魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2024-04-25 14:39:15 2024-04-25 14:41:26 131 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp03-1 win7-sp1-x64-shaapp03-1 KVM 2024-04-25 14:39:15 2024-04-25 14:41:28
魔盾分数

10.0

恶意的

文件详细信息

文件名 setup查看6029 (1).exe
文件大小 50528 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
CRC32 B5AE8943
MD5 a922cafbf77c19ebdadec1d8dc83306e
SHA1 0ce902c114e897a5b1deec5d6426e8828d284638
SHA256 d5c297c7df8ada2ad246b947919609b3a67f2236ce3b625e7336aea6ffae0234
SHA512 f0681c8f13e62f677748dcfee39975c81d524d493c646866505dec8714e46ecbe02459047b23e4dc776880a30cb78efe8a318341605de14d4f91934d7a7ade74
Ssdeep 768:m3OaHhxTKQ4HzEurz2lIX3NH3OWyHN9ZuPwkDwXfY1uEFCeFzl6Y:m33hxT6fFHA/N9ZuefcFCSzQY
PEiD 无匹配
Yara
  • with_urls (Detected the presence of an or several urls)
  • IsPE64 (Detected a 64bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasOverlay (Detected Overlay signature)
  • HasDigitalSignature (Detected Digital Signature)
  • HasRichSignature (Detected Rich Signature)
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • anti_dbg (Detected self protection if being debugged)
  • win_files_operation (Affect private profile)
VirusTotal VirusTotal查询失败

特征

创建RWX内存
域名信誉系统
Greylist: 6029.anonymousrat8.com
IP地址信誉系统
Greylist: 206.238.114.20
Greylist: 8.134.163.184
专有的Yara检测结果 - 普通
发起了一些HTTP请求
URL: http://8.134.163.184/123.conf
收集系统安装程序信息
生成可疑网络流量,可能被用来进行恶意活动
signature: SURICATA Applayer Protocol detection skipped
网络活动包含了一个以上的不重复的用户代理
Process: setup______6029 _1_.exe
User-Agent: TIME
对一个无法找到的进程进行重复搜索,可能希望以startbrowser=1选项运行
通过进程尝试长时间延迟分析任务
Process: explorer.exe tried to sleep 412 seconds, actually delayed analysis time by 0 seconds
创建一个隐藏文件或系统文件
file: C:\Users\Public\Documents\kqzvlkie\1703681955.exe
file: C:\Users\Public\Documents\kqzvlkie\UnityPlayer.dll
file: C:\Users\Public\Documents\kqzvlkie\1703681955.lnk
HTTP数据流中包含可疑的恶意软件数据
ip_hostname: HTTP connection was made to an IP address rather than domain name
suspicious_request: http://8.134.163.184/123.conf
建立TCP连接到一个外部IP地址的非标准端口
Connection: 206.238.114.20:6666
可疑的样本异常终止
在一个远程进程中注入代码(CreateRemoteThread)
将自己装载到Windows开机自动启动项目
key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xe5\xbe\xae\xe8\xbd\xafOneDrive
data: C:\Users\Public\Documents\kqzvlkie\1703681955.lnk
创建或设置一个超长字节的注册表键,可能被用来存储二进制或恶意软件配置文件
regkeyval: HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd\0
regkeyval: HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd\1
regkeyval: HKEY_CURRENT_USER\1BBBC4BA\1
对一些具体的运行中的进程呈现出兴趣
process: explorer.exe
尝试与一个交换数据流Alternate Data Stream (ADS)交互
file: \??\USB#VID_0409&PID_55AA#314159-0000:00:01.2-2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}

运行截图

网络分析

访问主机记录

直接访问 IP地址 国家名
206.238.114.20 United States
8.134.163.184 United States

域名解析

域名 响应
6029.anonymousrat8.com A 206.238.114.20

TCP连接

IP地址 端口
206.238.114.20 6666
206.238.114.20 6666
206.238.114.20 6666
23.15.196.139 80
8.134.163.184 80

UDP连接

IP地址 端口
192.168.122.1 53
192.168.122.1 53
192.168.122.1 53

HTTP请求

URL HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
http://8.134.163.184/123.conf 
GET /123.conf HTTP/1.1
User-Agent: TIME
Host: 8.134.163.184

静态分析

PE 信息

初始地址 0x140000000
入口地址 0x1400017c4
声明校验值 0x00000000
实际校验值 0x00010eae
最低操作系统版本要求 5.2
编译时间 2024-04-25 13:41:53
载入哈希 5c1e1a097c044357c4eefded92c1ce68

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000057a2 0x00005800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.21
.rdata 0x00007000 0x0000341c 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.48
.data 0x0000b000 0x00002340 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.26
.pdata 0x0000e000 0x000005b8 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.15
.reloc 0x0000f000 0x000003b0 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3.69

覆盖

偏移量: 0x0000ac00
大小: 0x00001960

导入

库 KERNEL32.dll:
0x140007000 - GetCurrentThread
0x140007008 - LoadLibraryW
0x140007010 - GetProcAddress
0x140007018 - QueueUserAPC
0x140007020 - GetModuleHandleA
0x140007028 - VirtualProtect
0x140007030 - GetCommandLineW
0x140007038 - GetStartupInfoW
0x140007040 - GetLastError
0x140007048 - HeapFree
0x140007050 - EncodePointer
0x140007058 - DecodePointer
0x140007060 - HeapAlloc
0x140007068 - RaiseException
0x140007070 - RtlPcToFileHeader
0x140007078 - SetUnhandledExceptionFilter
0x140007080 - GetModuleHandleW
0x140007088 - ExitProcess
0x140007090 - WriteFile
0x140007098 - GetStdHandle
0x1400070a0 - GetModuleFileNameW
0x1400070a8 - RtlUnwindEx
0x1400070b0 - FreeEnvironmentStringsW
0x1400070b8 - GetEnvironmentStringsW
0x1400070c0 - SetHandleCount
0x1400070c8 - InitializeCriticalSectionAndSpinCount
0x1400070d0 - GetFileType
0x1400070d8 - DeleteCriticalSection
0x1400070e0 - FlsGetValue
0x1400070e8 - FlsSetValue
0x1400070f0 - FlsFree
0x1400070f8 - SetLastError
0x140007100 - GetCurrentThreadId
0x140007108 - FlsAlloc
0x140007110 - HeapSetInformation
0x140007118 - GetVersion
0x140007120 - HeapCreate
0x140007128 - QueryPerformanceCounter
0x140007130 - GetTickCount
0x140007138 - GetCurrentProcessId
0x140007140 - GetSystemTimeAsFileTime
0x140007148 - Sleep
0x140007150 - HeapSize
0x140007158 - LeaveCriticalSection
0x140007160 - EnterCriticalSection
0x140007168 - UnhandledExceptionFilter
0x140007170 - IsDebuggerPresent
0x140007178 - RtlVirtualUnwind
0x140007180 - RtlLookupFunctionEntry
0x140007188 - RtlCaptureContext
0x140007190 - TerminateProcess
0x140007198 - GetCurrentProcess
0x1400071a0 - GetCPInfo
0x1400071a8 - GetACP
0x1400071b0 - GetOEMCP
0x1400071b8 - IsValidCodePage
0x1400071c0 - HeapReAlloc
0x1400071c8 - WideCharToMultiByte
0x1400071d0 - LCMapStringW
0x1400071d8 - MultiByteToWideChar
0x1400071e0 - GetStringTypeW
库 USER32.dll:
0x1400071f0 - MessageBoxW

投放文件

无信息

行为分析

互斥量(Mutexes)
  • Global\KeyLog1BBBC4BA
  • Global\ScreenShot1BBBC4BA
  • Global\Usb1BBBC4BA
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

setup______6029 _1_.exe PID: 2620, 上一级进程 PID: 2256

explorer.exe PID: 1360, 上一级进程 PID: 1328

访问的文件
  • \Device\KsecDD
  • C:\Users\Public\Downloads\QQgames.exe
  • C:\Users\Public\Documents\kqzvlkie
  • C:\Users\Public\Documents\kqzvlkie\1703681955.exe
  • \??\MountPointManager
  • C:\Users\Public\Documents\kqzvlkie\UnityPlayer.dll
  • C:\Users\Public\Documents\kqzvlkie\1703681955.lnk
  • C:\Windows\sysnative\tzres.dll
  • \??\HCD0
  • \??\USB#ROOT_HUB#4&192d568&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
  • C:\ProgramData\1BBBC4BA\
  • C:\ProgramData\1BBBC4BA\\xe5\xbe\xae\xe4\xbf\xa1\
  • C:\ProgramData\1BBBC4BA\\xe5\xbe\xae\xe4\xbf\xa1\20231227
  • C:\ProgramData\1BBBC4BA\\xe5\xbe\xae\xe4\xbf\xa1\*.*
  • C:\ProgramData\1BBBC4BA\\xe9\x93\xb6\xe8\xa1\x8c\
  • C:\ProgramData\1BBBC4BA\\xe9\x93\xb6\xe8\xa1\x8c\20231227
  • C:\ProgramData\1BBBC4BA\\xe9\x93\xb6\xe8\xa1\x8c\*.*
  • \??\USB#VID_0409&PID_55AA#314159-0000:00:01.2-2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
  • \??\HCD1
  • C:\Users\test\AppData\Local\Microsoft\Windows\WER\ERC
  • C:\Users\test\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lock
  • C:\Users\test\AppData\Local\Microsoft\Windows\WER\ERC\responsestatecache.xml
  • C:\Users\test\AppData\Local\Microsoft\Windows\WER\ReportArchive
  • C:\ProgramData\Microsoft\Windows\WER\ReportArchive
  • C:\Users\test\AppData\Local\Microsoft\Windows\WER\ERC\queuepester.txt
  • C:\Windows\sysnative\zh-CN\Actioncenter.dll.mui
  • C:\Windows\sysnative\Actioncenter.dll.3.Manifest
读取的文件
  • \Device\KsecDD
  • C:\Users\Public\Downloads\QQgames.exe
  • C:\Windows\sysnative\tzres.dll
  • C:\Users\test\AppData\Local\Microsoft\Windows\WER\ReportArchive
  • C:\ProgramData\Microsoft\Windows\WER\ReportArchive
  • C:\Users\test\AppData\Local\Microsoft\Windows\WER\ERC
  • C:\Windows\sysnative\zh-CN\Actioncenter.dll.mui
  • C:\Windows\sysnative\Actioncenter.dll.3.Manifest
修改的文件
  • C:\Users\Public\Downloads\QQgames.exe
  • C:\Users\Public\Documents\kqzvlkie\1703681955.exe
  • \??\HCD0
  • \??\USB#ROOT_HUB#4&192d568&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
  • \??\USB#VID_0409&PID_55AA#314159-0000:00:01.2-2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}
  • \??\HCD1
删除的文件 无信息
注册表键
  • HKEY_CURRENT_USER\Console
  • HKEY_CURRENT_USER\Console\qweasd321zxc
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xe5\xbe\xae\xe8\xbd\xafOneDrive
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_CURRENT_USER\1BBBC4BA
  • HKEY_CURRENT_USER\1BBBC4BA\1BBBC4BA
  • HKEY_CURRENT_USER\1BBBC4BA\1
  • HKEY_CURRENT_USER\1BBBC4BA\info
  • HKEY_CURRENT_USER\1BBBC4BA\TIME
  • HKEY_CURRENT_USER\1BBBC4BA\PLUG\1
  • HKEY_CURRENT_USER\1BBBC4BA\KEYLOG
  • HKEY_CURRENT_USER\1BBBC4BA\GROUP
  • HKEY_CURRENT_USER\1BBBC4BA\REMARK
  • HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum 64-bit\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
  • HKEY_CLASSES_ROOT\CLSID
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance
  • HKEY_CLASSES_ROOT\DirectShow\MediaObjects
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DirectShow\MediaObjects\Categories\860bb310-5d01-11d0-bd3b-00a0c911ce86
  • HKEY_CURRENT_USER\Software\Classes
  • HKEY_CURRENT_USER\Software\Classes\AppID\Explorer.EXE
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
  • HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
  • HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
  • HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\1BBBC4BA\HWID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security control_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security control_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security plugin_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security plugin_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 10.0.9 (x86 zh-CN)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 10.0.9 (x86 zh-CN)\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1b103cea-f037-4504-81de-956057b442c3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1b103cea-f037-4504-81de-956057b442c3}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0804-0000-0000000FF1CE}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9bd48a22-fe5a-457c-8f10-da6c2be89eee}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9bd48a22-fe5a-457c-8f10-da6c2be89eee}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2052-7B44-AB0000000001}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2052-7B44-AB0000000001}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2530-0000-A00000000049}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2530-0000-A00000000049}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D93BD08F-2C69-4FD6-8538-09B6597ADA8C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D93BD08F-2C69-4FD6-8538-09B6597ADA8C}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\DisplayName
  • HKEY_CURRENT_USER\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
  • HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd
  • HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd\0
  • HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\CBJRECAG.RKR
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\COM\{9DAC2C1E-7C5C-40EB-833B-323E85A1CE84}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\VistaSp1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AutoUpdateDisableNotify
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\InternetSettingsDisableNotify
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\COM\{CA236752-2E77-4386-B63B-0E34774A413D}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ERC
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LastQueuePesterTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\COM\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\COM\{6AE07DC1-0244-4C6F-9AB0-5017A56357C3}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
  • HKEY_CURRENT_USER\Software\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018}\LastKnownState
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}.check.100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}.check.100\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}.check.100
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}.check.100\CheckSetting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Action Center
读取的注册表键
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a3-1bd9-11e5-9838-806e6f6e6963}\Generation
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{372941a4-1bd9-11e5-9838-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xe5\xbe\xae\xe8\xbd\xafOneDrive
  • HKEY_CURRENT_USER\Console\qweasd321zxc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_CURRENT_USER\1BBBC4BA\info
  • HKEY_CURRENT_USER\1BBBC4BA\TIME
  • HKEY_CURRENT_USER\1BBBC4BA\KEYLOG
  • HKEY_CURRENT_USER\1BBBC4BA\GROUP
  • HKEY_CURRENT_USER\1BBBC4BA\REMARK
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\1BBBC4BA\HWID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security control_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alipay security plugin_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 10.0.9 (x86 zh-CN)\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinAce Archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1b103cea-f037-4504-81de-956057b442c3}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0028-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0804-0000-0000000FF1CE}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9bd48a22-fe5a-457c-8f10-da6c2be89eee}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2052-7B44-AB0000000001}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-2530-0000-A00000000049}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D93BD08F-2C69-4FD6-8538-09B6597ADA8C}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\CBJRECAG.RKR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\VistaSp1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AutoUpdateDisableNotify
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\InternetSettingsDisableNotify
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104\CheckSetting
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LastQueuePesterTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0\CheckSetting
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{01979c6a-42fa-414c-b8aa-eee2c8202018}\LastKnownState
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{945a8954-c147-4acd-923f-40c45405a658}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{DAB69A6A-4D2A-4D44-94BF-E0091898C881}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Providers\EventLog\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}\LastKnownState
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{A5268B8E-7DB5-465b-BAB7-BDCDA39A394A}.check.100\CheckSetting
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
修改的注册表键
  • HKEY_CURRENT_USER\Console\qweasd321zxc
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xe5\xbe\xae\xe8\xbd\xafOneDrive
  • HKEY_CURRENT_USER\1BBBC4BA
  • HKEY_CURRENT_USER\1BBBC4BA\1
  • HKEY_CURRENT_USER\1BBBC4BA\TIME
  • HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd
  • HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd\0
  • HKEY_CURRENT_USER\1BBBC4BA\PLUG\1\cd725ad47b6b213ab83457db8f6396fd\1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\Zvpebfbsg Bssvpr\Bssvpr14\CBJRECAG.RKR
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.100\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{852FB1F8-5CC6-4567-9C0E-7C330F8807C2}.check.101\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0\CheckSetting
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\CheckSetting
删除的注册表键
  • HKEY_CURRENT_USER\1BBBC4BA\1BBBC4BA
  • HKEY_CURRENT_USER\1BBBC4BA\TIME
  • HKEY_CURRENT_USER\1BBBC4BA\HWID
API解析
  • wininet.dll.InternetOpenW
  • wininet.dll.InternetOpenUrlW
  • wininet.dll.InternetReadFile
  • wininet.dll.InternetCloseHandle
  • rasapi32.dll.RasConnectionNotificationW
  • sechost.dll.NotifyServiceStatusChangeA
  • cryptbase.dll.SystemFunction036
  • ntdll.dll.NtTestAlert
  • kernel32.dll.LoadLibraryA
  • kernel32.dll.VirtualAlloc
  • kernel32.dll.SetFileAttributesW
  • kernel32.dll.CreateToolhelp32Snapshot
  • kernel32.dll.Sleep
  • kernel32.dll.GetLastError
  • kernel32.dll.Process32NextW
  • kernel32.dll.Process32FirstW
  • kernel32.dll.CloseHandle
  • kernel32.dll.OpenProcess
  • kernel32.dll.VirtualAllocEx
  • kernel32.dll.GetModuleHandleW
  • kernel32.dll.CopyFileW
  • kernel32.dll.CreateRemoteThread
  • kernel32.dll.WriteConsoleW
  • kernel32.dll.HeapSize
  • kernel32.dll.SetStdHandle
  • kernel32.dll.GlobalAddAtomW
  • kernel32.dll.GetFileAttributesW
  • kernel32.dll.CreateFileW
  • kernel32.dll.GetModuleFileNameW
  • kernel32.dll.WriteFile
  • kernel32.dll.WriteProcessMemory
  • kernel32.dll.CreateDirectoryW
  • kernel32.dll.GetProcessHeap
  • kernel32.dll.FreeEnvironmentStringsW
  • kernel32.dll.GetEnvironmentStringsW
  • kernel32.dll.GetCommandLineW
  • kernel32.dll.GetCommandLineA
  • kernel32.dll.GetOEMCP
  • kernel32.dll.GetACP
  • kernel32.dll.IsValidCodePage
  • kernel32.dll.FindNextFileW
  • kernel32.dll.FindFirstFileExW
  • kernel32.dll.FindClose
  • kernel32.dll.HeapReAlloc
  • kernel32.dll.ReadConsoleW
  • kernel32.dll.ReadFile
  • kernel32.dll.MultiByteToWideChar
  • kernel32.dll.GetStringTypeW
  • kernel32.dll.WideCharToMultiByte
  • kernel32.dll.GetCurrentThreadId
  • kernel32.dll.EnterCriticalSection
  • kernel32.dll.LeaveCriticalSection
  • kernel32.dll.InitializeCriticalSectionEx
  • kernel32.dll.DeleteCriticalSection
  • kernel32.dll.LCMapStringEx
  • kernel32.dll.ReleaseSRWLockExclusive
  • kernel32.dll.WakeAllConditionVariable
  • kernel32.dll.QueryPerformanceCounter
  • kernel32.dll.GetSystemTimeAsFileTime
  • kernel32.dll.GetProcAddress
  • kernel32.dll.GetCPInfo
  • kernel32.dll.RtlCaptureContext
  • kernel32.dll.RtlLookupFunctionEntry
  • kernel32.dll.RtlVirtualUnwind
  • kernel32.dll.IsDebuggerPresent
  • kernel32.dll.UnhandledExceptionFilter
  • kernel32.dll.SetUnhandledExceptionFilter
  • kernel32.dll.GetStartupInfoW
  • kernel32.dll.IsProcessorFeaturePresent
  • kernel32.dll.GetCurrentProcessId
  • kernel32.dll.InitializeSListHead
  • kernel32.dll.GetCurrentProcess
  • kernel32.dll.TerminateProcess
  • kernel32.dll.RtlUnwindEx
  • kernel32.dll.RtlPcToFileHeader
  • kernel32.dll.RaiseException
  • kernel32.dll.InterlockedFlushSList
  • kernel32.dll.SetLastError
  • kernel32.dll.InitializeCriticalSectionAndSpinCount
  • kernel32.dll.TlsAlloc
  • kernel32.dll.TlsGetValue
  • kernel32.dll.TlsSetValue
  • kernel32.dll.TlsFree
  • kernel32.dll.FreeLibrary
  • kernel32.dll.LoadLibraryExW
  • kernel32.dll.ExitProcess
  • kernel32.dll.GetModuleHandleExW
  • kernel32.dll.CreateThread
  • kernel32.dll.ExitThread
  • kernel32.dll.FreeLibraryAndExitThread
  • kernel32.dll.GetFileSizeEx
  • kernel32.dll.SetFilePointerEx
  • kernel32.dll.GetStdHandle
  • kernel32.dll.GetFileType
  • kernel32.dll.HeapAlloc
  • kernel32.dll.HeapFree
  • kernel32.dll.FlsAlloc
  • kernel32.dll.FlsGetValue
  • kernel32.dll.FlsSetValue
  • kernel32.dll.FlsFree
  • kernel32.dll.LCMapStringW
  • kernel32.dll.GetLocaleInfoW
  • kernel32.dll.IsValidLocale
  • kernel32.dll.GetUserDefaultLCID
  • kernel32.dll.EnumSystemLocalesW
  • kernel32.dll.FlushFileBuffers
  • kernel32.dll.GetConsoleOutputCP
  • kernel32.dll.GetConsoleMode
  • kernel32.dll.RtlUnwind
  • user32.dll.PostMessageW
  • user32.dll.FindWindowA
  • advapi32.dll.AllocateAndInitializeSid
  • advapi32.dll.RegCreateKeyExW
  • advapi32.dll.RegSetValueExW
  • advapi32.dll.FreeSid
  • advapi32.dll.CheckTokenMembership
  • advapi32.dll.RegOpenKeyExW
  • advapi32.dll.RegQueryValueExW
  • advapi32.dll.RegCloseKey
  • shell32.dll.SHGetFolderPathW
  • ole32.dll.CoCreateInstance
  • ole32.dll.CoUninitialize
  • ole32.dll.CoInitialize
  • rstrtmgr.dll.RmStartSession
  • rstrtmgr.dll.RmGetList
  • rstrtmgr.dll.RmRegisterResources
  • rstrtmgr.dll.RmShutdown
  • rstrtmgr.dll.RmEndSession
  • kernel32.dll.AreFileApisANSI
  • kernel32.dll.CompareStringEx
  • kernel32.dll.EnumSystemLocalesEx
  • kernel32.dll.GetDateFormatEx
  • kernel32.dll.GetLocaleInfoEx
  • kernel32.dll.GetTimeFormatEx
  • kernel32.dll.GetUserDefaultLocaleName
  • kernel32.dll.IsValidLocaleName
  • kernel32.dll.LCIDToLocaleName
  • kernel32.dll.LocaleNameToLCID
  • setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
  • setupapi.dll.CM_Get_Device_Interface_List_ExW
  • comctl32.dll.#332
  • comctl32.dll.#386
  • ole32.dll.CoRevokeInitializeSpy
  • comctl32.dll.#388
  • ole32.dll.NdrOleInitializeExtension
  • ole32.dll.CoGetClassObject
  • ole32.dll.CoGetMarshalSizeMax
  • ole32.dll.CoMarshalInterface
  • ole32.dll.CoUnmarshalInterface
  • ole32.dll.StringFromIID
  • ole32.dll.CoGetPSClsid
  • ole32.dll.CoTaskMemAlloc
  • ole32.dll.CoTaskMemFree
  • ole32.dll.CoReleaseMarshalData
  • ole32.dll.DcomChannelSetHResult
  • oleaut32.dll.#500
  • netutils.dll.NetApiBufferFree
  • advapi32.dll.UnregisterTraceGuids
  • rpcrt4.dll.RpcBindingFree
  • comctl32.dll.#321
  • kernel32.dll.VirtualFree
  • kernel32.dll.lstrcmpiA
  • ntdll.dll.RtlZeroMemory
  • ntdll.dll.RtlMoveMemory
  • advapi32.dll.RegCreateKeyA
  • advapi32.dll.RegOpenKeyExA
  • advapi32.dll.RegQueryValueExA
  • advapi32.dll.RegDeleteValueA
  • advapi32.dll.RegSetValueExA
  • ws2_32.dll.WSAStartup
  • ws2_32.dll.socket
  • ws2_32.dll.getaddrinfo
  • ws2_32.dll.freeaddrinfo
  • ws2_32.dll.htons
  • ws2_32.dll.connect
  • ws2_32.dll.send
  • ws2_32.dll.recv
  • ws2_32.dll.closesocket
  • ws2_32.dll.WSACleanup
  • kernel32.dll.SizeofResource
  • kernel32.dll.GetVersionExW
  • kernel32.dll.lstrcmpW
  • kernel32.dll.GlobalUnlock
  • kernel32.dll.LocalAlloc
  • kernel32.dll.LockResource
  • kernel32.dll.GlobalMemoryStatusEx
  • kernel32.dll.RemoveDirectoryW
  • kernel32.dll.GetSystemInfo
  • kernel32.dll.lstrcatW
  • kernel32.dll.GetDiskFreeSpaceExW
  • kernel32.dll.DeleteFileW
  • kernel32.dll.LocalFree
  • kernel32.dll.lstrcpyW
  • kernel32.dll.ExpandEnvironmentStringsW
  • kernel32.dll.GetFileSize
  • kernel32.dll.CreateMutexW
  • kernel32.dll.SetFilePointer
  • kernel32.dll.LoadLibraryW
  • kernel32.dll.GetLocalTime
  • kernel32.dll.ReleaseMutex
  • kernel32.dll.GetConsoleWindow
  • kernel32.dll.GetNativeSystemInfo
  • kernel32.dll.IsBadReadPtr
  • kernel32.dll.VirtualProtect
  • kernel32.dll.GetSystemDefaultLangID
  • kernel32.dll.CreateFileA
  • kernel32.dll.GlobalAlloc
  • kernel32.dll.GlobalFree
  • kernel32.dll.DeviceIoControl
  • kernel32.dll.lstrcpyA
  • kernel32.dll.lstrlenA
  • kernel32.dll.SetEnvironmentVariableA
  • kernel32.dll.CompareStringW
  • kernel32.dll.LoadResource
  • kernel32.dll.EnumSystemLocalesA
  • kernel32.dll.GetLocaleInfoA
  • kernel32.dll.GetConsoleCP
  • kernel32.dll.CreateProcessW
  • kernel32.dll.GetTickCount
  • kernel32.dll.SetThreadExecutionState
  • kernel32.dll.GetComputerNameW
  • kernel32.dll.GlobalLock
  • kernel32.dll.GlobalSize
  • kernel32.dll.FindResourceW
  • kernel32.dll.FindResourceExW
  • kernel32.dll.GetSystemDefaultUILanguage
  • kernel32.dll.GetDriveTypeW
  • kernel32.dll.FindFirstFileW
  • kernel32.dll.CancelIo
  • kernel32.dll.CreateEventW
  • kernel32.dll.ResetEvent
  • kernel32.dll.lstrlenW
  • kernel32.dll.SetEvent
  • kernel32.dll.WaitForSingleObject
  • kernel32.dll.GetModuleFileNameA
  • kernel32.dll.SetHandleCount
  • kernel32.dll.GetTimeZoneInformation
  • kernel32.dll.HeapDestroy
  • kernel32.dll.HeapCreate
  • kernel32.dll.GetVersion
  • kernel32.dll.HeapSetInformation
  • kernel32.dll.GetTimeFormatW
  • kernel32.dll.GetDateFormatW
  • kernel32.dll.VirtualQuery
  • kernel32.dll.SetThreadStackGuarantee
  • kernel32.dll.InitializeCriticalSection
  • user32.dll.GetForegroundWindow
  • user32.dll.GetKeyState
  • user32.dll.GetClipboardData
  • user32.dll.GetWindowTextW
  • user32.dll.OpenClipboard
  • user32.dll.ExitWindowsEx
  • user32.dll.wsprintfW
  • user32.dll.CloseClipboard
  • user32.dll.GetLastInputInfo
  • user32.dll.ReleaseDC
  • user32.dll.SystemParametersInfoW
  • user32.dll.GetDC
  • user32.dll.GetSystemMetrics
  • gdi32.dll.SetStretchBltMode
  • gdi32.dll.DeleteDC
  • gdi32.dll.CreateDIBSection
  • gdi32.dll.GetDeviceCaps
  • gdi32.dll.StretchBlt
  • gdi32.dll.DeleteObject
  • gdi32.dll.SelectObject
  • gdi32.dll.CreateCompatibleDC
  • gdi32.dll.GetObjectW
  • advapi32.dll.GetSidSubAuthority
  • advapi32.dll.RegEnumValueW
  • advapi32.dll.CloseEventLog
  • advapi32.dll.ClearEventLogW
  • advapi32.dll.RegEnumKeyExW
  • advapi32.dll.RegDeleteValueW
  • advapi32.dll.RegDeleteKeyW
  • advapi32.dll.RegQueryInfoKeyW
  • advapi32.dll.RegOpenKeyW
  • advapi32.dll.GetTokenInformation
  • advapi32.dll.RegCreateKeyW
  • advapi32.dll.GetSidSubAuthorityCount
  • advapi32.dll.OpenEventLogW
  • advapi32.dll.OpenProcessToken
  • ole32.dll.CoInitializeEx
  • ole32.dll.CoInitializeSecurity
  • ole32.dll.GetHGlobalFromStream
  • ole32.dll.CoSetProxyBlanket
  • ole32.dll.CreateStreamOnHGlobal
  • oleaut32.dll.#6
  • oleaut32.dll.#2
  • oleaut32.dll.#9
  • ws2_32.dll.#23
  • ws2_32.dll.#3
  • ws2_32.dll.#52
  • ws2_32.dll.#19
  • ws2_32.dll.#16
  • ws2_32.dll.#18
  • ws2_32.dll.#115
  • ws2_32.dll.#4
  • ws2_32.dll.WSAIoctl
  • ws2_32.dll.#9
  • ws2_32.dll.#116
  • ws2_32.dll.#21
  • winmm.dll.timeGetTime
  • shlwapi.dll.PathFindExtensionW
  • gdiplus.dll.GdiplusStartup
  • gdiplus.dll.GdipSaveImageToFile
  • gdiplus.dll.GdipGetImageEncoders
  • gdiplus.dll.GdipCreateBitmapFromHBITMAP
  • gdiplus.dll.GdiplusShutdown
  • gdiplus.dll.GdipSaveImageToStream
  • gdiplus.dll.GdipCreateBitmapFromScan0
  • gdiplus.dll.GdipGetImageEncodersSize
  • gdiplus.dll.GdipDisposeImage
  • netapi32.dll.Netbios
  • wtsapi32.dll.WTSFreeMemory
  • wtsapi32.dll.WTSQuerySessionInformationW
  • dinput8.dll.DirectInput8Create
  • ntdll.dll.RtlGetNtVersionNumbers
  • msdmo.dll.DMOEnum
  • msdmo.dll.DMOGetTypes
  • msdmo.dll.DMOGetName
  • kernel32.dll.GetThreadPreferredUILanguages
  • kernel32.dll.SetThreadPreferredUILanguages
  • kernel32.dll.GetSystemDefaultLocaleName
  • fastprox.dll.DllGetClassObject
  • fastprox.dll.DllCanUnloadNow
  • oleaut32.dll.#283
  • oleaut32.dll.#284
  • kernel32.dll.lstrcmpiW
  • user32.dll.mouse_event
  • user32.dll.SetClipboardData
  • user32.dll.BlockInput
  • user32.dll.GetDesktopWindow
  • user32.dll.DestroyCursor
  • user32.dll.EmptyClipboard
  • user32.dll.LoadCursorW
  • user32.dll.MapVirtualKeyW
  • user32.dll.GetThreadDesktop
  • user32.dll.OpenInputDesktop
  • user32.dll.CloseDesktop
  • user32.dll.GetCursorInfo
  • user32.dll.GetCursorPos
  • user32.dll.SetThreadDesktop
  • user32.dll.GetUserObjectInformationW
  • user32.dll.keybd_event
  • gdi32.dll.GetRegionData
  • gdi32.dll.CreateRectRgnIndirect
  • gdi32.dll.CombineRgn
  • gdi32.dll.BitBlt
  • gdi32.dll.GdiIsMetaPrintDC
  • sechost.dll.OpenSCManagerW
  • sechost.dll.OpenServiceW
  • sechost.dll.QueryServiceStatus
  • sechost.dll.QueryServiceConfigW
  • sechost.dll.CloseServiceHandle
  • shlwapi.dll.#487
  • rpcrt4.dll.RpcStringBindingComposeW
  • rpcrt4.dll.RpcBindingFromStringBindingW
  • rpcrt4.dll.NdrClientCall3
  • cryptbase.dll.SystemFunction041
  • rpcrt4.dll.RpcStringFreeW
  • cryptbase.dll.SystemFunction040
  • advapi32.dll.RegGetValueW
  • advapi32.dll.IsValidSid
  • advapi32.dll.GetLengthSid
  • advapi32.dll.CopySid
  • shell32.dll.SHGetFolderPathEx
  • ntdll.dll.RtlDllShutdownInProgress
  • comctl32.dll.DPA_Create
  • comctl32.dll.DPA_Search
  • comctl32.dll.DPA_InsertPtr
  • wscapi.dll.WscGetSecurityProviderHealth