take screenshot function)
  • create_process (Detection function for creating a new process)
  • keylogger (Detected keylogger function)
  • win_registry (Detected system registries modification function)
  • change_win_registry (Change registries to affect system)
  • win_files_operation (Affect private profile)
  • win_hook (Detected hook table access function)
  • win_private_profile (Detected private profile access function)
  • Maldun_Anomoly_Combined_Activities_7 (Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files)
  • IsPE32 (Detected a 32bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasRichSignature (Detected Rich Signature)
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • MD5_Constants (Look for MD5 constants)
  • DES_sbox (Look for DES [sbox])
  • with_images (Detected the presence of an or several images)
  • with_urls (Detected the presence of an or several urls)
VirusTotal VirusTotal查询失败

特征

魔盾安全Yara规则检测结果 - 安全告警
Warning: Disable Task Manager
Critical: Spotted potential malicious behaviors from a small size target, like process manipultion, privilege, token and files
可疑的样本异常终止
异常的多次引用终止程序实例
通过进程尝试长时间延迟分析任务
Process: taskkill.exe tried to sleep 480 seconds, actually delayed analysis time by 0 seconds
通过删除注册表键尝试屏蔽SafeBoot
检测到样本尝试模糊或欺骗文件类型

运行截图

无运行截图

网络分析

TCP连接

IP地址 端口
23.215.130.128 80

UDP连接

IP地址 端口
192.168.122.1 53

HTTP请求

URL HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

静态分析

PE 信息

初始地址 0x00400000
入口地址 0x0047c4a3
声明校验值 0x00000000
实际校验值 0x000eb25f
最低操作系统版本要求 4.0
编译时间 2021-02-08 18:55:57
载入哈希 742119d4891fa2ae181c7f394e81fab3

版本信息

LegalCopyright: \u4f5c\u8005\u7248\u6743\u6240\u6709 \u8bf7\u5c0a\u91cd\u5e76\u4f7f\u7528\u6b63\u7248
FileVersion: 1.0.0.0
Comments: \u8f85\u52a9
ProductName: Win32.Trojan.Mbrlocker.Zvst
ProductVersion: 1.0.0.0
FileDescription: \u8f85\u52a9
Translation: 0x0804 0x04b0

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0009b3d6 0x0009c000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.51
.rdata 0x0009d000 0x000296d0 0x0002a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.21
.data 0x000c7000 0x00050a8a 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.37
.rsrc 0x00118000 0x0000793c 0x00008000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.43

导入

库 MSVFW32.dll:
0x49d3b0 - DrawDibDraw
库 AVIFIL32.dll:
0x49d024 - AVIStreamGetFrame
0x49d028 - AVIStreamInfoA
库 WINMM.dll:
0x49d650 - midiStreamClose
0x49d654 - midiStreamRestart
0x49d658 - midiStreamOut
0x49d65c - midiOutPrepareHeader
0x49d660 - midiStreamProperty
0x49d664 - midiStreamOpen
0x49d668 - midiOutUnprepareHeader
0x49d66c - waveOutOpen
0x49d670 - waveOutGetNumDevs
0x49d674 - waveOutClose
0x49d678 - waveOutPause
0x49d67c - waveOutWrite
0x49d680 - waveOutPrepareHeader
0x49d684 - waveOutUnprepareHeader
0x49d688 - PlaySoundA
0x49d68c - midiOutReset
0x49d690 - midiStreamStop
0x49d694 - waveOutReset
库 WS2_32.dll:
0x49d6ac - accept
0x49d6b0 - getpeername
0x49d6b4 - recv
0x49d6b8 - ioctlsocket
0x49d6bc - recvfrom
0x49d6c0 - WSAAsyncSelect
0x49d6c4 - closesocket
0x49d6c8 - WSACleanup
0x49d6cc - inet_ntoa
库 KERNEL32.dll:
0x49d19c - GetTimeZoneInformation
0x49d1a0 - GetVersion
0x49d1a4 - InterlockedIncrement
0x49d1a8 - InterlockedDecrement
0x49d1ac - LocalFree
0x49d1b0 - FileTimeToSystemTime
0x49d1b4 - FileTimeToLocalFileTime
0x49d1b8 - lstrcpynA
0x49d1bc - FlushFileBuffers
0x49d1c0 - LockFile
0x49d1c4 - UnlockFile
0x49d1c8 - SetEndOfFile
0x49d1cc - lstrcmpiA
0x49d1d0 - GlobalDeleteAtom
0x49d1d4 - GlobalFindAtomA
0x49d1d8 - GlobalAddAtomA
0x49d1dc - GlobalGetAtomNameA
0x49d1e0 - lstrcmpA
0x49d1e4 - LocalAlloc
0x49d1e8 - TlsAlloc
0x49d1ec - GlobalHandle
0x49d1f0 - TlsFree
0x49d1f4 - TlsSetValue
0x49d1f8 - LocalReAlloc
0x49d1fc - TlsGetValue
0x49d200 - GetFileTime
0x49d204 - GetCurrentThread
0x49d208 - GlobalFlags
0x49d20c - SetErrorMode
0x49d210 - GetProcessVersion
0x49d214 - GetCPInfo
0x49d218 - GetOEMCP
0x49d21c - GetStartupInfoA
0x49d220 - RtlUnwind
0x49d224 - GetSystemTime
0x49d228 - GetLocalTime
0x49d22c - RaiseException
0x49d230 - HeapSize
0x49d234 - GetACP
0x49d238 - UnhandledExceptionFilter
0x49d23c - FreeEnvironmentStringsA
0x49d240 - FreeEnvironmentStringsW
0x49d244 - GetEnvironmentStrings
0x49d248 - GetEnvironmentStringsW
0x49d24c - SetHandleCount
0x49d250 - GetStdHandle
0x49d254 - GetFileType
0x49d258 - GetEnvironmentVariableA
0x49d25c - HeapDestroy
0x49d260 - HeapCreate
0x49d264 - VirtualFree
0x49d268 - SetEnvironmentVariableA
0x49d26c - LCMapStringA
0x49d270 - LCMapStringW
0x49d274 - VirtualAlloc
0x49d278 - IsBadWritePtr
0x49d27c - SetUnhandledExceptionFilter
0x49d280 - GetStringTypeA
0x49d284 - GetStringTypeW
0x49d288 - CompareStringA
0x49d28c - CompareStringW
0x49d290 - IsBadReadPtr
0x49d294 - IsBadCodePtr
0x49d298 - SetStdHandle
0x49d29c - SetLastError
0x49d2a0 - TerminateProcess
0x49d2a4 - GetCurrentProcess
0x49d2a8 - GetFileSize
0x49d2ac - SetFilePointer
0x49d2b0 - CreateSemaphoreA
0x49d2b4 - ResumeThread
0x49d2b8 - ReleaseSemaphore
0x49d2bc - EnterCriticalSection
0x49d2c0 - LeaveCriticalSection
0x49d2c4 - GetProfileStringA
0x49d2c8 - WriteFile
0x49d2cc - WaitForMultipleObjects
0x49d2d0 - CreateFileA
0x49d2d4 - SetEvent
0x49d2d8 - FindResourceA
0x49d2dc - LoadResource
0x49d2e0 - LockResource
0x49d2e4 - ReadFile
0x49d2e8 - RemoveDirectoryA
0x49d2ec - GetModuleFileNameA
0x49d2f0 - WideCharToMultiByte
0x49d2f4 - MultiByteToWideChar
0x49d2f8 - GetCurrentThreadId
0x49d2fc - ExitProcess
0x49d300 - GlobalSize
0x49d304 - GlobalFree
0x49d308 - DeleteCriticalSection
0x49d30c - InitializeCriticalSection
0x49d310 - lstrcatA
0x49d314 - lstrlenA
0x49d318 - WinExec
0x49d31c - lstrcpyA
0x49d320 - FindNextFileA
0x49d324 - GlobalReAlloc
0x49d328 - HeapFree
0x49d32c - HeapReAlloc
0x49d330 - GetProcessHeap
0x49d334 - HeapAlloc
0x49d338 - GetFullPathNameA
0x49d33c - FreeLibrary
0x49d340 - LoadLibraryA
0x49d344 - GetLastError
0x49d348 - GetVersionExA
0x49d34c - WritePrivateProfileStringA
0x49d350 - CreateThread
0x49d354 - CreateEventA
0x49d358 - Sleep
0x49d35c - GlobalAlloc
0x49d360 - GlobalLock
0x49d364 - GlobalUnlock
0x49d368 - FindFirstFileA
0x49d36c - FindClose
0x49d370 - GetFileAttributesA
0x49d374 - DeleteFileA
0x49d378 - SetCurrentDirectoryA
0x49d37c - GetVolumeInformationA
0x49d380 - GetModuleHandleA
0x49d384 - GetProcAddress
0x49d388 - MulDiv
0x49d38c - SetLocalTime
0x49d390 - GetCommandLineA
0x49d394 - GetTickCount
0x49d398 - CreateProcessA
0x49d39c - WaitForSingleObject
0x49d3a0 - CloseHandle
0x49d3a4 - InterlockedExchange
0x49d3a8 - DuplicateHandle
库 USER32.dll:
0x49d3d4 - LoadStringA
0x49d3d8 - GetSysColorBrush
0x49d3dc - FindWindowExA
0x49d3e0 - GetDlgItem
0x49d3e4 - GetClassNameA
0x49d3e8 - GetDesktopWindow
0x49d3ec - DrawStateA
0x49d3f0 - FrameRect
0x49d3f4 - GetNextDlgTabItem
0x49d3f8 - LoadIconA
0x49d3fc - TranslateMessage
0x49d400 - DrawFrameControl
0x49d404 - DrawEdge
0x49d408 - DrawFocusRect
0x49d40c - WindowFromPoint
0x49d410 - GetMessageA
0x49d414 - DispatchMessageA
0x49d418 - SetRectEmpty
0x49d41c - RegisterClipboardFormatA
0x49d420 - CreateIconFromResourceEx
0x49d424 - CreateIconFromResource
0x49d428 - DrawIconEx
0x49d42c - CreatePopupMenu
0x49d430 - AppendMenuA
0x49d434 - ModifyMenuA
0x49d438 - CreateMenu
0x49d43c - CreateAcceleratorTableA
0x49d440 - GetDlgCtrlID
0x49d444 - GetSubMenu
0x49d448 - EnableMenuItem
0x49d44c - ClientToScreen
0x49d450 - EnumDisplaySettingsA
0x49d454 - LoadImageA
0x49d458 - SystemParametersInfoA
0x49d45c - ShowWindow
0x49d460 - IsWindowEnabled
0x49d464 - TranslateAcceleratorA
0x49d468 - GetKeyState
0x49d46c - CopyAcceleratorTableA
0x49d470 - PostQuitMessage
0x49d474 - IsZoomed
0x49d478 - GetClassInfoA
0x49d47c - DefWindowProcA
0x49d480 - GetSystemMenu
0x49d484 - DeleteMenu
0x49d488 - GetMenu
0x49d48c - SetMenu
0x49d490 - PeekMessageA
0x49d494 - SetFocus
0x49d498 - GetActiveWindow
0x49d49c - GetWindow
0x49d4a0 - DestroyAcceleratorTable
0x49d4a4 - SetWindowRgn
0x49d4a8 - GetMessagePos
0x49d4ac - ScreenToClient
0x49d4b0 - ChildWindowFromPointEx
0x49d4b4 - CopyRect
0x49d4b8 - LoadBitmapA
0x49d4bc - WinHelpA
0x49d4c0 - KillTimer
0x49d4c4 - SetTimer
0x49d4c8 - ReleaseCapture
0x49d4cc - GetCapture
0x49d4d0 - SetCapture
0x49d4d4 - GetScrollRange
0x49d4d8 - SetScrollRange
0x49d4dc - SetScrollPos
0x49d4e0 - SetRect
0x49d4e4 - IntersectRect
0x49d4e8 - DestroyIcon
0x49d4ec - PtInRect
0x49d4f0 - OffsetRect
0x49d4f4 - IsWindowVisible
0x49d4f8 - EnableWindow
0x49d4fc - RedrawWindow
0x49d500 - GetWindowLongA
0x49d504 - SetWindowLongA
0x49d508 - GetSysColor
0x49d50c - SetActiveWindow
0x49d510 - SetCursorPos
0x49d514 - LoadCursorA
0x49d518 - SetCursor
0x49d51c - GetDC
0x49d520 - FillRect
0x49d524 - IsRectEmpty
0x49d528 - ReleaseDC
0x49d52c - IsChild
0x49d530 - DestroyMenu
0x49d534 - SetForegroundWindow
0x49d538 - GetWindowRect
0x49d53c - EqualRect
0x49d540 - UpdateWindow
0x49d544 - ValidateRect
0x49d548 - InvalidateRect
0x49d54c - GetClientRect
0x49d550 - GetFocus
0x49d554 - GetParent
0x49d558 - GetTopWindow
0x49d55c - PostMessageA
0x49d560 - IsWindow
0x49d564 - SetParent
0x49d568 - DestroyCursor
0x49d56c - SendMessageA
0x49d570 - SetWindowPos
0x49d574 - MessageBoxA
0x49d578 - GetCursorPos
0x49d57c - GetSystemMetrics
0x49d580 - EmptyClipboard
0x49d584 - SetClipboardData
0x49d588 - OpenClipboard
0x49d58c - GetClipboardData
0x49d590 - CloseClipboard
0x49d594 - wsprintfA
0x49d598 - WaitForInputIdle
0x49d59c - GetMenuCheckMarkDimensions
0x49d5a0 - GetMenuState
0x49d5a4 - SetMenuItemBitmaps
0x49d5a8 - CheckMenuItem
0x49d5ac - MoveWindow
0x49d5b0 - SetWindowTextA
0x49d5b4 - IsDialogMessageA
0x49d5b8 - ScrollWindowEx
0x49d5bc - SendDlgItemMessageA
0x49d5c0 - MapWindowPoints
0x49d5c4 - AdjustWindowRectEx
0x49d5c8 - GetScrollPos
0x49d5cc - RegisterClassA
0x49d5d0 - GetMenuItemCount
0x49d5d4 - GetMenuItemID
0x49d5d8 - CreateWindowExA
0x49d5dc - SetWindowsHookExA
0x49d5e0 - CallNextHookEx
0x49d5e4 - GetClassLongA
0x49d5e8 - SetPropA
0x49d5ec - UnhookWindowsHookEx
0x49d5f0 - GetPropA
0x49d5f4 - CallWindowProcA
0x49d5f8 - RemovePropA
0x49d5fc - GetMessageTime
0x49d600 - GetLastActivePopup
0x49d604 - GetForegroundWindow
0x49d608 - RegisterWindowMessageA
0x49d60c - GetWindowPlacement
0x49d610 - EndDialog
0x49d614 - CreateDialogIndirectParamA
0x49d618 - DestroyWindow
0x49d61c - GrayStringA
0x49d620 - DrawTextA
0x49d624 - TabbedTextOutA
0x49d628 - EndPaint
0x49d62c - BeginPaint
0x49d630 - GetWindowDC
0x49d634 - CharUpperA
0x49d638 - GetWindowTextLengthA
0x49d63c - IsIconic
0x49d640 - GetWindowTextA
0x49d644 - InflateRect
0x49d648 - UnregisterClassA
库 GDI32.dll:
0x49d040 - RoundRect
0x49d044 - GetCurrentObject
0x49d048 - DPtoLP
0x49d04c - LPtoDP
0x49d050 - Rectangle
0x49d054 - CreateCompatibleDC
0x49d058 - GetPixel
0x49d05c - GetTextExtentPoint32A
0x49d060 - StartPage
0x49d064 - Ellipse
0x49d068 - BitBlt
0x49d06c - StartDocA
0x49d070 - DeleteDC
0x49d074 - EndDoc
0x49d078 - EndPage
0x49d07c - CreateFontIndirectA
0x49d080 - GetStockObject
0x49d084 - CreateSolidBrush
0x49d088 - FillRgn
0x49d08c - CreateRectRgn
0x49d090 - CombineRgn
0x49d094 - PatBlt
0x49d098 - CreatePen
0x49d09c - GetObjectA
0x49d0a0 - SelectObject
0x49d0a4 - CreatePatternBrush
0x49d0a8 - CreateBitmap
0x49d0ac - CreateDCA
0x49d0b0 - CreateCompatibleBitmap
0x49d0b4 - GetPolyFillMode
0x49d0b8 - GetStretchBltMode
0x49d0bc - GetROP2
0x49d0c0 - GetBkColor
0x49d0c4 - GetBkMode
0x49d0c8 - GetTextColor
0x49d0cc - CreateRoundRectRgn
0x49d0d0 - CreateEllipticRgn
0x49d0d4 - PathToRegion
0x49d0d8 - EndPath
0x49d0dc - BeginPath
0x49d0e0 - GetWindowOrgEx
0x49d0e4 - GetViewportOrgEx
0x49d0e8 - GetWindowExtEx
0x49d0ec - GetDIBits
0x49d0f0 - RealizePalette
0x49d0f4 - SelectPalette
0x49d0f8 - StretchBlt
0x49d0fc - CreatePalette
0x49d100 - GetSystemPaletteEntries
0x49d104 - CreateDIBitmap
0x49d108 - DeleteObject
0x49d10c - SelectClipRgn
0x49d110 - CreatePolygonRgn
0x49d114 - GetClipRgn
0x49d118 - SetStretchBltMode
0x49d11c - CreateDIBSection
0x49d120 - CreateRectRgnIndirect
0x49d124 - SetBkColor
0x49d128 - TextOutA
0x49d12c - SetBkMode
0x49d130 - SetTextColor
0x49d134 - SetDIBitsToDevice
0x49d138 - SaveDC
0x49d13c - RestoreDC
0x49d140 - SetPolyFillMode
0x49d144 - SetROP2
0x49d148 - SetMapMode
0x49d14c - SetViewportOrgEx
0x49d150 - OffsetViewportOrgEx
0x49d154 - SetViewportExtEx
0x49d158 - ScaleViewportExtEx
0x49d15c - SetWindowOrgEx
0x49d160 - SetWindowExtEx
0x49d164 - ScaleWindowExtEx
0x49d168 - GetClipBox
0x49d16c - ExcludeClipRect
0x49d170 - MoveToEx
0x49d174 - LineTo
0x49d178 - ExtSelectClipRgn
0x49d17c - GetViewportExtEx
0x49d180 - PtVisible
0x49d184 - RectVisible
0x49d188 - ExtTextOutA
0x49d18c - Escape
0x49d190 - GetTextMetricsA
0x49d194 - GetDeviceCaps
库 WINSPOOL.DRV:
0x49d69c - OpenPrinterA
0x49d6a0 - DocumentPropertiesA
0x49d6a4 - ClosePrinter
库 comdlg32.dll:
0x49d6d4 - ChooseColorA
0x49d6d8 - GetOpenFileNameA
0x49d6dc - GetSaveFileNameA
0x49d6e0 - GetFileTitleA
库 ADVAPI32.dll:
0x49d000 - RegCloseKey
0x49d004 - RegOpenKeyExA
0x49d008 - RegSetValueExA
0x49d00c - RegCreateKeyA
0x49d010 - RegDeleteValueA
0x49d014 - RegDeleteKeyA
0x49d018 - RegQueryValueA
0x49d01c - RegCreateKeyExA
库 SHELL32.dll:
0x49d3c8 - Shell_NotifyIconA
0x49d3cc - ShellExecuteA
库 ole32.dll:
0x49d6e8 - OleInitialize
0x49d6ec - OleUninitialize
0x49d6f0 - CLSIDFromString
库 OLEAUT32.dll:
0x49d3b8 - LoadTypeLib
0x49d3bc - UnRegisterTypeLib
0x49d3c0 - RegisterTypeLib
库 COMCTL32.dll:
0x49d030 - None
0x49d034 - _TrackMouseEvent
0x49d038 - ImageList_Destroy

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令
  • taskkill /f /im 360tray.exe
  • taskkill /f /im kavsvc.exe
  • taskkill /f /im KVXP.kxp
  • taskkill /f /im Rav.exe
  • taskkill /f /im Ravmon.exe
  • taskkill /f /im Mcshield.exe
  • taskkill /f /im VsTskMgr.exe
创建的服务 无信息
启动的服务 无信息

进程

Win32.Trojan.Mbrlocker.Zvst2.0.exe PID: 2436, 上一级进程 PID: 2296

taskkill.exe PID: 2500, 上一级进程 PID: 2436

taskkill.exe PID: 2548, 上一级进程 PID: 2436

taskkill.exe PID: 2576, 上一级进程 PID: 2436

taskkill.exe PID: 2620, 上一级进程 PID: 2436

taskkill.exe PID: 2748, 上一级进程 PID: 2436

taskkill.exe PID: 2844, 上一级进程 PID: 2436

taskkill.exe PID: 2944, 上一级进程 PID: 2436

taskkill.exe PID: 2320, 上一级进程 PID: 2436

访问的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Windows\Fonts\staticcache.dat
  • C:\Windows\*.*
  • C:\Windows\addins\*.*
  • C:\Windows\addins\FXSEXT.ecf
  • C:\Windows\addins
  • C:\Windows\AppCompat\*.*
  • C:\Windows\AppCompat\Programs\*.*
  • C:\Windows\AppCompat\Programs\AEINV_PREVIOUS.xml
  • C:\Windows\AppCompat\Programs\RecentFileCache.bcf
  • C:\Windows\AppCompat\Programs
  • C:\Windows\AppCompat
  • C:\Windows\AppPatch\*.*
  • C:\Windows\AppPatch\AcGenral.dll
  • C:\Windows\AppPatch\AcLayers.dll
  • C:\Windows\AppPatch\AcRes.dll
  • C:\Windows\AppPatch\AcSpecfc.dll
  • C:\Windows\AppPatch\acwow64.dll
  • C:\Windows\AppPatch\AcXtrnal.dll
  • C:\Windows\AppPatch\apihex86.dll
  • C:\Windows\AppPatch\AppPatch64\*.*
  • C:\Windows\AppPatch\AppPatch64\AcGenral.dll
  • C:\Windows\AppPatch\AppPatch64\AcLayers.dll
  • C:\Windows\AppPatch\AppPatch64\acspecfc.dll
  • C:\Windows\AppPatch\AppPatch64\AcXtrnal.dll
  • C:\Windows\AppPatch\AppPatch64\apihex64.dll
  • C:\Windows\AppPatch\AppPatch64\sysmain.sdb
  • C:\Windows\AppPatch\AppPatch64
  • C:\Windows\AppPatch\Custom\*.*
  • C:\Windows\AppPatch\Custom\Custom64\*.*
  • C:\Windows\AppPatch\Custom\Custom64
  • C:\Windows\AppPatch\Custom
  • C:\Windows\AppPatch\drvmain.sdb
  • C:\Windows\AppPatch\en-US\*.*
  • C:\Windows\AppPatch\en-US
  • C:\Windows\AppPatch\msimain.sdb
  • C:\Windows\AppPatch\pcamain.sdb
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\Windows\AppPatch\zh-CN\*.*
  • C:\Windows\AppPatch\zh-CN\AcRes.dll.mui
  • C:\Windows\AppPatch\zh-CN
  • C:\Windows\AppPatch
  • C:\Windows\assembly\*.*
  • C:\Windows\assembly\Desktop.ini
  • C:\Windows\assembly\GAC\*.*
  • C:\Windows\assembly\GAC\ADODB\*.*
  • C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
  • C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\ADODB
  • C:\Windows\assembly\GAC\Extensibility\*.*
  • C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
  • C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\Extensibility
  • C:\Windows\assembly\GAC\Microsoft.Ink\*.*
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35
  • C:\Windows\assembly\GAC\Microsoft.Ink
  • C:\Windows\assembly\GAC\Microsoft.mshtml\*.*
  • C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
  • C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\Microsoft.mshtml
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\*.*
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\Microsoft.StdFormat
  • C:\Windows\assembly\GAC\mscomctl\*.*
  • C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
  • C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC\mscomctl
  • C:\Windows\assembly\GAC\MSDATASRC\*.*
  • C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
  • C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\MSDATASRC
  • C:\Windows\assembly\GAC\stdole\*.*
  • C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
  • C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\stdole
  • C:\Windows\assembly\GAC
  • C:\Windows\assembly\GAC_32\*.*
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\*.*
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop
  • C:\Windows\assembly\GAC_32\BDATunePIA\*.*
  • C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
  • C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\BDATunePIA
  • C:\Windows\assembly\GAC_32\CustomMarshalers\*.*
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\CustomMarshalers
  • C:\Windows\assembly\GAC_32\ehexthost32\*.*
  • C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
  • C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
  • C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\ehexthost32
  • C:\Windows\assembly\GAC_32\ISymWrapper\*.*
  • C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
  • C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\ISymWrapper
  • C:\Windows\assembly\GAC_32\mcstoredb\*.*
  • C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
  • C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\mcstoredb
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_zh-CHS_31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_zh-CHS_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_zh-CHS_31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop
  • C:\Windows\assembly\GAC_32\Microsoft.Ink\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Ink
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine
  • C:\Windows\assembly\GAC_32\MSBuild\*.*
  • C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\*.*
  • C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
  • C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
  • C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\MSBuild
  • C:\Windows\assembly\GAC_32\mscorlib\*.*
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\*.*
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
  • C:\Windows\assembly\GAC_32\mscorlib
  • C:\Windows\assembly\GAC_32\napcrypt\*.*
  • C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
  • C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\napcrypt
  • C:\Windows\assembly\GAC_32\naphlpr\*.*
  • C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
  • C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\naphlpr
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink
  • C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\*.*
  • C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\*.*
  • C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
  • \Device\KsecDD
读取的文件
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Windows\Fonts\staticcache.dat
  • C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
  • \Device\KsecDD
修改的文件 无信息
删除的文件
  • C:\Windows\addins\FXSEXT.ecf
  • C:\Windows\addins
  • C:\Windows\AppCompat\Programs\AEINV_PREVIOUS.xml
  • C:\Windows\AppCompat\Programs\RecentFileCache.bcf
  • C:\Windows\AppCompat\Programs
  • C:\Windows\AppCompat
  • C:\Windows\AppPatch\AcGenral.dll
  • C:\Windows\AppPatch\AcLayers.dll
  • C:\Windows\AppPatch\AcRes.dll
  • C:\Windows\AppPatch\AcSpecfc.dll
  • C:\Windows\AppPatch\acwow64.dll
  • C:\Windows\AppPatch\AcXtrnal.dll
  • C:\Windows\AppPatch\apihex86.dll
  • C:\Windows\AppPatch\AppPatch64\AcGenral.dll
  • C:\Windows\AppPatch\AppPatch64\AcLayers.dll
  • C:\Windows\AppPatch\AppPatch64\acspecfc.dll
  • C:\Windows\AppPatch\AppPatch64\AcXtrnal.dll
  • C:\Windows\AppPatch\AppPatch64\apihex64.dll
  • C:\Windows\AppPatch\AppPatch64\sysmain.sdb
  • C:\Windows\AppPatch\AppPatch64
  • C:\Windows\AppPatch\Custom\Custom64
  • C:\Windows\AppPatch\Custom
  • C:\Windows\AppPatch\drvmain.sdb
  • C:\Windows\AppPatch\en-US
  • C:\Windows\AppPatch\msimain.sdb
  • C:\Windows\AppPatch\pcamain.sdb
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\Windows\AppPatch\zh-CN\AcRes.dll.mui
  • C:\Windows\AppPatch\zh-CN
  • C:\Windows\AppPatch
  • C:\Windows\assembly\Desktop.ini
  • C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
  • C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\ADODB
  • C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
  • C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\Extensibility
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35
  • C:\Windows\assembly\GAC\Microsoft.Ink
  • C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
  • C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\Microsoft.mshtml
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\Microsoft.StdFormat
  • C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
  • C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC\mscomctl
  • C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
  • C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\MSDATASRC
  • C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
  • C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini
  • C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC\stdole
  • C:\Windows\assembly\GAC
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop
  • C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll
  • C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\BDATunePIA
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\CustomMarshalers
  • C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe
  • C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config
  • C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\ehexthost32
  • C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
  • C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\ISymWrapper
  • C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
  • C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\mcstoredb
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_zh-CHS_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_zh-CHS_31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop
  • C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Ink
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c
  • C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c
  • C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine
  • C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe
  • C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config
  • C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a
  • C:\Windows\assembly\GAC_32\MSBuild
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
  • C:\Windows\assembly\GAC_32\mscorlib
  • C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL
  • C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\napcrypt
  • C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL
  • C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\naphlpr
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35
  • C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink
注册表键
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Disableregistrytools
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
  • HKEY_CURRENT_USER\SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp
  • HKEY_CURRENT_USER\SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp\Disabled
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
  • HKEY_LOCAL_MACHINE\SOFTWARE\360Safe\safemon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\ExecAccess
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\MonAccess
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\SiteAccess
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\UDiskAccess
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFavorites
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoPrinting
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Interner Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Interner Settings\Zones\3\1803
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu
  • HKEY_CLASSES_ROOT\.txt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\(Default)
  • HKEY_CLASSES_ROOT\.inf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inf\(Default)
  • HKEY_CLASSES_ROOT\.reg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\(Default)
  • HKEY_CLASSES_ROOT\.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Ndisuio
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRealMode
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PlugPlay
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\(Default)
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_CURRENT_USER\Software\Classes
  • HKEY_CURRENT_USER\Software\Classes\AppID\taskkill.exe
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
  • HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
  • HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
读取的注册表键
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
修改的注册表键
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\Disableregistrytools
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
  • HKEY_CURRENT_USER\SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp
  • HKEY_CURRENT_USER\SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp\Disabled
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind
  • HKEY_LOCAL_MACHINE\SOFTWARE\360Safe\safemon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\ExecAccess
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\MonAccess
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\SiteAccess
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\360Safe\safemon\UDiskAccess
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFavorites
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoPrinting
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Interner Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Interner Settings\Zones\3\1803
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inf\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRealMode
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
删除的注册表键
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\PlugPlay
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\(Default)
API解析
  • kernel32.dll.IsProcessorFeaturePresent
  • cryptbase.dll.SystemFunction036
  • kernel32.dll.SortGetHandle
  • kernel32.dll.SortCloseHandle
  • comctl32.dll.RegisterClassNameW
  • uxtheme.dll.OpenThemeData
  • imm32.dll.ImmIsIME
  • gdi32.dll.GetLayout
  • gdi32.dll.GdiRealizationInfo
  • gdi32.dll.FontIsLinked
  • advapi32.dll.RegOpenKeyExW
  • advapi32.dll.RegQueryInfoKeyW
  • gdi32.dll.GetTextFaceAliasW
  • advapi32.dll.RegEnumValueW
  • advapi32.dll.RegCloseKey
  • advapi32.dll.RegQueryValueExW
  • advapi32.dll.RegQueryValueExA
  • advapi32.dll.RegEnumKeyExW
  • gdi32.dll.GetTextExtentExPointWPri
  • uxtheme.dll.EnableThemeDialogTexture
  • sechost.dll.LookupAccountNameLocalW
  • advapi32.dll.LookupAccountSidW
  • sechost.dll.LookupAccountSidLocalW
  • winsta.dll.WinStationFreeMemory
  • winsta.dll.WinStationCloseServer
  • winsta.dll.WinStationOpenServerW
  • winsta.dll.WinStationFreeGAPMemory
  • winsta.dll.WinStationGetAllProcesses
  • winsta.dll.WinStationEnumerateProcesses
  • kernel32.dll.GetThreadPreferredUILanguages
  • kernel32.dll.SetThreadPreferredUILanguages
  • kernel32.dll.LocaleNameToLCID
  • kernel32.dll.GetLocaleInfoEx
  • kernel32.dll.LCIDToLocaleName
  • kernel32.dll.GetSystemDefaultLocaleName
  • oleaut32.dll.#283
  • oleaut32.dll.#284
  • kernel32.dll.RegOpenKeyExW
  • ntdll.dll.EtwUnregisterTraceGuids
  • oleaut32.dll.#500
  • cryptsp.dll.CryptReleaseContext