MalScore
100/100
FXSCOVER.exe
| File details Download PDF Report | |
|---|---|
| File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File size: | 264.50 KB (270848 bytes) |
| Compile time: | 2018-07-28 23:09:56 |
| MD5: | 0fce96a8f1d3dd15eebded4dd9a2a987 |
| SHA1: | 820e86571679abdfddaebb3c3ae26f81ff23f34a |
| SHA256: | 078ae979ccbbaaa5c2e0c6313aa9ce682fc1c317e6738e5faa1133a03de453f6 |
| Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Sections 3 | .text��� .rsrc��� .reloc�� |
| Directories 3 | import resource relocation |
| First submission: | 2018-08-05 11:36:06 |
| Last submission: | 2018-08-05 11:36:06 |
| Filename detected: |
- FXSCOVER.exe (1) |
| URL file hosting |
|---|
hXXp://92.63.197.112/FXSCOVER.exe |
| Antivirus Report | |||
|---|---|---|---|
| Report Date | Detection Ratio | Permalink | Update |
| 2018-08-04 20:32:56 | [42/68] | |
|
| PE Sections 1 suspicious | |||||
|---|---|---|---|---|---|
| Name | VAddress | VSize | Size | MD5 | SHA1 |
| .text��� | 0x2000 | 0x417e4 | 268288 | e9977154034ac4aaada81606bb78b092 | 6e8dc0281ec4b9bb4688207c397ceb27efb92e41 |
| .rsrc��� | 0x44000 | 0x5f0 | 1536 | 10e7d28fe92ef49d6b8b1fa91defff7c | 9a3ce19bf13202953b958061f11be959dfb42763 |
| .reloc�� | 0x46000 | 0xc | 512 | 2514a00033ad3642295aed9546752ac3 | ad4c0dee80189fe1656fe70155043a1d68b022b9 |
| PE Resources | |||||
|---|---|---|---|---|---|
| Name | Offset | Size | Language | Sublanguage | Data |
| RT_VERSION | 0x440a0 | 944 | LANG_ENGLISH | SUBLANG_ENGLISH_US | |
| RT_MANIFEST | 0x44450 | 414 | LANG_ENGLISH | SUBLANG_ENGLISH_US | |
- API Alert
- Anti Debug
| Meta Info | |
|---|---|
| LegalCopyright: | \xa9 Microsoft Corporation. All rights reserved. |
| InternalName: | Broadcast DVR server |
| FileVersion: | 10.0.16299.248 (WinBuild.160101.0800) |
| CompanyName: | Microsoft Corporation |
| ProductVersion: | 10.0.16299.248 |
| FileDescription: | Broadcast DVR server |
| Translation: | 0x0409 0x04b0 |
| OriginalFilename: | bcastdvr.exe |
| ProductName: | Microsoft\xae Windows\xae Operating System |
| XOR | |
|---|---|
| No XOR informations found in this file. | |
| Signature | |
|---|---|
| This file isn't digitally signed | |
| Packer(s) | |
|---|---|
| Microsoft Visual C# / Basic .NET | |
| Microsoft Visual Studio .NET | |
| .NET executable | |
| Microsoft Visual C# v7.0 / Basic .NET | |
| File found | |
|---|---|
| FIle type: Library | |
| mscoree.dll | |
| IP Found | |
|---|---|
| No IP detected | |
| URL(s) | |
|---|---|
| http://schemas.microsoft.com/SMI/2005/WindowsSettings | |
Microsoft Corporation. All rights reserved.
Microsoft Corporation
VarFileInfo
FileVersion
InternalName
Windows
%&h
10.0.16299.248
StringFileInfo
Translation
%,v
10.0.16299.248 (WinBuild.160101.0800)
Operating System
Broadcast DVR server
VS_VERSION_INFO
bcastdvr.exe
ProductVersion
FileDescription
Microsoft
OriginalFilename
LegalCopyright
CompanyName
040904B0
ProductName
'&*)+)/.
%!^
ZYZf p
{ffXX
&Ha
efaf e
jY [8
KX q
Q*Z
aeYYeZZY}'
Int32
leeY &
&i) 5
3ZY 2
+{%
cqZ w
}BfaaXeYaaYaeZfXY _ 4
oA8
Yae Pu
phX
&oi 0|
rr Yf
feafefa
ZeeZ
=YeXZZXaZ
hoZ
d1e2ca54
b3d49912
UnverifiableCodeAttribute
Neaf V
ZXn(
XZY
+@Z .
fe .k
lZ YuX
6f 5b
XaXY
Z 5F
fXX O
Ja8T
5{Y :
Zfea
Z =
Z os
b4755fb0
sFa+
Zae
88ca97e1
YZeYeXaYY
Z oN
Z .
yg2 #"
;Z K
m30}Za8Q
(fef
h9gf
;Z [
fxa8
Z m
aeXYeffe +#
YKa
I)ea
Z `
0ZZaffe
eXa !z`
O Z
1509b1e4
iZXYaf
*a8
Z C
YfaYY
f68b6b98
(YY
af "2
M1eYZ
Fb>feefeaZXf o$
]a8B
%a Q
L.h
f121863f
sZ
eea
]a8P
h+F
System.Reflection.Emit
%Ccm)
Z bOa8
+8
*Zf
,XXY vc
_ a8W
(PMjX
Zfffa
e5Za8+
1Ha8
MZYY !
efX
]a8:
+a8
cae54697
5Y YR
0e929f37
4Yf ?J
ZeXY (
YaZ o
aXX dd9
X <cY
[afeZXa
,txZ
Y uL
}NaX #A
Zfe YURQXfe
YXaXf
Format
ffea )7
XX ]
ZeY
55GZ
DfZa8l
hXeXZ
Enumerable
?JZ ps
ybZ 5
#u%&8
&ef
jXf
a27a6fce
Y 1Z w
0Z _H
x6XaZa
{faa t
fafXYX
+CY %+
#eaY t
ZYYfYY
t?Z
/X Q
h6a8"
/b$
1Zfe
6[ q
i0]ZXfeeY q
3XZYf
Z 'T
]fFK
T<Z +~
e=a8P
+ j
XeaeeaY EM-nZ
y. a8@
! |l
~0Yee
<la87
fef c
YZfa a3'
XXaZXfeY b
{0eeaYe
nf*
_Z GF
/$ q<
405711aa
7QXa
@=>
a oK
*Y ,
{Z .j.ta8
CREATE_NEW_CONSOLE
f \>`
Z '?
Yf -
g0gZ
YaXaa
Zf )l
pQ H
^E
;QN
eeY
b90XZ x)
System.Text
sff
&Y '
Z AjFka8
Yfe
:Qa8B
ZaYef
sZ rJ~
ZY _Aa
XXX
~Za8
2YXa
^/a8c
f=f e
efea }
d52c8308
Char
k5$<Z
ZakLZeZ
ZfZ
~a8;
~$Za
~a88
uXZ
ca8n
Y a
ca8i
GetValue
yfeXaefae
XX zc"
~a8'
uXffYeaaafZZYYe
YXYe Q2
RX he
TZZfeXe t
9Zea
G5ZaXa
FYf |X
$@1
DZafX
'Sw r
XeY
a -W
!ZYa
C|a8
d3ZX%+
ca80
2vR
INQ
lngVolumeNameSize
MX )
ca8:
]Z 8'
?aR
~#%+
#XXe
nyZ
B /b
GetParameters
oWR3%&+
%$ )%\
Z @U
+OYm I
YZYeYaYfaeY
.text
ffYYXfee
W aZt
t 8B
Z @s
Z @v
Z @w
205dff06
naZ
ZZ j@
'7$/ZYY
object
O*@6
c>a8
uBXe w
XZZYafY 2U
%,0Zafea
y<2fX
3f971482
/>Z ^
d !QZ
ZCe
|aXafX
ZX fJ6
YeY v
XXfYY
aff851e3
iOZ
(Y G
+ xy
YeaaYafffe # :'ZX
fb529327
!Z |
0AL
Rf !h
]+X
<aZY '
q(VZ
IfX
=a8Z
fXff
nZX 2^
VsZ V
0Ai
# ,zZ
1af14577
=a8!
eff
|07 U
PH
*E%&
aXeef
Q ]{l
YXe
gT| h)
ZefaYZYf
Lw /P
X t&q#eXe r
Z J[h
jZa+
qa%
^9Z [XRza8
zZ &
(DfYY
ME {b
T o[F;
FITeXff f
HN{a8Z
EwZ
N! /r
ProcessHandle
zZ
P B
kueaf
eQZ )@r"a8
ffeY
X <
$aXXXXaZeZa .
8KZ
@[a8g
E Z
U#%&8
zZ W
d654651c
^fafe
ad33b6e7
M a8
|/%+
[# ]TH
?GZ
XYZ -
cXZ
sua+
' X
%YXa b
7315c126
aa87
Z m|
a lHaT
f {2
BvF89
X OhVBZ
D$ faXY
eXZ
fYYXXYYYe
K$a8
C-afefYe
)W^_)
Z mL
$ |K(5a
B Z
ZXYZ
@iZ
aafX
XQ|
l7a8
TargetFrameworkAttribute
Ye KJ
,v,8
:a8,
e.X
XefeX
nfYeY
@aZ
FaZY
6vO
>eXYYX St
Q gRJ? d
get_Assembly
" l[X 7
UYafZ
xx:
Ifa8a
eZf
x!a8
e 7c6o
vZ _E
5' rV
f x~c/ea w
Xe =v
tZ m|L
.e -
'f =T
1Za W
JXY
aXefX g
|sha8b
eaYYYXeXZfY
uw B
% XH
fK<
aeXea
fefe W
Yf w$"sZZ
>V
Aia8
eb2e2642
16304116
&Xa
SaZ k7\
x"a8
ZYaa
=YYYa ]
ae G|
RuntimeHelpers
d5103c43
aefY X
System.Security
e(a8
aefY m
[_8Z
e qy
jX*a8%
g bK
>Z u
*T,{
iZa8
ydZ
8Xae
3S1XX 7Z
\a8
System
V7?Ze
||e
_*V
!W j
Z %W
BS%+
jwjaae
@ `J3
H?=
CZa8
cdd0f2f6
L mM%{YaZ i
2%8a8
yB
ZeaYee o
zn]fX
Qea
Z anF
a294390d
OZ
i s7
YZf
v1*
MethodBase
E )w
@Z jd Z O
lH0Y C
O Z w=GheafZX x
-xaa W
00dd79d1
P[' G
Z %>
bkL}
eYeXaeY I$P
OkM`Z
~XXfea <
Zaae
aYa
]YYe (w
+D%+
ceabc3d1
gXaf
#ffZe 3
!Ga8<
hJW
Oe
M.
X 'D#
00085464
abcb308b
Y0c
TeeYf
KXeXXa 7
/ /B
6/-a8
A"6Ye i
w |
IgCa%
na 5J
Z )N
af N+n
dZafX
XXZ
IkZe .
ZaaXZZaYY
sEf
faX kT
*ZZee
ZfYa w
WZ x
YeeaeafZ
dZYZf
:gk
aXe
#9Z E
WkA
af f>[
{yZ
A}|a8
X9a8
E 39
eXfaa
ZXXaYa
wYY U
E%Qa8
4ZZ
c24fbe6a
aYZ O
#ffYe
KUZeef ;
e0ae4d7c
fXfea k
WZ (
]?8a8
V?v
fX :C
Z )Q
"Zf
o{O-
fZa
$YeXe
vfeXY
aa836e2a
affeZaZ
C\CYf
I:>Z ]
4]YYZXefe
DO g
ZZYfeef
uZ fl
YeYYe
]a
123d453d
b|a8
mXfYXf
X KT
XY `4
kC%e Yz
BZY
afY ;\
lpBaseAddress
Func`2
fXYf
ZXe
fafe A
ZeaeX
X [H
e1cb5a1e
$-a85
"eafY
X [Y
e klE
ITTZ
XeeXaf
OZXaeYfeX
iMa%
JX C*
ZXeZXX
eZZX Z^^ZYa
YfYaf
af f!
WXeYfea
1f
[YXae M+
wja8
fZYYZX u{7 YfXfXXX
uYef #c4PeXf C
aea =
;5~a8F
0]Af
0ya8=
Mfee
|Y &_
oq.kY
e!gZ +
ea SK
G#8!
=GZ
aXXeY C
668fa590
B>%&
9.YXea
beeYa J
NUZ
feX 2W
15d578f4
4a3f4fd7
aff
1.Z
6YZ
&$XX
Y`ufaa
aZ y
afZ w
fXXae
CZ pIT
aYffeeYZYeX
ZaY Q
peff
12ffX Y
,>X
RW8Pg
e! +N
YZfY
seeY
ZYffX '
fXYZafefefeZeYfXf 5
S0Za8u
j -PeA
ruz
5p)f
*Vf
)-%&8
Z cz
3}Z
ZYZ '
XXfaf
NZ^Z {
HhYf
.6Z .
9rZ
aZaa
.6Z "
Z ce
re (R
lngMaximumComponentLength
io=
aaeea
ZaeaY i
}7Z >
e8b6b821
S_)
1H,Za F
BY K
YXX ?]
YffaY
Z cA
BY 1
Xa8N
!eY
Mi !t
Z c/
fYY /
mY y
ZYYaf s
y(Xeea
Zaa
X 8%
o Mx
eaXZf 1Vq
M-Z
RZef
>`eea $
R^
PZ%&
ffefXa ^Q
2bc65140
Pa N!
W@CafX
37Z
aZXeaY
ff57a8f9
@!a
OZ&
eeae
abZ
O eZ @
nvx |
.V/7i
T1v
aZf
2bZ
= \%+
Ga >
Zfaa
)aYXe
wLa8
Z C\N
T meaef y
fa K;
nf 7P
0C8f
2a8
Z (aN
t$ r%3qa
N?
eeYe q
D >v
2a8#
0b57 Qi'
2a8&
l7uX &W
YYeef '
28d0954a
q)Za8
734b4367
ZYXY
ZYXa ~{
2a8t
hNfY I
NvafXZ
eefefXaaefe xNd1aafeZZa W2
.rY
.fYXe
C )2
9YX Y
~e w
})Im4
YXff f
! p{
% >-%
Z ;|
set_FileName
Z XeM
~e A
X gQc
Z ;c
ce17b740
737ec088
GetFolderPath
4a8e
H1K
Z /w4
BXaeea
]fa ktQ
f !o
GetTokenFor
lpThreadAttributes
-X r
S$Z
!Gc g
KeX
f7e
89391076
y}f2
`0Z
_~{Z
eYaXe
6c6a3c2c
J2}%a
EO
YeXX
ZaYa S
W^H@8
ia8U
ia8R
Z &^=
p ec
ffXf
>Ya
=Zf q
#faeYfeXYe
faeX
T*1Za8
WaM61
ZZaY
ia84
Yfa
SWV)
get_IsClass
2Z #/;
ia8:
_aeZ
NjW
8 @d
Aae
^S[a8z
&aZf &VA_e
Array
YZYe *
286be916
Xee
OpenSubKey
F a8
qNa+
ZYeaf {
{HPea p
ef +\
W%&8b
*$f Ez
2r!
a !R
u*f q+
EZ *
Z wTCUZ
4ZX
Z =-c
faXYXeZfae
XXY Y
f ^1
3ef
"@Z
gZf
mGa8q
N]*a8z
XXee _ ^(Z
EXaY cs
DynamicMethod
X\ f L-
Z d=U
O`
ik ZY 3
me ?D
A,QX
p"Xa
8a8$
#e ]
Z Dt
lpAddress
Z DL
506c2dae
XaaYXe
<YZ
aXeZZ
Z '\
h w>0
kZ 4NN a8
aZYf
8a8o
Z D+
|Z 6
bcfe6430
8a8y
dd840c78
Directory
=fY
|Z '
ZX f"~ aaf
X\%+
eZfXX
3]aXX
@jZe
'AXeXY U?
8a8Q
#"a8{
A@\Z Wc
uiZ
)yZaeYaff l}
ZYe Cb
RYXX
RuntimeCompatibilityAttribute
l7
e"%&
ZZ 8
ZZ 9
]y%f >W
XYXY
zLjYf Q
ZZ &
ZZ (
108e15fd
YXY
ZZ Z
7%&8W
fYXef
w\e
hXfXXYee
d9220a1d
hYX
Path
aYXZ {6
ZZ K
uZ )
ZZ q
uZ *
%bZa8N
ZZ j
ffefeeeX
UaZffYa
be 5
XeXe
Jo8a+
qff u
u+Z QK
3X (
Xa D[
^g4i
1f731254
Z i-`
eYY [
eYY N
BlockCopy
Zae m
ZeZYY e
YaeYfYf
aXZXf
+afX 4
n0_
lpEnvironment
G- J
dc04ab6d
N6Za8
1b4e62dc
GetCustomAttributes
+ |v
fXef f
+F h
eYYY 5
H_aY
`raYY
fXZ
n 5PB
StreamReader
A}inZ
+ 5z
qYaa
ZY QI1
7dZ
3+lZ B
Z 4jA
a L3
#Blob
lpCommandline
(h v
z2Za
g0afe
ZZX
kaZ
B9VZfaX
f *{ TeYffXY
Z ('P
PaeYfX I:
GetExecutingAssembly
XUA
ZYfXfY
AZeaZ
#fY
im_
-mf_8m
ZfXf .
3Za8L
\a6
6!#
fef 3
3Za8d
faf 5$
1J
OS;
8%&8\
&1%+
ffe
X ']5
aXeXe
ZYfe
6z/
r;&
aefeX
Z aL
0e QwaLa
3)e
XZYfef [L~P K
aYafYXaX )
8rZ
Zafa _
{`r
|ZaaXa
afeXffafYYa e\
6whWZ h
77ffeaYefY
OZaaY
[FYY
seZ s
j`Ze
+0%+
lPZ "
`e \
1ce7b68b
]Id"
Empty
yET}
gfaXXfaYff V
Yea8G
|Yff
ZaYaf
Yeeaf a
fYXaYaaef
063cf176
/XefX
ePya83
;^/YX
; @)
_eY
n89a8<
)jZ
ZeXaeX
^%&8
oZY
Jba8#
1} A%+
_bX(
W{Z
Zafa
b9910ffd
Z 9W
peZaZZYXe
Z 9L
XY ,(
j1+ZYaY *
E Qbfu &;R
k3a8
rH?ea
aeZf
38f06492
8fX
: sz
Um(
QeYY
VXaY T
xn;
faeffX /
PZa sr
PZY OZ
xLa8
[|Xae
[JEYYe @
e ]=Z
7YaX g
YeYYXYYYe ;
92Ze
f /g
. XYfafYaXX
gLs
lpStartupInfo
2Za8
PJZ
aaY
tmZ
kff -,[} G
+ U
a.0 /
4aXeX
)n7 %+
QYZ
{YXa Sd
-YZYaY
eaaeffa
?Z lJD
Krf
e06a3e62
e093d07d
7ua8F
LCYX
!eea
@ZefZ
[ffe
YZ .]
mscorlib
YYaYY 1
Z 9+f
qZ M
47517632
XX
ReadToEnd
@Z Pw
PZeX
;aYXe
cf939f13
.e $$
7Y mz
qZ %
]Z C
tZ l<
eXaX
ua T
uZf
z =MLOZ
$4Z
]1 yK
ZYea
?s{
X ;1A
a(k
RegionSize
x.a+
k"Zeae
Guid
ZaYeXZ !y
xZ Y
6d0a8342
FX 8
3Ra8%
'a WZ $#h
E&a85
pcZ =
N
v4ee
OeX r
5QS
ReadOnlyCollectionBase
#Ra8M
X "
eff g
YeYee
aZaeZffY
method
;3a%
a #;
FX z
-XYXe Xy"f
5JZ b-
ef e
ef d
r 405
ef b
FX `
ef U
3ea g
9224c20a
Ye .!^
}Z ]
Se ^.
'Zee
fZe
ef A
eYfYYa Vi
ef M
eff 9
>j
YefXY T+E*
}Z L
gaXa
effXX}
99ae
tee
Z Z{
dZ I
ZYe fc
ZZY ^M'
eQ%YX N
Z & M
$nG
Z lP+Va8
bcastdvr
0T F82
_ ZZ
eaaaae
YeeZYXZ K;
8f990b2f
~4IZe (
1G,Yeaa ]
aXYfe
un]a8
geY
set_RedirectStandardOutput
O%Z
d202eed1
l6 YZ
Bha8
ZYY
YafZ
eaYX Y
Do]
X4e _c
810d2012
7,Z
eY AN
/1 +i
fa w@
System.Net
900a29bf
%Z D
XfYee
Erf =
<Y%+
N5&F
KwZa
Yef
ZrZf
! L}p
m/8
+RZa8
AGZ
:fY
!This program cannot be run in DOS mode. $
*$eZ
SU&System.Runtime.InteropServices.CharSet
EPN
YeXYeY
XZf 2
n k1
fa8L
,MeY
waaXaf
fa8T
5hZ
GetHashCode
fa8\
YfeaXY
<efae =R
292cd43e
faYeY f
LGj
HZX [(
zZXf Rk
.?Xea
>ZXf /
&dr
ZaXYefX
.>XZaYaYY
JV8
Xaf !#M
W Yn
eaYa
eaYZYa
ELgGZ s
+i~I
VZa8m
VZa8n
qXe
89f9fa5e
yK3#f
fa85
iqn
]#
SZe
Xa =D
b(O
=Y q
YeeeYYY
8ZX
I'Zfff 0
?tQ
fXX
Z h&
get_MainModule
~fXa
ZeXe
26c6078b
efZX
ld s
ZXfY
op_Inequality
eYeY
_+S)
.y/
ZZZ
"?Z
aYe i#
:0Za8
afecc042
5 3C
WifY c
7533df20
I`a8*
I;Z yF
b07229d0
UZ (E[]a8~
2^
YZfeYe
ZXZ u
System.Collections.Specialized
+]Z
$a Yp
%a8`
aae '$
Za 9 s
YZ !
YZ #
Z Mx#"a8`
System.Linq
e 8RkX
d7963229
aXYYaX ]
rZeXf
GXX ud
\(ce
Z gK
Z gM
YZ i
[B 5'
eXa 6I
}4Z
oZe U
^Z WD
h aXXX
YZ V
XfYa
ZYafYXfaY}%
UXZXe
Ik9a8
Yf 6y
YZ E
9fY >B
X 7{#ZZXX
}_Z
Zea
*>a
_cX*
eeYYYYea +
06947de5
87e4f77e
Mutex
_X 0e
0 -Z
hRUZa8c
VAZ
plZ %
ea 3
e5ddeac5
EX #V
f+
R i9
i5a8
b8825d88
Uz\a8U
7 eXf
2327b94d
6A<u
ea H
Z lx
ea M
4ZX 4|
Y &T
4 ){
XYeZXe ?
feXYXZfeXZ P
>y\Zf
affYaX -
Boolean
ea n
YYf s5
f FT
,lZ
LeZ VU
>ra8
%YaY
MethodInfo
?Y z
6635802c
StringComparison
|^7eXYX
da84
CompilationRelaxationsAttribute
da8)
>Xa
da8*
eeaYe
#XZ
ZeZf
get_Is64BitOperatingSystem
MemoryStream
QZf &
e562b313
eeXff
efe G
p<%+
'WZ
Z? J
z|(
1aa .
Z ?2
f F>
efY =
lLH
Z =_
8c4f29cc
9tI8
rAa8
d#Ya
Z R
W@OaZfffZ
CONTEXT_INTEGER
eYXe
Yeee
1c3c6add
q{AZ 7i
a; +i
11a6a979
Z n
8} *
G:HZ a
xwK}%&
Qw'
ab8dd2d2
! ,cLyZ
weZ
Oa b(
21Z 2
eZX
{b 0
baef
eXYZfYZe s
aeYX wK
(:a
O nZ
Xea
{XoZ
\Z E
Fa8F
Zf Wrv"ff ^
SeaX
Fa8T
/MLX
|ZfaZ
QRa8
Concat
% a8
* 4HZ
Fa8/
aZfXY
>ZX
$<a8j
XYafaa
N1"
fXXf
AA[AZ
'@8l
dBZ P
[*]
G;z
{ZXeff -B
fXeYZX
;XY
XZ m
YZ Gx
BDb Eo
t#/
ZaX
M}Z 3
69a3a7bf
3ZaYf
+a8!
Z X\
+a8#
YaaZ
`<Bm8
HaeeaaYY t
YfaafY
ZYfaXe
ZefXfY
:aB
Uy`ZY
+a8_
+a8Y
Xf us
U:ZYX
+a8U
Z X)
#&;Za
5 u<
faXfY
Xfa
X` 6Z $
a %k
{afZ
Xafaa
:WZa
eaa 0
ZXaZ
/Kwi
]=Z *
YaXYe OE
cHZ
DzRZ /
8wZ gt
XeYYZZfea q
fe E[5
nkXY
[E0e
eYYeZX 8G
=XaXeafY V
*Z [
YYaXf
YfaXaXYa
@.6
eYaY $
afaeZ
ZfaX
;eE
6Za8
($Eff
uMa
?e
6Za
( 4
.aaXYe
aZ /
i;e
|X mK
ZYX n
wMD
e j
ffX &_
dc9c2ced
116bbae8
;ZX Zf
_CorExeMain
9e89e291
|Z xp
faa F$"xX m
*[D f
aZ `
~5WZ u
aaYaaXXefa
(wZee
ZaZfX
08434e7b
DebuggingModes
Ye 7:
YZeea
JnaafYa
ee D
{1a8
aZ E
kZfYf
yB =
KFZ
aZ J
Z sQ
) Y
oa8
lS<afY R)
q8f
^L%&
X >r
H*Z /
aefX
faYe
faa
+ZYXX
efd48bd0
N/Z !
ieX 7
dwSize
ZYZe
MeXaXX
Da8v
ZfeeYYaY '
K qZf
hwyZa
3296876c
0iYYXa G7
Z 3>K
oR
eba69e1a
Da8G
5aX
VZXae /{
1N4
feeX
Z { Q
h0 Y0
aaY IX
ZZZXZXZZ ]c/ZXXXaXaeYfY 5_
)[u
%D4i
ffa
CallingConvention
8YYaXZX
.ff
S:P+%&
DirectoryInfo
0H -
XXe
aYYXYfXXa [
[Z J{
?gta8^
082db51a
*jZ J
`F3Xe
Z X@HIa8
ZeYX
;Ia8-
XXf ?
,$_fZ
F,
Y I
~Z I
365i%&81
^E
~Z R
4cb55ed6
e39fd8b9
|dZ @
-&fX
aZZfY t
]C%+
{ 0Z
vys
XeXY
f fV\
Tqa8
aea
_Y #Sy@Z
gZXYe b
Z d*j
7549471c
NZ p
dF@ZaYffY //
Y ([
~Z #
a%
$5 k
;Ia8]
A e
aX -+
Reee
26624f38
{ -G(
ElZ
~!6
Zafe
Zaaaf Se
Z =m
KXXfa m
XfZ
p*ZYe
.ZYXf ]kk
s4S21
IZfZfXeeXeYa
XZ %
ZXXe
N fYfXYYYeY 5
OC Y
dZ q
ac1fc370
XZ 8
eeXY
Z 2BO.a8,
aae
DZZeXe
Z =0
fqY
>fYeXe
4@aa
sZ _
he :|V[eYe
Stream
XZ n
get_Modules
a o\
f D9
f +}
aaXffeaZYeYef}
XZ w
J>%&8}
a8U
XZ {
ffaX
2cfYX
ei&MYfaff
eYfY X
Z P
YeY
d" ;
EZYY
k]ZfY /
XfaX
2X c
]%&8u
_6Z sw
fZffe
YZZ |
ZYee
6 Y7
Xa JwA
a7dc7c2c
_ >56
!`
C aaXY ocR%
+fY *
uAS p
9Ee E
U:x 9(
\eaX
1d358ce3
]t E
WindowsBuiltInRole
e832028b
^eeafZa |
2ea t
&Z &
&Z "
!Y AE9
Y Gk
ZYeYYe
neZ {8
get_IsInterface
@eY
fZY
.Vda8M
Z zHz;e
&Z \
"HZ
N4Za8D
\f -|
$R
tZfeXeZ V
2ae
+ae
oa%
PZa8Y
Z Ny.
ZXY
5bc7f588
&Z v
!aX
YXXafe 9U @
Ia ''
26cda881
3307f234
=WHfY s
"|;
i/B
'Z ^
^%&8]
'0ZaZ
ffZff
'Z j
'Z r
'Z q
fXafeZaea
X S{
k7g
YeaaefY
ppZafY
\eeY
a 'Y
Z 8ov
eaaZe
ua8x
'Z '
1=#eeXXa
eaYXYfaYff
aaYX <V
set_StartInfo
qV :
R^%&
!f AX
Z=XZX v
/f }$
@`YX
X=:
?x2Z mK
Z `\3TfYaYfYYe y
tZ 3<r
c652db1b
Yeea
KfeYafff P
k a8R
gee Jh
mYXYeZ
UffZ
xW$aZYY
Zea ;
YYf U
_YeY
aXZa
jp
C^EC
NZf v]
<eea
Zea T
TXae
t(s Z
[zef _
^Z
J&b
V Jr
aYZ
eY C
faZaYa
]F_ j
Zeaaafe
c8c795de
K`
fYXZa
Paa
7c`
v\FaYYYffZf
^E
j!a8~
CYe
[fYXef
fXYX $]h
156e91b1
ZZaf
Zafaff
@ Z C
se =
sAZZ ,
,X P
KZ 3-H
ZfXYYY
]aeefff
[n ?
Jx+af
,ta8
\aaf
"_hZa8
af90672d
# G
Z {Kp
ZeeY GV
Tcf
f^Ef
etVgY -
L.dZ Q
[Z 0
ZYYY
fRa8
2 xJ
faZYf
0aYXZa
52c0eeb0
NP_
[Z Q
[Z P
9d6cfa42
d23
`Z
`Z
[Z v
[Z s
EYY
26130214
[Z {
fX
dVgXeZaZ oo
! 0$
3a8%
;ca8
YXa )
a005bc42
ZXfeZe %
YZaYe
e <S
U#Za8+
jZeZY
0621c1bb
| z/
\oi
ZeZa
1 |
\ZZ P
fabb8f6d
ZfZYX
`f /
?ZXaeaa
<NZ c
&)5Z {)
Dc c
fXXafeaaeeY r
afYXXaeeX
es6p8d
eZfaaf k
Z {f
2ZZ
3a8K
uZZ s
Y*YX V
4715511c
Xeeae N
get_Headers
ZaeYXe
IX #
Wa8Z
) vR
Ze x|
1e302a1e
>;Z V,
Wa8K
mqeXa
XZ 1i
e834ed61
ZaXZ
F$U
x_\o
p %W
PZaXXaaXZ 9
726130b5
ILc
YYe I`)
IDisposable
ra86
RY 5t
ra8:
iXafefaY
fYX
ZY u;
ra8&
07e -&
O%&8}
Z 3m
^E
: u\
XfX
Ug6
Mpsfe
Z 3q
"fZ
dZafe $
ZYfY a
wYeZ .
YXaae
Z 3R
f Bg
f )_
s4 d
yXa
afec3d9f
xeYYfeeYX Q8L
Z mJ)
^=a+
Y 9e
_qw
aaf oS
B4 8
*e 5
@~m)
YYYee
^f
Ba%
<LY
: a+
c82536b3
YafXY E<
jqsaXX
M,XfXe
XXYYXfXY /
T']
IsInRole
YqY a
XX sx
aYaf |
#GUID
)ZXX (
fXY {
!!'
> - $
744d4b85
fXYefe
eeXaZaXX 1d
BXa
R&a
ZXZfffZZX
SZ 5R
afaea
HeafXffY O
;Jd
Vq<eY
e*ya8
aXXeaaeaZY eW
)Z c\Y
{ZY K"
fY &
fY "
fY -
fY +
IeY
3bafa05b
fY ?
c07ed0bd
RZa8b
f UcG
bfXf
haaXXXaY
Yae
keY
Ve Oh
~efYXYe
fY m
fY j
|Qef
1a8Z
Ze )
` wx
d9159f8f
afY
fY M
Gr+zaaaf
fY R
VZfa8
"aZXeXe
ad4493cf
aZaeYX
h>afY
JZa8i
aaXa
Z Q
>ZefXa w
3t%Y
e]a8
V[o
Z Z
eYe z
xa8L
YXa Q
2e'
kY [
Z o
! BU6
caJ 1
uYf
ZYaX
XXY
n[YeeefXXe
vXee @J
pfX
Z
CONTEXT_ALL
4&ea80
d8 X h
ZXea 3
%Y *
Xfe
l I9j
Replace
kY
OpenExisting
I<f Wf
|YY A>
YeaYfXfZX 4+p
mefYXaeXeX
faZ LJ
6a%
get_MachineName
a6af31b3
!b 9
aef `/
u*9Z
aXf
1W
6248122f
gZ
faefYeY
6cc4c7b2
f8d3a6f5
xZ 7F
f^aeZfaY e/-
aYX
9<Z ;
{aa8
TBXf
aXf L
eeZYe
]
,]iZ FIS
cYa84
;eXYY
gz%&
& \^v:Y
{$ %
lg)
aYefef
&RZ
Ra8x
fXYaX .
eXXaa
EY z
fbf64c38
}a82
}a80
ae 7(
f3254520
Ea
343af35e
fYfYfXe
a ]
}a8h
4i8
hY I
.*k
~\~eYXYafa Y'
0}Z S4
O*kZ ~
">Z
YaYe
ZXYYa 1
m,fX k
sna8
}a8q
fea =
6X 3
ZfaXYaeYY 7O
FSZ !
fea
fea
Z b{`qa82
i% Z
/2YX
Ya eB
9effYeYXX
Y q2
aYXX
$YYXYYYf
Uef
UB2
298f152d
I~eae
;f K >7eX
fae
efef !
SuspendCount
7a8Z
vJ!a8
Z r
ZeY #~
LZYeY 7
oefa ;
ZZXfZY
Z h'I
AVy
f H(=M
LaY
Z _
Substring
5Cc
cZaa
d2ba812b
eXXY A3e
+,a8
1De6Z
ffX s
vKX
)8WfYeY
{ZYY
* u
ZfZe
^0a8
r#H
597a3cac
QWa8Z
O;
k{9DZ
i 7y
?+NaZ
h_Za8`
ZfZYZ
=Za8
f}a8
faYeX 2
Affe
Marshal
\i
I"Z ~
ae i
h'(Z c
591c1d7f
nV |Z
P 8"
f534600f
y a8.
ae KW
0jfXaX
$~qa81
/R Z
aY
60e2088c
ZXeY
Se 1d
ea
G<a8
I8 a b
oZa
bXee
oZa8
2bd501db
6XX Z
XYfYf
Xffff
ynz
e ET
8d*
-YY
U mZ
LX {sL
\ZY
Z 1|
y^+
Z 1g
sAY
v(e .
dZfffeYY
YaYX
m[a8
NfYa ;u
feeaeefa |kSZ
ZXXa
aYXfYe
3xBf%+
4eZ i
C\U V#d
/%&
g~a8
?eeZaZ -
Z B/<ca8R
ReY
V2f
rnQ w9ne ]K
CDYYeY
aaa
35ddec05
Z 1,
A0* X?k
ZXfaaeY j
)Z |I
K Z q<
YXZea
SX }
2Z pB
7!a8
_sR
(Z (
;fafXe
1Za
`5a8/
Os3
XYY P
XYY N
]h
AOZ
!'w
XYY |
YYXZf
G\Z
1}ca8L
7X o#x
UploadValues
Q6R
XYY g
rmua8
_j 6
L iqMeZX
kg^_[
P #|bVZ
:BeXe
yaee
a0# -
843f68c8
6O K
Zaeaaea
ZeYa ,
?tJ A
] ?
~_`%&8
8d92a15a
ZYYae
)cYXX
Z ^ 9
735ced8b
Type
9e92d93d
aZfe
HX T
ZYfX
#YeXX
g%aXXffae
VPRe 1N
0Ze
`*uZ O
V1%+
T\RqYYe /!B~ Q
7326d5c2
aeafZZ
\XY -
dfZfeX ~U
ZfefYfa
LfeZ
E~ C4
Z N
@Uyaafe
Ez%&
Z @
[+%+
`$Yfa
m,Ha8
Mfa8
_
gB/Na%
IY #\
huZfaYa
ZGX (Q
Yeae
XXfYYe 6p
Y5Z
#Kaee {C?
ZYa
947bf5bd
Ko_
}QHa%
cZa kc4
Zfefeeaa
O xy
maYXf
Z (
4b872461
fe8eedfd
ZeZYZXX }
YDB
YefXaaX
XeX
fYfXY s
eZZYaY E
eYZXX u
List`1
eZaXY
7E ZYe
GetString
WindowsPrincipal
_ufZ
f
E:Ka8B
_Ya8
Z R1
{bP
_a8b
)Za8w
iX
|=YYfXeYfae
Lfa
72c0099f
f 5t
eYaef
++E~L
Z PB
$/Xa87
Yfaf G
Z Rr
eZ <
eZaZ
Zef {OB
CreateDirectory
}
eZ &
StreamWriter
0l4g8
dGa%
eZ q
\fY
Z T>#
eZ t
Yaf =;>X
eZ o
eZ `
e `~
$af
`.rsrc
xRkee
pfnAPC
SetCode
b31f50c7
OEZ
XZa c3J
Z *o
%aXaX
}[a8
affXe
ZZY L e
z
(xZ =
ZZXfZeXY
YaXaX P9
eaaYe
t(ef
4"s[
#^uS {
YeYeZe
?ffY
_5
O 7
HX /@]
UL[] H
aYeZX 5
~>L
e40b8606
(wgZ
y$LZ O
5Yf
liF
nXZfZ =bs
DDt
T>x
tNe
faX qm
>4
c917eea0
Zf E
vgYf
get_ParameterType
ZeYYa K
Y 3Q(
(CZ 5
qeefZXYfeeYYe i
F7 v- L
WaX R
39eda22c
0b028dfc
d2b29d25
aeeff 1
0.Z
ZeYY
[
4e742347
YY +
B
E
ka8#
Xeaf
e 5GH
q
B WH
OXfX K
|
Zaea NT|AeYf
$2eeX j
YffZfef
JQffeZ D
Z 04(c
n
52abbc8b
ueY
d`Z
*hYef `w
ea8a
eYXXfY
Yeef
ea8n
6
get_Now
&
,
t\Z
67a
aef r
aXe yI
]Y GZe
,a8M
}oTsZ Cj
@x\
$Xa
\U 7
aef j
Z 7o
s VA V E
,a8a
9lA%+
get_IsStatic
X3 0
RaY
Z 7B
G;rZ
ZXYYeXXY C
feYXfY
s>@
RegistryView
Zf y
4 X
.va8
YeYX
b206e433
eaYXf
' YeK
Z 7=
z a0f
faYeeY
FZ 0
4036bb1f
aZ wP
R`3Zeafa
9SZ
ae 4]
SZX
eb699aae
.2%+
[Z G
P\p
OfZfe K
LfaY >r7= *
?a8U
Z wdi
fd6b7c0d
'}fXY
PZ Xd
^fffYae
affa
ffYfXZXf .J4]
mZfZ ,{
?a8z
ZaX #
fYff
5vZ
J_a+
X n{
Ha8
XXefZ '
L&n
Z $X.
oA%&8\
ZZZXZafY
nfeXXY n
a48ac01f
X 4`HYeaXXffeZ
26c733ec
>%,Z
YXeX
;ef
7tZ .
Lef
T"a8
KZXffafff '
aeaf
zlfZeYfaa G%
fl$
A$x
Ze _^
:Z!~Z 5
dfa d
afea
Yaa
#a P
K[9a
`"a
#a >
u 4a8(
0ffeXaYe
]fe
ftU1
)ZaYeaXZaaf
`/faY
88e443b4
TZ #U
feXe
81d3322f
NYfa 0
eefa
{a87
k eX *CA
09ba5de8
1ff 5
@Kv|Z
set_RedirectStandardError
ScT
84e481dd
?RZ
af /
pZeaXe
af :
8J s%a
QD\Z
,T N
af 2
`ZY
edc40f2d
af N
aZZ
aeYY
2?fXZZXYeXX
Xea k
af P
af S
af W
q $a8
v6ZY
e V<
af {
#]t%&
af |
X 1@-
df6ae158
af t
X I)
d0e82495
XYYaYY #mc
Yff ^
XeYe
2d0f7d4d
ZeZ ap
v) f
Qf>a8
aaaXXX
m\Z [
YYYfZ '
Sa H
f+ s
9Z -Z'jZ J9(le
faZae @
~}Peeee
kXfZXaaYZaX
CpX
1=
T5ZYeYYXeYaaeXYZX
eZ
&Z [\
ZfeYfZ $
:faa
+^~
318fb5bf
Efa
)fXfff H
d;&:Z
n}%+
fs a8#
-g&XfY
Z P}
9336b44c
7zfeXeeY
aXa eVt
kf dY
#\a8L
E0Z
F_YefYZZ
}aZ O0={
!4 n
fZa $
p6Z l
+
f4c93819
Z {N
)0`eXa
a Ox 6ZY
eaf
ZYeYf
YaXY #
AR wg
f qqe
&?Q
Delegate
TGXaee w
B9aZ M
wGffa
'TZ E
Vj?
'faN%&
r`a+
=ea8Z
(K E
ZefXZe
T@c
Y p&-
eaXX u}
eZXXXeZeXYa
faY
XaafY
a 5Jy
XXZa 2$
,Za8
eYee F
aYaaX
a8x
Z (~
#Z 6w
ZXXX
Xe m
E%&8
q!1<i
hEa8
a8!
_Z X
c41d8595
19b60e8c
qY"
efXX
ZYaaXa V
a8?
aeYa
53aXe
Xa pM
effffXY
Zf %l
XJZ
9C%&
s=Zef
_Z g
Contains
Z },
|bfe 8
CZfa )
Xeaeae /
handle
E~,
|ZY
8XXe R\
3%v
ValueType
dwLength
~ 3k
ZZfeYffYZYaeY ){(
opt3
opt2
2c (
d^ra8
.wL
#Gj.%+
|8efaXZa
PefXfXY
XfXX Zy
ZaXf
8/w
8ca35035
XeaeY
=;a8
bInheritHandles
Z }]
^va+
EZ ~e
WF
i7a8+
@ 3m
YXa d
aea}0
e A\
>ffa Y- = '
;ZeXXfa
FWa8
8!8V
oOZ KsY
HZ /DB
G+Za8
=0%+
51<
uGXfe 4
qt%&
ToString
:&OZY s4
F0f
Zfa 6m
oT: .
407b9b45
Zf }"
Y 0-
%YZ b
faeXf w
)LY Y
9b0ff8e0
f Lg
O QVX
3+$ef A
0 nk
Z 3N=
ZyZ
_fe >"
d72a3f4d
YYeZX C
8 P
860b1697
y?ZfX O
tdsZa+
173a243d
Z 5K
{fX
Zfa j2
Z Yqe
Z H^34a8
d61e904b
aYY 6
XeZffZafaeff
e90a5097
daY
uuW
a9647820
iZ YP
Zaea
uY "
_fXf
ZYaf K
ZYYa
System.Security.Cryptography
e52c688f
h U
SkipVerification
eaX 0s
b=Z
msYXe
PZY s
/.S
84Z
LQ1O Z
eXfaf {
lpCurrentDirectory
VprYeYf
47d2cb02
5ffa
sxa8
RegistryKey
=Z
]q
LYXXYaa x
%^Y 4
aXff
L=&68
+>~\
\fe
#Strings
uZ tS3da8-
33c90ef7
.ctor
s a8
rZ G\3
mscoree.dll
1cc96133
XeXY
JW
N 4*
>Ff
*M8t
( ZYYZ
Zae so
fe mr
4eY
3!-Xafff +
v4.0.30319
ZXa
aYaea
Ya re
48a8
(YYff
cUz1
e29097e5
Module
faYae
85728e45
4%Z
6[Y )#
E=Y
@.reloc
{YZfXf
0425331d
[tH
feYf ~
M qw
Nefa
^$dBZ
KCa8
iZ A
eY f
"XffXf
LZ
KeYefX
Xf wI9
0YYY &
5?%+
XZ {hsbZXfYeXY
<Za
)kf
Z |x a8
Za (y
wX w
<Za8
:Z e
XYZaaaYY
gZ
-2%&
& z
& f
.me
Z Rl<
33eZa Ja
a?cZ
! -2
4d8ad0e8
YYeeX S4
CKAcZ #2
Ff "k
reZaa
gZ -
gZ 0
4a8\
Z V'
8XZXX
HZZXe
EZ ]
& 1
Z 0qFVa8b
AneeX 7
Yt,a8
/:
fYfZaY c
1 M*
4a8:
fXaf
EZ O
n?!LYff
yF Y
'i-oZ 4 "/a8%
3a1443d9
ZfYf
gZ o
'Tq
OaeffXXYa
`f .
XeXYe +
EZ g
>e06Y -
Z i;v
ff
dfafffXXeZ F
^ rG,
Z _b
6d16b84a
:ZXaYZZe r
Evf 0a.+
set_CreateNoWindow
B^EB
eeaXeeYf
eOj
vaf 1{
'sZ n
)!S-l
9>Z
2aCefaaf
pUZ
_]a8
I5I
*Xea K
ZaeY d
WindowsIdentity
]?Oa8
t:"
Z *nP
8e541a21
YaYee}
YXeae
NewGuid
pXe
b6fff2a9
get_Type
DU:Z
WY u^b<Z I
m<EAZ |
MZfYeZ
3aafe
WZ W
:oZ [
"c i
iD 0
0ZZXf
XAfeY
9Q%
RZ0 Z E@
ZfaY 3
YeaYaZfXaYX
Dfe 7W
eafZX
Z s+
ee ;
ee 6
faf ;
ee 2
faf ?
eec682ab
get_BaseAddress
ee *
t!f e
Z s1
GetPathRoot
$XZ _z
Z R$)
eZ <h
ee
Eef G
StringBuilder
Sba+
U(RZf ]uv
Z sa
ceX
Z s}
_ Z
P8Za+
|YaZ
Vae
aX AV] ZXeYf
ae #E`&e `
Daf )
NReZXeZ s
kc
MGfeY
l.tY
NVYZ
]e^fa g
XX `
+L k
Bfa8J
) Z
eYaaYYe}_
` b,
+zZ r
0a myw
SByte
3J:
ZY MJ
1489ba60
CZa8}
48a9dd75
}Z 8^
ZY M^
:a8:
13%B%+
uGAa8
RY W
l#Y
=ffef
Ya%
eYa y!
afYaZXf @
GetCurrent
e j2.ieYeXY
Zfa
J%fY
44648d2a
R!,f Iz
yZeeY p
vaYf J
YfZaXY
e'a8?
<f
1d3be6fa
XX Y
ieaafYea
%eqZ
4YaZ h.
ZfYa /
X `3enY
X `f
Xef {\6
XZaX YC
f d
YYf 5
Z l;J
YYf <
$f Y'
CQa+
Jc]fY
8Za8
[f Q
,XeYeY
eafXa {
3eeaY
eXea c
DownloadString
/!#HZfefaeZfaf p
zXZ %
o=Z
7a0bd2ca
!)}
.NETFramework,Version=v4.0
ZYZY Uy
c8e86eb6
$!Z
fYYYYX
&TkZ
BSJB
ouZ Rv
4aeb5ed3
B 9Bj
qnHa8
XZfeXXYeYefZYX OL
X M@
5g
XX =
value__
Z KC
OO1
cZ g
yXe )
=XeaaY
cZ {
I(y.aff sC
cZ M
cZ H
a3a2f7ea
#Z <
"kZf G
u fJ.
b2d0f637
&aZeXZe
afef )
AsyncCallback
ComputeHash
ZeroBits
98291bcb
*F%&
aeeZY
[%&8\
t9
[uW
GZeY
a99b3af2
MZ l
$ZaXXZ
le 4
1a [
f rN
XX 5B[?
YY K
~c I
YY ^
46a8a8b0
55XX
yZa O
YY i
WaitForExit
4af B
* YaYef
)xYtZ
Ii&a8J
J P)
kXeX
Z 72
ka8.
Z)<
1\4
YfaaXfYYX
YY 4
YZ dh1.
=WO x
O na8$
k =
rGa8
YXYXZeX [lh
eYYaZ
.3\
ZXfYe y
Ba ~S
_Yaa
=aZf `
zb^Z )
) Z
g mR
nfafXe
;Sg"
OeY W/N
BZ c
feefZ R
e1b54d34
+fYYX
daa w#B
ffaa
va%
eef
eY M
@a8C
eY U
@a8O
mxYea
@a8w
eY a
e ~8Y
Z Tt
A TbV
%!8B
39e6f4d6
@a8m
\|%
BZ "
Rv_a%
Normalize
KIZ
jZ *
ReadInt16
feff6146
<-
a D^;
CONTEXT_EXTENDED_REGISTERS
jZ 7
S i_1
Oa`
^Na8
XZaa c?
G@ !oL(aYe I
AXe
aafff
jZ h
80Xa 2
jZ p
" &
B "u
jZ s
NY {
]s,
a FH6
XX S
Ea85
41888fba
ZaaaXfYf
ZZfXY |
File
9a%
xZ P-
Z #oE:a+
maeYfa
Uz-
ZeXYfXY
z 5
ZfYe %1(
D o%kJa%
ZYZeeY
f Wy
Z ,T
Fa8
YYYZfaafe
raf &|
3Zfe
eZaXa
Z u^P
Va8
eYeYX *nM
:A
/ZefZeaaff
ef vL
XaZYYaeYe weP
eeZZXeXfYf
Z 8]A
aZYXaeea
Y $
9Ss
SZ
fZaa ;
K'ZZY
@MqC8.
1&!
9tir%&
@Oea
ZfeYeaX
yYh
k:f
\Aa8
:ZaY
1{e
XY ye_
YYXfXa
~f b
Z qu
w."ZaZa Kg
fYe qPH
"Zae O
%aa
Gae
]f da
=aa
o%ZYZa
NLs_Z
09a5e04f
Delete
)TZ
y1e
@IZ
fXaX
)6Z
{Y 9
1pa
set_UseDefaultCredentials
raaeZ @Td
eXXYY v5
fa AHA
v6 o%kJa%
> Ie
]Fa8
P+
faaXXYZZ w/
MZf
YeXe P
+%&8
*9 -p
Z ~ygOfa
*(I ORK
Y 4j
bT%+
6QrZ ,
eaf s
cYe
XZZY )
uZ pV
'>ZYYZe
YeXe {
XZ ?5
;U86
Bsgp
cd3d89e2
ZZeZeX M}
eaf +
=ZPZX
'^E'
L& D
L& C
BXf #
XYaaaX
52611495
d2Z c
a2f3ba8b
GetModules
0XXYY
9XffXXfe
YfeX
G a8:
Ka8I
>aYY
t? 8
Xff 1(9
c?Z
=Tua+
X YYY
Xaf
w3 Z
9ea4687d
*p` =
8b169df7
6c03cdb3
;rufa
YYf
ae
G $*
i@ Z
aeee
%&8T
X(h
Zaee
mHZ 9
Di
*|Z FO C
aY /
5~gxZ y
Xe c
>"#
ZYa ;O
efXfY
O M
oa8t
?ZX -
YZZ
vbfY k|
aY
Z I+
8ZeXa
vt T~
ffYXf
;gY
,'
aY o
fYf y
Lee 6
aY h
aY e
fffefYf
Z IB
fYf i
Z IX
get_HasExited
nef A9
Xaa @
aY O
AZf
j8efff O
Random
aY A
a7bd0ad3
aY Y
T~eX e
Y@
i=la+
}EZ
=17
fZ I
s%&8
kZ =SC
'Ze Y
' o"
@eZ o
fZ V
Ceaf l
\B kZ
0XZ
fZ h
C~XeaY
fZ x
fZ z
fdf20b86
quZZ V
486a850f
eY -
+ w~
>< G~
Ak8M
H8X
ZXe
U Ka8
efffY
aXXeaX
ThreadStart
d9YY
c_a8
ResolveSignature
rd >
set_UseShellExecute
hWOea
efZ h
efZ e
Pa%
E I
X[YY
&?3ZZa8r
04519b86
k a fT
/afa
;nZ
smZ
naX q
Xpe
}Vc 3 J
4ffa 6
CAa8
qZY @
b$4 G
Z Ii
vVI
zmaaea
Cu1
0f479843
NXe
ht&XXae M
e ,4^
u?D
hvi w
lpProcessAttributes
Z j1
aaaa K
! !%
'.lZ
feeeXaaeaeX
jfaa el
'a8a
0770f3a6
@} j
DownloadFile
ZZe
g]Z g
aXe `
SwZ
#ZaXe
{Z ,T
Lafe
XAe
lYXXZ
ZXYf @
7 eY
Xaeff W
eXff R
Z 7 M$a8
A4Z
KZ gv
feZZ wT)
2@Xa ~IJ IW
)3XafX
J %+
7e9f9065
RuntimeMethodHandle
J|fY
l>Z ^
'a8=
XfaZa
$XZYYX
eYXaY J
aXe ,
ReadInt32
%&8
%=XeXf
Tca m
Z= `1:ZaeaZX
SZX 9
7 Xa8
_bX(
} ti
Ka8_
7zbW H
7V_
_bX(0
9e x
693dd4d0
^s8U
~aZXe
XYf C
Xfaaf oq[
~Z x~Y
e x[
_bX(6
]9Z ]
rY 1
wia%
xnaaffZYaefY +n
r4}
ufeYaYeZ
ia8O
Z "l
_bX(>
YZY
9bc4b80e
20e
aeaf 5
bb15b492
6688c1fd
X ,T
Xaf Q
b6719dbb
YZY +
Xaf U
YZ Z
4c#
F%Z )
Xaf &
: ]ZeX v
2Zf
_L E/
VZfeffZ
YZY |
}Xaafe a
0b155df1
Xaf
]a)%&
9ZXf
yZYeeeaeY
SetAttributes
Z "
FXYY c
Z(ZZXX
sa8q
ea 7(
sa8l
| )
| /
OZf ~tJpXXfaXY
a1fc81cd
?Zaaf
u!Za8
_HnXee `Kum
[a8w
ZeYXXX
E-N
FfafaYX
SZZXXfe Y
Z wl
w:Za8
7ece4d44
[ Ya #
Attribute
YYXfa +v
ZYf 3
ZYf 1
k|ZX
=%*i
q-t !
aYf
^vZ
XfZfZe
8eee
afY 3
,;Z
h!Z
,K 8
iZ n
a f%&8
9{f
ff2ba760
bYa
YfZ
aYXa D
` v
%ZZae i{g
BY c
ZSZ
f lOc a
`o8*
XaeXa
eYfeYX
afYXf
A7Z
QNa8M
YeaXa KO> J
Zfe
fefYX Z
Ha8G
Ha8B
lngFileSystemFlags
3{ %t)
19X
IsNullOrEmpty
'aXaY
'/aYYaZXe
CZ ,
1eYXZ k
strVolumeNameBuffer
M9Z R:
aY )
fae {.
\aX
u= kZ
!xZ
eXYYffX l
c50db268
Y oA
MaXYYe
YZe
.> Z 7{^
Yef cV^
FU r
AC f<
0SZ b
CZ a
R4Z
40Y
VYa
a16e3fcb
VQ3Z
^I]%&
BaseAddress
CZ r
kYY P
]ea
affY
T@YfY
bc8442e5
"O/
fY `
vZ bv
bXXeYeXeX \
dve
}eZffaYYa
Z O'
fZYZ y?
z"Za8L
Z ||m
?a d
-ZeZXeZ 5x6o
8%&8
la8B
?"e [
Z OL
eYaYefff
X \
\WZ @
la8Z
pna8
YYZ
y;
YZX
i;0K y
(-%&
+cQ%+
jBHZ
Z Oq
$ ?
aa5c7388
afXXYX i
e2ma8
YaY
uZ ~1*
GD
oD%
lxZZYaXe
Hf W
f F"
.LYaZ
^Yf
Za87
GetFieldFromHandle
qa8|
YZaX
P%&8
fdde8bdf
rseffXaYXa
nYZXaef
g,Z
ZfY W
~EdZea M
ZfY i
\NHZX
ZfY d
CONTEXT_FLOATING_POINT
eXf
Gpa t
eeXYf
45a+
Na8K
#f{ KV
Na8A
Q8a8"
='%+
{0 ,%&
Z aL4
KfaXY
DZ <
Na8P
XZZ
%Tt
ca
Ny8!
XaY y
OZa8i
zeXZXfZe
Aa W
#Xe
DebuggerBrowsableState
Zae U 9QZ
Zf%+
fY
x fZY
faaX
XXfZ r
(
X A4
ZYe ?
W'd
6O,
Na8)
DZ J
XaY :
aY }
fXe
:~XXff
HeX }
ZN'
aa CR
ZX &B
XXeZ
fef
Z h,
ZYYXZffaaXYY
\xt
Z WX
NYYYffX
fXaXaY
b& (|
Buffer
YYY
YeeaY
51b52127
Z hn
CHXX )[>
5 e\
bef72f13
5PZaXZX
hra
Z ?Y-
ZYfXX
dTo
Z hE
ee |S(
Z hV
Dsf .
eZ a`#
f ~0uZa
URJ %&
uZX {
a8i
a8m
[8 Z
XYe oAP
8X D[z
ZZX L^
)$
rZe
8k
a8V
x1Xef
278203bb
Zf hP
4 SF
kee
Sa8W
Sa8S
XZ &9
tZZe
.Efa F7T, U-I
gkiZe =
effY !
XXaf
ZfXXYX W
faXYf 1
8QZ >
c[I
aeXXfY W
xe `
^\xZY
*Z }q
wa8R
Za O
leZ
Za Q
<X Rk
t%&8@
Za Y
eYYeZXeYXeee
Nb!
Z -4
ZeZeeXaXeeee
t|!
Za k
aGkD8
Za o
Za u
Za y
&XZaZYYe
IEa8a
Exception
aY %
Z v|
IaZXeX
faY J
KZ !
^Ja+
Za "
\%E%
Za +
5faZ
Za 7
r f
f2c8d233
tZZ
HNX
Zefef}2
XYeX ={
l:u{Z
[Qa8G
Q6:a8U
>ZxZXYeYeXf
Ye uyW
La8:
PCaXaZ %
936827d9
R\a8
Xfa V
JP?
Z u
Yj|
affX =
^ %&
$ :efXYaYaYe
:faaaX
G =
AV~ZZ
Ye myP
xF/a8
5c3ce8e7
{>X5 !
Yfa -
faYZ
y =v
fffa
<mZfaY
ZaaX
>Wva
La8U
Z uN
La8Z
ZXe 3?}B :q
jca8J
Sz )
XYXYYeefeXe
Math
SpA!ZX
UnmanagedFunctionPointerAttribute
%Aea
aYe a
45466b57
H4x yV{
YfX
%X t
^E
h(mZ
fYf
` a8
[~/Z )X
@Xe
,ZY [
dv L
(:Z
Y (,q
KxZXeefeYX
KuZ
136bdce5
YeZaa
{UaYeXaXe
YafY *
Z \v
a A$
MZae q*Y]
SOa8<
RLefXXa !
aXYef
0eeY
!a r
6f2e10b9
p7X <
sYf
VXZZX
aY !}
wqZ .
{TZ
kGa8
GeY G
@Z !
!a G
[Zaf Wb#
B@f
n0:Z YM
ZYZeXfY 7
ZX C2
XXe E
P{ %
YeZY rJ
aXY
$U%
Ix .
6Y @
hZ ,
XXe e
hZ S
I0a8
* 4F
3QZ ~
get_SystemDirectory
2ea
MulticastDelegate
ow\aYe
fXfa Y
Z MH
@Y 0
[Ca
\Ye
^s]Y
YXXeaeXZ o
hZ z
[wae *
IpZ
Z UMC
2=jM8
8b329b03
Oj (`
aeY
eaZaaffffY u
efXf
efa
2cbc3692
eaaYZ \h.
Na%
-af
41a940d3
ZYff C
XafZX 2V
0b1a8537
78065241
uiMDZ
9Z N`l
9c e
ee ^;P WH
6la8
ZXYXXZa
7af1b0b0
SsY
c573eedc
d<k
X6
e! .,
(G P,
_r:(X A
\&a
}ZZfaa
%ZZ
\eYafYfYaXe G
27e5690b
YeXXe L
^4fa8
XYXXeae
9NV
53ffc3a4
XZX
X CZ
sk%+
0MYY
{ 3y
dQFZ
a 7s
eXYYYf
ffY =
XYYfXe
X C)
SetValue
"Z )
Y Wl
O|aZZY B
d7c6fd88
XYfeeXXYe y
Z n(
Z n*
aYaf
d4b1694d
njZ
cq oPt
Z n8
cd16fac9
f3282cf3
'|ef
(YeYaaa
ffeefX
WX 7J
<>9__3_0
8pi
' Y
5a8K
8a535ac3
! ^O
Iia%
e3c5e319
eXX Ug\7YaYf
Fyz F@
Z nt
/e o
@2dZe
84fe605d
eXXe N{a ee
WVJ2
5a8p
G!Z
18ae306d
3Z
b02a66b5
9aZX
nZZ
nf s
Ya8J
{Z K
Ya8I
Pya+
efY
u |
;Sv?
Ze mB
2 {'z
@Pa8Y
/%f
M?86Z
Ze m+
G:hY
%Xfee ,
feaaa d
ta8}
mfX
ta8p
fe 23
!ZXY
ta8F
<WZa8%
Ya8!
Ya8,
eaXXY
Xa U
fffaaf
xj%+
,Xfee
k:o"a%
9xefZ W
a% `
Xa K
&') <
vDXa8
N6a8
Xa q
KrvJ%&
;eee
bX
AG
f#eafefY
z$a8
XZ yw
/eX
fAZ x
1Zff
Xa
XYYYf
Z \J>
FZ WV
Zaa
k8Z
,W
8973eaa8
S
XZaa
zIefZf
S
9b957cdd
5a%
%fYXZf
[P Za8
ieeeXe
< {X
ztaXXafaZZae
sY ;
Z c
8Y Z
x_a8
d |4j9 j
f{jZ I
<ZfZ
"~j
EfYYYYYXe {
Z &G
eYX
?_b`
MZ K"
$_fX jK
ZfeZfY
\eaf |
fYe Rf`
\XZ ;
\Zee _
,%&8
eeX
Yff
XYYZ
get_IsByRef
Wa "
F3Ma8|
sjf
ZZXfa
:YeYX
zUa84
EQ %+
M)0fX ?x
NWNZa
;a8\
ZfY
PtrToStructure
AZ Q
QjZ
Z WD4)a8[
ZfY
|Za
6zeff
eaZffYX m]e;
S^"
,0 $|b
za88
GZf
za8=
op_Explicit
>_aYfefYX
XaX
{Yfa {
ZXZaX
Zaf 8
09e90b60
VZXeeafX
;#n%&
# Mg@"a%
z/Y
0a%
"&@fXf
b3a40385
EndInvoke
'a8A
IEnumerator
eaY
eZYa E3
44Zfa
>X Q
4G!%Z
ba4e4913
rR%f m
Zaf u
4aa35461
|Z y
VXaa
Zaf B
c=' _S%gZXa L
XeYf y
|f 5
>X b
d7(Z
Xs8&
! <a8
5YZ
eeX W
1dG
>$5
Z C
fXYe
Z C
C|W%+
eeX q
Z C<
?+X *
fa1663a2
ZeYfYX
^8}^
;Xee I3
iQ 1
3cac603d
/Xa _
GetHINSTANCE
YZ LZ
-*8<
_af
{Xa84
1`Za
36a
9.x )]
pX
&fZeXf /
Ta8H
RiZZaff
Ngia
9a8z
o@S
TextWriter
oa8
^Z :
16ffa }7;EX
"`iZ
XYX
'a8y
rgfaXa
Ta8y
0Ca8
R E)
CZZ '
7d7ba0c6
aZYYefeef
%&8
5ff 5,
#LaXY
GetOptionalCustomModifiers
^Z q
a55ed158
b91751e1
DZ OE ka8
set_Arguments
3 Y
XaYfa f
n~Z
{fae
hThread
) af \TV
BindingFlags
&Z 2'B
YaZa =mW
f zM
u`<Z
jf /
Caf
Join
WI
YX @.
Zfe @
XP!
)DZ
|O%+
XXYaXa
gPa8
f z;
{kY
efXZeX #&
S K
2VZ <
K7BR%+
fXa
ProcessModule
Z MOp
Y"K%&
Z l7
/Y ^@HJ 6
,BZ
vaea %
918cddbc
eYeYfeeeZ ZB
}FKZX Q
YeXaYe
\ZfYf
5jeXYX ]V
SvX8p
~@wa8
C a8
Z gx&da8
of i
I9ZaX
=_6%&
@ZXYY
r ve
x%&8Q
gXaffafYea S
ZeYeY PJN$YZ K
ca44de10
ffeXfZ #@
g e
SuEZ
XZf kG
FwZ
SetLastError
~?Z
e vJ
ZXYffe
efef
eaY [
22c0aa8c
%+
ZfaaYYY
$Za8
M[a8
N0Xa
n Gy#
5s1
2O8
Lhs8j
"m`a8
CyaaX =
efeXf
Duf
ZeX
Z @>W
LFZZfeeafX 6C
?ZYe 7
sO2Z
IGZXYe
ry^Xafa a
;OX
c424b493
ZfXYY w
<Y
!XY
SaXY
ZY n
~2/aYXfa
fXfYe C
`|Zea v=
VZ O
s8aY
P>a8
afeae
a4594935
@geX
ZaeZYf @
!0"
ZYfaaYZXa w
U2 9%{\ZX \<
AXf i
krZe (c
MYYZ ?P
yROXaYf
XXXaeea K?!dZYa
X }$
(Usi
feY -
:ER
C.Za8
Sf 9.
uq*
PeZ q
X"rZ \k
Z UPx
Z $*
f I%
fc7fc76f
OZf
Z $;
RegistryHive
Z $2
8Q_a8
aXeeZ
8fda01b2
OpenBaseKey
YeXY ;k
a'" \
Z jSC
2105ab69
?3 M'~
DDjXfeYXX
lngVolumeSerialNumber
a%&8F
ffYYe
Z $z
0{u
kr,Y l
afXeaa
Ze %
a1f73eb8
f95094fc
yTfaZYf %
Ze -
Ze +
`f
fXZ 1
Ze 4
Ze 3
Ze 2
YaeffXY
XYYX
Ze =
'
\Xf
g1 `X?
Ze
ae =
LYYeafXYa
hlH
T%&8
r=vf a5
v/eee
ae W
9d~a y
!daa8
ae ^
ae C
8t"
Ze r
5ZXeeYa u
ae L
ae p
+,fffaXeeYeY
Process
5604a609
Ze W
>Ra8
XeX
zf f)
5XYXYf
a so
"M@vZ d.
eXX 3_a
aXa zJ
!k8(
NYZfY
&aYf
ZZfYX !{0
.a8O
jAZY
ZffY
$|[
meX 3
Zff 78
re BO&
cfZ
?Z Gl
^ gW
.a8?
A-ZafXe
ZYXYYf
tZa !
Z @kD|a8H
@eafXY
eY II
.a8
Invoke
aZ EN
ULZZXf
HcNa8
System.IO
ZYaae Xzi
WrapNonExceptionThrows
GI h
0dce0734
7&lZ
Yfe +
RuntimeTypeHandle
3X ;/M
P Y
u%&8o
elEZ R
1Wa8H
ZeefYfY
Z ]
RuntimeFieldHandle
fYXY w
_ Z
Z W|nKf A
Z Ad
.feaaaX
Z %
OwZ
ZaefXXYX
#
Z `Zt
u7ea8
eYf
XZ
|LTXf y
Z AH
]1sZ
0daX
WVc8
9 }
ZX O@
"@aXeaXaa
6JwZ
Ib c
Xe <
$Va8
!Oa8
ZXZe %
!{u+
aaX n
@ef o
woZ
Pe *=R
Z rP3
}3a8
e mz
Xe q
Xe u
\Za
29b97b73
eZfe S
Xe a
Xe c
Xe e
aaZZaaaX
~YeZY
o vG+l
\Za8
cee ;n
&ZYaXZaf
0YfeXZZ :
TQN
e m+
g7eYYZXY
Xe D
^CeXaaf
/ZYffaa
ZYXfZZXe 9l,VZff
69a0a26f
ZZaX q
XXa .
Zf <x
vXP
fXXX
ZefeffXeeYaY}
yeYZYeeXX
da
7a%
XXa
Vca8
ZZaX +
55eb7bfe
eeYYa G
AXeXYaZaXe _<
aYZXX
eXXfa
644g)
System.Diagnostics
Z 5]4y
sbZ M
strPathName
)Sa8
Bf\
Z b=
result
KefeXaYfaZffe
d06d9b70
sG Z
70dd2d86
aafY
:IeYX
YeXf
XZee Ie
9 Z
ZYefXYYY
4XXf (
Zaf
ZlXf
QYafXa
=wZ
tDffY
a8}
HgaY
*Za
_4afea
feef1ae7
ylTf
eYeae
Z bl
String
%oZe 0_
241e0051
XeYf
lYffa c
]?eYX
Q) 5
ffYfffefYXe
tZY J
ef4b3a8c
get_UTF8
20f4f893
|kaZ
8iU
#'
YeXX 7$
eaffXX x
A aef
ga8B
EQYYYefYe
ga8E
ga8]
CONTEXT_i386
afZa (p6
hXYf <'
Xaf Z
AYXeZf
,+ffYXfXfeaYXZXf
aeaXXaa YVb
efYfaZ
0#Z
ZeZ
baffY _
A:X
fa
daba3e92
ZYXaffZ
efYaf 67
ZYXaXa
YXafaXYXaX
aaXeXaef YS
7aY uf8v
07512c45
fa ,
_eee $a
6SZ |K
916b69d1
tO-a
0;Z
5fZafZ
[Za8
+*6
fa K
ZfXeefXX
-<Zfe d
Z #,Eua8Y
bb6be324
xYYX
Y vA
jXe
fa d
qZZYf ?
Y vP
\Tfae )
9LZ
fa s
<Z & %pa8f
_b
112b0c08
IYef
uZ )9
%&a8
)cY
M>8E
InitializeArray
Z :
f ]'
fffa %
IWZXeeefY
"-/
aaZ
X]? T
8 Os
Z ~.f
YaaZaee !
YZX jT
eXeee
nYf
5YbZ
aY Ef0; |Y
eZ 00
fZaffXa
C ]j
aYYZ +
|eX
XLZ
f 8I
PrvQXeXYXZ [
9eX
I&aX s
ZX hS
0ff k
vSZ
feYeZaXX
PZ &UP!a8d
bcfdca3b
&Zff
{Zee >b?
Intern
a91d9681
LNn
\=I R
dP O
jDZaee y%
mn"a8
DownloadData
eYeaXYX s
dwCreationFlags
Xef
e W!
/b>$Yf
XYffa
){XYf
Trim
gZZ @bi
PEefX
~Za
d35b91a2
ZefeY #
-DoXea
;ya+
2XXZfXaee aA
DIva8a
vZa8
bQh
lZ f)
XZa8
UInt32
J CQ
AYaYZaX u
]aXY
heZ
x*f
Zf J
fZ
Ze F][
) i
tff T
f22f6371
R{ a8]
OIZa8
dZa8
d2796853
a .K
=ZeaY
<-sfZf
Z G%
>B [
! rFs
Split
963510b6
;xe
=fZ
O`eZae M_
Lf Y
; EE:C
3cc6c3da
%_U>
&Y
Z KT3Da8
p@.a8
Z%{e
Z A8_
ZXaX <
w}a+
SkeaY
252dfa8b
Z Gz
\fZaf
Z g~B
}uLi
Hia8
fffYfe
MemberInfo
{'~ZYeae
&a8+
c8eba45e
]a "
c#jZXXfa ,
ZeffXf
LfZ
eaXaaaX
YXf
AYaY M
Zeaf l
qa &
' e
v#v^
fYeZ
0Xeaf
FcZf
Int64
afe
+8~e
lpNumberOfBytesWritten
e*a8
ZYZY
Zeaf *
B,aY '(
u*efa g
7Z [
ZZefa
0100dd7f
7Z r
eXXee )
e kUx
Za8
7Z }
U*jZY q
7Z a
9z$
\lZYYX
kXYY 7
XYea
X _>(
VqZ [k
aaXa +@
hZe w(2
OXf ?
ZeXef
X ^
4'Z
59327590
a%
7Z "
FrameworkDisplayName
]e I t
ffafaYX
f .j
aaX V
{yZ w
h/a8?
Z `=
18d7341e
P+
#eaX UH
q_Z 1t7
TZX 3
1DfYXeZ 3k
SpecialFolder
Z ?v $a+
get_Chars
Z 4~l
GhIZ
afaYef f
YeZaYYa
eb322bde
nY <
#'Z
0{Z
aZe
61cf479e
ae Bk
01c523f1
]4e 0(K
t'IZYaX
ZXeZe 28
|EZe
ZefY
Y*!
cg
w/Y
CffaY Xp+
WX W
lpContext
WX +
WX ,
?Y{ffYXXf y
o#;
NameValueCollection
d457b7ad
ZYfZeY
ea -]
6jWZe
f78
V%+
YYXaY
Yea )QW
ZeZZeZafYf O
ZYaaY #G1
|a
eeeXXa
efZZXeeaX
fXaef X
Za8Y
Za8_
Za8^
TZ z
AeYe
fXfafX
Za8W
Za8T
Za8K
Za8J
TZ `
Za8H
get_FieldType
Za8M
Za8L
yDa8i
:ZY ut
Za8@
8NZ
Za8D
Za8z
Za8x
Assembly
7Ka8K
XeYeaYaZ
Za8s
Za8r
Za8p
Za8w
Za8v
Za8u
8a8p
ff uV
Za8j
Za8m
Za8l
Za8f
Za8e
Za8d
_bY*
oOZ V\
get_ReturnType
7b987988
TZ ;
WZe
8?E3Z
Za8
TZ '
Za8
+>wZ ^
2yYXeaeZfZ vt
3bZ
JTef
Za8:
X&%+
Za8=
9xZfXXXafX
Za83
Za81
Za87
Za86
Za84
Za8*
2Xa
e4%+
Za8/
Za8#
Za8&
TZ
`F M
Z C*59a8'
V1XX *
fafYZZefeXaaXY
b77ba3ec
r%&8+
1d6a3723
"Y x
Xa *m?
0 a8
>`R
Xf `
0 a
ZeZe
>=
aaX
7*Z VM
YaXe
i ti
zLAX 8*
XYYXafX I
EKQ
B(
Z 8F
/|f
lZaZ
-a8|
YeXY
e G%~
&2;%&8
Tj/Z
\% k
LX>X
`(7$
Za8[
YX M
TYfX 8
YX I
Za8Z
5fXe m
eXfZYfYX
_fe
\0+%Z
YX T
6 *Z
ST|
YX o
XYYafXXea
kZfa i)
XfYXfZYYX >
YeYYXYe :
YX w
- w;
<?xml version="1.0" encoding="utf-8" standalone="yes"?> <!-- Copyright (c) Microsoft Corporation --> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <application xmlns="urn:schemas-microsoft-com:asm.v3"> <windowsSettings> <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">Per Monitor</dpiAware> </windowsSettings> </application> </assembly>
YX
7c05377f
y/afYaXYY
5Z &b\8a8
eeXfYYfZa }
gD ,
.}GhZef +
f `
YX -
=XYXXffeYZf
`7F|a
YX <
3584544a
feXXY
I4 x
diaYX $
YX 0
aa u
w .u
eX
X|%&
aa {
Za8C
)c7ZZ S
yX y
|_ff
Za8A
aXf
eX )
3/;Z %u
b8kaX p
eX '
aa E
c ea
u8EZa8q
ef528855
eX 6
aa I
~OXZf
MEM_FREE
eX B
saXYYafX
?` q<|$X
BKZ
aa !
.ZYZY p
eX U
Za8~
iA(
)lp
ZeZYX
\VKa%
YaaY
ZXX a
aa -L!if qT{;eYYfX
tYaeafY /
eX |
eX s
KXa
ToUInt32
Z E,
`a8s
fe `
fXfYaYZaa
+}a 5
#&a8E
WFG Na
BYaZaY
1 ?}t
EeefeYZYY
TZ B
{f Z
e 0N
,} m
ZXaY
-_8n
563f1be2
`a85
e RaP
fe (
aZ .
67bf1944
6eZfef Z
fe &
`a8%
YeYXaYaYf |B
V*aaY
`lqt
?[ .
fe
fe
bX d0!}YXa T-7
042653ac
9'efXYaefeZZYfZf
P8sZX
F`IZ
4 ] O
VeZXea
MeX
X R
b4fbdb3f
ZYeYZaY
78afe588
YXX
a` GZ
ZYea u
jfZa
Z 2s4ha8D
eYYYYfa
Yea
J,a8t
\9li
cd4292fa
i a8
kmX #z
Q5
ZfYZ `
e9823351
RmZ
Zfff 4
1-YeY
kZ n
):a8
(ZYYeZ
ZfZXf
nSize
\Y /
=` s*
[ a%
]Xa
Z aVB
w2K%+
ZZ H
GYaa m
}cta8
{X O
;8 Z
.fXfYaaZXXYa
Pn >U
wffY "
.cctor
[ZfXe _
80dbdfdb
zZYXX
z:
2c36e45b
ZYYY
ZaYXXaX a?
fXZf M`*FZ
Z XZSOa8
Za89
eXYfXX
HAZ -(
>XX
7XYf
ZeXf
a D~^+f
^Cf _
ZXaf gj:|Z
r7a8G
mpfXaaeffZ
H@ GQhBZYXXaXZ
6DZ E
AN =
Z fK
]=qXf
-Z w
3TXa M
cZ k
_;Z
2ZZ
&:Z
System.Reflection
9Z A+
X dL
0fb116d3
Z fn
Z fo
57cb15c5
Za8(
Z fu
Y x[
s1Y w
0d53a90e
Y QkL
D+|aX
:eZffYffZ
6e 9|
$rs
0a149a61
PZ O
Q)!;%+
ZeaaYYf}
ZaaaYXeeXe
|A
\AZfaYe
PZ w
fff
GetMethods
Vhua8
ZjX(
ZaaaXYYXfeYfe
Z tW4
9)[
cfYfaXYYXY
Object
UZ -
fYZ @
fbb647eb
P\Ya
'Z }"
XZZaa
9Z gY
<a8^
Y
d%&8p
eZa
gFY
]ZYY 2:
aff lm
91dd5c26
7C} {bR
ub7a8l
tZ H"
ZfYea
Z E=r
*X <
+ ^#
df33f340
JXfa
YXfae
6Zaaf
Hfa8
2Ff
UZ @
V'
Xaf J_\
ZaYae
<a8#
afb4de27
dQzZ t
$ a8
ZZfYX '
Z*Z
mf
yz u
set_Type
53d54aaa
(3
b s;
aX !
68Z
/AmZ
2iha8
fXfZfae
n O9
XX 8@$0YX
rZZYfZ u
eafYZX
aX
NZY
iu%+
Xffe '
d29adc82
yE!
aX f
2e z#
20fce455
aX ^
3c3d6a06
aa 7F
ZfX cl
aaf
eeXfe
^l@Z
Z >
|CZ
sZaXeZ
XZYZYfee
GetCurrentProcess
amZ p
XfXY
Z 4Ts
2.6'
^4/
55ed90df
Z >Q
;
479ae58d
YeZ
afaZ
5081e7a3
f Y^
50be3fb5
^<Z
h8a8
&`Z
Z >~
sZMZ
_a \
UfZa
0h 5
u a+
OZ %
XYe
)Za+
d084a981
JZ 0
JZ 4
eZY
get_DeclaringType
aaffX
Protect
Zf Ir
&(_8,
UZ #}
*=Y
?g |q
e S'
ri
Ofef
G# g
YYYZXf 8
Yafea WD
ZfffXY
!Za+
]YXaX 7
q> PS
BvYYeY "
KXZ F
ProcessModuleCollection
s s
fXZZ ?
93de7f1d
ZeXY
WXa
Yeaeefff
RFf Y
a "X
#re /
+E~r
]C
Xs S
]P,)
J"aeaYf
aee375c7
G o=
XeXa Nz
naYa :
"|%+
FZYaa
ma8/
Ba8U
aaaff
L1\a8X
8adf38e5
$X r
ma8_
OXe
kefX
$X |
Ba8.
/mLa8
;,*`
Ba87
0# y
ZaY
Ba8:
ma8@
ma8{
Z N~p
5%&8
Z >qPQa8
211281b4
G og
ma8n
&>va8
6a6eddb5
88ZY 9
Zfe +
r^Ze
Z [:
4QYYa `
]:2K
"YZ
f51b856c
k^aef
PXae
c;Z
Y8dfe
[Z (b
{Fk
Zfe
ZYX
aw$
TLZe .P
~Z [TyF
64748e89
-{ u
Zeff
eXX e
fZaaefe
3Xae
^YXf I
f9daf09d
YaaZf m
vPrfaX
QZ _
YXZ
OfYf
Xae {
Ga8:
iO P
QZ u
a '~~
GetDelegateForFunctionPointer
l;Zf}!
L6e
ZaZZ
)Mf E
YYZf 55
Y ?Xh
reX #
QZ
3eef33d0
Ga8v
%eY E
X B RaZf
e8ZYa
|0Z
!aYaYaZYeZZ E
)l]
yaae ^=
Z^?
Create
d3Xefee
Xf Yb
o_Iaa U
4fc796f7
XXaZeee
eeaee
PXea Z Iie
afYa
ef8b5c5c
afa
FEF8
!Zf i
KkB%+
7448b3df
hProcess
YeZY T
N IZ
?2?Z .>Gqa8
fXY
c0901487
c979bf26
ZYa 8
&Va8
fXefae
8ce558ec
7df69cb6
WfZa )
Nff YHe
^ Eq/
Q5e
6fac31ff
k%ZaYafeeYX 2
0tef
afX 9
cY o)l'XaeaXfY nL
Qp1XZ
Z dT
"Ya j
YYZe
_7fffZ
cb4b0390
Z s.w
Z Uj_
7323d32f
BeYfa {
<aVeYee
Xe V
9Z ~
-Eedi
XZZfeY
MeNf
5?L
Z d/
ZZeee
ZfeefeYYfYe
ZYeeaX rA
09dc671a
8ff9b2f3
}/qZ
Z d6
fXaY x
3be62e46
ff o
f PBP
<k1e
_'3a
!' YfeeffffeXf
RZ x
fae
e Nt
~gZ J
3b2aacbe
fZY 4W
7D e
QZXXeae
- %&
TaeY
fae +
Xef Mr
Copy
!@XeZ
GetTempPath
ZeXXYY
feXY
YZYY G~
Y )'
Xfee
#Ca8
F
Xa -w K
c929aa2f
`fYeY b
<Za8T
$aaX
iZaX
f *R
yOa
:]+
; Z _
ha88
K A
VaX ,~
645c68b8
afYX `
1cd5c148
|rQ8
@[
Ma8{
$Ja8
Ma8p
Z [`q
05ad0e98
X#a8
Ma8[
eXY x!f
Y Ui
Ma8S
2A~ ]
FtXf
"Z
afYX 8
ha8h
,Z \
a"Z
FieldInfo
X kB
U,YfY ;
684b3071
z[q
74300f56
%Wf
]P
=fVa8c
mffefeYae
nhvZ
bZ [
6Yf Ii
)ha8
ZaefXaZfeYYZ
2YaZY Y
/IYYae
"a8I
"a8L
YeX
8d94b74d
Z <x
saffe
aY )jI
'af
ui*
e%eXfa |
f Gd
YXn(
"a8z
"a8x
f52ee460
saa
#Na8
EZ C
Gd<
T3# \L
&eXY
X/%&
XaX K
_a8y
sfeea -
227270a7
tlZ Y A
&ff
XaX s
|):t%+
e H8AV
gYZ
eX UO
c10e7a23
fff 5W2h
(a I>dQ
YfaY
5Z ;4
Z $AB
aa g
Yaf
YYZfe
2@ $3
A? K
Yaea
%faaafe ,W
2)aaae
5! t
Zae O
_r7gZ
WYffX (
n-`Z
Zae S
Z cf2Oa+
J8f A}q
ZXX
DebuggableAttribute
_.($p
gg)
eaXa
UbI )
0873e801
A#C
ZZefeX M
*%&
H:q
dXYfZf
CONTEXT_DEBUG_REGISTERS
477e758a
ffeYY
YeaX
Zae 5
d h@Zf oP
taa _
D,= a
/:%Z kb
.@
#YYX s
bda4e92c
"7Z G
{Ba8`
#aYfXXXX
eY y<R
YZ F
Qr Y&
Q&%+
r=Yaf
ZYZ
=$ZfY
xf !
aaXfZYe
-[EaaeZaYY !J
846649c0
aZfZZfa w
na8x
0eaa
Z RS
na8u
get_IsArray
na8M
6a [
eZfYaYae
{ZfZ
na8E
na8D
NVID
YZffeXf
0aa59cbc
uJZ ]f$
ZX k
afYZZ
Z aF
e711476f
ZX y
"U 2 ^ eZYYaXXf G
ZX C
afae
Yee
ZX L
TLa8
c212e640
)XYefZ
ZX W
ZX X
ZX ^
ZX _
ZX ]
faX L
wb]X %
dff U
ZX -
Y 6}W
ZYeY
j+%Z
?@YeY
Ee O!
%!YXe o
aeaY
ZX
XaXaaafeYeXY
U7a8
+1A
bcastdvr.exe
%e $
feYX
3xA4Z
svx
d aXa #
371aa99e
> ff <
R!$.aYf
4L%&
NZ 5
Xff J
".X
7`
zZY
ZXYee y&m!Za 4
Z oZi
ZYYfef A
k A>
GetDynamicILInfo
?Xf D U [
i& {Z
XeaXYaYX
NZ [
ffefaYXX
NZ E
Xff 1
eXffe
@ d*
gY g
XaaYfXXXfeaYY
(ZXeZ '
J4a%
J _
hPgZfeX
ua8I
ua8M
ua8_
X ?3
ua8f
ua8g
! j
Jcs
Zeeffe g2
ZY ~n#
WebHeaderCollection
M@aXY
Yefa Q
.NET Framework 4
eZ s
fYY u_
+)eZ
Zffafe
5aY
P]
^_[
7YYfZ N]
<mq
YXf AC
fhC 9
ZXX 5
ua8;
*ZY ,i2
RqQfeZYYa
Z z)
#eY @
bXXaY
Y +t
j|_eX
F`aeef a(
>Za :
ZXXZ
e =/
1Kd=s
L,n
YefaX o
ee7349ab
D 6Sf
e tFR
;f \-
YaY I
e974c641
ZXeaafa
TXefZ M
% a
*6a8l
342e7e00
^fX 0
e H7
feX
Ja8f
Ja8y
aef
eY hhu
NQYY
EY e
}aeYeY
*#ZX A
e133a2ba
EY q
Xf T
$eZX qui
!fe
GcfeXeeYZaaa .
\a%
WUf
V|6
fYY
(d_a+
UhS
a nE
get_IsConstructor
yRX
5iD
7deaf71b
3ea4d688
YeXf x
9 Z
UOf
751519b9
ad869e7c
raffaY :N
hZ DH
fZXaaX
Y {L
-t F
"fY
lpNumberOfBytesRead
eeXee 8z'
32e431f2
}ou1
GetProcesses
\ffY g
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
'gD
n\a8a
617b29a1
c2fc4c7f
86g
7b716367
5`aZfaYXY
aY 6g
get_TypeHandle
!x:f 'r
e YYY
_bX
strFileSystemNameBuffer
Z 2j
a8
Z 2y
{fZaff
aeXZe
P8Z (
8eeYXYef 5u
cfb01f62
ffeXXf
aYeZZeYXeXY O
GYef y
!aaX [
Z 2^
Flush
aYaY
{a8]
* n*e
z{]eeXYfYfXZfa
Zf I
"ZXeZaaX
GetEnumerator
r*YaXeZ
}h-
ffZ e
X MpP
4116491e
Zf Q
Zf h
DvZ T
afaef
Zf f
(%&8i
Zf c
fe #
{a8n
XN[a8q
ZYef
Zf u
Zf q
Zf r
Zf s
Zf
' z
_` a8l
dkafeeYe ik
5I Z
ZaYeZa
ED&
t,;5Z
XXX vd
get_StandardOutput
eYeXY
9Gr Z
CwfYZa
Zf *
fe :
Zf $
cd0daf6c
Zf '
Zf !
82f22fc9
uZa8
Zf ;
get_ProcessName
Zf 5
{a8&
Zf 1
3+Z
hZfYXa q
ZYeXeYeaYf
0Zf
=YYa f
CREATE_NO_WINDOW
YYXY _
baX
uZXY LG
h9 n
X
TJ8`
Z LpO
FX]
vJ%&8
TXX
Z k!hha8u
Sva
+ReY
]Kw
X h
DZ n #
Zea 0X
Pa8j
Pa8w
o6Zef d
8 aeX 7(
9g%&
X @
Z 8DD
X gTy0
(<Z
XeXaeXafXYYaaaYfY 6
uf O`
ZYXe
J;Za8t
+Z "
:|+
'wZa
]KO
Oe o
Z _=
"{Yf
Ua8m
Z ] x]a8
Z _*
ZeYZf
28dbc6ea
s58
=fea }
uB6a%
WOl1XXeXYeeeaXYeX
Ua8E
SZ 6
31e7b791
SJZ
SZ 1
S0YZ
.:C
ZZYZY 6pM
>N?zZ y
!_ 8
Ua8
zxF)
Z L
Ua84
AZaX
D)XZ
XY KWN
5 vy
{ea >
ZXaaXafY
TZXeXY
Exists
System.Security.Principal
P},e
y-fY
Z w
XX }
z{Z
.%&
( u
e gU
&XX ?n
e gL
ZeYY e
c2ee2021
*a87
NaZX
XX Q
XX S
97955e93
XXefef I
f05539d6
O|>5
\=S%&
XX B
3aa
e OpD
,fee
qYf
*a8y
XX -
$e o
Tff
Dv J!!
*a8@
*a8F
value
*a8Y
ZZae
HZ s
;Ea8
,)7Za+
ifb
Z @JkTa+
feaefXff
2b2e73c4
S jC
d _
-+cfa
jrYY
V9&a8O
>Gle
fIl0%+
,aX
% Ne
3%&8
Zfa O
_ef
MZa Vn
Zf o
| wZ;
ya8k
A/aXZaffYX
i%eafZYY
fYYXf
fYa wJ
a E
ya8Z
Read
H*Yff
GZY
IYaff
R$:%Z _7
Z 15C
5k =
2Za
naaYfXfaZX u5
fY =wY
H%.f
XZfXaea
X 14
CkHb
xl ~v~
Te q
-EZ ,
a +!p
eaYfXeY
]pa8
3YXef
Thread
7d419868
MFZ
S=ZZa
7a953b52
p Z
%I feYf
_bX(
FZae 4o4
\Zeef
X yVvSZfe
{Aa
_bX(2
_bX(4
.Zf
_bX(8
_bX(:
2Z #
_bX(<
Z x<
_bX(
_bX("
2Z ;
_bX($
_bX(&
Z x%
_bX((
_bX(*
_bX(,
`fa
_bX(.
ZZYX
2a336107
afYYefa
j .a8i
Yf z
[a8n
TTYYXf V
(aXaZZ
Yf V
4lafea 8,Jg J
n!%&8F
aec84539
fZae
Zea |Z?
[a8D
fY t{
ffa hC*
J{a+
b55037d1
[a84
z bP
qZa8
Yf %
W\Za+
()
Yf -
-3afXZfXXZee a
q.1ZfYffe
Th2
+ a8
XeXZ
j)X
Zaa \
II^
eIuZX
Yf
raeef
) y:
;mZ
ZYXYYXe o
}Za
SZ
+ZYXX d
Xfea
HtK2%+
| [o;
{fXf
m25
l[%&
XYeaYf
IYXaZ .
,Xe
PtrToStringAnsi
Y -O
.m
XfY
"tZ
YaYY
Y [{7
RP%+
OeY
ef 3
'YYf L
L/GoYXXXaY
:Y:
d Rf
pZa8
Z4%fY
Z 96
wYXXaZe [
fXfa \
qmoQ
q2Z j
(a8E
WriteLine
"!@Y
)$Za80
=#HpZ
XY a
9:FZ
YYee
Z e
fZ @h
fb3f81ee
6 !
&ra
K Z
Q`kZXYfeee
E "G
YZYXe
\ha8I
s*`GZ
(
gv%+
a8R
Sleep
YZa8T
@Oe S
gYf
8AZ
fY WS
ZafaY
DateTime
[Z }II
Z q#/
8Ll~%&8
ZYXfaZYX
!{I
r NUZ
7a45a04d
GetBytes
Z dat
aX < )
1d<x
*ZX
(a8h
'f 3Q5YZ
YfY ?
ueaefYf 5
F&5
vZ wl
3536029c
)qHz
ZYfY
ee iS@
Z E&%:a8
Z a cja8r
4045caec
fXfY
qnNa8>
0c66965d
`X N
vZfe}
ZffffaXY M
YlZa8W
|Za8E
>.m=Y ,
Xb
k"Z
IYf
1YZaZa
:@2
P,Z
aaXf
XY 3
GO[a8<
*:Pa8
::4BafYZf
`X 6
S3V
_Xff
_M ]oJ
Z p.2
.ZeZ |
ProcessStartInfo
e]e m
')8
5f )
ZYf
(ha8
ZX +=Y
*fXaffX Q
,Z `oS
Z ]]
Z ]a
4 'E&7 E
OYX
ff U -
BXW &
4dfa96a5
f047aa76
.Z N
Yeff
ZYXXaY
dffX qu
|f w9
KzZZ
Write
];f 4
2&T
aXfXaae
Z ].
Z 1XK
dbf99975
4^E4
yffXYe p
.Z
aYY
Sari
N sE
}Xaa
YYYXfZf [WEU =9
%e
P\[W
395fd94b
TaZ G
aYXff
#96Za8#
sN%&8
{Y g}
GetLastWin32Error
5Z "pFNa8=
eafZ
1> e>
Z ;" La8
:ZfX
qZ 9
e a.
ZYaYYe
JZa
:9Z
b+Z 'qVxe
91af
LZ o|9JZ s
f.lZa8
0ZeY
fXYaZaYXa Y
9bc44096
2>;Zeff u
%afa *
6ga8
IZ W
qVZYZ 1
eeaYXZX s
ZfZf 6Q
FromBase64String
_$x$
YYZYXYeae
Xaa H`)
(X^
XYXYff
Tlf
tl =
bQY k)
1oZaefYf
KK<Z
K m
ZYeYa
E"XXXZXaX u
wZ 2=p
19c3d6e7
^ 3W
4ff8a771
Y g|
feZe
'0 /mu5ZYf P
%&8T
a =
'f a8^
O^EO
^;(Z "<C
YZXea [
yZa8
9-Yf
@x?Z I
lpProcessInformation
{kl
XeZ
Z ~P
KY V
O1Z
dZ
kVX Q-B
v/f 7
b0ed5ff8
ZDZ
FC7Z
! 5^
e %nW
teY
6ZYa
Kill
mZ \6
3XYXffY
Jco8Z P
`eeef Dn
}e L
2UZ3Z
7ac15132
SYfZX q
01b6960d
6381e781
X 3y
eXeZe
X 3J
V7Z M~=}a8*
dz NZ
Z FaA
get_Name
CreateDelegate
)Z U
X BCl
YY Ah&
! Ey
gj}>
(Fv
y[ae
4a023a5b
V/_
ZZY
uXefYXf D>Z
f89c301c
Zef
}aeafY
yV g
ia8t
eZ zwH
eXZY
/Wa8
G /P
fXe CF,
-XfZf 4
b65e2037
Z <
lSZaaee
a3>Z jav a8+
YM<fY
aZZa
Ze }*
aaZa
Y K
ZZf ,
GdZ
1\Z
Convert
=[/ZX 3
ea3bbd05
K!Z D
Xf
j%&8
fB\f
CXa m
FlagsAttribute
[/ a8
@y0
^aY :
]Ya ;
|a8n
QWEa8
0dbebc06
cIXYaXaX
Xf 6
Y z(
ZaYea
4f i
4Yef
55c6bc69
B+Z<XeeX
SXX s
Seee
eeZfZ
B#%X
dpZ
Xf k
Xf i
,K
*XkZ %
ZYe Qy s
58%+
YXfe GGf
8ZYfX svk
v%ae D
Xf ^
eXZeaYf
feee
Z 6^
q#a82
eaYff 8
eZYe
6Z ]
Ze YLhS k
@ZfY
@a8C
ZfYY
/q8M
cZeeY
Z sV
bc7cf1b1
1ffX ;
SetLocalSignature
1aafaaafZ
+oM
eZYXZ
6Z o
hZXeXfYae
d :Z Z
1 o%kJa%
wa8/
DzZ
&.Z
6Z
YZZYZ
ZZff `g
aeX
8abXX
ZeXeX
faY y
eafa
+ iF^p8H
6Z /
get_IsPointer
Regex
G g-
4Jf
0`ZaY
ZXf -
]/f
+ IW
aX sV
efXaffa
pd /
1983c6ab
eTBZ U
6ca8l
!!d* Z{K
g$o
#bAa8
Y_Y
uXXZX
sZYYfaeX ad
eaaef P
% gT
sCe $wPNfY
_b p
LRd
ZXf G
<ZzLXaaaa C
18d2067f
S C(
S.Yi
ZXf Z
Z u,
]XYZXffaX
+bZZae
%&8i
%&8h
%&8j
%&8e
%&8d
%&8f
%&8a
%&8b
]uZ
,? /
%&8y
fYXeY MC
e20a373d
Es%+
%&8p
%&8r
fe 37
%&8N
fYa !
5O=Z E v- a6.\YYXXe Y
%&8D
%&8G
%&8A
UNBZY '
,xZ
x*Zea
b Ly%+
:eKMXeaffXe 3
%&8Y
Z Sv
%&8R
%&8.
%&8$
+}TZ
%&8
6@Z
Int16
%&89
%&88
5ae
aaZZYXXeaf
%&84
%&87
s{Z
%&8
e 7"&
{{Ea8
8T5Z
fefa
0xa84
System.Runtime.Versioning
ed4eec24
XfY O
XYfe
Console
-leZ
+F~]
n 7A
fQ~fXe
fYYe
=Ya
ff 7
YY Uf
RXeYe
XfY a
d5+Za8K
TZYZef
ff (
y'[a+
YeX ;
ff .
<a8]
QZYYY
e c;
OXf
ff N
ff p
Eg^}Z
W?X k
h.X
fc3245b5
rfefY
ff f
ff h
UYfeZ >
0U
'Ze ZZ
r|w
eaa
ZYXY S
<faea /gT
*#,=XYe
S%X8
~A a8/
y5" Z
{Oa8"
d#aa+
`bL8
srn
O ZX
(X k
0a?
3787e4e9
^ Zn
ga .
jYZYXfefaf
49tf
CreateInstance
eC<f
0I- S
ff k
o{Z
ZOZ
Y '_
*YaYe
faf
eX VBq\ ^U
Q'%&8G
Pa UP:
^fefYXaa t
Z &N_
eYXaeXefZXafaXa
Environment
R- 8\
E&aa )o<
KZaYY
fYaeY
ZfYfa P
PW!aY G
fa x
YZ S8V
ffX
eeaX
DJQgZ
@i Y
ZYY k.
wZ D
_af Y
600692cf
vaf
!ZXea *F
Z +J
r 9a8
ffaYfYff o
a9c0be85
wZ h
':Xfeef _
ML3a
a q /
Z #J
9a42674c
eYYfZ c
{+a8:
t0C
&f z&
; !
ZffZXae
0627adfa
`lXaa
FW780
UEZa8#
lpBuffer
DufXXa t
Eq E
0/k 8n
<afYXfZfef
ZZfe
msaXeXe
qZ ~,w
iZXe g
vfaX
w{XaX vV{)
Z@Y
k$]E
)uf
IZYfX
onZae Y
0a8I
Daf
403f49a0
eaZZYYX
set_WindowStyle
0405f87a
*aaX
0a8f
nsaXX
|d/
vGF
;?Z J5
%Oa8
wuYaXYXfY =
7EY
"EZ ?
System.Runtime.InteropServices
!Z $W
#BG
lZ
303c9306
Ac4
Ct Z
XafZ
Z o} Ca8C
c6bfa4bd
5ZYa
76c39e28
Z iu
E7X
|?Z
ACf o
NEa
TextReader
CONTEXT_CONTROL
af Pf
59df74ec
koZ
System.Core
"a $
ZXYf
Xfaa
1Zf
nkXe
(TeXY
(aeY /
ParameterInfo
xf Yv
lO LZ <
K: 2oK
'Za+
RaafXeXXaYafZefffaf
Vj 4
ZeXXeffa
Zef ;
Oo$4a
aX ~U\
3Oe
{ e
UQ =W
z&\Z A
QfaZfff 7Rj
wZ {l
Wra8
e ;zAPZX
aaYa xjO
Zeff aB
ZZfXaZ
f9ffad48
}a 6
Zf 76
:?f
get_Length
Zef Y
{ZYeef
h eaY q
q{ZXXYYfYfYZX
Z t?
System.Collections
e076876c
9XYYXeY c
6XX
|Z n8
Y1%+
ae828da4
D{+ E
j eY
XffYfaYeafe
Za ^!
Xa Tx
FTfaaY
8aafea W
% Z
effaf
aXf .
Z Npe
Ye 5
s.\Xfefaf
&1vYaXeefaaZ
Z 0FY
1dca2c0d
Kp$
YaYa g
$XZ
6f685242
c$+
.eaX gt
, /
7 i' % 9?
ZZfZfX h
eeffe
LZa8r
aXZfX p
1839cbac
LZa8\
6a8t
Z Qp
V Ut
6a8}
eYaZ t!{
ee xcHlf
D3ZfZX
Equals
ZeZY
6a8i
"ZX
@B&
90Z
wdd
NZfY
1Yea
aeXY C
X A[_ Z
6a87
ZYZYa
,ZZY %
y~~
w]aeeYYfa w
9e7c54e9
OD4
dwData
056a1d04
feY
Z Q&
XX l
+ o%kJa%
aaefaYef}
<yZZX +
XeffX
YXf T
e F:
QfXZea b
6e5b1d69
ffXX
'ZYXX
YXf 1
afXY sapIZ
e }2
fc0fab33
ZX gc1
uU8o
_ -0
Yafe
{ZZXf 8N
ZYYaZ
e <,3
1OaX u
ThreadHandle
eYfXYeX
DynamicILInfo
`qXeY
f ?]
0fX
faeaf
Start
DZa8
;( (Za8
YffZffeX
E!
bX iR
d58ab727
.4q"
afZf
8qV
ZYaYe .mP
ZYfZe kye5aeYYffXXffXXXY
eZfXXaaf
faX
feZa
efaZXX
5~g
YaeeY
efX a/
;nB
UV+ *7
`oe
XXXf
5Ye
lwQ
BYl
P]4
\2f
H, 8
?Ta .
ZXXaXfe
feY
\e )|
PWa8e
ZYZZeXYXZXYe J
S;Fa8$
Decimal
f h\
BMeYefYfe
ffZ
Z )u
YYYY
eYfa _"
pBZ t*FLa8
Z )M
yZ }
XXf K
.ZXfY
5z
2a 1
eeZaY
XX ]o
mZ ;
ZXX M3
ZaXe
W}xZ ,
YYaX
)lX
N{T `.
QA
Byte
okXeY
Z i`"Pa8
XaZ 50
ZffXYafeYX
fY +X
MoveNext
Dispose
rZeeeYXf s
fafe
get_MetadataToken
183633f3
r%eYfXa
mZ A
Y1c%+
fX }[
yZ lH
7%E%
-ra8s
YX 3hMe 'N.
mZ [
kefYaefaaf '
fYa
ef ='
KXXYe
Z N:l
xueaY
ffefa
raYY
fXXfXXY
eXXe Q P\f
H{a
N#
5 e 0
.!aYef
3aYeXX
ZYYfXa
&dZ :H
?Z 1
$ffZX
YfZXfY
hff
Y \8-Ma
ap8i
jX l
eeef
A 2L q
7 j
XXaX
2Z VzA
Zfaf CM
Xaa
+ *t
R3;Za+
c45ce8ad
'ff
Z &m}
beaX
/[a+
ZfYY "
XXZY
Z JU
Oa 0/T
9a657890
p/
S NZ
ZY ;Mr
uZ R4
'^.k
zefe
9/ZfXaYYf
24954ada
LyZY
T ,Z D
XYZa
XeeYX
fZYZ
YX qd
rZ Z&7
QZe
Z}ZeeeZ
*%Y
7XaafeaeYeY
/pjea 7cF
!
81g
ae <q
^a8Q
]feX Hr;W H2
f5K%+
d990ad09
Za8>
^a8}
aXZ B
Zeaa
eafY k
ZfYXYXZef rd
LOZ
DX i
feZfYeX
b28226c4
afaXaefXYXae
+s&
EZ =0
zYZ
t5q%+
99ee2316
^a86
aY S@
^a80
Yfea a
Za 7T
~ba8
ZXf
yxCjZae
85f5fbdc
SYff a.
eY 9
a56f01d8
085960b4
_X .
A|s
daca1ff1
a WB2=ZYY
/s8]
WebClient
z@9k
| sl'
`"ZeXaefeXYeYaY}
Ca8I
aXXe M<
3%I
XaYf J
YaXa
ZYXfZY
1j M
4ca0437f
ZXfX
@Za8
uQ
{&Z
Z WZ
+eXe
'ja
MYaY ye
2e |
0fb3e4d0
#[8Z mG
^eXf /
RhV pi
2vZ B_
bed07ece
ZfXa
ZffaaYXaY
tx K
JfYYeeY
.wk
'fe Q
ReadByte
<_Z %
52b57c67
2e Y
aaZaYefae
3c494e7b
FQa8
ehZ
NcZ ;]
Z M3
67efbc0c
+za8R
XYXf
vZffeZX
Z W
XXX W
Z W
TZa8f
T Z :W3
1%-
Mzkt)
]7%&
d@a8t
9f173b09
?T%&
X Ld
ZZafaZX \2W
TCY
c30ceffd
Z V)f
ZYaaaYXf J
_sxZf +
YU%&
&lZ
*Caa [
c"
16901fe1
eZXYZa
b^LX
V|Z
dwFreeType
|Y >
YYXa
<Module>
a e_t
RD7e 3
s#n
Paa
p \H
xYeXZX
,^_[
|Ada E
eZ 'fm
Aa8^
Aa8\
eae
XZ %wD( x
DJSe
Ca%
Aa8D
fX E
sIY
1db59375
cdf62934
(a%&
lra
aYZa s
A,K C@r
fX m
6&}
fX b
2ZfX
faZ
79Z
Zf SC
R;Z Y
a ]#
484c77dc
]^ Z
fX ?
fX ;
\a8V
n Z
7Ze
Y m.
K Y
^eXeaZff gN
"ta8
&KV
FZaeY
jLZ
OY q
eeYX \
Z }_z
Z /7
9bb7ac91
f bB &
c425989b
v~sYY
_bj2
?efaXaa
ee +N
DebuggerBrowsableAttribute
J^EJ
Z p.
Z p"
0 ta
9qa8W
; Z
1f0fbd7f
LYXf
ZXeZf /2
Z /K
2TZXaXe /
CharSet
~ a8
di?e
Z /X
bhJ}%&8d
Z {:?
s?kq d
ke (
>a8r
>a8p
ZYYX
`aXafaZe x/ G >
4}Z >
zYe
sa%
[aXZeY
MZ B,
T c`
rZ M
XwZ
aZeYZY
yeZXZY f
ZefeYaZ 7
O;Z
] BY
_iZ
3ab2e217
Append
%aYf R
]a8
ZXae
CONTEXT_SEGMENTS
op_Equality
Zff =
Zff 2
yYaXXefX
aYff
ZYX >|
IZZYXaeae
ZYYfXfaaea
7 P
nfYe
efeXXa f
#a8m
affXf
NaX
eeZf
2 &
s ]C
|]
bqa8
eXYYf u
f4d41227
Iaa
XZa
}ZaaaXeYee
tK GZ
Z HL
YZa U
Z HQ
F1a8
e k *Zee [j
AZ
c6Y
Z !Y
oeXe
*if .r
ZfeX
Z Hp
<Zaaf
@ K3
l-eYXZXY
p& }
a xS
#rZ
ba8
XIfX YC|
$Z
fZYX
aXXYeY
Wf H%
eafffX
Za
ZYY _&
Ue w]
callback
Z H0
ba87
Pb~Za8V
ZeYYXaf
{ a8
c60917cc
YZYe D*nae D
:Z a
YafXa
HashAlgorithm
a7e9cc92
:Z P
LUfe K@
:Z X
EFa85
.=X A
\fX `E
WfXf
ayA+Za8
ZaZ V
V Z
IXY %
!Z p"
XX 5Mn;8
:Z )
aY Qo
5Z T
18fba1c0
K, ZYaXe
,? Z
c0b17114
fZZaX !
Z fq
Microsoft.Win32
+ K
:)5
ZXfY %K83
rM9Xeaeee 6
v iP
b33a1f43
Z{X @
ff NN
{fY
eXe
xY 5
i4 >
Xf =c
!a8J
%]%+
!3]
Z @
eXaZfXXZ uH
!a8@
BitConverter
)ef
7*a8
[fe
IntPtr
fXYafe
Y PQ
uZ 9+nL y
5BZ
!eeff
jO[
ffafZf }
8$
Z UU
YX s/
afXeaXZaaXYY
bYfY U!vifY |
Z|eZe
l;j-Y
ResolveMethod
fXf
IUefY ,
XXXeZfXa
a675155f
f sK
>ZXfXa
fXf ;
210a9ed2
Z +\*Oa8
0L 6ZYX `5.v
S]| |%OeYY 2
eXaa g
p1X
Zffafa L)
t3U%&
FZa
fXfaYe -
Z U9
ZZY
>eeXeXXf
1} A%&8
fefYX
eZefee
^Z Wd
;uaaaaXaeefaYaXaYXeZ
Y$H8}
/P:`
` Zw
bMXeY ?
{G
4a%
aXeXYeeX
r{e
ZYYef q
JaXaaeff
Sa%
[S3
r@%&
fe /
+KZ
<^ 7
7/a8e
nZ L
%a8&
eYeeZ G
+Zc e
Aff
94f739f9
aYf b
U eL.+aa
get_FileName
ZXeeZ
FileInfo
K|Z
956072d9
oZ L
UZ -aL
U w
ZYfYeY
A Z
get_MethodHandle
XaeZaYX
oZ
oZ &
79be122b
~9XYeeX
oZ 1
<q%&
BF h@
hD4!Z
T(a8
UZa8
LaYXZXZf I+
X +4
Za Bvf
Z -=
M1bZa8w
pma8|
h|Z :K
Z vl
7DXZYe
h^k#Z
4Zee
YZ L
MeXeYfeZ
YfYX %_
Z vB
SBYYe
x~Y
Ooff
6Kf X
(6ZY
fYaX
EWZ
YZaf
4005a030
WKa8k
Ze j:#! %6
Z -N
SCeeaaef
ZX <
W>na8
Gaf
/<a8D
sZa8
rR*
tZca8]
|}a8
.Ya y
UeaeYfa
eYXeZef
{Ia8B
'ZYeZZ =}
% 0[O<aZeX
eaXXfXY O^
>aaY
ffafaefXYa I$
1Z p
cYf
ZX ID
lafaaeaXae
sZa8T
=Z
=Z +
=Z *
2h;%+
kXX
0~q
Ve 6<
&Z }|
}y$
!ZYYYY \
XYYa
0`ZaYX
ChangeType
Z sCC
CompilerGeneratedAttribute
Pge
69Z
<ff 3
fYe
'Zfe
/rIa8
RZ .M
19.
i5V
Ya
eafXa
)bZ !
z$wa+
^bZ
Oaa ;
x8EY
Ya "
ZfZ o{
G*1
Ya \
6I c
Ya W
:afXe
G '"
Ya N
Ya L
G54,
afe I
_=&YZXaY |e
YNZ
xvXXXYeaY l
fY .'#
=I)a%
Ya t
*C3Z
Z faefee
Ya p
lngFileSystemNameSize
feYa
6/
Xae
Ya a
88554f7e
ZY h
$-ffa !l
35299c97
GetElementType
tz Y
ZY e
2ueaeXX
ZY s
A|$Zf
d\sXff s
ZY w
aeeaYYf pDn
ZY u
*fa
;LL^i
ZY C
3 a8
ZY ]
DV'aXXaa ^
*LZ
ZY )
aaf A
ZY .
ZY ,
/gZ
ZY "
ZXfYf
54a6a80b
ZY ?
ZY =
Kna8
E a8!
ZY 1
ZY 5
Z N-
L [1
-e j
Z N"
nw Z
CD3a8
?^ _
0gZYa
\ZeX
XfZ }&
9756d358
-oa8V
/oZ
b8eb1653
8Z 8/1
/_AXf
Yfae
vM'a8K
[7SGZ
,z ,
AZe
Ia8>
^6Z
_ba %d
7Z }|- a8
Yef y
YaX
X c>X
*XX
Yef w
Yef O
h U
Yef C
Ia8v
efE
5beea030
*3YZ 8
Enum
ZZfXa
feaXa
YXff
Sf &
Sf )
aXX
_KXY
Puf 0
{f pSE
vZ 6
iZfeaY
Da+
0[Z F
eeeZX 3
0aa8e4cf
,O ,H
_>5 X
Sf q
NZf
$a%
ZaZaYff
HfYfX he
Y =b{Xea
q_ee
fa >E
efeefeeY +.
X66
:ZeXXY
HefaX
4Z &
?Xe
5)a8|
\*>mfYff 9d*
aXfX ]
Z kl
x]8
BeginInvoke
Zefe oO
0e267299
eeXe 3*
ea u
sZZ
'8ZYY
X @
fRa8S
Z kM
ef }]A
b8502997
>gZa8
ja >
{&%a8w
kZ U
[cZa8`
M2Ya8
%U@
ZYfaaYZ
eZe a
)*VJZ
kZ K
kZ I
Z k8
yOqY8p
@ae 7
e}Ae @
fZYf
?eea X
XMa8
85#Z
KYeXYY
eZe V
aYae
4Hb
O)(
Z ?[
eY 3$"/ZfeX oAA
4]ZXZ
ja8z
f76fd5a4
eee
@u
ja8@
ZZa
VSZ `
&M
b2f69427
g%&8
Xeaefe
&v g
aaffYXef
%+ @
Y9Z Y
'2 rs
e609820c
b4ef010f
}?Z HTp
2dc655ac
faaeY O
b?a8p
[ Z `V6$a84
tZ EE
P63af }
8fa {
WZf
Z (
8j
$a8Q
ceca5232
vYaYX [
ZeYe ]
p@Z
<?5
Zvde
Xeaa
]Z `5
9Z
UD
9Z _
YeeeY
% X9q
NfXe 9O
:Ua8
f 98
PYfZfe
BZaXZfa
o 8z
9Z }
a(a%
0@ )-
#XeXea
E5 Z l_
L8Xaffafa
$a8*
Zef E
$a8&
"ZYe
Z tz
_8fa
Exit
bV
[cxXfe z
fb7bfa01
System.Text.RegularExpressions
aeYf
[$X
ZYY `
Vw C
ae [&x
9Z sz
\Z hd
aKfa8V
'fU%+
ff !W
>e `
X -n
i<a8
k2a8T
Z #V
_|XZ }&S0eYYfYa 6
_ZX {
_ZX }
ZZee
!Z C
8Wf
ZYa !
u(W
YZXaXXfaY r
ZfXYfZ
fr5
)a88
/'1N
be37d006
Zero
bsZ N@
50X
Zff
T^_[
YYYff
hM
a1dd2712
S?pZXaf y
$aa u_i
System.Threading
i \
6ffYaf ={
)XZf
bd797aa9
)a8F
$Zafa
Hg=Z
zue
vEZa8
Oa{
YfY
db8831ad
(Z T ga8C
Qp>e ^;
afXXY
XfeaXeaZ
eXY
aYfaf
ZXXZaf [
4W c
r^ffaef
get_Current
fZa ]
e\saY dFM
Zff
YZfaaeaZYf
/YefeXY
Z Uj%v Sr
9?w
'ZeXZ
E_Y ^Lu+ )3
:m:
!la8
gZ YF
! /`2.Z
Ye aE
ccZ %
Ga8N
D w%&
a<X
?J%+
GYe =
ZfYXeYfaaeZfafeeY R-
feZea
+Zf
8AYaaefee
ZaeX
gZeY
XY q
Next
5D;Y
Z LD
XY i
<Z /
$f '
Xef c
saXXf
YYe
9w/
h<b%+
ZYaaYeY
qf ~j+i
pa8-
K0'
lZ 80
pa8<
OZ e&1
pa8A
XY :
%Z l>
XY 6
affX
fS%Z
a166ba2c
'd{ff A
ZeYeeYfXXYeXY ?
!GBZY
.ZX R
ffe
CYefY o
X &
ZfeY
0Ta8
Ya8}
;,4
HMZ
pa&
Fh/Yaee B
0 c U<6OY
YXaZX I
HGe{Y
k eX
( &%
=>F
+w(
22c53877
Xaefee Q
EZZ
7bX
5883fa23
2^= o
) X
YYZ s
Saa
Tm
~}a%
9q{Z
YXa
m_iY%+
koZ Z
,'QAX
GetTypeFromHandle
IAsyncResult
Ze =
)af 5M
FileAttributes
oeZaY L
EX J"
1Ze E
X ?65
XXfXfffe
MLa8
eXa+
[1%&8(
eXa
7)e G
AFE
`[J x\
:%y
jZe
af651774
1f8e5077
aeb38982
l%Z
/a8b
0dc904d3
Y Tf
RaafaXXaXZ 19
aXZ
8 Qc
GetProcessById
/a8B
= %&8
/a8H
ZeeX
Ye y
}fXeZXa
ZXaXZeZ
aXfeYXeffYY
Ye w
}:%&+
a ~y
! _S
0Z Ni&
afa X
G;qZ
Zffaaaff {
"=]Z G
fea
System.Runtime.CompilerServices
afa 4
ffe ;J;
Ye +
aeYX
Ye &
Ye '
ZYXf sK2
F)ef
-ee
FXXaa p
sTp)
8Z mR
6YY 5
]Y ;P
YeeaZ
LZff e
8f8e63cd
LZa8
2e916dd4
[ZZf
UYaef
7YY
)aXX +
va8?
ZXaY L8
va8:
Z MI
^E
399ee429
.Xa WyO
UYaa ;
buZYYXfaYa
07ddb874
w1H Ya
va8I
GZXa
eXX v?
efZ
ZfXeZf
f633dfdf
:1qaYef
Z \Aca8%
( a8
XXffaaeXZ J
VQ z
aZYfe
va8k
Zeafa
ZaaaX
vyZY \.h
:m
va S
3Z u
GZ
pY U*M5
y#`2Z .
<gXZXX }
3T#7)
<Z Fu1
w! I
9I-fYXeeZ
YXef
aXZaf
3Z J
X
MaX
ae [a
Kn|8
CZYZ
3Z /
^X e
ZZ eB($efYf Ly
OtZX 3
Za 'V|K
Y s0
uAZ
w[ 7
Y s>
ZeXee 3
-#f
f 5-*f
fXfX
ZYae
.Xa +
Y q<G
c=X K
jYefeaaafeY
YfYeYXX g.
oZ AZ
1Ba
_b`
Z 9L`
8Ca8
\!Y
ZXa r B7aY e
$Z +
aXeYXXXaafe + >NZa
3Z xb
ProcessWindowStyle
fZ
/xY
e0cc238a
X /{
$Z <
J" Z[jS I
get_ModuleName
$Z F
h Za8
a75422af
yNF
$Z M
p~af
EeY
BYu
ZZY _ ) S|m
A*%&+
4 ~
OZe
a So
ZaXY W
"Zee
Z !4
ZXefYXXY
iefX Y
aYe
iHAa8
afX +
lpApplicationName
g QT
Z @{=
*aYZefeeeff +&L
!Za8*
@^%&
ZfYe 6
#fXffeXffaae
IR/
d#Y+Z ~
Y%ii
J=%&
.jZa8~
X A@|KZYfZY
)gZ
a-"
2de2a850
DSJ
feffZeYe
Z NIu7ee
H }hZ
Encoding
Y<+
jff
45724171
ZfYe i
]H1af
||ZYa ]y-.
XY l{
IEnumerable`1
ZfX
aXf [
Yaa y
Y ;%
get_Module
c512ad8d
''Zf
aXa
XY {K=ifeXXXeYeaZZ Zh
XZYYYXY
UwZ
"ZY
r.^a8q
9REXXa
|%&87
P:Z
ZYYa
."e
00056564
|%&8+
MZa8
-Y>
fh<Z
XaY
R|w}Yeea
^i
Ki=1
a +9
71634113
ZffZ
eaX
fYX y%S
eYaYefYa Q
Z qiv
"dYYafZ ,
#:Z
Z BD
a ~8
ZeaX w
XZXXfXa &
Z Bf
{@Z
HZffe
@Cg
\aaaYZ
System.Collections.Generic
aeXa
NH Y
ZXYXXa (7
EXY 1
zZfeYfXXXeeXafee H
?XYe
AllocationType
%N~
Nef |
WUX 1
ZXYeX
UQ:Y
ZXea
aYXX 4
XYY
{efY
BQ*a
IfZ
?0'
%& +
"gm
e ex
YeaaaZffX )J
#U3XX #
Z ?Ac
Z (K+Va8
bfe98997
VG
)%&8
Iff ^
rZX
m10k
eXae
8GQZ
2Y P
MGa
YZXY
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven03_64 | Seven03_64 | VirtualBox | 2018-08-05 11:33:04 | 2018-08-05 11:36:04 | 180 |
18 Behaviors detected by system signatures
Collects information to fingerprint the system
Severity: High
Confidence: High
Checks the system manufacturer, likely for anti-virtualization
Severity: High
Confidence: Very High
Checks the CPU name from registry, possibly for anti-virtualization
Severity: High
Confidence: Very High
Retrieves Windows ProductID, probably to fingerprint the sandbox
Severity: High
Confidence: Very High
Creates a hidden or system file
Severity: High
Confidence: Medium
- file: C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}
- file: C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinInetDriver.url
- file: C:\Windows\Tasks\Adobe Flash Player Updater.job
- task: C:\Windows\System32\schtasks.exe /create /tn WinInetDriver /tr C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe /sc minute /F
Attempts to repeatedly call a single API many times in order to delay analysis time
Severity: High
Confidence: Very High
- Spam: services.exe (480) called API GetSystemTimeAsFileTime 1703402 times
Uses Windows utilities for basic functionality
Severity: Medium
Confidence: High
- command: C:\Windows\System32\schtasks.exe /create /tn WinInetDriver /tr C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe /sc minute /F
- command: C:\Windows\System32\schtasks.exe /create /tn WinInetDriver /tr C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe /sc minute /F
- command: C:\Windows\System32\schtasks.exe /create /tn WinInetDriver /tr C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe /sc minute /F
- command: "wmic" cpu get Name /format:list
- command: "wmic" path win32_VideoController get name /format:list
- command: "wmic" os get Caption /format:list
- command: C:\Windows\system32\sc.exe start w32time task_started
- command: C:\Windows\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
Anomalous .NET characteristics
Severity: Medium
Confidence: Very High
- anomalous_version: Assembly version is set to 0
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 6.86, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00041800, virtual_size: 0x000417e4
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
A process created a hidden window
Severity: Medium
Confidence: Very High
- Process: FXSCOVER.exe -> C:\Windows\System32\schtasks.exe
- Process: hostdl.exe -> "wmic" cpu get Name /format:list
- Process: hostdl.exe -> "wmic" path win32_VideoController get name /format:list
- Process: hostdl.exe -> "wmic" os get Caption /format:list
At least one IP Address, Domain, or File Name was found in a crypto call
Severity: Medium
Confidence: Very High
- ioc: inetsim.org0
A process attempted to delay the analysis task.
Severity: Medium
Confidence: Very High
- Process: svchost.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds
- Process: WmiPrvSE.exe tried to sleep 360 seconds, actually delayed analysis time by 0 seconds
Possible date expiration check, exits too soon after checking local time
Severity: Medium
Confidence: Medium
- process: schtasks.exe, PID 652
Creates RWX memory
Severity: Medium
Confidence: Medium
Attempts to connect to a dead IP:Port (2 unique times)
Severity: Low
Confidence: Very High
- IP: 192.168.56.1:443
- IP: 192.168.56.1:80
At least one process apparently crashed during execution
Severity: Low
Confidence: Very High
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven03_64 | Seven03_64 | VirtualBox | 2018-08-05 11:33:04 | 2018-08-05 11:36:04 | 180 |
12 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe.config
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\bcastdvr.exe\*
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol28.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}
C:\ProgramData
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
\??\MountPointManager
C:\Windows\System32\schtasks.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinInetDriver.url
C:\Windows\sysnative\Tasks
C:\Windows\sysnative\Tasks\*
C:\Windows\sysnative\Tasks\Adobe Flash Player Updater
C:\Windows\Tasks\WinInetDriver.job
C:\Windows\sysnative\Tasks\WinInetDriver
C:\Windows\sysnative\Tasks\
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Temp
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\sysmain.sdb
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\*.*
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\ui\SwDRM.dll
C:\Windows\SysWOW64\sc.exe
C:\Windows
C:\Windows\SysWOW64
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\*.*
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\SysWOW64\ui\SwDRM.dll
C:\Windows\SysWOW64\wbem\WMIC.exe
C:\Windows\SysWOW64\wbem
C:\Windows\SysWOW64\wbem\
C:\Windows\SysWOW64\wbem\*.*
C:\Windows\SysWOW64\wbem\it-IT\WMIC.exe.mui
C:\Windows\SysWOW64\wbem\ui\SwDRM.dll
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
C:\Windows\sysnative\WerFault.exe
C:\Windows\sysnative
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\
C:\Windows\sysnative\kernel32.dll
C:\Windows\sysnative\ntdll.dll
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\System32\Macromed\Flash\mms.cfg
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe.config
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.INI
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normidna.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfd.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkd.nlp
\Device\NamedPipe\
C:\
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\oleaut32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles\LocalService
C:\Windows\sysnative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fca58fb2-231f-4daa-bca0-77602b638485
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
C:\Windows\System32\wbem\XSL-Mappings.xml
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\SysWOW64\wbem\wmic.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\msvcr90.dll
C:\Windows\winsxs
C:\Windows\System32\wbem\textvaluelist.xsl
C:\Windows\System32\p2pcollab.dll
C:\Windows\System32\qagentrt.dll
C:\Windows\System32\dnsapi.dll
C:\Windows\SysWOW64\it-IT\CRYPT32.dll.mui
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Windows\System32\it-IT\WINHTTP.dll.mui
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Windows\Temp\Cab9120.tmp
C:\Windows\Temp\Tar9121.tmp
C:\Windows\System32\Cab9120.tmp
C:\Windows\Temp\
C:\Windows\inf\display.inf
C:\Windows\sysnative\DriverStore\it-IT\display.inf_loc
C:\Windows\inf\display.PNF
C:\Windows\sysnative\wbem\MOF
C:\Windows\sysnative\wbem\MOF\bad\
C:\Windows\sysnative\wbem\MOF\good\
C:\Windows\sysnative\wbem\MOF\*
\??\WMIDataDevice
C:\Windows\sysnative\it-IT\VssTrace.DLL.mui
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository
C:\Windows\sysnative\wbem\Logs
C:\Windows\sysnative\wbem\AutoRecover
C:\Windows\sysnative\wbem\repository\INDEX.BTR
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
C:\ProgramData\Microsoft\Windows\Sqm\Sessions
C:\ProgramData\Microsoft\Windows\Sqm\Sessions\*.psqm
C:\ProgramData\Microsoft\Windows\Sqm\Upload
C:\ProgramData\Microsoft\Windows\Sqm\Upload\*.sqm
C:\ProgramData\Microsoft\Windows\Sqm\Manifest
C:\ProgramData\Microsoft\Windows\Sqm\Manifest\*.bin
C:\Windows\sysnative\LogFiles\SQM
C:\Windows\sysnative\LogFiles\SQM\SqmLogger*.etl.*
\??\PIPE\lsarpc
C:\DosDevices\pipe\
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\ProgramData\Microsoft\Windows\WER\ReportQueue
C:\Windows\sysnative\it-IT\faultrep.dll.mui
C:\Windows\sysnative\winxp\triage.ini
C:\Windows\sysnative\WINXP
C:\Windows\sysnative\winext
C:\Windows\sysnative\winext\arcade
C:\Windows\sysnative\pri
C:\ProgramData\Oracle\Java\javapath
C:\ProgramData\Oracle\Java\javapath\
C:\Windows\
C:\Windows\sysnative\wbem
C:\Windows\sysnative\wbem\
C:\Windows\sysnative\WindowsPowerShell\v1.0
C:\Windows\sysnative\WindowsPowerShell\v1.0\
C:\Windows\sysnative\WINXP\dbghelp.dll
C:\Windows\sysnative\winext\dbghelp.dll
C:\Windows\sysnative\winext\arcade\dbghelp.dll
C:\Windows\sysnative\pri\dbghelp.dll
C:\Windows\sysnative\dbghelp.dll
C:\Windows\sysnative\WINXP\ext.dll
C:\Windows\sysnative\winext\ext.dll
C:\Windows\sysnative\winext\arcade\ext.dll
C:\Windows\sysnative\pri\ext.dll
C:\Windows\sysnative\ext.dll
C:\ProgramData\Oracle\Java\javapath\ext.dll
C:\Windows\ext.dll
C:\Windows\sysnative\wbem\ext.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\ext.dll
C:\Windows\sysnative\WINXP\exts.dll
C:\Windows\sysnative\winext\exts.dll
C:\Windows\sysnative\winext\arcade\exts.dll
C:\Windows\sysnative\pri\exts.dll
C:\Windows\sysnative\exts.dll
C:\ProgramData\Oracle\Java\javapath\exts.dll
C:\Windows\exts.dll
C:\Windows\sysnative\wbem\exts.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\exts.dll
C:\Windows\sysnative\WINXP\uext.dll
C:\Windows\sysnative\winext\uext.dll
C:\Windows\sysnative\winext\arcade\uext.dll
C:\Windows\sysnative\pri\uext.dll
C:\Windows\sysnative\uext.dll
C:\ProgramData\Oracle\Java\javapath\uext.dll
C:\Windows\uext.dll
C:\Windows\sysnative\wbem\uext.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\uext.dll
C:\Windows\sysnative\WINXP\ntsdexts.dll
C:\Windows\sysnative\winext\ntsdexts.dll
C:\Windows\sysnative\winext\arcade\ntsdexts.dll
C:\Windows\sysnative\pri\ntsdexts.dll
C:\Windows\sysnative\ntsdexts.dll
C:\ProgramData\Oracle\Java\javapath\ntsdexts.dll
C:\Windows\ntsdexts.dll
C:\Windows\sysnative\wbem\ntsdexts.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\ntsdexts.dll
C:\Windows\sysnative\it-IT\wer.dll.mui
C:\Windows\sysnative\svchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\
C:\Windows\ServiceProfiles\LocalService\AppData
C:\Windows\ServiceProfiles\LocalService\AppData\Local
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt
C:\Windows\sysnative\*
C:\Windows\sysnative\it-IT\kernel32.dll.mui
C:\Windows\sysnative\it-IT\ntdll.dll.mui
C:\Windows\sysnative\unknown
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_*_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_*
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_*_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml
C:\Windows\sysnative\drivers\*.mrk
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp
C:\Windows\sysnative\KERNELBASE.dll
C:\Windows\sysnative\msvcrt.dll
C:\Windows\sysnative\sechost.dll
C:\Windows\sysnative\rpcrt4.dll
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\ole32.dll
C:\Windows\sysnative\gdi32.dll
C:\Windows\sysnative\user32.dll
C:\Windows\sysnative\lpk.dll
C:\Windows\sysnative\usp10.dll
C:\Windows\sysnative\imm32.dll
C:\Windows\sysnative\msctf.dll
C:\Windows\sysnative\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\sysnative\sspicli.dll
C:\Windows\sysnative\CRYPTBASE.dll
C:\Windows\sysnative\clbcatq.dll
C:\Windows\sysnative\oleaut32.dll
C:\Windows\sysnative\w32time.dll
C:\Windows\sysnative\logoncli.dll
C:\Windows\sysnative\cryptdll.dll
C:\Windows\sysnative\ws2_32.dll
C:\Windows\sysnative\nsi.dll
C:\Windows\sysnative\mswsock.dll
C:\Windows\sysnative\userenv.dll
C:\Windows\sysnative\profapi.dll
C:\Windows\sysnative\gpapi.dll
C:\Windows\sysnative\dsrole.dll
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\RpcRtRemote.dll
C:\Windows\sysnative\IPHLPAPI.DLL
C:\Windows\sysnative\winnsi.dll
C:\Windows\sysnative\rasadhlp.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\*_*_*_*
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD4B1.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD5DB.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERDC93.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer
C:\Windows\sysnative\it-IT\USER32.dll.mui
C:\Windows\sysnative\wbem\en-US\cimwin32.dll.mui
C:\Windows\sysnative\wbem\en\cimwin32.dll.mui
C:\Windows\sysnative\wbem\it-IT\cimwin32.dll.mui
C:\Windows\sysnative\Branding\basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\en-US\basebrd.dll.mui
C:\Windows\Branding\Basebrd\en\basebrd.dll.mui
C:\Windows\Branding\Basebrd\it-IT\basebrd.dll.mui
C:
C:\Windows\sysnative\en-US\tzres.dll.mui
C:\Windows\sysnative\en\tzres.dll.mui
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\Windows\sysnative\it-IT\werui.dll.mui
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer.tmp
C:\Windows\sysnative\it-IT\radarrs.dll.mui
C:\Windows\sysnative\radarrs.dll
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe.config
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol28.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\sysnative\Tasks\WinInetDriver
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\sysmain.sdb
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\SysWOW64\wbem\WMIC.exe
C:\Windows\SysWOW64\wbem\
C:\Windows\SysWOW64\wbem\it-IT\WMIC.exe.mui
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
C:\Windows\sysnative\WerFault.exe
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\
C:\Windows\sysnative\kernel32.dll
C:\Windows\sysnative\ntdll.dll
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\sysnative\Tasks\Adobe Flash Player Updater
C:\Windows\System32\Macromed\Flash\mms.cfg
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe.config
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normidna.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfd.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkd.nlp
\Device\NamedPipe\
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fca58fb2-231f-4daa-bca0-77602b638485
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\msvcr90.dll
C:\Windows\System32\wbem\XSL-Mappings.xml
C:\Windows\System32\wbem\textvaluelist.xsl
C:\Windows\SysWOW64\it-IT\CRYPT32.dll.mui
C:\Windows\System32\it-IT\WINHTTP.dll.mui
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Windows\Temp\Cab9120.tmp
C:\Windows\Temp\Tar9121.tmp
C:\Windows\inf\display.PNF
\??\WMIDataDevice
C:\Windows\sysnative\it-IT\VssTrace.DLL.mui
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\PIPE\lsarpc
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\sysnative\it-IT\faultrep.dll.mui
C:\Windows\sysnative\winxp\triage.ini
C:\Windows\sysnative\it-IT\wer.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt
C:\Windows\sysnative\svchost.exe
C:\Windows\sysnative
C:\Windows\sysnative\it-IT\kernel32.dll.mui
C:\Windows\sysnative\it-IT\ntdll.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp
C:\Windows\sysnative\KERNELBASE.dll
C:\Windows\sysnative\msvcrt.dll
C:\Windows\sysnative\sechost.dll
C:\Windows\sysnative\rpcrt4.dll
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\ole32.dll
C:\Windows\sysnative\gdi32.dll
C:\Windows\sysnative\user32.dll
C:\Windows\sysnative\lpk.dll
C:\Windows\sysnative\usp10.dll
C:\Windows\sysnative\imm32.dll
C:\Windows\sysnative\msctf.dll
C:\Windows\sysnative\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\sysnative\sspicli.dll
C:\Windows\sysnative\CRYPTBASE.dll
C:\Windows\sysnative\clbcatq.dll
C:\Windows\sysnative\oleaut32.dll
C:\Windows\sysnative\w32time.dll
C:\Windows\sysnative\logoncli.dll
C:\Windows\sysnative\cryptdll.dll
C:\Windows\sysnative\ws2_32.dll
C:\Windows\sysnative\nsi.dll
C:\Windows\sysnative\mswsock.dll
C:\Windows\sysnative\userenv.dll
C:\Windows\sysnative\profapi.dll
C:\Windows\sysnative\gpapi.dll
C:\Windows\sysnative\dsrole.dll
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\RpcRtRemote.dll
C:\Windows\sysnative\IPHLPAPI.DLL
C:\Windows\sysnative\winnsi.dll
C:\Windows\sysnative\rasadhlp.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp
C:\Windows\sysnative\it-IT\USER32.dll.mui
C:\Windows\sysnative\wbem\en-US\cimwin32.dll.mui
C:\Windows\sysnative\wbem\en\cimwin32.dll.mui
C:\Windows\sysnative\wbem\it-IT\cimwin32.dll.mui
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\en-US\basebrd.dll.mui
C:\Windows\Branding\Basebrd\en\basebrd.dll.mui
C:\Windows\Branding\Basebrd\it-IT\basebrd.dll.mui
C:
C:\Windows\sysnative\en-US\tzres.dll.mui
C:\Windows\sysnative\en\tzres.dll.mui
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer
C:\Windows\sysnative\it-IT\werui.dll.mui
C:\Windows\sysnative\it-IT\radarrs.dll.mui
C:\Windows\sysnative\radarrs.dll
Write Files
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinInetDriver.url
C:\Windows\sysnative\Tasks\WinInetDriver
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Windows\Temp\Cab9120.tmp
\??\WMIDataDevice
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\PIPE\lsarpc
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD4B1.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD5DB.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERDC93.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer.tmp
Delete Files
C:\Windows\Tasks\WinInetDriver.job C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader C:\Windows\Temp\Cab9120.tmp C:\Windows\Temp\Tar9121.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer.tmp
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FXSCOVER.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job.fp
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}\data
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job.fp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}\data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\hostdl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\sc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WMIC.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net1.exe
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PreviousServiceShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_CURRENT_USER
HKEY_USERS\.DEFAULT\Control Panel\International
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Uploader
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WerFault.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Triggers
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\taskeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\DataVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\EnableBackCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\MissedTasksStartupDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksInMemoryQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerHighestPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerLeastPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TracingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\WindowSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6BA0E3C1
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_CURRENT_USER\Software\Classes\AppID\taskeng.exe
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hostdl.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hostdl_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes\AppID\hostdl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\989BE1F2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\WOW64
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Environment
HKEY_USERS\S-1-5-19
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\Volatile Environment
HKEY_USERS\S-1-5-19\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ObjectName
HKEY_CURRENT_USER\Software\Classes\AppID\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\file\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CLASSES_ROOT\.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Classes\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\TextSource\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\TextSource\1\TextSourceDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerSAU
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\CheckFrequency
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\My
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\CTLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\Keys
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\CA
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_USERS\.DEFAULT\
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\trust
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Escalation
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F8B50CC5
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Mfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\LogConf
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\LogConf\ForcedConfig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\SystemCritical
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\svchost.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NoResyncPerf
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\ADAP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ADAPDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LodCtrDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToFullDredge
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToTerminateAdap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastFullDredgeTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\AECFFC7E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\InprocHandler
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription
HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cli
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxSessionSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxEventSizePerSession
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\AdaptiveSQM\ManifestInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\SamplingInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\SQMLogger\Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastEventTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\SystemCritical
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w32time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogEntries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\RefreshSettingsFlags
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\InputProvider
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\TimeProviders
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PhaseCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\UpdateInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FrequencyCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PollAdjustFactor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LargePhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\SpikeWatchPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\HoldPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MinPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\AnnounceFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LocalClockDispersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxNegPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPosPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxAllowedPhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\TimeJumpAuditOffset
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\AllowNonstandardModeCombinations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\CompatibilityFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMinutes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMaxTimes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\LargeSampleSkew
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemaining
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\VML
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rpc\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wersvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Debug
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Plugins\AppRecorder
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Plugins\FDR\CurrentSession
HKEY_CURRENT_USER\Software\Microsoft\Windiff
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\HeapControlledList\svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\ntdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\kernel32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\KERNELBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\msvcrt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\sechost.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RPCRT4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ADVAPI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ole32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GDI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USER32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\LPK.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USP10.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IMM32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\MSCTF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\SspiCli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CRYPTBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CLBCatQ.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\OLEAUT32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\w32time.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\logoncli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\cryptdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WS2_32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\NSI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\mswsock.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USERENV.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\profapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GPAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\dsrole.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\DNSAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RpcRtRemote.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IPHLPAPI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WINNSI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\rasadhlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6FD5A890
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier
HKEY_LOCAL_MACHINE\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfPath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfSection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InstalledDisplayDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.MemorySize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.ChipType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.DACType
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo\FilePrint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\7F8CCB70
HKEY_CURRENT_USER\Software\Classes\AppID\taskhost.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\DiagnosticModules
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\Software\Microsoft\RADAR\HeapLeakDetection\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job.fp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}\data
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\DataVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\EnableBackCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\MissedTasksStartupDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksInMemoryQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerHighestPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerLeastPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TracingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\WindowSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6BA0E3C1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\989BE1F2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ObjectName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\TextSource\1\TextSourceDll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\CheckFrequency
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F8B50CC5
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Mfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\LogConf\ForcedConfig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\SystemCritical
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NoResyncPerf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ADAPDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LodCtrDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToFullDredge
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToTerminateAdap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastFullDredgeTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\AECFFC7E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cli
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxSessionSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxEventSizePerSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\SamplingInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\SQMLogger\Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\SystemCritical
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogEntries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\RefreshSettingsFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PhaseCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\UpdateInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FrequencyCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PollAdjustFactor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LargePhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\SpikeWatchPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\HoldPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MinPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\AnnounceFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LocalClockDispersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxNegPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPosPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxAllowedPhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\TimeJumpAuditOffset
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\AllowNonstandardModeCombinations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\CompatibilityFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMinutes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMaxTimes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\LargeSampleSkew
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemaining
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\ntdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\kernel32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\KERNELBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\msvcrt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\sechost.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RPCRT4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ADVAPI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ole32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GDI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USER32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\LPK.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USP10.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IMM32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\MSCTF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\SspiCli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CRYPTBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CLBCatQ.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\OLEAUT32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\w32time.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\logoncli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\cryptdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WS2_32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\NSI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\mswsock.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USERENV.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\profapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GPAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\dsrole.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\DNSAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RpcRtRemote.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IPHLPAPI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WINNSI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\rasadhlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6FD5A890
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfPath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfSection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InstalledDisplayDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.MemorySize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.ChipType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.DACType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\7F8CCB70
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
Write Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PreviousServiceShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}\data
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hostdl_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\CheckFrequency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastEventTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemaining
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
Delete Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job.fp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
Mutexes
Global\SQMWindowsConsolidator Local\WERReportingForProcess2416 Global\\xe5\x88\x90\xc2\x88 Global\\xee\xb3\x80\xc7\x93 WERUI_APPCRASH-91cb76e040d745347fa8ee794b9b2d7f4f5f9599
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW clr.dll.SetRuntimeInfo clr.dll._CorExeMain mscoree.dll.CreateConfigStream mscoreei.dll.CreateConfigStream kernel32.dll.GetNumaHighestNodeNumber kernel32.dll.GetSystemWindowsDirectoryW advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddSIDToBoundaryDescriptor kernel32.dll.CreateBoundaryDescriptorW kernel32.dll.CreatePrivateNamespaceW kernel32.dll.OpenPrivateNamespaceW kernel32.dll.DeleteBoundaryDescriptor kernel32.dll.WerRegisterRuntimeExceptionModule kernel32.dll.RaiseException mscoree.dll.#24 mscoreei.dll.#24 ntdll.dll.NtSetSystemInformation kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.GetNativeSystemInfo ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 ole32.dll.CoGetContextToken mscoree.dll.GetTokenForVTableEntry mscoree.dll.SetTargetForVTableEntry mscoree.dll.GetTargetForVTableEntry clrjit.dll.sxsJitStartup clrjit.dll.getJit kernel32.dll.GetLastError kernel32.dll.LocaleNameToLCID kernel32.dll.LCIDToLocaleName kernel32.dll.GetUserPreferredUILanguages nlssorting.dll.SortGetHandle nlssorting.dll.SortCloseHandle mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges kernel32.dll.CloseHandle kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW ole32.dll.CoTaskMemAlloc ole32.dll.CoTaskMemFree psapi.dll.GetModuleFileNameExW shell32.dll.SHGetFolderPathW kernel32.dll.GetFullPathNameW ole32.dll.CoCreateGuid kernel32.dll.SetThreadErrorMode kernel32.dll.GetFileAttributesExW kernel32.dll.CreateDirectoryW kernel32.dll.SetFileAttributesW kernel32.dll.CopyFileW kernel32.dll.GetSystemDirectoryW kernel32.dll.LocalAlloc uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware shell32.dll.ShellExecuteEx shell32.dll.ShellExecuteExW setupapi.dll.CM_Get_Device_Interface_List_Size_ExW setupapi.dll.CM_Get_Device_Interface_List_ExW comctl32.dll.#386 ole32.dll.CoUninitialize ole32.dll.CoRevokeInitializeSpy comctl32.dll.#388 oleaut32.dll.#500 kernel32.dll.LocalFree kernel32.dll.CreateFileW kernel32.dll.GetFileType kernel32.dll.WriteFile advapi32.dll.UnregisterTraceGuids comctl32.dll.#321 kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx kernel32.dll.QueryActCtxW advapi32.dll.EventUnregister sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW sechost.dll.LookupAccountSidLocalW sspicli.dll.GetUserNameExW advapi32.dll.GetUserNameW xmllite.dll.CreateXmlWriter xmllite.dll.CreateXmlWriterOutputWithEncodingName ws2_32.dll.#116 tschannel.dll.DllGetClassObject tschannel.dll.DllCanUnloadNow shell32.dll.SHChangeNotify wtsapi32.dll.WTSQueryUserToken userenv.dll.CreateEnvironmentBlock sechost.dll.ConvertSidToStringSidW userenv.dll.DestroyEnvironmentBlock sechost.dll.OpenSCManagerW sechost.dll.OpenServiceW sechost.dll.QueryServiceStatus rasapi32.dll.RasEnumConnectionsW rasapi32.dll.RasConnectionNotificationW pcwum.dll.PerfDeleteInstance pcwum.dll.PerfStopProvider cryptsp.dll.CryptReleaseContext propsys.dll.PropVariantToVariant ole32.dll.CoDisconnectObject wbemcore.dll.Shutdown ole32.dll.CoReleaseMarshalData kernel32.dll.RegDeleteValueW oleaut32.dll.#9 advapi32.dll.CryptAcquireContextW advapi32.dll.RegCreateKeyExW shlwapi.dll.PathIsDirectoryW advapi32.dll.RegNotifyChangeKeyValue cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint ole32.dll.CLSIDFromOle1Class clbcatq.dll.GetCatalogObject clbcatq.dll.GetCatalogObject2 advapi32.dll.RegSetValueExW shlwapi.dll.PathIsPrefixW advapi32.dll.CryptCreateHash advapi32.dll.CryptGetHashParam cryptsp.dll.CryptGetHashParam advapi32.dll.CryptHashData cryptsp.dll.CryptHashData advapi32.dll.CryptDestroyHash cryptsp.dll.CryptDestroyHash xmllite.dll.CreateXmlReader advapi32.dll.CryptReleaseContext dwmapi.dll.DwmIsCompositionEnabled kernel32.dll.IsProcessorFeaturePresent kernel32.dll.IsWow64Process kernel32.dll.lstrlenA kernel32.dll.GetStdHandle kernel32.dll.CreatePipe kernel32.dll.DuplicateHandle kernel32.dll.GetCurrentDirectoryW kernel32.dll.CreateProcessW kernel32.dll.GetConsoleOutputCP kernel32.dll.GetACP kernel32.dll.UnmapViewOfFile kernel32.dll.ReadFile kernel32.dll.WideCharToMultiByte kernel32.dll.GetModuleHandleW kernel32.dll.GetProcAddress oleaut32.dll.SysAllocStringLen oleaut32.dll.SysFreeString kernel32.dll.RtlZeroMemory oleaut32.dll.SysStringLen advapi32.dll.SystemFunction041 cryptbase.dll.SystemFunction001 cryptbase.dll.SystemFunction002 cryptbase.dll.SystemFunction003 cryptbase.dll.SystemFunction004 cryptbase.dll.SystemFunction005 cryptbase.dll.SystemFunction028 cryptbase.dll.SystemFunction029 cryptbase.dll.SystemFunction034 cryptbase.dll.SystemFunction040 cryptbase.dll.SystemFunction041 kernel32.dll.CompareStringOrdinal kernel32.dll.GetFileSize kernel32.dll.CreateEventW kernel32.dll.QueryPerformanceFrequency kernel32.dll.QueryPerformanceCounter rtutils.dll.TraceRegisterExA rtutils.dll.TracePrintfExA sechost.dll.CloseServiceHandle ws2_32.dll.WSAStartup ws2_32.dll.WSASocketW ws2_32.dll.setsockopt ws2_32.dll.WSAEventSelect ws2_32.dll.ioctlsocket ws2_32.dll.closesocket ws2_32.dll.WSAIoctl kernel32.dll.FormatMessageW advapi32.dll.RegOpenCurrentUser sechost.dll.NotifyServiceStatusChangeA winhttp.dll.WinHttpOpen winhttp.dll.WinHttpCloseHandle winhttp.dll.WinHttpSetTimeouts winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser kernel32.dll.GetEnvironmentVariableW clr.dll.CreateAssemblyNameObject ole32.dll.CoGetObjectContext clr.dll.CreateAssemblyEnum kernel32.dll.ResolveLocaleName kernel32.dll.SetEvent kernel32.dll.SetThreadUILanguage urlmon.dll.DllCanUnloadNow urlmon.dll.IEDllLoader urlmon.dll.CoInternetCreateZoneManager urlmon.dll.CoInternetGetSession urlmon.dll.CopyBindInfo urlmon.dll.CreateURLMoniker urlmon.dll.RegisterBindStatusCallback urlmon.dll.ReleaseBindInfo urlmon.dll.RevokeBindStatusCallback urlmon.dll.UrlMkGetSessionOption urlmon.dll.CoInternetCreateSecurityManager urlmon.dll.CreateUri urlmon.dll.CoInternetCombineUrl urlmon.dll.CoInternetGetSecurityUrl urlmon.dll.IsValidURL wininet.dll.InternetCrackUrlW wininet.dll.InternetCreateUrlW kernel32.dll.InitializeSRWLock kernel32.dll.AcquireSRWLockExclusive kernel32.dll.AcquireSRWLockShared kernel32.dll.ReleaseSRWLockExclusive kernel32.dll.ReleaseSRWLockShared kernel32.dll.FindActCtxSectionStringW kernel32.dll.HeapSetInformation msoxmlmf.dll.DllGetClassObject msoxmlmf.dll.DllCanUnloadNow kernel32.dll.GetThreadPreferredUILanguages kernel32.dll.SetThreadPreferredUILanguages kernel32.dll.GetSystemDefaultLocaleName oleaut32.dll.#283 oleaut32.dll.#284 kernel32.dll.RegOpenKeyExW wmi2xml.dll.OpenWbemTextSource wmi2xml.dll.CloseWbemTextSource wmi2xml.dll.WbemObjectToText wmi2xml.dll.TextToWbemObject ntdll.dll.EtwUnregisterTraceGuids ws2_32.dll.GetAddrInfoW ws2_32.dll.#2 ws2_32.dll.#21 ws2_32.dll.#9 ws2_32.dll.FreeAddrInfoW ws2_32.dll.#6 ws2_32.dll.#5 schannel.dll.SpUserModeInitialize ws2_32.dll.WSASend ws2_32.dll.WSARecv secur32.dll.FreeContextBuffer ncrypt.dll.SslOpenProvider ncrypt.dll.GetSChannelInterface bcryptprimitives.dll.GetHashInterface ncrypt.dll.SslIncrementProviderReferenceCount ncrypt.dll.SslImportKey bcryptprimitives.dll.GetCipherInterface ncrypt.dll.SslLookupCipherSuiteInfo user32.dll.LoadStringW ncrypt.dll.BCryptOpenAlgorithmProvider ncrypt.dll.BCryptGetProperty ncrypt.dll.BCryptCreateHash ncrypt.dll.BCryptHashData ncrypt.dll.BCryptFinishHash ncrypt.dll.BCryptDestroyHash crypt32.dll.CertGetCertificateChain userenv.dll.GetUserProfileDirectoryW sechost.dll.ConvertStringSidToSidW userenv.dll.RegisterGPNotification gpapi.dll.RegisterGPNotificationInternal sechost.dll.QueryServiceConfigW cryptsp.dll.CryptAcquireContextA cryptsp.dll.CryptCreateHash cryptsp.dll.CryptVerifySignatureA cryptsp.dll.CryptDestroyKey cryptnet.dll.CryptRetrieveObjectByUrlW cryptnet.dll.I_CryptNetGetConnectivity sensapi.dll.IsNetworkAlive rpcrt4.dll.RpcBindingFromStringBindingW rpcrt4.dll.RpcBindingSetAuthInfoExW rpcrt4.dll.NdrClientCall2 winhttp.dll.WinHttpSetOption winhttp.dll.WinHttpCrackUrl winhttp.dll.WinHttpConnect winhttp.dll.WinHttpOpenRequest winhttp.dll.WinHttpGetDefaultProxyConfiguration advapi32.dll.RegDeleteTreeA advapi32.dll.RegDeleteTreeW nsi.dll.NsiAllocateAndGetTable cfgmgr32.dll.CM_Open_Class_Key_ExW iphlpapi.dll.ConvertInterfaceGuidToLuid iphlpapi.dll.GetIfEntry2 iphlpapi.dll.GetIpForwardTable2 iphlpapi.dll.GetIpNetEntry2 iphlpapi.dll.FreeMibTable nsi.dll.NsiFreeTable winhttp.dll.WinHttpGetProxyForUrl winhttp.dll.WinHttpSendRequest winhttp.dll.WinHttpReceiveResponse winhttp.dll.WinHttpQueryHeaders winhttp.dll.WinHttpQueryDataAvailable ws2_32.dll.#22 winhttp.dll.WinHttpReadData ws2_32.dll.#3 cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo setupapi.dll.SetupIterateCabinetW kernel32.dll.RegCloseKey cabinet.dll.#20 cabinet.dll.#22 cabinet.dll.#23 sechost.dll.QueryServiceConfigA rpcrt4.dll.RpcStringBindingComposeA rpcrt4.dll.RpcBindingFromStringBindingA rpcrt4.dll.RpcEpResolveBinding rpcrt4.dll.RpcStringFreeA rpcrt4.dll.RpcBindingFree crypt32.dll.CertVerifyCertificateChainPolicy crypt32.dll.CertFreeCertificateChain crypt32.dll.CertDuplicateCertificateContext crypt32.dll.CertFreeCertificateContext ole32.dll.CoInitializeSecurity wmisvc.dll.ServiceMain advapi32.dll.EventWrite vssapi.dll.CreateWriter oleaut32.dll.#6 oleaut32.dll.#2 advapi32.dll.LookupAccountNameW samcli.dll.NetLocalGroupGetMembers samlib.dll.SamConnect rpcrt4.dll.NdrClientCall3 rpcrt4.dll.RpcStringBindingComposeW rpcrt4.dll.RpcStringFreeW samlib.dll.SamOpenDomain samlib.dll.SamLookupNamesInDomain samlib.dll.SamOpenAlias samlib.dll.SamFreeMemory samlib.dll.SamCloseHandle samlib.dll.SamGetMembersInAlias netutils.dll.NetApiBufferFree samlib.dll.SamEnumerateDomainsInSamServer samlib.dll.SamLookupDomainInSamServer ole32.dll.StringFromCLSID oleaut32.dll.#4 oleaut32.dll.#7 propsys.dll.VariantToPropVariant wbemcore.dll.Reinitialize wbemsvc.dll.DllGetClassObject wbemsvc.dll.DllCanUnloadNow authz.dll.AuthzInitializeContextFromToken authz.dll.AuthzInitializeObjectAccessAuditEvent2 authz.dll.AuthzAccessCheck authz.dll.AuthzFreeAuditEvent authz.dll.AuthzFreeContext authz.dll.AuthzInitializeResourceManager authz.dll.AuthzFreeResourceManager rpcrt4.dll.RpcBindingCreateW rpcrt4.dll.RpcBindingBind rpcrt4.dll.I_RpcMapWin32Status advapi32.dll.EventActivityIdControl advapi32.dll.EventWriteTransfer advapi32.dll.EventEnabled kernel32.dll.RegSetValueExW kernel32.dll.RegQueryValueExW wmisvc.dll.IsImproperShutdownDetected wevtapi.dll.EvtRender wevtapi.dll.EvtNext wevtapi.dll.EvtClose wevtapi.dll.EvtQuery wevtapi.dll.EvtCreateRenderContext rpcrt4.dll.RpcBindingSetOption ole32.dll.CoCreateFreeThreadedMarshaler ole32.dll.CreateStreamOnHGlobal kernelbase.dll.InitializeAcl kernelbase.dll.AddAce kernel32.dll.OpenProcessToken kernelbase.dll.GetTokenInformation kernelbase.dll.DuplicateTokenEx kernelbase.dll.AdjustTokenPrivileges kernel32.dll.SetThreadToken kernelbase.dll.CheckTokenMembership kernelbase.dll.AllocateAndInitializeSid oleaut32.dll.#285 advapi32.dll.RegOpenKeyW oleaut32.dll.#286 ole32.dll.CLSIDFromString oleaut32.dll.#17 oleaut32.dll.#20 oleaut32.dll.#19 oleaut32.dll.#25 authz.dll.AuthzInitializeContextFromSid ole32.dll.CoGetCallContext ole32.dll.CoImpersonateClient ole32.dll.CoRevertToSelf oleaut32.dll.#8 ole32.dll.CoSwitchCallContext oleaut32.dll.#12 sspicli.dll.LogonUserExExW oleaut32.dll.#287 oleaut32.dll.#288 oleaut32.dll.#289 w32time.dll.SvchostEntry_W32Time w32time.dll.SvchostPushServiceGlobals sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW ws2_32.dll.#115 ws2_32.dll.#111 dsrole.dll.DsRoleGetPrimaryDomainInformation dsrole.dll.DsRoleFreeMemory sspicli.dll.LsaRegisterPolicyChangeNotification w32time.dll.TimeProvClose w32time.dll.TimeProvCommand w32time.dll.TimeProvOpen ws2_32.dll.getaddrinfo ws2_32.dll.freeaddrinfo ws2_32.dll.#23 vmictimeprovider.dll.TimeProvClose vmictimeprovider.dll.TimeProvCommand vmictimeprovider.dll.TimeProvOpen ws2_32.dll.WSAAddressToStringW ws2_32.dll.#20 sspicli.dll.LsaUnregisterPolicyChangeNotification userenv.dll.UnregisterGPNotification gpapi.dll.UnregisterGPNotificationInternal wersvc.dll.ServiceMain wersvc.dll.SvchostPushServiceGlobals advapi32.dll.RegGetValueW faultrep.dll.WerpInitiateCrashReporting wer.dll.WerpCreateMachineStore shell32.dll.SHGetFolderPathEx ole32.dll.StringFromGUID2 profapi.dll.#104 wer.dll.WerpSvcReportFromMachineQueue advapi32.dll.DuplicateToken advapi32.dll.CheckTokenMembership winsta.dll.WinStationQueryInformationW advapi32.dll.CreateWellKnownSid advapi32.dll.ImpersonateLoggedOnUser advapi32.dll.CreateProcessAsUserW advapi32.dll.RevertToSelf imm32.dll.ImmDisableIME advapi32.dll.I_QueryTagInformation wer.dll.WerpCreateIntegratorReportId wer.dll.WerReportCreate wer.dll.WerpSetIntegratorReportId wer.dll.WerReportSetParameter dbgeng.dll.DebugCreate ntdll.dll.CsrGetProcessId ntdll.dll.DbgBreakPoint ntdll.dll.DbgPrint ntdll.dll.DbgPrompt ntdll.dll.DbgUiConvertStateChangeStructure ntdll.dll.DbgUiGetThreadDebugObject ntdll.dll.DbgUiIssueRemoteBreakin ntdll.dll.DbgUiSetThreadDebugObject ntdll.dll.NtAllocateVirtualMemory ntdll.dll.NtClose ntdll.dll.NtCreateDebugObject ntdll.dll.NtCreateFile ntdll.dll.NtDebugActiveProcess ntdll.dll.NtDebugContinue ntdll.dll.NtFreeVirtualMemory ntdll.dll.NtOpenProcess ntdll.dll.NtOpenThread ntdll.dll.NtQueryInformationProcess ntdll.dll.NtQueryInformationThread ntdll.dll.NtQueryMutant ntdll.dll.NtQueryObject ntdll.dll.NtQuerySystemInformation ntdll.dll.NtRemoveProcessDebug ntdll.dll.NtResumeThread ntdll.dll.NtSetInformationDebugObject ntdll.dll.NtSetInformationProcess ntdll.dll.NtSystemDebugControl ntdll.dll.NtWaitForDebugEvent ntdll.dll.RtlAnsiStringToUnicodeString ntdll.dll.RtlCreateProcessParameters ntdll.dll.RtlCreateUserProcess ntdll.dll.RtlDestroyProcessParameters ntdll.dll.RtlDosPathNameToNtPathName_U ntdll.dll.RtlFindMessage ntdll.dll.RtlFreeHeap ntdll.dll.RtlFreeUnicodeString ntdll.dll.RtlGetFunctionTableListHead ntdll.dll.RtlGetUnloadEventTrace ntdll.dll.RtlGetUnloadEventTraceEx ntdll.dll.RtlInitAnsiString ntdll.dll.RtlInitUnicodeString ntdll.dll.RtlTryEnterCriticalSection ntdll.dll.RtlUnicodeStringToAnsiString ntdll.dll.NtOpenProcessToken ntdll.dll.NtOpenThreadToken ntdll.dll.NtQueryInformationToken kernel32.dll.CloseProfileUserMapping kernel32.dll.CreateToolhelp32Snapshot kernel32.dll.DebugActiveProcessStop kernel32.dll.DebugBreak kernel32.dll.DebugBreakProcess kernel32.dll.DebugSetProcessKillOnExit kernel32.dll.Module32First kernel32.dll.Module32FirstW kernel32.dll.Module32Next kernel32.dll.Module32NextW kernel32.dll.OpenThread kernel32.dll.Process32First kernel32.dll.Process32FirstW kernel32.dll.Process32Next kernel32.dll.Process32NextW kernel32.dll.ProcessIdToSessionId kernel32.dll.SetProcessShutdownParameters kernel32.dll.Thread32First kernel32.dll.Thread32Next kernel32.dll.GetTimeZoneInformation kernel32.dll.Wow64GetThreadSelectorEntry advapi32.dll.CloseServiceHandle advapi32.dll.ControlService advapi32.dll.CreateServiceA advapi32.dll.CreateServiceW advapi32.dll.DeleteService advapi32.dll.EnumServicesStatusExA advapi32.dll.EnumServicesStatusExW advapi32.dll.GetEventLogInformation advapi32.dll.OpenSCManagerA advapi32.dll.OpenSCManagerW advapi32.dll.OpenServiceA advapi32.dll.OpenServiceW advapi32.dll.StartServiceA advapi32.dll.StartServiceW advapi32.dll.GetSidSubAuthority advapi32.dll.GetSidSubAuthorityCount version.dll.GetFileVersionInfoSizeExW version.dll.GetFileVersionInfoExW dbghelp.dll.WinDbgExtensionDllInit dbghelp.dll.ExtensionApiVersion wer.dll.WerpSetDynamicParameter wer.dll.WerReportAddDump wer.dll.WerpSetCallBack wer.dll.WerReportSetUIOption wer.dll.WerpAddRegisteredDataToReport wer.dll.WerReportSubmit user32.dll.CharUpperW wer.dll.WerpAddAppCompatData apphelp.dll.SdbGetFileAttributes apphelp.dll.SdbFormatAttribute apphelp.dll.SdbFreeFileAttributes dbghelp.dll.MiniDumpWriteDump kernel32.dll.GetLongPathNameA kernel32.dll.GetLongPathNameW kernel32.dll.GetProcessTimes advapi32.dll.RegOpenKeyExA advapi32.dll.RegQueryValueExA powrprof.dll.CallNtPowerInformation version.dll.GetFileVersionInfoSizeA version.dll.GetFileVersionInfoA version.dll.VerQueryValueA verifier.dll.VerifierEnumerateResource ntdll.dll.NtSuspendProcess ntdll.dll.NtResumeProcess advapi32.dll.QueryTraceW advapi32.dll.IsValidSid advapi32.dll.GetLengthSid advapi32.dll.CopySid advapi32.dll.AddAccessAllowedAceEx advapi32.dll.InitializeSecurityDescriptor advapi32.dll.SetSecurityDescriptorDacl advapi32.dll.RegisterEventSourceW advapi32.dll.ReportEventW advapi32.dll.DeregisterEventSource wer.dll.WerpGetStoreLocation wer.dll.WerpGetStoreType wer.dll.WerReportCloseHandle user32.dll.MsgWaitForMultipleObjects wer.dll.WerpFreeString ntmarta.dll.GetMartaExtensionInterface fastprox.dll.DllGetClassObject fastprox.dll.DllCanUnloadNow oleaut32.dll.#290 wmi.dll.WmiQueryAllDataW wmi.dll.WmiQuerySingleInstanceW wmi.dll.WmiSetSingleItemW wmi.dll.WmiSetSingleInstanceW wmi.dll.WmiExecuteMethodW wmi.dll.WmiNotificationRegistrationW wmi.dll.WmiMofEnumerateResourcesW wmi.dll.WmiFileHandleToInstanceNameW wmi.dll.WmiDevInstToInstanceNameW wmi.dll.WmiQueryGuidInformation wmi.dll.WmiOpenBlock wmi.dll.WmiCloseBlock wmi.dll.WmiFreeBuffer wmi.dll.WmiEnumerateGuids devobj.dll.DevObjCreateDeviceInfoList devobj.dll.DevObjGetClassDevs devobj.dll.DevObjEnumDeviceInfo devobj.dll.DevObjDestroyDeviceInfoList setupapi.dll.CM_Open_DevNode_Key_Ex devobj.dll.DevObjGetDeviceProperty cfgmgr32.dll.CM_Connect_MachineA cfgmgr32.dll.CM_Disconnect_Machine cfgmgr32.dll.CM_Locate_DevNodeW cfgmgr32.dll.CM_Get_DevNode_Registry_PropertyW cfgmgr32.dll.CM_Get_Child cfgmgr32.dll.CM_Get_Sibling cfgmgr32.dll.CM_Get_DevNode_Status cfgmgr32.dll.CM_Get_First_Log_Conf cfgmgr32.dll.CM_Get_Next_Res_Des cfgmgr32.dll.CM_Get_Res_Des_Data cfgmgr32.dll.CM_Get_Res_Des_Data_Size cfgmgr32.dll.CM_Free_Log_Conf_Handle cfgmgr32.dll.CM_Free_Res_Des_Handle cfgmgr32.dll.CM_Get_Device_IDA cfgmgr32.dll.CM_Get_Device_ID_Size cfgmgr32.dll.CM_Get_Parent user32.dll.GetSystemMetrics user32.dll.MonitorFromWindow user32.dll.MonitorFromRect user32.dll.MonitorFromPoint user32.dll.EnumDisplayMonitors user32.dll.EnumDisplayDevicesW user32.dll.GetMonitorInfoW dxgi.dll.DXGIReportAdapterConfiguration setupapi.dll.SetupDiGetClassDevsW setupapi.dll.SetupDiEnumDeviceInterfaces setupapi.dll.SetupDiGetDeviceInterfaceDetailW setupapi.dll.SetupDiDestroyDeviceInfoList gdi32.dll.D3DKMTOpenAdapterFromDeviceName gdi32.dll.D3DKMTQueryAdapterInfo gdi32.dll.D3DKMTGetDisplayModeList gdi32.dll.D3DKMTCloseAdapter wintrust.dll.WinVerifyTrust winbrand.dll.BrandingLoadString security.dll.InitSecurityInterfaceW cryptsp.dll.SystemFunction035 ntdll.dll.NtSetSystemEnvironmentValue ntdll.dll.NtQuerySystemEnvironmentValue ntdll.dll.NtQueryDirectoryObject ntdll.dll.NtOpenDirectoryObject ntdll.dll.NtOpenFile ntdll.dll.NtFsControlFile ntdll.dll.NtQueryVolumeInformationFile netapi32.dll.NetGroupEnum netapi32.dll.NetGroupGetInfo netapi32.dll.NetGroupSetInfo netapi32.dll.NetLocalGroupGetInfo netapi32.dll.NetLocalGroupSetInfo netapi32.dll.NetGroupGetUsers netapi32.dll.NetLocalGroupGetMembers netapi32.dll.NetLocalGroupEnum netapi32.dll.NetShareEnum netapi32.dll.NetShareGetInfo netapi32.dll.NetShareAdd netapi32.dll.NetShareEnumSticky netapi32.dll.NetShareSetInfo netapi32.dll.NetShareDel netapi32.dll.NetShareDelSticky netapi32.dll.NetShareCheck netapi32.dll.NetUserEnum netapi32.dll.NetUserGetInfo netapi32.dll.NetUserSetInfo netapi32.dll.NetApiBufferFree netapi32.dll.NetQueryDisplayInformation netapi32.dll.NetServerSetInfo netapi32.dll.NetServerGetInfo netapi32.dll.NetGetDCName netapi32.dll.NetWkstaGetInfo netapi32.dll.NetGetAnyDCName netapi32.dll.NetServerEnum netapi32.dll.NetUserModalsGet netapi32.dll.NetScheduleJobAdd netapi32.dll.NetScheduleJobDel netapi32.dll.NetScheduleJobEnum netapi32.dll.NetScheduleJobGetInfo netapi32.dll.NetUseGetInfo netapi32.dll.NetEnumerateTrustedDomains netapi32.dll.DsGetDcNameW netapi32.dll.DsRoleGetPrimaryDomainInformation netapi32.dll.DsRoleFreeMemory netapi32.dll.NetRenameMachineInDomain netapi32.dll.NetJoinDomain netapi32.dll.NetUnjoinDomain wkscli.dll.NetWkstaGetInfo cscapi.dll.CscNetApiGetInterface kernel32.dll.GetDiskFreeSpaceExW kernel32.dll.GetVolumePathNameW kernel32.dll.Heap32ListFirst kernel32.dll.GlobalMemoryStatusEx kernel32.dll.GetSystemDefaultUILanguage oleaut32.dll.#15 oleaut32.dll.#26 user32.dll.GetProcessWindowStation user32.dll.GetThreadDesktop user32.dll.GetUserObjectInformationW werui.dll.WerUICreate werui.dll.WerUIStart werui.dll.WerUITerminate werui.dll.WerUIDelete rpcrt4.dll.UuidFromStringW radarrs.dll.WdiDiagnosticModuleMain radarrs.dll.WdiHandleInstance radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion comctl32.dll.LoadIconWithScaleDown ntdll.dll.RtlRunEncodeUnicodeString ntdll.dll.RtlRunDecodeUnicodeString duser.dll.InitGadgets
Execute Commands
C:\Windows\System32\schtasks.exe /create /tn WinInetDriver /tr C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe /sc minute /F
taskeng.exe {1E45F06B-E567-4C30-A524-CB4EE808D9E1} S-1-5-18:NT AUTHORITY\System:Service:
taskeng.exe {59D3986C-4060-4ED0-BE37-2566EE895729} S-1-5-21-1822907384-1282624486-319450072-1000:SEVEN03-PC\Seven01:Interactive:[1]
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
"wmic" cpu get Name /format:list
"wmic" path win32_VideoController get name /format:list
"wmic" os get Caption /format:list
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\sc.exe start w32time task_started
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
C:\Windows\system32\WerFault.exe -u -p 2416 -s 288
"C:\Windows\system32\wermgr.exe" "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5"
Started Services
AdobeFlashPlayerUpdateSvc WerSvc W32Time
Created Services
Nothing to display
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven03_64 | Seven03_64 | VirtualBox | 2018-08-05 11:33:04 | 2018-08-05 11:36:04 | 180 |
1 HTTP Request(s) detected
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- Hostname: www.download.windowsupdate.com
- IP Address: 13.107.4.50
- Port: 80
- Count: 1
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 86402 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com
#infosec #automation
TheSystem Itself @ 2018-08-05 11:36:08