魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2024-04-25 18:18:52 | 2024-04-25 18:19:50 | 58 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp03-1 | win7-sp1-x64-shaapp03-1 | KVM | 2024-04-25 18:18:54 | 2024-04-25 18:19:53 |
| 魔盾分数 |
|---|
5.775可疑的 |
文件详细信息
| 文件名 | 查询电脑端001.exe |
|---|---|
| 文件大小 | 670208 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| CRC32 | 39D8CE3E |
| MD5 | 362b61ee9adc0f7c8583ebf06d20a0e8 |
| SHA1 | 5699171720e84738fcd3968639490a628fb9979d |
| SHA256 | 947d371313978526863fec807e991bf4b31a7f1f1d8d081769068ffe27ee899b |
| SHA512 | edbb111f4d09460ba594fec65cc98c3cc34724e87e548713844670df959d643509a68e419adbc018f6df4ca0e210746f09ac6c6433cdcf91bd91b2dbc4fab6cd |
| Ssdeep | 3072:91I2NxfpUdddddwddR4ccaZbuJjjUouU9LIe3HsS3r7L5s55ROhFYyFtj:1fnqjKU9LjHsS3r7u55RO/YyFt |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | VirusTotal查询失败 |
特征
创建RWX内存
通过进程尝试延迟分析任务
Process: _______________001.exe tried to sleep 65 seconds, actually delayed analysis time by 0 seconds
IP地址信誉系统
Greylist: 183.66.100.32
专有的Yara检测结果 - 普通
从文件自身的二进制镜像中读取数据
self_read: process: _______________001.exe, pid: 2580, offset: 0x00000000, length: 0x00001000
self_read: process: _______________001.exe, pid: 2580, offset: 0x00000080, length: 0x00000200
self_read: process: _______________001.exe, pid: 2580, offset: 0x00000178, length: 0x00000200
self_read: process: _______________001.exe, pid: 2580, offset: 0x00032be0, length: 0x00000200
可疑的样本异常终止
尝试通过安装目录检测已安装的反病毒软件
file: C:\Program Files (x86)\Avira\
file: C:\Program Files (x86)\Avira
file: C:\Program Files (x86)\Avira\Avira.exe
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 183.66.100.32 | China |
域名解析
| 域名 | 响应 |
|---|---|
| jkjkdll3-1323575486.cos.ap-chengdu.myqcloud.com |
A 183.66.100.32
CNAME cd.file.myqcloud.com A 183.66.100.19 |
TCP连接
| IP地址 | 端口 |
|---|---|
| 183.66.100.32 | 443 |
| 23.15.196.139 | 80 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00434a4e |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000acc94 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2072-08-28 11:05:22 |
| 载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
| 图标 |  |
| 图标精确哈希值 | 11d725c5772cd0d0425f76bddad3a344 |
| 图标相似性哈希值 | 5f52dcee58fa8c0f73f7151bb8eb066a |
版本信息
| Translation: | 0x0000 0x04b0 |
| LegalCopyright: | TKReview |
| Assembly Version: | 6.0.0.0 |
| InternalName: | APP.exe |
| FileVersion: | 6.0.0.0 |
| CompanyName: | TKReview |
| LegalTrademarks: | TKReview |
| Comments: | TKReview |
| ProductName: | TKReview |
| ProductVersion: | 6.0.0.0 |
| FileDescription: | TKReview |
| OriginalFilename: | APP.exe |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x00032a54 | 0x00032c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 2.78 |
| .rsrc | 0x00036000 | 0x00070858 | 0x00070a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.69 |
| .reloc | 0x000a8000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.10 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000a5e18 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.77 | GLS_BINARY_LSB_FIRST |
| RT_GROUP_ICON | 0x000a6290 | 0x00000092 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.10 | MS Windows icon resource - 10 icons, 256x256 |
| RT_VERSION | 0x000a6334 | 0x00000324 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.27 | data |
| RT_MANIFEST | 0x000a6668 | 0x000001ea | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.00 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
导入
库 mscoree.dll:
• 0x402000 - _CorExeMain
投放文件
行为分析
互斥量(Mutexes)
- Local\MSCTF.Asm.MutexDefault1
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
_______________001.exe PID: 2580, 上一级进程 PID: 2256
访问的文件
- C:\Windows\sysnative\MSCOREE.DLL.local
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- C:\Windows\Microsoft.NET\Framework64\*
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- C:\Users\test\AppData\Local\Temp\_______________001.exe.config
- C:\Users\test\AppData\Local\Temp\_______________001.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSVCR120_CLR0400.dll
- C:\Windows\sysnative\MSVCR120_CLR0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll.aux
- C:\Users
- C:\Users\test
- C:\Users\test\AppData
- C:\Users\test\AppData\Local
- C:\Users\test\AppData\Local\Temp
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ole32.dll
- \Device\KsecDD
- C:\Windows\assembly\NativeImages_v4.0.30319_64\APP\*
- C:\Users\test\AppData\Local\Temp\_______________001.INI
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
- C:\Windows\assembly\pubpol49.dat
- C:\Windows\assembly\GAC\PublisherPolicy.tme
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\uxtheme.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2fe311002b76e58f2f89f897a32b62a2\System.Configuration.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2fe311002b76e58f2f89f897a32b62a2\System.Configuration.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll.aux
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- C:\Users\test\AppData\Local\Temp\_______________001.exe.Local\
- C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a
- C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Windows\Fonts\AGENCYR.TTF
- C:\Windows\Fonts\simsun.ttc
- C:\Program Files (x86)\Avira\
- C:\Program Files (x86)\Avira
- C:\Program Files (x86)
- C:\Program Files (x86)\Avira\Avira.exe
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll
- C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll
- C:\Windows\assembly\GAC_64
- C:\Windows\assembly\GAC_64\mscorlib.resources
- C:\Windows\assembly\GAC_32
- C:\Windows\assembly\GAC_32\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\GAC
- C:\Windows\assembly\GAC\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32
- C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.INI
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-CN\mscorrc.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-CN\mscorrc.dll.DLL
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-Hans\mscorrc.dll
- C:\Windows\sysnative\tzres.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\iphlpapi.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\secur32.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\crypt32.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CRYPT32.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
- C:\Windows\sysnative\zh-CN\tzres.dll.mui
- C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
- C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
- C:\Users\test\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
- C:\Windows\sysnative\p2pcollab.dll
- C:\Windows\sysnative\QAGENTRT.DLL
- C:\Windows\sysnative\dnsapi.dll
- C:\Windows\sysnative\fveui.dll
- C:\Windows\assembly\GAC_64\System.resources
- C:\Windows\assembly\GAC_32\System.resources
- C:\Windows\assembly\GAC_MSIL\System.resources
- C:\Windows\assembly\GAC_MSIL\System.resources\*
- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_zh-CHS_b77a5c561934e089\System.resources.dll
- C:\Windows\assembly\GAC\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.resources.INI
- C:\Windows\assembly\GAC_64\System.Windows.Forms.resources
- C:\Windows\assembly\GAC_32\System.Windows.Forms.resources
- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources
- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\*
- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_zh-CHS_b77a5c561934e089\System.Windows.Forms.resources.dll
- C:\Windows\assembly\GAC\System.Windows.Forms.resources
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Windows.Forms.resources
- C:\Windows\Microsoft.Net\assembly\GAC_32\System.Windows.Forms.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Windows.Forms.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\System.Windows.Forms.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Windows.Forms.resources.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Winda3a3212d#\*
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Windows.Forms.resources.INI
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
- C:\Windows\symbols\dll\System.pdb
- C:\Windows\dll\System.pdb
- C:\Windows\System.pdb
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
- C:\Windows\symbols\dll\mscorlib.pdb
- C:\Windows\dll\mscorlib.pdb
- C:\Windows\mscorlib.pdb
- C:\Users\test\AppData\Local\Temp\_______________001.PDB
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb
- C:\Windows\symbols\dll\System.Windows.Forms.pdb
- C:\Windows\dll\System.Windows.Forms.pdb
- C:\Windows\System.Windows.Forms.pdb
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\imm32.dll
- C:\Windows\Fonts\staticcache.dat
读取的文件
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
- C:\Users\test\AppData\Local\Temp\_______________001.exe.config
- C:\Users\test\AppData\Local\Temp\_______________001.exe
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
- C:\Windows\sysnative\MSVCR120_CLR0400.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dll
- \Device\KsecDD
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
- C:\Windows\assembly\pubpol49.dat
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System\60b77585c8aa9cfd1b30a64092c81041\System.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\43de4a177616225e9b6262468e1c3b53\System.Drawing.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\37004ddc6f466d807c52ca3b7f9f9827\System.Windows.Forms.ni.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2fe311002b76e58f2f89f897a32b62a2\System.Configuration.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\d1da4b8a843ec63bb8be25f8202bedc1\System.Core.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\2fe311002b76e58f2f89f897a32b62a2\System.Configuration.ni.dll
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll.aux
- C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\c2f35cb9621b8ca33a05759bbb0683c1\System.Xml.ni.dll
- C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Windows\Fonts\simsun.ttc
- C:\Windows\sysnative\zh-CN\KERNELBASE.dll.mui
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\mscorlib.resources.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\zh-Hans\mscorrc.dll
- C:\Windows\sysnative\tzres.dll
- C:\Windows\sysnative\zh-CN\tzres.dll.mui
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.resources.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_zh-Hans_b77a5c561934e089\System.Windows.Forms.resources.dll
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
- C:\Windows\symbols\dll\System.pdb
- C:\Windows\dll\System.pdb
- C:\Windows\System.pdb
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
- C:\Windows\symbols\dll\mscorlib.pdb
- C:\Windows\dll\mscorlib.pdb
- C:\Windows\mscorlib.pdb
- C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb
- C:\Windows\symbols\dll\System.Windows.Forms.pdb
- C:\Windows\dll\System.Windows.Forms.pdb
- C:\Windows\System.Windows.Forms.pdb
- C:\Windows\Fonts\staticcache.dat
修改的文件
- C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
- C:\Program Files (x86)\Avira\Avira.exe
删除的文件
- C:\Program Files (x86)\Avira\Avira.exe
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v4.0.30319
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_______________001.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_CURRENT_USER\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
- HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
- HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\_______________001_RASAPI32
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\FileDirectory
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\AppID\_______________001.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D1F7947A
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.mscorlib.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
- HKEY_LOCAL_MACHINE\System\Setup
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DhcpDomain
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.SecurityProtocol
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.SchSendAuxRecord
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchSendAuxRecord
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\TZI
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\Dynamic DST
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Display
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Std
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Dlt
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
- HKEY_USERS\S-1-5-21-2280033686-3172497658-3481507381-1000
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Keys
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
- HKEY_CURRENT_USER\
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
- HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\AAF68885
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\p2pcollab.dll,-8042
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\qagentrt.dll,-10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\dnsapi.dll,-103
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\System32\fveui.dll,-843
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\System32\fveui.dll,-844
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllConvertPublicKeyInfo
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllConvertPublicKeyInfo
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllVerifyEncodedSignature
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllVerifyEncodedSignature
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms.resources_zh-Hans_b77a5c561934e089
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms.resources_zh-Hans_b77a5c561934e089
- HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
- HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\_______________001.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3FC47A08-E5C9-4BCA-A2C7-BC9A282AED14}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
- HKEY_CURRENT_USER\Keyboard Layout\Toggle
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\System
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index49
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000804
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
- HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\FileDirectory
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\D1F7947A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CHS
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{33E35B0A-D1F6-4AB1-A1AE-56B8A256B787}\DhcpDomain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchSendAuxRecord
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\TZI
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Display
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Std
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\China Standard Time\MUI_Dlt
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2280033686-3172497658-3481507381-1000\ProfileImagePath
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\039EEDB80BE7A03C6953893B20D2D9323A4C2AFD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\03A5B14663EB12023091B84A6D6A68BC871DE66B\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36527D4FA26A68F9EB4596F1D99ABB2C0EA76DFA\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\58E8ABB0361533FB80F79B1B6D29D3FF8D5F00F0\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\9F744E9F2B4DBAEC0F312C50B6563B8E2D93C311\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B31EB1B740E36C8402DADC37D44DF5D4674952F9\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\B94294BF91EA8FB64BE61097C7FB001359B676CB\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob
- HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\p2pcollab.dll,-8042
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\qagentrt.dll,-10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\system32\dnsapi.dll,-103
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\System32\fveui.dll,-843
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\@%SystemRoot%\System32\fveui.dll,-844
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
- HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane6
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane7
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane9
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane10
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane11
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane12
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane13
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane14
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane15
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\SimSun\Plane16
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
修改的注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\_______________001_RASAPI32
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\_______________001_RASAPI32\FileDirectory
- HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\AAF68885\LanguageList
删除的注册表键
无信息
API解析
- advapi32.dll.RegOpenKeyExW
- advapi32.dll.RegQueryInfoKeyW
- advapi32.dll.RegEnumKeyExW
- advapi32.dll.RegEnumValueW
- advapi32.dll.RegCloseKey
- advapi32.dll.RegQueryValueExW
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsFree
- kernel32.dll.FlsGetValue
- kernel32.dll.FlsSetValue
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.CreateEventExW
- kernel32.dll.CreateSemaphoreExW
- kernel32.dll.SetThreadStackGuarantee
- kernel32.dll.CreateThreadpoolTimer
- kernel32.dll.SetThreadpoolTimer
- kernel32.dll.WaitForThreadpoolTimerCallbacks
- kernel32.dll.CloseThreadpoolTimer
- kernel32.dll.CreateThreadpoolWait
- kernel32.dll.SetThreadpoolWait
- kernel32.dll.CloseThreadpoolWait
- kernel32.dll.FlushProcessWriteBuffers
- kernel32.dll.FreeLibraryWhenCallbackReturns
- kernel32.dll.GetCurrentProcessorNumber
- kernel32.dll.GetLogicalProcessorInformation
- kernel32.dll.CreateSymbolicLinkW
- kernel32.dll.EnumSystemLocalesEx
- kernel32.dll.CompareStringEx
- kernel32.dll.GetDateFormatEx
- kernel32.dll.GetLocaleInfoEx
- kernel32.dll.GetTimeFormatEx
- kernel32.dll.GetUserDefaultLocaleName
- kernel32.dll.IsValidLocaleName
- kernel32.dll.LCMapStringEx
- kernel32.dll.GetTickCount64
- kernel32.dll.AcquireSRWLockExclusive
- kernel32.dll.ReleaseSRWLockExclusive
- advapi32.dll.EventRegister
- mscoree.dll.#142
- mscoreei.dll.RegisterShimImplCallback
- mscoreei.dll.OnShimDllMainCalled
- mscoreei.dll._CorExeMain
- shlwapi.dll.UrlIsW
- version.dll.GetFileVersionInfoSizeW
- version.dll.GetFileVersionInfoW
- version.dll.VerQueryValueW
- clr.dll.SetRuntimeInfo
- clr.dll._CorExeMain
- mscoree.dll.CreateConfigStream
- mscoreei.dll.CreateConfigStream
- kernel32.dll.GetNumaHighestNodeNumber
- ntdll.dll.RtlVirtualUnwind
- kernel32.dll.GetSystemWindowsDirectoryW
- advapi32.dll.AllocateAndInitializeSid
- advapi32.dll.OpenProcessToken
- advapi32.dll.GetTokenInformation
- advapi32.dll.InitializeAcl
- advapi32.dll.AddAccessAllowedAce
- advapi32.dll.FreeSid
- kernel32.dll.AddSIDToBoundaryDescriptor
- kernel32.dll.CreateBoundaryDescriptorW
- kernel32.dll.CreatePrivateNamespaceW
- kernel32.dll.OpenPrivateNamespaceW
- kernel32.dll.DeleteBoundaryDescriptor
- kernel32.dll.WerRegisterRuntimeExceptionModule
- kernel32.dll.RaiseException
- mscoree.dll.#24
- mscoreei.dll.#24
- psapi.dll.GetProcessMemoryInfo
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- ole32.dll.CoInitializeEx
- cryptbase.dll.SystemFunction036
- ole32.dll.CoGetContextToken
- clrjit.dll.sxsJitStartup
- clrjit.dll.getJit
- kernel32.dll.CloseHandle
- kernel32.dll.GetCurrentProcess
- kernel32.dll.LocalFree
- kernel32.dll.LocalAlloc
- advapi32.dll.DuplicateTokenEx
- advapi32.dll.CheckTokenMembership
- kernel32.dll.LocaleNameToLCID
- kernel32.dll.LCIDToLocaleName
- kernel32.dll.GetUserPreferredUILanguages
- nlssorting.dll.SortGetHandle
- nlssorting.dll.SortCloseHandle
- kernel32.dll.GetFullPathNameW
- uxtheme.dll.IsAppThemed
- kernel32.dll.CreateActCtxA
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CoTaskMemFree
- user32.dll.RegisterWindowMessageW
- user32.dll.GetSystemMetrics
- kernel32.dll.GetModuleHandleW
- kernel32.dll.LoadLibraryW
- user32.dll.AdjustWindowRectEx
- kernel32.dll.GetCurrentThread
- kernel32.dll.DuplicateHandle
- kernel32.dll.GetCurrentThreadId
- kernel32.dll.GetCurrentActCtx
- kernel32.dll.ActivateActCtx
- kernel32.dll.GetProcAddress
- kernel32.dll.WideCharToMultiByte
- user32.dll.DefWindowProcW
- gdi32.dll.GetStockObject
- user32.dll.RegisterClassW
- mscoree.dll.GetProcessExecutableHeap
- mscoreei.dll.GetProcessExecutableHeap
- user32.dll.CreateWindowExW
- user32.dll.SetWindowLongPtrW
- user32.dll.GetWindowLongPtrW
- user32.dll.CallWindowProcW
- user32.dll.GetClientRect
- user32.dll.GetWindowRect
- user32.dll.GetParent
- kernel32.dll.DeactivateActCtx
- user32.dll.GetProcessWindowStation
- user32.dll.GetUserObjectInformationA
- kernel32.dll.SetConsoleCtrlHandler
- user32.dll.GetClassInfoW
- user32.dll.SystemParametersInfoW
- kernel32.dll.CompareStringOrdinal
- kernel32.dll.GetFileAttributesExW
- kernel32.dll.SetThreadErrorMode
- kernel32.dll.CreateFileW
- kernel32.dll.GetFileType
- kernel32.dll.GetFileSize
- kernel32.dll.ReadFile
- user32.dll.MonitorFromRect
- user32.dll.GetMonitorInfoW
- gdi32.dll.CreateDCW
- gdi32.dll.GetDeviceCaps
- gdi32.dll.DeleteDC
- user32.dll.GetDoubleClickTime
- gdiplus.dll.GdiplusStartup
- user32.dll.GetWindowInfo
- user32.dll.GetAncestor
- user32.dll.GetMonitorInfoA
- user32.dll.EnumDisplayMonitors
- user32.dll.EnumDisplayDevicesA
- gdi32.dll.ExtTextOutW
- gdi32.dll.GdiIsMetaPrintDC
- gdiplus.dll.GdipCreateBitmapFromStream
- ntdll.dll.NtSetSystemInformation
- windowscodecs.dll.DllGetClassObject
- kernel32.dll.WerRegisterMemoryBlock
- gdiplus.dll.GdipImageForceValidation
- gdiplus.dll.GdipGetImageRawFormat
- gdiplus.dll.GdipGetImageWidth
- gdiplus.dll.GdipGetImageHeight
- gdiplus.dll.GdipCreateBitmapFromScan0
- gdiplus.dll.GdipGetImagePixelFormat
- gdiplus.dll.GdipGetImageGraphicsContext
- user32.dll.GetSysColor
- gdiplus.dll.GdipGraphicsClear
- gdiplus.dll.GdipCreateImageAttributes
- gdiplus.dll.GdipSetImageAttributesColorKeys
- gdiplus.dll.GdipDrawImageRectRectI
- gdiplus.dll.GdipDisposeImageAttributes
- gdiplus.dll.GdipDeleteGraphics
- gdiplus.dll.GdipDisposeImage
- kernel32.dll.GetSystemDefaultLCID
- gdi32.dll.GetObjectW
- user32.dll.GetDC
- gdiplus.dll.GdipCreateFontFromLogfontW
- kernel32.dll.RegOpenKeyExW
- kernel32.dll.RegQueryInfoKeyA
- kernel32.dll.RegCloseKey
- kernel32.dll.RegCreateKeyExW
- kernel32.dll.RegQueryValueExW
- mscoree.dll.ND_RI2
- mscoreei.dll.ND_RI2
- mscoree.dll.ND_RU1
- mscoreei.dll.ND_RU1
- gdiplus.dll.GdipGetFontUnit
- gdiplus.dll.GdipGetFontSize
- gdiplus.dll.GdipGetFontStyle
- gdiplus.dll.GdipGetFamily
- user32.dll.ReleaseDC
- gdiplus.dll.GdipCreateFromHDC
- gdiplus.dll.GdipGetDpiY
- gdiplus.dll.GdipGetFontHeight
- gdiplus.dll.GdipGetEmHeight
- gdiplus.dll.GdipGetLineSpacing
- gdiplus.dll.GdipCreateFont
- gdiplus.dll.GdipDeleteFont
- gdi32.dll.CreateCompatibleDC
- gdiplus.dll.GdipGetLogFontW
- gdi32.dll.CreateFontIndirectW
- gdi32.dll.SelectObject
- gdi32.dll.GetTextMetricsW
- gdi32.dll.GetTextExtentPoint32W
- user32.dll.SetWindowTextW
- kernel32.dll.GetStartupInfoW
- user32.dll.CreateIconFromResourceEx
- user32.dll.SendMessageW
- user32.dll.GetSystemMenu
- user32.dll.GetWindowPlacement
- user32.dll.EnableMenuItem
- user32.dll.GetWindowTextLengthW
- user32.dll.GetWindowTextW
- user32.dll.SetWindowPos
- user32.dll.RedrawWindow
- user32.dll.ShowWindow
- user32.dll.PostThreadMessageW
- kernel32.dll.CreateDirectoryW
- kernel32.dll.GetStdHandle
- kernel32.dll.GetACP
- kernel32.dll.UnmapViewOfFile
- kernel32.dll.CreateEventW
- kernel32.dll.QueryPerformanceFrequency
- kernel32.dll.QueryPerformanceCounter
- rasapi32.dll.RasEnumConnectionsW
- rtutils.dll.TraceRegisterExA
- rtutils.dll.TracePrintfExA
- sechost.dll.OpenSCManagerW
- sechost.dll.OpenServiceW
- sechost.dll.QueryServiceStatus
- sechost.dll.CloseServiceHandle
- ws2_32.dll.WSAStartup
- ws2_32.dll.WSASocketW
- ws2_32.dll.setsockopt
- ws2_32.dll.WSAEventSelect
- ws2_32.dll.ioctlsocket
- ws2_32.dll.closesocket
- ws2_32.dll.WSAIoctl
- kernel32.dll.FormatMessageW
- rasapi32.dll.RasConnectionNotificationW
- advapi32.dll.RegOpenCurrentUser
- sechost.dll.NotifyServiceStatusChangeA
- advapi32.dll.RegNotifyChangeKeyValue
- winhttp.dll.WinHttpOpen
- winhttp.dll.WinHttpCloseHandle
- winhttp.dll.WinHttpSetTimeouts
- winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
- kernel32.dll.GetEnvironmentVariableW
- clr.dll.CreateAssemblyNameObject
- ole32.dll.CoGetObjectContext
- sechost.dll.LookupAccountNameLocalW
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptGenRandom
- ole32.dll.NdrOleInitializeExtension
- ole32.dll.CoGetClassObject
- ole32.dll.CoGetMarshalSizeMax
- ole32.dll.CoMarshalInterface
- ole32.dll.CoUnmarshalInterface
- ole32.dll.StringFromIID
- ole32.dll.CoGetPSClsid
- ole32.dll.CoCreateInstance
- ole32.dll.CoReleaseMarshalData
- ole32.dll.DcomChannelSetHResult
- rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
- clr.dll.CreateAssemblyEnum
- kernel32.dll.ResolveLocaleName
- kernel32.dll.SetEvent
- kernel32.dll.ResetEvent
- ole32.dll.CoWaitForMultipleHandles
- kernel32.dll.GetTimeZoneInformation
- iphlpapi.dll.GetNetworkParams
- dnsapi.dll.DnsQueryConfig
- iphlpapi.dll.GetAdaptersAddresses
- iphlpapi.dll.GetIpInterfaceEntry
- iphlpapi.dll.GetBestInterfaceEx
- ws2_32.dll.GetAddrInfoW
- ws2_32.dll.freeaddrinfo
- ws2_32.dll.WSAConnect
- kernel32.dll.GetCurrentProcessId
- advapi32.dll.LookupPrivilegeValueW
- advapi32.dll.AdjustTokenPrivileges
- kernel32.dll.OpenProcess
- psapi.dll.EnumProcessModules
- psapi.dll.GetModuleInformation
- psapi.dll.GetModuleBaseNameW
- psapi.dll.GetModuleFileNameExW
- secur32.dll.EnumerateSecurityPackagesW
- secur32.dll.FreeContextBuffer
- secur32.dll.FreeCredentialsHandle
- secur32.dll.AcquireCredentialsHandleW
- schannel.dll.SpUserModeInitialize
- advapi32.dll.RegCreateKeyExW
- secur32.dll.DeleteSecurityContext
- secur32.dll.InitializeSecurityContextW
- ws2_32.dll.send
- ws2_32.dll.recv
- ncrypt.dll.SslOpenProvider
- ncrypt.dll.GetSChannelInterface
- bcryptprimitives.dll.GetHashInterface
- ncrypt.dll.SslIncrementProviderReferenceCount
- ncrypt.dll.SslImportKey
- bcryptprimitives.dll.GetCipherInterface
- secur32.dll.QueryContextAttributesW
- ncrypt.dll.SslLookupCipherSuiteInfo
- ncrypt.dll.SslLookupCipherLengths
- crypt32.dll.CertFreeCertificateContext
- crypt32.dll.CertDuplicateCertificateContext
- crypt32.dll.CertGetCertificateContextProperty
- crypt32.dll.CertCloseStore
- crypt32.dll.CertDuplicateStore
- crypt32.dll.CertEnumCertificatesInStore
- crypt32.dll.CertFreeCertificateChain
- crypt32.dll.CertOpenStore
- crypt32.dll.CertAddCertificateLinkToStore
- kernel32.dll.GetDynamicTimeZoneInformation
- shell32.dll.SHGetFolderPathW
- kernel32.dll.GetFileMUIPath
- kernel32.dll.LoadLibraryExW
- kernel32.dll.FreeLibrary
- user32.dll.LoadStringW
- crypt32.dll.CertGetCertificateChain
- userenv.dll.GetUserProfileDirectoryW
- sechost.dll.ConvertSidToStringSidW
- sechost.dll.ConvertStringSidToSidW
- userenv.dll.RegisterGPNotification
- gpapi.dll.RegisterGPNotificationInternal
- sechost.dll.QueryServiceConfigW
- ncrypt.dll.BCryptOpenAlgorithmProvider
- ncrypt.dll.BCryptGetProperty
- ncrypt.dll.BCryptCreateHash
- ncrypt.dll.BCryptHashData
- ncrypt.dll.BCryptFinishHash
- ncrypt.dll.BCryptDestroyHash
- cryptsp.dll.CryptAcquireContextA
- cryptsp.dll.CryptImportKey
- cryptsp.dll.CryptCreateHash
- cryptsp.dll.CryptHashData
- cryptsp.dll.CryptVerifySignatureA
- cryptsp.dll.CryptDestroyKey
- cryptsp.dll.CryptDestroyHash
- bcryptprimitives.dll.GetAsymmetricEncryptionInterface
- ncrypt.dll.BCryptImportKeyPair
- ncrypt.dll.BCryptVerifySignature
- ncrypt.dll.BCryptDestroyKey
- crypt32.dll.CertDuplicateCertificateChain
- crypt32.dll.CertVerifyCertificateChainPolicy
- kernel32.dll.SetLastError
- ncrypt.dll.SslDecrementProviderReferenceCount
- ncrypt.dll.SslFreeObject
- ws2_32.dll.shutdown
- kernel32.dll.DeleteFileW
- diasymreader.dll.DllGetClassObject
- version.dll.VerLanguageNameW
- comctl32.dll.RegisterClassNameW
- uxtheme.dll.EnableThemeDialogTexture
- user32.dll.MapWindowPoints
- gdiplus.dll.GdipCreateFromHWND
- gdiplus.dll.GdipMeasureString
- user32.dll.GetForegroundWindow
- user32.dll.GetCursorPos
- user32.dll.MonitorFromPoint
- user32.dll.LoadIconW
- user32.dll.GetIconInfo
- gdiplus.dll.GdipCreateBitmapFromHBITMAP
- gdiplus.dll.GdipBitmapLockBits
- kernel32.dll.RtlMoveMemory
- gdiplus.dll.GdipBitmapUnlockBits
- gdi32.dll.DeleteObject
- user32.dll.InvalidateRect
- user32.dll.GetWindowThreadProcessId
- gdiplus.dll.GdipBitmapGetPixel
- user32.dll.GetCapture
- user32.dll.GetActiveWindow
- ole32.dll.OleInitialize
- ole32.dll.CoRegisterMessageFilter
- user32.dll.EnumThreadWindows
- user32.dll.IsWindowVisible
- user32.dll.GetFocus
- ole32.dll.CoUninitialize
- ole32.dll.CoRegisterInitializeSpy
- ole32.dll.CoRevokeInitializeSpy
- user32.dll.GetKeyboardLayout
- imm32.dll.ImmGetContext
- imm32.dll.ImmGetOpenStatus
- imm32.dll.ImmReleaseContext
- imm32.dll.ImmAssociateContext
- user32.dll.IsWindowEnabled
- user32.dll.GetWindow
- user32.dll.SetParent
- uxtheme.dll.OpenThemeData
- imm32.dll.ImmIsIME
- gdi32.dll.GetLayout
- gdi32.dll.GdiRealizationInfo
- gdi32.dll.FontIsLinked
- gdi32.dll.GetTextFaceAliasW
- advapi32.dll.RegQueryValueExA
- gdi32.dll.GetTextExtentExPointWPri
- user32.dll.PostMessageW
- gdiplus.dll.GdipImageGetFrameDimensionsCount
- gdiplus.dll.GdipImageGetFrameDimensionsList
- gdi32.dll.GetCurrentObject
- gdi32.dll.SaveDC
- gdi32.dll.GetNearestColor
- gdi32.dll.CreateSolidBrush
- user32.dll.FillRect
- gdi32.dll.RestoreDC
- user32.dll.SetFocus
- user32.dll.IsChild
- user32.dll.GetDlgItem
- user32.dll.PeekMessageW
- user32.dll.GetMessageA
- user32.dll.DestroyIcon
- user32.dll.DestroyWindow
- user32.dll.IsWindow
- user32.dll.PostQuitMessage
- user32.dll.TranslateMessage
- user32.dll.DispatchMessageA
- ole32.dll.OleUninitialize
- user32.dll.SetClassLongPtrW
- user32.dll.UnregisterClassW
- advapi32.dll.EventUnregister
- rpcrt4.dll.RpcBindingFree
- kernel32.dll.CreateActCtxW
- kernel32.dll.AddRefActCtx
- kernel32.dll.ReleaseActCtx
- kernel32.dll.QueryActCtxW
- cryptsp.dll.CryptReleaseContext