1. Windows Registry
Registry Root Key
The registry is divided into the following 5 root keys
HKEY_LOCAL_MACHINE (HKLM) Save to local machine global settings
HKEY_CURRENT_USER (HKCU) Save current user-specific settings
HKEY_CLASSES_ROOT saving the type information of a definition
Hkey_current_config Save the settings for the current hardware configuration, especially the ones that are different from the current and standard configurations
Hkry_users define the default user, new user, and current user Configuration
The two most commonly used root keys are HKLM and HKCU. Some keys are actually virtual key values, providing a way to reference the underlying registry information. For example, the HKEY_CURRENT_USER key is actually stored in Hkey_users\sid, where the SID is the security descriptor of the currently logged-on user.
Parsing malicious Windows programs