IDC资讯中心
syskey作为系统的第一层密码,一旦起用就无法关闭,有的说可以通过导入以前注册表来关闭syskey或者是用repair文件夹里的sam文件覆盖config里面的sam,上面的方法是网上流传的,我没试过。
我用了regsnap对起启用syskey前的注册表和启用syskey后的注册表进行了对比。结果如下:
已删除键: 6
已修改键: 42
新建键 : 32
已删除键
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\@
键值: <值未设置>
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru\@
键值: <值未设置>
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\4\1\0\0
键值: 类型: reg_binary 长度: 54 字节
34 00 31 00 00 00 00 00 f4 32 d1 0d 10 00 44 41 | 4.1......2....da
54 41 00 00 20 00 03 00 04 00 ef be 8b 33 39 15 | ta.. ........39.
8a 33 00 80 14 00 00 00 44 00 61 00 74 00 61 00 | .3......d.a.t.a.
00 00 14 00 00 00 | ......
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\4\1\0\0\mrulistex
键值: 类型: reg_binary 长度: 4 字节
ff ff ff ff | ....
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\4\1\0\0\nodeslot
键值: dword: 316 (0x13c)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\vitas\regsnap\estimreg\@
键值: <值未设置>
————–
位置总数: 6
已修改键
hkey_local_machine\sam\sam\domains\account\f
新建键
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru\a
另外:下面的键值,regsnap处理失败。
sac子键 主键为secrets
sai子键 主键为secrets
scm:{c36729c6-65cb-4a6f-8b96-53ff94e3a8d2} 主键为secrets
scm:{d0362cf9-9dac-4898-8d1a-cc11034b1b68} 主键为secrets
scm:{d1362cf9-9dac-4898-8d1a-cc11034b1b68} 主键为secrets
old value: 类型: reg_binary 长度: 240 字节
02 00 01 00 00 00 00 00 00 95 c0 da fb d9 c5 01 | ................
2e 00 00 00 00 00 00 00 00 00 00 00 40 de ff ff | ............@...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................
00 cc 1d cf fb ff ff ff 00 cc 1d cf fb ff ff ff | ................
00 00 00 00 00 00 00 00 f1 03 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................
01 00 00 00 01 00 01 00 01 00 00 00 38 00 00 00 | ............8...
81 60 6a 3c 3d c7 f6 68 83 06 42 e9 7d b6 6e f5 | .`j<=..h..b.}.n.
24 39 a1 fb 9d b0 62 c2 36 8e 38 c5 bf 0b c3 65 | $9....b.6.8....e
91 26 79 b0 1e 31 73 73 68 a8 75 11 ab 92 bd 43 | .&y..1ssh.u....c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................
new value: 类型: reg_binary 长度: 240 字节
02 00 01 00 00 00 00 00 00 95 c0 da fb d9 c5 01 | ................
2e 00 00 00 00 00 00 00 00 00 00 00 40 de ff ff | ............@...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................
00 cc 1d cf fb ff ff ff 00 cc 1d cf fb ff ff ff | ................
00 00 00 00 00 00 00 00 f1 03 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................
01 00 00 00 02 00 01 00 01 00 00 00 38 00 00 00 | ............8...
81 60 6a 3c 3d c7 f6 68 83 06 42 e9 7d b6 6e f5 | .`j<=..h..b.}.n.
a6 c4 ef d3 1e fc 17 d9 9a 85 45 af fc bf 3d 01 | ..........e...=.
c7 58 bd eb 55 41 b4 55 15 c6 80 1d bc a0 32 81 | .x..ua.u......2.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................
hkey_local_machine\security\policy\polsecretencryptionkey\@
old value: 类型: reg_none 长度: 76 字节
01 00 00 00 01 00 00 00 00 00 00 00 4e 76 57 e0 | ............nvw.
64 0b f0 7e 95 55 96 f9 4d ca 81 58 84 0e 73 fa | d..~.u..m..x..s.
4d f9 2d 56 13 8a 0b 46 ed 10 cd e8 4b 4f 65 7e | m.-v...f....koe~
28 cb 8f e2 0f d5 45 29 08 6c fb 55 64 c9 f1 14 | (.....e).l.ud...
e4 f2 8a df b6 38 9c c0 36 38 47 05 | .....8..68g.
new value: 类型: reg_none 长度: 76 字节
01 00 00 00 02 00 00 00 00 00 00 00 fb 14 13 41 | ...............a
31 04 ef 2a 72 6c 3d a1 c4 29 87 62 17 fc 99 a8 | 1..*rl=..).b....
18 7d 2e 5e 77 5d 0b 52 5f a0 80 d7 a7 ff a2 79 | .}.^w].r_......y
6a 30 db f9 fb 6a f1 1d 98 99 1d d7 64 c9 f1 14 | j0...j......d...
e4 f2 8a df b6 38 9c c0 36 38 47 05 | .....8..68g.
hkey_local_machine\security\sam\domains\account\f
old value: 类型: reg_binary 长度: 240 字节
02 00 01 00 00 00 00 00 00 95 c0 da fb d9 c5 01 | ................
2e 00 00 00 00 00 00 00 00 00 00 00 40 de ff ff | ............@...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................
00 cc 1d cf fb ff ff ff 00 cc 1d cf fb ff ff ff | ................
00 00 00 00 00 00 00 00 f1 03 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................
01 00 00 00 01 00 01 00 01 00 00 00 38 00 00 00 | ............8...
81 60 6a 3c 3d c7 f6 68 83 06 42 e9 7d b6 6e f5 | .`j<=..h..b.}.n.
24 39 a1 fb 9d b0 62 c2 36 8e 38 c5 bf 0b c3 65 | $9....b.6.8....e
91 26 79 b0 1e 31 73 73 68 a8 75 11 ab 92 bd 43 | .&y..1ssh.u....c
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................
new value: 类型: reg_binary 长度: 240 字节
02 00 01 00 00 00 00 00 00 95 c0 da fb d9 c5 01 | ................
2e 00 00 00 00 00 00 00 00 00 00 00 40 de ff ff | ............@...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 | ................
00 cc 1d cf fb ff ff ff 00 cc 1d cf fb ff ff ff | ................
00 00 00 00 00 00 00 00 f1 03 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 | ................
01 00 00 00 02 00 01 00 01 00 00 00 38 00 00 00 | ............8...
81 60 6a 3c 3d c7 f6 68 83 06 42 e9 7d b6 6e f5 | .`j<=..h..b.}.n.
a6 c4 ef d3 1e fc 17 d9 9a 85 45 af fc bf 3d 01 | ..........e...=.
c7 58 bd eb 55 41 b4 55 15 c6 80 1d bc a0 32 81 | .x..ua.u......2.
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 | ................
hkey_local_machine\software\microsoft\cryptography\rng\seed
old value: 类型: reg_binary 长度: 80 字节
a3 6b 11 04 45 1b cb aa f2 5f 41 5e 35 44 c8 1a | .k..e...._a^5d..
72 26 3f d6 b9 07 a5 52 f1 78 ef 01 f0 75 3e 5c | r&?....r.x...u>\
cf 30 2b 7b 38 e1 6f b9 69 4a 12 3c 6c 0e 59 8a | .0+{8.o.ij.<l.y.
9a 9f da 5b cf 8a 2c 3a 7f 6b 0b 36 91 f1 f3 29 | ...[..,:k.6...)
c1 5f 23 f5 21 0f 5f 25 28 c8 be 10 66 5f a1 83 | ._#.!._%(...f_..
new value: 类型: reg_binary 长度: 80 字节
7f 26 b5 c4 b4 ab 28 c6 09 81 c9 bf 29 45 76 17 | &....(.....)ev.
83 25 ac a7 9c 3a c8 8a 81 eb 64 13 f1 32 b1 98 | .%...:....d..2..
5c c6 57 61 fb 98 fd 06 d4 b9 75 a4 03 77 f4 da | \.wa......u..w..
42 3f bf 26 8e d7 00 ac 91 19 b3 da 4a 93 d3 fa | b?.&........j...
f2 24 96 aa bc 41 4b a3 d0 70 e7 aa 57 5d f4 4b | .$...ak..p..w].k
hkey_local_machine\software\microsoft\windows nt\currentversion\prefetcher\tracesprocessed
old value: dword: 39 (0x27)
new value: dword: 43 (0x2b)
hkey_local_machine\software\microsoft\windows nt\currentversion\prefetcher\tracessuccessful
old value: dword: 34 (0x22)
new value: dword: 35 (0x23)
hkey_local_machine\system\controlset001\control\lsa\data\pattern
old value: 类型: reg_binary 长度: 64 字节
29 01 c4 ca e0 fe d1 7f 15 76 60 ef e4 0a db 74 | ).......v`....t
34 65 63 30 33 36 65 39 00 fd 07 00 d0 3c 00 00 | 4ec036e9.....<..
34 fa 07 00 56 82 51 74 20 fa 07 00 40 fd 07 00 | 4...v.qt ...@...
4c fd 07 00 39 a1 2e f0 a5 3c c0 34 eb 38 c3 4e | l...9....<.4.8.n
new value: 类型: reg_binary 长度: 64 字节
75 21 db 65 5f 0c ac be 5e 73 0e d1 53 17 92 6e | u!.e_...^s..s..n
37 62 33 62 38 34 62 62 00 00 00 00 01 00 00 00 | 7b3b84bb........
e0 00 00 00 ec 00 00 00 4c f3 07 00 a3 2f 00 01 | ........l..../..
04 00 00 00 cc d7 da 77 02 00 00 00 2f 63 85 b2 | .......w..../c..
hkey_local_machine\system\controlset001\control\lsa\gbg\grafblumgroup
old value: 类型: reg_binary 长度: 9 字节
74 af eb 33 35 36 fa 4b 56 | t..356.kv
new value: 类型: reg_binary 长度: 9 字节
33 25 45 19 dd 53 77 9a 37 | 3%e..sw.7
hkey_local_machine\system\controlset001\control\lsa\jd\lookup
old value: 类型: reg_binary 长度: 6 字节
6c 91 75 ad 2f 57 | l.u./w
new value: 类型: reg_binary 长度: 6 字节
9d f6 f0 45 61 0d | ...ea.
hkey_local_machine\system\controlset001\control\lsa\secureboot
old value: dword: 1 (0x1)
new value: dword: 2 (0x2)
hkey_local_machine\system\controlset001\control\lsa\skew1\skewmatrix
old value: 类型: reg_binary 长度: 16 字节
2d be 2c 02 de e9 ed 82 c2 89 f9 5f 90 f7 5f f0 | -.,........_.._.
new value: 类型: reg_binary 长度: 16 字节
7d cc 3c 35 80 0d 36 ce 7c 4c 40 c7 9a 02 dc 74 | }.<5..6.|l@....t
hkey_local_machine\system\currentcontrolset\control\lsa\data\pattern
old value: 类型: reg_binary 长度: 64 字节
29 01 c4 ca e0 fe d1 7f 15 76 60 ef e4 0a db 74 | ).......v`....t
34 65 63 30 33 36 65 39 00 fd 07 00 d0 3c 00 00 | 4ec036e9.....<..
34 fa 07 00 56 82 51 74 20 fa 07 00 40 fd 07 00 | 4...v.qt ...@...
4c fd 07 00 39 a1 2e f0 a5 3c c0 34 eb 38 c3 4e | l...9....<.4.8.n
new value: 类型: reg_binary 长度: 64 字节
75 21 db 65 5f 0c ac be 5e 73 0e d1 53 17 92 6e | u!.e_...^s..s..n
37 62 33 62 38 34 62 62 00 00 00 00 01 00 00 00 | 7b3b84bb........
e0 00 00 00 ec 00 00 00 4c f3 07 00 a3 2f 00 01 | ........l..../..
04 00 00 00 cc d7 da 77 02 00 00 00 2f 63 85 b2 | .......w..../c..
hkey_local_machine\system\currentcontrolset\control\lsa\gbg\grafblumgroup
old value: 类型: reg_binary 长度: 9 字节
74 af eb 33 35 36 fa 4b 56 | t..356.kv
new value: 类型: reg_binary 长度: 9 字节
33 25 45 19 dd 53 77 9a 37 | 3%e..sw.7
hkey_local_machine\system\currentcontrolset\control\lsa\jd\lookup
old value: 类型: reg_binary 长度: 6 字节
6c 91 75 ad 2f 57 | l.u./w
new value: 类型: reg_binary 长度: 6 字节
9d f6 f0 45 61 0d | ...ea.
hkey_local_machine\system\currentcontrolset\control\lsa\secureboot
old value: dword: 1 (0x1)
new value: dword: 2 (0x2)
hkey_local_machine\system\currentcontrolset\control\lsa\skew1\skewmatrix
old value: 类型: reg_binary 长度: 16 字节
2d be 2c 02 de e9 ed 82 c2 89 f9 5f 90 f7 5f f0 | -.,........_.._.
new value: 类型: reg_binary 长度: 16 字节
7d cc 3c 35 80 0d 36 ce 7c 4c 40 c7 9a 02 dc 74 | }.<5..6.|l@....t
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\notepad\iwindowposx
old value: dword: 87 (0x57)
new value: dword: 120 (0x78)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\notepad\iwindowposy
old value: dword: 114 (0x72)
new value: dword: 366 (0x16e)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\discardable\postsetup\shellnew\~reserved~
旧值: 类型: reg_binary 长度: 24 字节
18 00 00 00 01 00 01 00 d6 07 03 00 02 00 07 00 | ................
11 00 0d 00 3b 00 8c 00 | ....;...
新值: 类型: reg_binary 长度: 24 字节
18 00 00 00 01 00 01 00 d6 07 03 00 04 00 09 00 | ................
15 00 0e 00 2b 00 67 01 | ....+.g.
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\mrulistex
旧值: 类型: reg_binary 长度: 12 字节
01 00 00 00 00 00 00 00 ff ff ff ff | ............
新值: 类型: reg_binary 长度: 20 字节
03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 | ................
ff ff ff ff | ....
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count\hrzr_ehacngu
旧值: 类型: reg_binary 长度: 16 字节
82 00 00 00 20 1e 00 00 40 28 5a 34 7b 43 c6 01 | .... ...@(z4{c..
新值: 类型: reg_binary 长度: 16 字节
82 00 00 00 27 1e 00 00 80 f3 c8 86 7c 43 c6 01 | ...........|c..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count\hrzr_ehacngu:::{20q04sr0-3nrn-1069-n2q8-08002o30309q}
旧值: 类型: reg_binary 长度: 16 字节
82 00 00 00 8a 07 00 00 00 bd dd 2e 7b 43 c6 01 | ............{c..
新值: 类型: reg_binary 长度: 16 字节
82 00 00 00 8b 07 00 00 40 66 9b 59 7c 43 c6 01 | ........@f.y|c..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count\hrzr_ehacngu:::{450q8son-nq25-11q0-98n8-0800361o1103}
旧值: 类型: reg_binary 长度: 16 字节
75 00 00 00 1a 00 00 00 70 9a bb 9a a0 3b c6 01 | u.......p....;..
新值: 类型: reg_binary 长度: 16 字节
82 00 00 00 14 00 00 00 b0 5a 31 7d 7c 43 c6 01 | .........z1}|c..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count\hrzr_ehacngu:p:\jvaqbjf\ertrqvg.rkr
旧值: 类型: reg_binary 长度: 16 字节
78 00 00 00 06 00 00 00 c0 90 95 85 e3 3d c6 01 | x............=..
新值: 类型: reg_binary 长度: 16 字节
82 00 00 00 06 00 00 00 b0 27 2c 60 7c 43 c6 01 | .........,`|c..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count\hrzr_ehacngu:p:\jvaqbjf\flfgrz32\abgrcnq.rkr
旧值: 类型: reg_binary 长度: 16 字节
7e 00 00 00 0f 01 00 00 f0 1f 93 bb e7 41 c6 01 | ~............a..
新值: 类型: reg_binary 长度: 16 字节
82 00 00 00 0f 01 00 00 70 df e1 6f 7b 43 c6 01 | ........p..o{c..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count\hrzr_hvfphg
旧值: 类型: reg_binary 长度: 16 字节
82 00 00 00 fb 10 00 00 00 bd dd 2e 7b 43 c6 01 | ............{c..
新值: 类型: reg_binary 长度: 16 字节
82 00 00 00 ff 10 00 00 b0 5a 31 7d 7c 43 c6 01 | .........z1}|c..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0005a87d-d626-4b3a-84f9-1d9571695f55}\iexplore\count
旧值: dword: 168 (0xa8)
新值: dword: 171 (0xab)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{0005a87d-d626-4b3a-84f9-1d9571695f55}\iexplore\time
旧值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 0c 00 39 00 86 01 | ............9...
新值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 16 00 12 00 28 01 | ..............(.
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}\iexplore\count
旧值: dword: 168 (0xa8)
新值: dword: 171 (0xab)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3}\iexplore\time
旧值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 0c 00 39 00 86 01 | ............9...
新值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 16 00 12 00 28 01 | ..............(.
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{33bbe430-0e42-4f12-b075-8d21acb10dcb}\iexplore\count
旧值: dword: 168 (0xa8)
新值: dword: 171 (0xab)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{33bbe430-0e42-4f12-b075-8d21acb10dcb}\iexplore\time
旧值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 0c 00 39 00 86 01 | ............9...
新值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 16 00 12 00 28 01 | ..............(.
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{62eed7c6-9f02-42f9-b634-98e2899e147b}\iexplore\count
旧值: dword: 168 (0xa8)
新值: dword: 171 (0xab)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\ext\stats\{62eed7c6-9f02-42f9-b634-98e2899e147b}\iexplore\time
旧值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 0c 00 39 00 86 01 | ............9...
新值: 类型: reg_binary 长度: 16 字节
d6 07 03 00 04 00 09 00 0d 00 16 00 12 00 28 01 | ..............(.
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shell\bags\1\desktop\itempos800x600(1)
旧值: 类型: reg_binary 长度: 856 字节
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
68 00 00 00 a4 00 00 00 14 00 1f 48 ba 8f 0d 45 | h..........h...e
25 ad d0 11 98 a8 08 00 36 1b 11 03 18 00 00 00 | %.......6.......
02 00 00 00 14 00 1f 50 e0 4f d0 20 ea 3a 69 10 | .......p.o. .:i.
a2 d8 08 00 2b 30 30 9d 18 00 00 00 53 00 00 00 | ....+00.....s...
14 00 1f 58 60 2c 8d 20 ea 3a 69 10 a2 d7 08 00 | ...x`,. .:i.....
2b 30 30 9d 18 00 00 00 a4 00 00 00 14 00 1f 60 | +00............`
40 f0 5f 64 81 50 1b 10 9f 08 00 aa 00 2f 95 4e | @._d.p......./.n
18 00 00 00 f5 00 00 00 30 00 35 00 00 00 00 00 | ........0.5.....
66 33 75 2c 10 00 00 5f d1 53 00 00 1c 00 03 00 | f3u,..._.s......
04 00 ef be 66 33 75 2c 68 34 00 80 14 00 00 00 | ....f3u,h4......
00 5f d1 53 00 00 14 00 18 00 00 00 97 01 00 00 | ._.s............
30 00 35 00 00 00 00 00 5a 33 10 49 10 00 38 6e | 0.5.....z3.i..8n
0f 62 00 00 1c 00 03 00 04 00 ef be 5a 33 10 49 | .b..........z3.i
65 34 00 80 14 00 00 00 38 6e 0f 62 00 00 14 00 | e4......8n.b....
68 00 00 00 46 01 00 00 4c 00 32 00 15 02 00 00 | h...f...l.2.....
5b 33 2f 67 20 00 49 43 45 53 57 4f 52 44 2e 4c | [3/g .icesword.l
4e 4b 00 00 30 00 03 00 04 00 ef be 5b 33 2f 67 | nk..0.......[3/g
68 34 00 80 14 00 00 00 49 00 63 00 65 00 53 00 | h4......i.c.e.s.
77 00 6f 00 72 00 64 00 2e 00 6c 00 6e 00 6b 00 | w.o.r.d...l.n.k.
00 00 1c 00 18 00 00 00 e8 01 00 00 46 00 32 00 | ............f.2.
35 02 00 00 5a 33 ed 45 20 00 57 49 4e 41 4d 50 | 5...z3.e .winamp
2e 4c 4e 4b 00 00 2c 00 03 00 04 00 ef be 5a 33 | .lnk..,.......z3
0d 44 68 34 00 80 14 00 00 00 57 00 49 00 4e 00 | .dh4......w.i.n.
41 00 4d 00 50 00 2e 00 4c 00 4e 00 4b 00 00 00 | a.m.p...l.n.k...
1a 00 68 00 00 00 02 00 00 00 52 00 32 00 f7 02 | ..h.......r.2...
00 00 65 33 6e 67 20 00 57 49 4e 44 4f 57 7e 31 | ..e3ng .window~1
2e 4c 4e 4b 00 00 36 00 03 00 04 00 ef be 65 33 | .lnk..6.......e3
6e 67 68 34 00 80 14 00 00 00 77 00 69 00 6e 00 | ngh4......w.i.n.
64 00 6f 00 77 00 73 00 18 4f 16 53 27 59 08 5e | d.o.w.s..o.sy.^
2e 00 6c 00 6e 00 6b 00 00 00 1c 00 68 00 00 00 | ..l.n.k.....h...
53 00 00 00 54 00 36 00 dc 05 00 00 5a 33 4f 42 | s...t.6.....z3ob
20 00 7e 81 af 8b 51 00 51 00 ca 73 5a 74 6b 86 | .~...q.q..sztk.
48 72 2e 00 6c 00 6e 00 30 00 03 00 04 00 ef be | hr..l.n.0.......
5a 33 4f 42 68 34 00 80 14 00 00 00 7e 81 af 8b | z3obh4......~...
51 00 51 00 ca 73 5a 74 6b 86 48 72 2e 00 6c 00 | q.q..sztk.hr..l.
6e 00 6b 00 00 00 24 00 68 00 00 00 97 01 00 00 | n.k...$.h.......
48 00 36 00 e3 05 00 00 65 34 3c 6b 20 00 43 53 | h.6.....e4<k .cs
43 53 59 97 2c 54 2e 00 6c 00 6e 00 6b 00 00 00 | csy.,t..l.n.k...
28 00 03 00 04 00 ef be 65 34 3b 6b 68 34 00 80 | (.......e4;kh4..
14 00 00 00 43 53 43 53 59 97 2c 54 2e 00 6c 00 | ....cscsy.,t..l.
6e 00 6b 00 00 00 20 00 18 00 00 00 46 01 00 00 | n.k... .....f...
58 00 32 00 79 09 00 00 61 34 50 6d 20 00 4f 50 | x.2.y...a4pm .op
45 4e 4f 46 7e 31 2e 4c 4e 4b 00 00 3c 00 03 00 | enof~1.lnk..<...
04 00 ef be 6e 33 2c 6f 68 34 00 80 14 00 00 00 | ....n3,oh4......
4f 00 70 00 65 00 6e 00 4f 00 66 00 66 00 69 00 | o.p.e.n.o.f.f.i.
63 00 65 00 20 00 32 00 2e 00 30 00 2e 00 6c 00 | c.e. .2...0...l.
6e 00 6b 00 00 00 1c 00 68 00 00 00 f5 00 00 00 | n.k.....h.......
4c 00 32 00 00 6c 01 00 04 31 90 06 20 00 49 45 | l.2..l...1.. .ie
58 50 4c 4f 52 45 2e 45 58 45 00 00 30 00 03 00 | xplore.exe..0...
04 00 ef be 51 34 2c 44 68 34 00 80 14 00 00 00 | ....q4,dh4......
49 00 45 00 58 00 50 00 4c 00 4f 00 52 00 45 00 | i.e.x.p.l.o.r.e.
2e 00 45 00 58 00 45 00 00 00 1c 00 68 00 00 00 | ..e.x.e.....h...
f5 00 00 00 00 00 00 00 | ........
新值: 类型: reg_binary 长度: 944 字节
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
68 00 00 00 a4 00 00 00 14 00 1f 48 ba 8f 0d 45 | h..........h...e
25 ad d0 11 98 a8 08 00 36 1b 11 03 18 00 00 00 | %.......6.......
02 00 00 00 14 00 1f 50 e0 4f d0 20 ea 3a 69 10 | .......p.o. .:i.
a2 d8 08 00 2b 30 30 9d 18 00 00 00 53 00 00 00 | ....+00.....s...
14 00 1f 58 60 2c 8d 20 ea 3a 69 10 a2 d7 08 00 | ...x`,. .:i.....
2b 30 30 9d 18 00 00 00 a4 00 00 00 14 00 1f 60 | +00............`
40 f0 5f 64 81 50 1b 10 9f 08 00 aa 00 2f 95 4e | @._d.p......./.n
18 00 00 00 f5 00 00 00 30 00 35 00 00 00 00 00 | ........0.5.....
66 33 75 2c 10 00 00 5f d1 53 00 00 1c 00 03 00 | f3u,..._.s......
04 00 ef be 66 33 75 2c 68 34 00 80 14 00 00 00 | ....f3u,h4......
00 5f d1 53 00 00 14 00 18 00 00 00 97 01 00 00 | ._.s............
30 00 35 00 00 00 00 00 5a 33 10 49 10 00 38 6e | 0.5.....z3.i..8n
0f 62 00 00 1c 00 03 00 04 00 ef be 5a 33 10 49 | .b..........z3.i
65 34 00 80 14 00 00 00 38 6e 0f 62 00 00 14 00 | e4......8n.b....
68 00 00 00 e8 01 00 00 50 00 36 00 b1 00 00 00 | h.......p.6.....
69 34 a5 6a 20 00 b0 65 fa 5e 20 00 87 65 2c 67 | i4.j ..e.^ ..e,g
87 65 63 68 2e 00 74 00 78 00 2e 00 03 00 04 00 | .ech..t.x.......
ef be 69 34 d7 69 68 34 00 80 14 00 00 00 b0 65 | ..i4.ih4.......e
fa 5e 20 00 87 65 2c 67 87 65 63 68 2e 00 74 00 | .^ ..e,g.ech..t.
78 00 74 00 00 00 22 00 68 00 00 00 46 01 00 00 | x.t...".h...f...
4c 00 32 00 15 02 00 00 5b 33 2f 67 20 00 49 43 | l.2.....[3/g .ic
45 53 57 4f 52 44 2e 4c 4e 4b 00 00 30 00 03 00 | esword.lnk..0...
04 00 ef be 5b 33 2f 67 68 34 00 80 14 00 00 00 | ....[3/gh4......
49 00 63 00 65 00 53 00 77 00 6f 00 72 00 64 00 | i.c.e.s.w.o.r.d.
2e 00 6c 00 6e 00 6b 00 00 00 1c 00 18 00 00 00 | ..l.n.k.........
e8 01 00 00 46 00 32 00 35 02 00 00 5a 33 ed 45 | ....f.2.5...z3.e
20 00 57 49 4e 41 4d 50 2e 4c 4e 4b 00 00 2c 00 | .winamp.lnk..,.
03 00 04 00 ef be 5a 33 0d 44 68 34 00 80 14 00 | ......z3.dh4....
00 00 57 00 49 00 4e 00 41 00 4d 00 50 00 2e 00 | ..w.i.n.a.m.p...
4c 00 4e 00 4b 00 00 00 1a 00 68 00 00 00 02 00 | l.n.k.....h.....
00 00 52 00 32 00 f7 02 00 00 65 33 6e 67 20 00 | ..r.2.....e3ng .
57 49 4e 44 4f 57 7e 31 2e 4c 4e 4b 00 00 36 00 | window~1.lnk..6.
03 00 04 00 ef be 65 33 6e 67 68 34 00 80 14 00 | ......e3ngh4....
00 00 77 00 69 00 6e 00 64 00 6f 00 77 00 73 00 | ..w.i.n.d.o.w.s.
18 4f 16 53 27 59 08 5e 2e 00 6c 00 6e 00 6b 00 | .o.sy.^..l.n.k.
00 00 1c 00 68 00 00 00 53 00 00 00 54 00 36 00 | ....h...s...t.6.
dc 05 00 00 5a 33 4f 42 20 00 7e 81 af 8b 51 00 | ....z3ob .~...q.
51 00 ca 73 5a 74 6b 86 48 72 2e 00 6c 00 6e 00 | q..sztk.hr..l.n.
30 00 03 00 04 00 ef be 5a 33 4f 42 68 34 00 80 | 0.......z3obh4..
14 00 00 00 7e 81 af 8b 51 00 51 00 ca 73 5a 74 | ....~...q.q..szt
6b 86 48 72 2e 00 6c 00 6e 00 6b 00 00 00 24 00 | k.hr..l.n.k...$.
68 00 00 00 97 01 00 00 48 00 36 00 e3 05 00 00 | h.......h.6.....
65 34 3c 6b 20 00 43 53 43 53 59 97 2c 54 2e 00 | e4<k .cscsy.,t..
6c 00 6e 00 6b 00 00 00 28 00 03 00 04 00 ef be | l.n.k...(.......
65 34 3b 6b 68 34 00 80 14 00 00 00 43 53 43 53 | e4;kh4......cscs
59 97 2c 54 2e 00 6c 00 6e 00 6b 00 00 00 20 00 | y.,t..l.n.k... .
18 00 00 00 46 01 00 00 58 00 32 00 79 09 00 00 | ....f...x.2.y...
61 34 50 6d 20 00 4f 50 45 4e 4f 46 7e 31 2e 4c | a4pm .openof~1.l
4e 4b 00 00 3c 00 03 00 04 00 ef be 6e 33 2c 6f | nk..<.......n3,o
68 34 00 80 14 00 00 00 4f 00 70 00 65 00 6e 00 | h4......o.p.e.n.
4f 00 66 00 66 00 69 00 63 00 65 00 20 00 32 00 | o.f.f.i.c.e. .2.
2e 00 30 00 2e 00 6c 00 6e 00 6b 00 00 00 1c 00 | ..0...l.n.k.....
68 00 00 00 f5 00 00 00 4c 00 32 00 00 6c 01 00 | h.......l.2..l..
04 31 90 06 20 00 49 45 58 50 4c 4f 52 45 2e 45 | .1.. .iexplore.e
58 45 00 00 30 00 03 00 04 00 ef be 51 34 2c 44 | xe..0.......q4,d
68 34 00 80 14 00 00 00 49 00 45 00 58 00 50 00 | h4......i.e.x.p.
4c 00 4f 00 52 00 45 00 2e 00 45 00 58 00 45 00 | l.o.r.e...e.x.e.
00 00 1c 00 68 00 00 00 f5 00 00 00 00 00 00 00 | ....h...........
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\4\1\0\mrulistex
旧值: 类型: reg_binary 长度: 8 字节
00 00 00 00 ff ff ff ff | ........
新值: 类型: reg_binary 长度: 4 字节
ff ff ff ff | ....
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\mrulistex
旧值: 类型: reg_binary 长度: 16 字节
00 00 00 00 05 00 00 00 04 00 00 00 ff ff ff ff | ................
新值: 类型: reg_binary 长度: 20 字节
01 00 00 00 00 00 00 00 05 00 00 00 04 00 00 00 | ................
ff ff ff ff | ....
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bags\1\shell\colinfo
旧值: 类型: reg_binary 长度: 98 字节
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
fd df df fd 0f 00 05 00 24 00 10 00 00 00 2e 00 | ........$.......
00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................
04 00 00 00 78 00 96 00 60 00 60 00 78 00 00 00 | ....x...`.`.x...
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 | ..
新值: 类型: reg_binary 长度: 122 字节
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
fd df df fd 0f 00 05 00 24 00 10 00 2e 00 46 00 | ........$.....f.
00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................
04 00 00 00 78 00 96 00 60 00 60 00 78 00 00 00 | ....x...`.`.x...
00 00 01 00 00 00 02 00 00 00 03 00 00 00 05 00 | ................
00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 | ..........
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bags\316\shell\colinfo
旧值: 类型: reg_binary 长度: 92 字节
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
fd df df fd 0f 00 04 00 20 00 10 00 00 00 28 00 | ........ .....(.
00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................
b4 00 60 00 78 00 78 00 00 00 00 00 00 00 00 00 | ..`.x.x.........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 | ............
新值: 类型: reg_binary 长度: 118 字节
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
fd df df fd 0f 00 05 00 24 00 10 00 2e 00 42 00 | ........$.....b.
00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 | ................
04 00 00 00 b4 00 60 00 78 00 78 00 78 00 00 00 | ......`.x.x.x...
00 00 01 00 00 00 02 00 00 00 03 00 00 00 ff ff | ................
ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 | ......
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bags\316\shell\foldertype
旧值: 字串: "documents"
新值: 字串: "mydocuments"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bags\316\shell\scrollpos800x600(1).y
旧值: dword: 0 (0)
新值: dword: 407 (0x197)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\vitas\regsnap\startupwizard\mode
旧值: dword: 0 (0)
新值: dword: 3 (0x3)
————–
位置总数: 42
键值: 类型: reg_binary 长度: 112 字节
72 00 65 00 67 00 65 00 64 00 69 00 74 00 2e 00 | r.e.g.e.d.i.t...
65 00 78 00 65 00 00 00 43 00 3a 00 5c 00 44 00 | e.x.e...c.:.\.d.
6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 73 00 | o.c.u.m.e.n.t.s.
20 00 61 00 6e 00 64 00 20 00 53 00 65 00 74 00 | .a.n.d. .s.e.t.
74 00 69 00 6e 00 67 00 73 00 5c 00 72 00 6f 00 | t.i.n.g.s.\.r.o.
6f 00 74 00 5c 00 4d 00 79 00 20 00 44 00 6f 00 | o.t.\.m.y. .d.o.
63 00 75 00 6d 00 65 00 6e 00 74 00 73 00 00 00 | c.u.m.e.n.t.s...
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru\b
键值: 类型: reg_binary 长度: 112 字节
52 00 65 00 67 00 53 00 6e 00 61 00 70 00 2e 00 | r.e.g.s.n.a.p...
65 00 78 00 65 00 00 00 43 00 3a 00 5c 00 44 00 | e.x.e...c.:.\.d.
6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 73 00 | o.c.u.m.e.n.t.s.
20 00 61 00 6e 00 64 00 20 00 53 00 65 00 74 00 | .a.n.d. .s.e.t.
74 00 69 00 6e 00 67 00 73 00 5c 00 72 00 6f 00 | t.i.n.g.s.\.r.o.
6f 00 74 00 5c 00 4d 00 79 00 20 00 44 00 6f 00 | o.t.\.m.y. .d.o.
63 00 75 00 6d 00 65 00 6e 00 74 00 73 00 00 00 | c.u.m.e.n.t.s...
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru\mrulist
键值: 字串: "ba"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*\a
键值: 字串: "c:\documents and settings\root\my documents\2006.reg"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*\b
键值: 字串: "c:\documents and settings\root\my documents\rg-kernelsky-root-030906212109.rgs"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*\mrulist
键值: 字串: "ba"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\reg\a
键值: 字串: "c:\documents and settings\root\my documents\2006.reg"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\reg\mrulist
键值: 字串: "a"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\rgs\a
键值: 字串: "c:\documents and settings\root\my documents\rg-kernelsky-root-030906212109.rgs"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\rgs\mrulist
键值: 字串: "a"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\.rgs\openwithlist\a
键值: 字串: "regsnap.exe"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\fileexts\.rgs\openwithlist\mrulist
键值: 字串: "a"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rgs\0
键值: 类型: reg_binary 长度: 226 字节
72 00 67 00 2d 00 6b 00 65 00 72 00 6e 00 65 00 | r.g.-.k.e.r.n.e.
6c 00 73 00 6b 00 79 00 2d 00 72 00 6f 00 6f 00 | l.s.k.y.-.r.o.o.
74 00 2d 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.
32 00 31 00 32 00 31 00 30 00 39 00 2e 00 72 00 | 2.1.2.1.0.9...r.
67 00 73 00 00 00 9a 00 32 00 00 00 00 00 00 00 | g.s.....2.......
00 00 00 00 72 67 2d 6b 65 72 6e 65 6c 73 6b 79 | ....rg-kernelsky
2d 72 6f 6f 74 2d 30 33 30 39 30 36 32 31 32 31 | -root-0309062121
30 39 2e 72 67 73 2e 6c 6e 6b 00 00 64 00 03 00 | 09.rgs.lnk..d...
04 00 ef be 00 00 00 00 00 00 00 00 14 00 00 00 | ................
72 00 67 00 2d 00 6b 00 65 00 72 00 6e 00 65 00 | r.g.-.k.e.r.n.e.
6c 00 73 00 6b 00 79 00 2d 00 72 00 6f 00 6f 00 | l.s.k.y.-.r.o.o.
74 00 2d 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.
32 00 31 00 32 00 31 00 30 00 39 00 2e 00 72 00 | 2.1.2.1.0.9...r.
67 00 73 00 2e 00 6c 00 6e 00 6b 00 00 00 36 00 | g.s...l.n.k...6.
00 00 | ..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.rgs\mrulistex
键值: 类型: reg_binary 长度: 8 字节
00 00 00 00 ff ff ff ff | ........
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt\0
键值: 类型: reg_binary 长度: 126 字节
b0 65 fa 5e 20 00 87 65 2c 67 87 65 63 68 2e 00 | .e.^ ..e,g.ech..
74 00 78 00 74 00 00 00 64 00 36 00 00 00 00 00 | t.x.t...d.6.....
00 00 00 00 00 00 b0 65 fa 5e 20 00 87 65 2c 67 | .......e.^ ..e,g
87 65 63 68 2e 00 74 00 78 00 74 00 2e 00 6c 00 | .ech..t.x.t...l.
6e 00 6b 00 00 00 36 00 03 00 04 00 ef be 00 00 | n.k...6.........
00 00 00 00 00 00 14 00 00 00 b0 65 fa 5e 20 00 | ...........e.^ .
87 65 2c 67 87 65 63 68 2e 00 74 00 78 00 74 00 | .e,g.ech..t.x.t.
2e 00 6c 00 6e 00 6b 00 00 00 2e 00 00 00 | ..l.n.k.......
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\.txt\mrulistex
键值: 类型: reg_binary 长度: 8 字节
00 00 00 00 ff ff ff ff | ........
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\2
键值: 类型: reg_binary 长度: 126 字节
b0 65 fa 5e 20 00 87 65 2c 67 87 65 63 68 2e 00 | .e.^ ..e,g.ech..
74 00 78 00 74 00 00 00 64 00 36 00 00 00 00 00 | t.x.t...d.6.....
00 00 00 00 00 00 b0 65 fa 5e 20 00 87 65 2c 67 | .......e.^ ..e,g
87 65 63 68 2e 00 74 00 78 00 74 00 2e 00 6c 00 | .ech..t.x.t...l.
6e 00 6b 00 00 00 36 00 03 00 04 00 ef be 00 00 | n.k...6.........
00 00 00 00 00 00 14 00 00 00 b0 65 fa 5e 20 00 | ...........e.^ .
87 65 2c 67 87 65 63 68 2e 00 74 00 78 00 74 00 | .e,g.ech..t.x.t.
2e 00 6c 00 6e 00 6b 00 00 00 2e 00 00 00 | ..l.n.k.......
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs\3
键值: 类型: reg_binary 长度: 226 字节
72 00 67 00 2d 00 6b 00 65 00 72 00 6e 00 65 00 | r.g.-.k.e.r.n.e.
6c 00 73 00 6b 00 79 00 2d 00 72 00 6f 00 6f 00 | l.s.k.y.-.r.o.o.
74 00 2d 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.
32 00 31 00 32 00 31 00 30 00 39 00 2e 00 72 00 | 2.1.2.1.0.9...r.
67 00 73 00 00 00 9a 00 32 00 00 00 00 00 00 00 | g.s.....2.......
00 00 00 00 72 67 2d 6b 65 72 6e 65 6c 73 6b 79 | ....rg-kernelsky
2d 72 6f 6f 74 2d 30 33 30 39 30 36 32 31 32 31 | -root-0309062121
30 39 2e 72 67 73 2e 6c 6e 6b 00 00 64 00 03 00 | 09.rgs.lnk..d...
04 00 ef be 00 00 00 00 00 00 00 00 14 00 00 00 | ................
72 00 67 00 2d 00 6b 00 65 00 72 00 6e 00 65 00 | r.g.-.k.e.r.n.e.
6c 00 73 00 6b 00 79 00 2d 00 72 00 6f 00 6f 00 | l.s.k.y.-.r.o.o.
74 00 2d 00 30 00 33 00 30 00 39 00 30 00 36 00 | t.-.0.3.0.9.0.6.
32 00 31 00 32 00 31 00 30 00 39 00 2e 00 72 00 | 2.1.2.1.0.9...r.
67 00 73 00 2e 00 6c 00 6e 00 6b 00 00 00 36 00 | g.s...l.n.k...6.
00 00 | ..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru\a
键值: 字串: "regedit\1"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru\b
键值: 字串: "syskey\1"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru\mrulist
键值: 字串: "ba"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\currentversion\explorer\userassist\{75048700-ef1f-11d0-9888-006097deacf9}\count\hrzr_ehacngu:p:\jvaqbjf\flfgrz32\flfxrl.rkr
键值: 类型: reg_binary 长度: 16 字节
82 00 00 00 07 00 00 00 80 f3 c8 86 7c 43 c6 01 | ............|c..
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\1
键值: 类型: reg_binary 长度: 22 字节
14 00 1f 48 ba 8f 0d 45 25 ad d0 11 98 a8 08 00 | ...h...e%.......
36 1b 11 03 00 00 | 6.....
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\1\mrulistex
键值: 类型: reg_binary 长度: 4 字节
ff ff ff ff | ....
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\bagmru\1\nodeslot
键值: dword: 316 (0x13c)
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\muicache\@c:\windows\system32\cryptext.dll,-6112
键值: 字串: "microsoft 系列证书存储"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\muicache\@c:\windows\system32\cryptext.dll,-6113
键值: 字串: "pkcs #7 签名"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\muicache\@c:\windows\system32\pdh.dll,-10023
键值: 字串: "性能监视器文件"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\muicache\@shell32.dll,-12689
键值: 字串: "包含音乐和其它音频文件。"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\muicache\c:\windows\regedit.exe
键值: 字串: "registry editor"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\microsoft\windows\shellnoroam\muicache\c:\windows\system32\syskey.exe
键值: 字串: "sam lock tool"
hkey_users\s-1-5-21-1645522239-1060284298-725345543-1003\software\vitas\regsnap\estimreg\f_root
键值: dword: 221082 (0x35f9a)
