MalScore
100/100

FXSCOVER.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/68 Related 2235
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 264.50 KB (270848 bytes)
Compile time: 2018-07-28 23:09:56
MD5: 0fce96a8f1d3dd15eebded4dd9a2a987
SHA1: 820e86571679abdfddaebb3c3ae26f81ff23f34a
SHA256: 078ae979ccbbaaa5c2e0c6313aa9ce682fc1c317e6738e5faa1133a03de453f6
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-08-05 11:36:06
Last submission: 2018-08-05 11:36:06
Filename detected: - FXSCOVER.exe (1)
URL file hosting
hXXp://92.63.197.112/FXSCOVER.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-08-04 20:32:56 [42/68] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x417e4 268288 e9977154034ac4aaada81606bb78b092 6e8dc0281ec4b9bb4688207c397ceb27efb92e41
.rsrc 0x44000 0x5f0 1536 10e7d28fe92ef49d6b8b1fa91defff7c 9a3ce19bf13202953b958061f11be959dfb42763
.reloc 0x46000 0xc 512 2514a00033ad3642295aed9546752ac3 ad4c0dee80189fe1656fe70155043a1d68b022b9
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x440a0 944 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_MANIFEST 0x44450 414 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: \xa9 Microsoft Corporation. All rights reserved.
InternalName: Broadcast DVR server
FileVersion: 10.0.16299.248 (WinBuild.160101.0800)
CompanyName: Microsoft Corporation
ProductVersion: 10.0.16299.248
FileDescription: Broadcast DVR server
Translation: 0x0409 0x04b0
OriginalFilename: bcastdvr.exe
ProductName: Microsoft\xae Windows\xae Operating System
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
http://schemas.microsoft.com/SMI/2005/WindowsSettings 
Microsoft Corporation. All rights reserved.
Microsoft Corporation
VarFileInfo
FileVersion
InternalName
Windows
%&h
10.0.16299.248
StringFileInfo
Translation
%,v
10.0.16299.248 (WinBuild.160101.0800)
Operating System
Broadcast DVR server
VS_VERSION_INFO
bcastdvr.exe
ProductVersion
FileDescription
Microsoft
OriginalFilename
LegalCopyright
CompanyName
040904B0
ProductName
'&*)+)/.
%!^
ZYZf p
{ffXX
&Ha
efaf e
jY [8
KX q
Q*Z
aeYYeZZY}'
Int32
leeY &
&i) 5
3ZY 2
+{%
cqZ w
}BfaaXeYaaYaeZfXY _
4
oA8
Yae Pu
phX
&oi 0|
rr
Yf
feafefa
ZeeZ
=YeXZZXaZ
hoZ
d1e2ca54
b3d49912
UnverifiableCodeAttribute
Neaf V
ZXn(
XZY
+@Z .
fe .k
lZ YuX
6f 5b
XaXY
Z 5F
fXX O
Ja8T
5{Y :
Zfea
Z =
Z os
b4755fb0
sFa+
Zae
88ca97e1
YZeYeXaYY
Z oN
Z .
yg2 #"
;Z K
m30}Za8Q
(fef
h9gf
;Z [
fxa8
Z m
aeXYeffe +#
YKa
I)ea
Z `
0ZZaffe
eXa !z`
OZ
1509b1e4
iZXYaf
*a8
Z C
YfaYY
f68b6b98
(YY
af "2
M1eYZ
Fb>feefeaZXf o$
]a8B
%a Q
L.h
f121863f
sZ
eea
]a8P
h+F
System.Reflection.Emit
%Ccm)
Z 
bOa8
+8
*Zf
,XXY vc
_a8W
(PMjX
Zfffa
e5Za8+
1Ha8
MZYY !
efX
]a8:
+a8
cae54697
5Y YR
0e929f37
4Yf ?J
ZeXY (
YaZ o
aXX dd9
X <cY
[afeZXa
,txZ
Y uL
}NaX #A
Zfe YURQXfe
YXaXf
Format
ffea )7
XX ]
ZeY
55GZ
DfZa8l
hXeXZ
Enumerable
?JZ ps
ybZ 5
#u%&8
&ef
jXf
a27a6fce
Y
1Z w
0Z _H
x6XaZa
{faa t
fafXYX
+CY
%+
#eaY t
ZYYfYY
t?Z
/X Q
h6a8"
/b$
1Zfe
6[ q
i0]ZXfeeY q
3XZYf
Z 'T
]fFK
T<Z 	+~
e=a8P
+
 j
XeaeeaY EM-nZ
y. a8@
! |l
~0Yee
<la87
fef c
YZfa a3'
XXaZXfeY b
{0eeaYe
nf*
_Z GF
/$ q<
405711aa
7QXa
@=>
a oK
*Y  ,
{Z .j.ta8
CREATE_NEW_CONSOLE
f \>`
Z '?
Yf -
g0gZ
YaXaa
Zf )l
pQ H
^E
;QN
eeY
b90XZ x)
System.Text
sff
&Y '
Z AjFka8
Yfe
:Qa8B
ZaYef
sZ rJ~
ZY _Aa
XXX
~Za8
2YXa
^/a8c
f=f e
efea }
d52c8308
Char
k5$<Z
ZakLZeZ
ZfZ
~a8;
~$Za
~a88
uXZ
ca8n
Y a
ca8i
GetValue
yfeXaefae
XX zc"
~a8'
uXffYeaaafZZYYe
YXYe Q2
RX he
TZZfeXe t
9Zea
G5ZaXa
FYf |X
$@1
DZafX
'Sw r
XeY
a -W
!ZYa
C|a8
d3ZX%+
ca80
2vR
 INQ
lngVolumeNameSize
MX )
ca8:
]Z 8'
?aR
~#%+
#XXe
nyZ
B /b
GetParameters
oWR3%&+
%$ )%\
Z @U
+OYm I
YZYeYaYfaeY
.text
ffYYXfee
W aZt
t 8B
Z @s
Z @v
Z @w
205dff06
naZ
ZZ j@
'7$/ZYY
object
O*@6
c>a8
uBXe w
XZZYafY 2U
%,0Zafea
y<2fX
3f971482
/>Z ^
d
!QZ
ZCe
|aXafX
ZX fJ6
YeY v
XXfYY
aff851e3
iOZ
(Y G
+
 xy
YeaaYafffe #:'ZX
fb529327
!Z |
0AL
Rf !h
]+X
<aZY '
q(VZ
IfX
=a8Z
fXff
nZX 2^
VsZ V
0Ai
#
,zZ
1af14577
=a8!
eff
|07 U
 PH
*E%&
aXeef
Q ]{l
YXe
gT| h)
ZefaYZYf
Lw /P
X t&q#eXe r
Z J[h
jZa+
qa%
^9Z [XRza8
zZ &
(DfYY
ME {b
T o[F;
FITeXff f
HN{a8Z
EwZ
N! /r
ProcessHandle
zZ
 P
B
kueaf
eQZ )@r"a8
ffeY
X<
$aXXXXaZeZa .
8KZ
@[a8g
EZ
U#%&8
zZ W
d654651c
^fafe
ad33b6e7
M
a8
|/%+
[# ]TH
?GZ
XYZ -
cXZ
sua+
'X
%YXa b
7315c126
aa87
Z m|
a lHaT
f {2
BvF89
X OhVBZ
D$	faXY
eXZ
fYYXXYYYe
K$a8
C-afefYe
)W^_)
Z mL
$ |K(5a
B Z
ZXYZ
@iZ
aafX
XQ|
l7a8
TargetFrameworkAttribute
Ye KJ
,v,8
:a8,
e.X
XefeX
nfYeY
@aZ
FaZY
6vO
>eXYYX St
Q gRJ? d
get_Assembly
"l[X 7
UYafZ
xx:
Ifa8a
eZf
x!a8
e 7c6o
vZ _E
5' 
rV
f x~c/ea w
Xe =v
tZ m|L
.e -
'f =T
1Za W
JXY
aXefX g
|sha8b
eaYYYXeXZfY
uw B
% XH
fK<
aeXea
fefe W
Yf w$"sZZ
>V
Aia8
eb2e2642
16304116
&Xa
SaZ k7\
x"a8
ZYaa
=YYYa ]
ae G|
RuntimeHelpers
d5103c43
aefY X
System.Security
e(a8
aefY m
[_8Z
e qy
jX*a8%
g 
bK
>Z u
*T,{
iZa8
ydZ
8Xae
3S1XX 7Z
\a8
System
V7?Ze
||e
_*V
!W j
Z %W
BS%+
jwjaae
@ `J3
H?=
CZa8
cdd0f2f6
L mM%{YaZ i
2%8a8
yB
ZeaYee o
zn]fX
Qea
Z anF
a294390d
OZ
i s7
YZf
v1*
MethodBase
E )w
@Z jdZ O
lH0Y C
O
Z w=GheafZX x
-xaa W
00dd79d1
P[' G
Z %>
bkL}
eYeXaeY I$P
OkM`Z
~XXfea <
Zaae
aYa
]YYe (w
+D%+
ceabc3d1
gXaf
#ffZe 3
!Ga8<
hJW
Oe
 M.
X 'D#
00085464
abcb308b
Y0c
TeeYf
KXeXXa 7
/ /B
6/-a8
A"6Ye i
w
|
IgCa%
na 5J
Z )N
af N+n
dZafX
XXZ
IkZe .
ZaaXZZaYY
sEf
faX kT
*ZZee
ZfYa w
WZ x
YeeaeafZ
dZYZf
:gk
aXe
#9Z E
WkA
af f>[
{yZ
A}|a8
X9a8
E 39
eXfaa
ZXXaYa
wYY U
E%Qa8
4ZZ
c24fbe6a
aYZ O
#ffYe
KUZeef ;
e0ae4d7c
fXfea k
WZ (
]?8a8
V?v
fX :C
Z )Q
"Zf
o{O-
fZa
$YeXe
vfeXY
aa836e2a
affeZaZ
C\CYf
I:>Z ]
4]YYZXefe
DO g
ZZYfeef
uZ fl
YeYYe
]a
123d453d
b|a8
mXfYXf
X KT
XY `4
kC%e Yz
BZY
afY ;\
lpBaseAddress
Func`2
fXYf
ZXe
fafe A
ZeaeX
X [H
e1cb5a1e
$-a85
"eafY
X [Y
e klE
ITTZ
XeeXaf
OZXaeYfeX
iMa%
JX C*
ZXeZXX
eZZX 
Z^^ZYa
YfYaf
af f!
WXeYfea
1f
[YXae M+
wja8
fZYYZX u{7
YfXfXXX
uYef #c4PeXf C
aea =
;5~a8F
0]Af
0ya8=
Mfee
|Y &_
oq.kY
e!gZ +
ea SK
G#8!
=GZ
aXXeY C
668fa590
B>%&
9.YXea
beeYa J
NUZ
feX 2W
15d578f4
4a3f4fd7
aff
1.Z
6YZ
&$XX
Y`ufaa
aZ y
afZ w
fXXae
CZ pIT
aYffeeYZYeX
ZaY Q
peff
12ffX Y
,>X
RW8Pg
e! +N
YZfY
seeY
ZYffX '
fXYZafefefeZeYfXf 5
S0Za8u
j -PeA
ruz
5p)f
*Vf
)-%&8
Z cz
3}Z
ZYZ '
XXfaf
NZ^Z {
HhYf
.6Z .
9rZ
aZaa
.6Z "
Z ce
re (R
lngMaximumComponentLength
io=
aaeea
ZaeaY i
}7Z >
e8b6b821
S_)
1H,Za F
BY K
YXX ?]
YffaY
Z cA
BY 1
Xa8N
!eY
Mi !t
Z c/
fYY /
mY y
ZYYaf s
y(Xeea
Zaa
X 8%
o Mx
eaXZf 1Vq
M-Z
RZef
>`eea $
R^
PZ%&
ffefXa ^Q
2bc65140
Pa N!
W@CafX
37Z
aZXeaY
ff57a8f9
@!a
OZ&
eeae
abZ
O	eZ @
nvx |
.V/7i
T1v
aZf
2bZ
=\%+
Ga >
Zfaa
)aYXe
wLa8
Z C\N
T
meaef y
fa K;
nf 7P
0C8f
2a8
Z (aN
t$ r%3qa
N?
eeYe q
D >v
2a8#
0b57 Qi'
2a8&
l7uX &W
YYeef '
28d0954a
q)Za8
734b4367
ZYXY
ZYXa ~{
2a8t
hNfY I
NvafXZ
eefefXaaefe xNd1aafeZZa W2
.rY
.fYXe
C )2
9YX Y
~e w
})Im4
YXff f
! p{
% >-%
Z ;|
set_FileName
Z XeM
~e A
X gQc
Z ;c
ce17b740
737ec088
GetFolderPath
4a8e
H1K
Z /w4
BXaeea
]fa ktQ
f !o
GetTokenFor
lpThreadAttributes
-X r
S$Z
!Gc g
KeX
f7e
89391076
y}f2
`0Z
_~{Z
eYaXe
6c6a3c2c
J2}%a
EO
YeXX
ZaYa S
 W^H@8
ia8U
ia8R
Z &^=
p ec
ffXf
>Ya
=Zf q
#faeYfeXYe
faeX
T*1Za8
WaM61
ZZaY
ia84
Yfa
SWV)
get_IsClass
2Z #/;
ia8:
_aeZ
NjW
8 @d
Aae
^S[a8z
&aZf &VA_e
Array
YZYe *
286be916
Xee
OpenSubKey
F
a8
qNa+
ZYeaf {
{HPea p
ef +\
W%&8b
*$f Ez
2r!
a !R
u*f q+
EZ *
Z wTCUZ
4ZX
Z =-c
faXYXeZfae
XXY Y
f ^1
3ef
"@Z
gZf
mGa8q
N]*a8z
XXee _^(Z
EXaY cs
DynamicMethod
X\f L-
Z d=U
O`
ikZY 3
me ?D
A,QX
p"Xa
8a8$
#e ]
Z Dt
lpAddress
Z DL
506c2dae
XaaYXe
<YZ
aXeZZ
Z '\
h w>0
kZ 4NN
a8
aZYf
8a8o
Z D+
|Z 6
bcfe6430
8a8y
dd840c78
Directory
=fY
|Z '
ZX f"~ aaf
X\%+
eZfXX
3]aXX
@jZe
'AXeXY U?
8a8Q
#"a8{
A@\Z Wc
uiZ
)yZaeYaff l}
ZYe Cb
RYXX
RuntimeCompatibilityAttribute
 l7
e"%&
ZZ 8
ZZ 9
]y%f >W
XYXY
zLjYf Q
ZZ &
ZZ (
108e15fd
YXY
ZZ Z
7%&8W
fYXef
w\e
hXfXXYee
d9220a1d
hYX
Path
aYXZ {6
ZZ K
uZ )
ZZ q
uZ *
%bZa8N
ZZ j
ffefeeeX
UaZffYa
be 5
XeXe
Jo8a+
qff u
u+Z QK
3X (
Xa D[
^g4i
1f731254
Z i-`
eYY [
eYY N
BlockCopy
Zae m
ZeZYY e
YaeYfYf
aXZXf
+afX 4
n0_
lpEnvironment
G- J
dc04ab6d
N6Za8
1b4e62dc
GetCustomAttributes
+ |v
fXef f
+F h
eYYY 5
H_aY
`raYY
fXZ
n 5PB
StreamReader
A}inZ
+ 5z
qYaa
ZY QI1
7dZ
3+lZ B
Z 4jA
a L3
#Blob
lpCommandline
(h v
z2Za
g0afe
ZZX
kaZ
B9VZfaX
f *{TeYffXY
Z ('P
PaeYfX I:
GetExecutingAssembly
XUA
ZYfXfY
AZeaZ
#fY
im_
-mf_8m
ZfXf .
3Za8L
\a6
6!#
fef 3
3Za8d
faf 5$
1J
OS;
8%&8\
&1%+
ffe
X ']5
aXeXe
ZYfe
6z/
r;&
aefeX
Z aL
0e QwaLa
3)e
XZYfef [L~P K
aYafYXaX )
8rZ
Zafa _
{`r
|ZaaXa
afeXffafYYa e\
6whWZ h
77ffeaYefY
OZaaY
[FYY
seZ s
j`Ze
+0%+
lPZ "
`e \
1ce7b68b
]Id"
Empty
yET}
gfaXXfaYff V
Yea8G
|Yff
ZaYaf
Yeeaf a
fYXaYaaef
063cf176
/XefX
ePya83
;^/YX
;	@)
_eY
n89a8<
)jZ
ZeXaeX
^%&8
oZY
Jba8#
1}
A%+
_bX(
W{Z
Zafa
b9910ffd
Z 9W
peZaZZYXe
Z 9L
XY ,(
j1+ZYaY *
E Qbfu &;R
k3a8
rH?ea
aeZf
38f06492
8fX
: sz
Um(
QeYY
VXaY T
xn;
faeffX /
PZa sr
PZY OZ
xLa8
[|Xae
[JEYYe @
e ]=Z
7YaX g
YeYYXYYYe ;
92Ze
f /g
.XYfafYaXX
gLs
lpStartupInfo
2Za8
PJZ
aaY
tmZ
kff -,[} G
+ U
a.0 /
4aXeX
)n7%+
QYZ
{YXa Sd
-YZYaY
eaaeffa
?Z lJD
Krf
e06a3e62
e093d07d
7ua8F
LCYX
!eea
@ZefZ
[ffe
YZ .]
mscorlib
YYaYY 1
Z 9+f
qZ M
47517632
XX
ReadToEnd
@Z Pw
PZeX
;aYXe
cf939f13
.e $$
7Y mz
qZ %
]Z C
tZ l<
eXaX
ua T
uZf
z =MLOZ
$4Z
]1 yK
ZYea
?s{
X ;1A
a(k
RegionSize
x.a+
k"Zeae
Guid
ZaYeXZ !y
xZ Y
6d0a8342
FX 8
3Ra8%
'a
WZ $#h
E&a85
pcZ =
N
v4ee
OeX r
5QS
ReadOnlyCollectionBase
#Ra8M
X"
eff g
YeYee
aZaeZffY
method
;3a%
a #;
FX z
-XYXe Xy"f
5JZ b-
ef e
ef d
r 405
ef b
FX `
ef U
3ea g
9224c20a
Ye .!^
}Z ]
Se ^.
'Zee
fZe
ef A
eYfYYa Vi
ef M
eff 9
>j
YefXY T+E*
}Z L
gaXa
effXX}
99ae
tee
Z Z{
dZ I
ZYe fc
ZZY ^M'
eQ%YX N
Z & M
$nG
Z lP+Va8
bcastdvr
0T F82
_
ZZ
eaaaae
YeeZYXZ K;
8f990b2f
~4IZe (
1G,Yeaa ]
aXYfe
un]a8
geY
set_RedirectStandardOutput
O%Z
d202eed1
l6 YZ
Bha8
ZYY
YafZ
eaYX Y
Do]
X4e _c
810d2012
7,Z
eY AN
/1 +i
fa w@
System.Net
900a29bf
%Z D
XfYee
Erf =
<Y%+
N5&F
KwZa
Yef
ZrZf
! L}p
m/8
+RZa8
AGZ
:fY
!This program cannot be run in DOS mode.

$
*$eZ
SU&System.Runtime.InteropServices.CharSet
EPN
YeXYeY
XZf 2
n k1
fa8L
,MeY
waaXaf
fa8T
5hZ
GetHashCode
fa8\
YfeaXY
<efae =R
292cd43e
faYeY f
LGj
HZX [(
zZXf Rk
.?Xea
>ZXf /
 &dr
ZaXYefX
.>XZaYaYY
JV8
Xaf !#M
W Yn
eaYa
eaYZYa
ELgGZ s
+i~I
VZa8m
VZa8n
qXe
89f9fa5e
yK3#f
fa85
iqn
]#
SZe
Xa =D
b(O
=Y q
YeeeYYY
8ZX
I'Zfff 0
?tQ
fXX
Z h&
get_MainModule
~fXa
ZeXe
26c6078b
efZX
ld s
ZXfY
op_Inequality
eYeY
_+S)
.y/
ZZZ
"?Z
aYe i#
:0Za8
afecc042
5 3C
WifY c
7533df20
I`a8*
I;Z yF
b07229d0
UZ (E[]a8~
2^
YZfeYe
ZXZ u
System.Collections.Specialized
+]Z
$a Yp
%a8`
aae '$
Za 9s
YZ !
YZ #
Z Mx#"a8`
System.Linq
e 8RkX
d7963229
aXYYaX ]
rZeXf
GXX ud
\(ce
Z gK
Z gM
YZ i
[B 5'
eXa 6I
}4Z
oZe U
^Z WD
haXXX
YZ V
XfYa
ZYafYXfaY}%
UXZXe
Ik9a8
Yf 6y
YZ E
9fY >B
X 7{#ZZXX
}_Z
Zea
*>a
_cX*
eeYYYYea +
06947de5
87e4f77e
Mutex
_X 0e
0-Z
hRUZa8c
VAZ
plZ %
ea 3
e5ddeac5
EX #V
f+
R i9
i5a8
b8825d88
Uz\a8U
7
eXf
2327b94d
6A<u
ea H
Z lx
ea M
4ZX 4|
Y &T
4 ){
XYeZXe ?
feXYXZfeXZ P
>y\Zf
affYaX -
Boolean
ea n
YYf s5
f FT
,lZ
LeZ VU
>ra8
%YaY
MethodInfo
?Y z
6635802c
StringComparison
|^7eXYX
da84
CompilationRelaxationsAttribute
da8)
>Xa
da8*
eeaYe
#XZ
ZeZf
get_Is64BitOperatingSystem
MemoryStream
QZf &
e562b313
eeXff
efe G
p<%+
'WZ
Z? J
z|(
1aa .
Z ?2
f F>
efY =
lLH
Z =_
8c4f29cc
9tI8
rAa8
d#Ya
Z R
W@OaZfffZ
CONTEXT_INTEGER
eYXe
Yeee
1c3c6add
q{AZ 7i
a;
+i
11a6a979
Z n
8} *
G:HZ a
xwK}%&
Qw'
ab8dd2d2
! ,cLyZ
weZ
Oa b(
21Z 2
eZX
{b  0
baef
eXYZfYZe s
aeYX wK
(:a
OnZ
Xea
{XoZ
\Z E
Fa8F
Zf Wrv"ff ^
SeaX
Fa8T
/MLX
|ZfaZ
QRa8
Concat
%	a8
*	4HZ
Fa8/
aZfXY
>ZX
$<a8j
XYafaa
N1"
fXXf
AA[AZ
'@8l
dBZ P
[*]
G;z
{ZXeff -B
fXeYZX
;XY
XZ m
YZ Gx
BDb Eo
t#/
ZaX
M}Z 3
69a3a7bf
3ZaYf
+a8!
Z X\
+a8#
YaaZ
`<Bm8
HaeeaaYY t
YfaafY
ZYfaXe
ZefXfY
:aB
Uy`ZY
+a8_
+a8Y
Xf us
U:ZYX
+a8U
Z X)
#&;Za
5 u<
faXfY
Xfa
X`
6Z $
a %k
{afZ
Xafaa
:WZa
eaa 0
ZXaZ
/Kwi
]=Z *
YaXYe OE
cHZ
DzRZ /
8wZ gt
XeYYZZfea q
fe E[5
nkXY
[E0e
eYYeZX 8G
=XaXeafY V
*Z [
YYaXf
YfaXaXYa
@.6
eYaY $
afaeZ
ZfaX
;eE
6Za8
($Eff
uMa
?e
6Za
(	4
.aaXYe
aZ /
i;e
|X mK
ZYX n
wMD
e j
ffX &_
dc9c2ced
116bbae8
;ZX Zf
_CorExeMain
9e89e291
|Z xp
faa F$"xX m
*[D f
aZ `
~5WZ u
aaYaaXXefa
(wZee
ZaZfX
08434e7b
DebuggingModes
Ye 7:
YZeea
JnaafYa
ee D
{1a8
aZ E
kZfYf
yB =
KFZ
aZ J
Z sQ
) Y
oa8
lS<afY R)
q8f
^L%&
X >r
H*Z /
aefX
faYe
faa
+ZYXX
efd48bd0
N/Z !
ieX 7
dwSize
ZYZe
MeXaXX
Da8v
ZfeeYYaY '
K
qZf
hwyZa
3296876c
0iYYXa G7
Z 3>K
oR
eba69e1a
Da8G
5aX
VZXae /{
1N4
feeX
Z {
Q
h0 Y0
aaY IX
ZZZXZXZZ ]c/ZXXXaXaeYfY 5_
)[u
%D4i
ffa
CallingConvention
8YYaXZX
.ff
S:P+%&
DirectoryInfo
0H -
XXe
aYYXYfXXa [
[Z J{
?gta8^
082db51a
*jZ J
`F3Xe
Z X@HIa8
ZeYX
;Ia8-
XXf ?
,$_fZ
F,
Y 
I
~Z I
365i%&81
^E
~Z R
4cb55ed6
e39fd8b9
|dZ @
-&fX
aZZfY t
]C%+
{0Z
vys
XeXY
f fV\
Tqa8
aea
_Y #Sy@Z
gZXYe b
Z d*j
7549471c
NZ p
dF@ZaYffY //
Y ([
~Z #
a%
$5 k
;Ia8]
Ae
aX -+
Reee
26624f38
{ -G(
ElZ
~!6
Zafe
Zaaaf Se
Z =m
KXXfa m
XfZ
p*ZYe
.ZYXf ]kk
s4S21
IZfZfXeeXeYa
XZ %
ZXXe
N fYfXYYYeY 5
OC
Y
dZ q
ac1fc370
XZ 8
eeXY
Z 2BO.a8,
aae
DZZeXe
Z =0
fqY
>fYeXe
4@aa
sZ _
he :|V[eYe
Stream
XZ n
get_Modules
a o\
f D9
f +}
aaXffeaZYeYef}
XZ w
J>%&8}
a8U
XZ {
ffaX
2cfYX
ei&MYfaff
eYfY X
Z P
YeY
d" ;
EZYY
k]ZfY /
XfaX
2X c
]%&8u
_6Z sw
fZffe
YZZ |
ZYee
6 Y7
Xa JwA
a7dc7c2c
_ >56
!`
C aaXY ocR%
+fY *
uAS p
9Ee E
U:x 9(
\eaX
1d358ce3
]t E
WindowsBuiltInRole
e832028b
^eeafZa |
2ea t
&Z &
&Z "
!Y AE9
Y Gk
ZYeYYe
neZ {8
get_IsInterface
@eY
fZY
.Vda8M
Z zHz;e
&Z \
"HZ
N4Za8D
\f -|
 $R
tZfeXeZ V
2ae
+ae
oa%
PZa8Y
Z Ny.
ZXY
5bc7f588
&Z v
!aX
YXXafe 9U @
Ia ''
26cda881
3307f234
=WHfY s
"|;
i/B
'Z ^
^%&8]
'0ZaZ
ffZff
'Z j
'Z r
'Z q
fXafeZaea
X S{
k7g
YeaaefY
ppZafY
\eeY
a 'Y
Z 8ov
eaaZe
ua8x
'Z '
1=#eeXXa
eaYXYfaYff
aaYX <V
set_StartInfo
qV :
R^%&
!f AX
Z=XZX v
/f }$
@`YX
X=:
?x2Z mK
Z `\3TfYaYfYYe y
tZ 3<r
c652db1b
Yeea
KfeYafff P
ka8R
gee Jh
mYXYeZ
UffZ
xW$aZYY
Zea ;
YYf U
_YeY
aXZa
 jp
C^EC
NZf v]
<eea
Zea T
TXae
t(s Z
[zef _
^Z
J&b
V Jr
aYZ
eY C
faZaYa
]F_ j
Zeaaafe
c8c795de
K`
fYXZa
Paa
7c`
v\FaYYYffZf
^E
j!a8~
CYe
[fYXef
fXYX $]h
156e91b1
ZZaf
Zafaff
@
Z C
se =
sAZZ ,
,X P
KZ 3-H
ZfXYYY
]aeefff
[n ?
Jx+af
,ta8
\aaf
"_hZa8
af90672d
# G
Z {Kp
ZeeY GV
Tcf
f^Ef
etVgY -
L.dZ Q
[Z 0
ZYYY
fRa8
2 xJ
faZYf
0aYXZa
52c0eeb0
NP_
[Z Q
[Z P
9d6cfa42
d23
`Z 
`Z
[Z v
[Z s
EYY
26130214
[Z {
fX
dVgXeZaZ oo
! 0$
3a8%
;ca8
YXa )
a005bc42
ZXfeZe %
YZaYe
e <S
U#Za8+
jZeZY
0621c1bb
| z/
\oi
ZeZa
1 
|
\ZZ P
fabb8f6d
ZfZYX
`f /
?ZXaeaa
<NZ c
&)5Z {)
Dc c
fXXafeaaeeY r
afYXXaeeX
 es6p8d
eZfaaf k
Z {f
2ZZ
3a8K
uZZ s
Y*YX V
4715511c
Xeeae N
get_Headers
ZaeYXe
IX #
Wa8Z
) vR
Ze x|
1e302a1e
>;Z V,
Wa8K
mqeXa
XZ 1i
e834ed61
ZaXZ
F$U
x_\o
p %W
PZaXXaaXZ 9
726130b5
ILc
YYe I`)
IDisposable
ra86
RY 5t
ra8:
iXafefaY
fYX
ZY u;
ra8&
07e -&
O%&8}
Z 3m
^E
: u\
XfX
Ug6
Mpsfe
Z 3q
"fZ
dZafe $
ZYfY a
wYeZ .
YXaae
Z 3R
f Bg
f )_
s4 d
yXa
afec3d9f
xeYYfeeYX Q8L
Z mJ)
^=a+
Y 9e
_qw
aaf oS
B4 8
*e 5
@~m)
YYYee
^f
Ba%
<LY
:a+
c82536b3
YafXY E<
jqsaXX
M,XfXe
XXYYXfXY /
T']
IsInRole
YqY a
XX sx
aYaf |
#GUID
)ZXX (
fXY {
!!'
> -
$
744d4b85
fXYefe
eeXaZaXX 1d
BXa
R&a
ZXZfffZZX
SZ 5R
afaea
HeafXffY O
;Jd
Vq<eY
e*ya8
aXXeaaeaZY eW
)Z c\Y
{ZY K"
fY &
fY "
fY -
fY +
IeY
3bafa05b
fY ?
c07ed0bd
RZa8b
f UcG
bfXf
haaXXXaY
Yae
keY
Ve Oh
~efYXYe
fY m
fY j
|Qef
1a8Z
Ze )
` wx
d9159f8f
afY
fY M
Gr+zaaaf
fY R
VZfa8
"aZXeXe
ad4493cf
aZaeYX
h>afY
JZa8i
aaXa
Z Q
>ZefXa w
3t%Y
e]a8
V[o
Z Z
eYe z
xa8L
YXa Q
2e'
kY [
Z o
! BU6
caJ 1
uYf
ZYaX
XXY
n[YeeefXXe
vXee @J
pfX
Z
CONTEXT_ALL
4&ea80
d8
X h
ZXea 3
%Y *
Xfe
l I9j
Replace
kY
OpenExisting
I<f Wf
|YY A>
YeaYfXfZX 4+p
mefYXaeXeX
faZ LJ
6a%
get_MachineName
a6af31b3
!b 9
aef `/
u*9Z
aXf
1W
6248122f
gZ
faefYeY
6cc4c7b2
f8d3a6f5
xZ 7F
f^aeZfaY e/-
aYX
9<Z ;
{aa8
TBXf
aXf L
eeZYe
]
,]iZ FIS
cYa84
;eXYY
gz%&
& \^v:Y
{$ %
lg)
aYefef
&RZ
Ra8x
fXYaX .
eXXaa
EY z
fbf64c38
}a82
}a80
ae 7(
f3254520
Ea
343af35e
fYfYfXe
a ]
}a8h
4i8
hY I
.*k
~\~eYXYafa Y'
0}Z S4
O*kZ ~
">Z
YaYe
ZXYYa 1
m,fX k
sna8
}a8q
fea =
6X 3
ZfaXYaeYY 7O
FSZ !
fea
fea
Z b{`qa82
i%
Z
/2YX
Ya eB
9effYeYXX
Y 
q2
aYXX
$YYXYYYf
Uef
UB2
298f152d
I~eae
;f K
>7eX
fae
efef !
SuspendCount
7a8Z
vJ!a8
Z r
ZeY #~
LZYeY 7
oefa ;
ZZXfZY
Z h'I
AVy
f H(=M
LaY
Z _
Substring
5Cc
cZaa
d2ba812b
eXXY A3e
+,a8
1De6Z
ffX s
vKX
)8WfYeY
{ZYY
*u
ZfZe
^0a8
r#H
597a3cac
QWa8Z
O;
k{9DZ
i 7y
?+NaZ
h_Za8`
ZfZYZ
=Za8
f}a8
faYeX 2
Affe
Marshal
\i
I"Z ~
ae i
h'(Z c
591c1d7f
nV|Z
P 8"
f534600f
y a8.
ae KW
0jfXaX
$~qa81
/RZ
aY
60e2088c
ZXeY
Se 1d
ea
G<a8
I8a b
oZa
bXee
oZa8
2bd501db
6XX Z
XYfYf
Xffff
ynz
e ET
8d*
-YY
UmZ
LX {sL
\ZY
Z 1|
y^+
Z 1g

sAY
v(e .
dZfffeYY
YaYX
m[a8
NfYa ;u
feeaeefa |kSZ
ZXXa
aYXfYe
3xBf%+
4eZ i
C\U V#d
/%&
g~a8
?eeZaZ -
Z B/<ca8R
ReY
V2f
rnQ w9ne ]K
CDYYeY
aaa
35ddec05
Z 1,
A0* X?k
ZXfaaeY j
)Z |I
K
Z q<
YXZea
SX }
2Z pB
7!a8
_sR
(Z (
;fafXe
1Za
`5a8/
Os3
XYY P
XYY N
]h
AOZ
!'w
XYY |
YYXZf
G\Z
1}ca8L
7X o#x
UploadValues
Q6R
XYY g
rmua8
_j 6
L iqMeZX
kg^_[
P #|bVZ
:BeXe
yaee
a0# -
843f68c8
6O 
K
Zaeaaea
ZeYa ,
?tJ A
] ?
~_`%&8
8d92a15a
ZYYae
)cYXX
Z ^9
735ced8b
Type
9e92d93d
aZfe
HX T
ZYfX
#YeXX
g%aXXffae
VPRe 1N
0Ze
`*uZ O
V1%+
T\RqYYe /!B~ Q
7326d5c2
aeafZZ
\XY -
dfZfeX ~U
ZfefYfa
LfeZ
E~ C4
Z 	N
@Uyaafe
Ez%&
Z 	@
[+%+
`$Yfa
m,Ha8
Mfa8
_
gB/Na%
IY #\
huZfaYa
ZGX (Q
Yeae
XXfYYe 6p
Y5Z
#Kaee {C?
ZYa
947bf5bd
Ko_
}QHa%
cZa kc4
Zfefeeaa
O xy
maYXf
Z 	(
4b872461
fe8eedfd
ZeZYZXX }
YDB
YefXaaX
XeX
fYfXY s
eZZYaY E
eYZXX 	u
List`1
eZaXY
7E	ZYe
GetString
WindowsPrincipal
_ufZ
 f
E:Ka8B
_Ya8
Z R1
 {bP
_a8b
)Za8w
iX
|=YYfXeYfae
Lfa
72c0099f
f 5t
eYaef 
++E~L
Z PB
$/Xa87
Yfaf G
Z Rr
eZ <
eZaZ
Zef {OB
CreateDirectory
}
eZ &
StreamWriter
0l4g8
dGa%
eZ q
\fY
Z T>#
eZ t
Yaf =;>X
eZ o
eZ `
e `~
$af
`.rsrc
xRkee
pfnAPC
SetCode
b31f50c7
OEZ
XZa c3J
Z *o
%aXaX
}[a8
affXe
ZZY Le
z
(xZ =
ZZXfZeXY
YaXaX P9
eaaYe
t(ef
4"s[
#^uS {
YeYeZe
?ffY
_5
O	 7
HX /@]
UL[] H
aYeZX 5
~>L
e40b8606
(wgZ
y$LZ O
5Yf
liF
nXZfZ =bs
DDt
T>x
tNe
faX qm
 >4
c917eea0
Zf E
vgYf
get_ParameterType
ZeYYa K
Y 3Q(
(CZ 5
qeefZXYfeeYYe i
F7 v- L
WaX R
39eda22c
0b028dfc
d2b29d25
aeeff 1
0.Z
ZeYY
[
4e742347
YY +
B
E
ka8#
Xeaf
e 5GH
q
B WH
OXfX K
|
Zaea NT|AeYf
$2eeX j
YffZfef
JQffeZ D
Z 04(c
n
52abbc8b
ueY
d`Z
*hYef `w
ea8a
eYXXfY
Yeef
ea8n
6
get_Now
&
,
t\Z
67a
aef r
aXe yI
]Y GZe
,a8M
}oTsZ Cj
@x\
$Xa
\U 7
aef j
Z 7o
s VA
V E
,a8a
9lA%+
get_IsStatic
X3 0
RaY
Z 7B
G;rZ
ZXYYeXXY 
C
feYXfY
s>@
RegistryView
Zf y
4 X
.va8
YeYX
b206e433
eaYXf
' YeK
Z 7=
z a0f
faYeeY
FZ 0
4036bb1f
aZ wP
R`3Zeafa
9SZ
ae 4]
SZX
eb699aae
.2%+
[Z G
P\p
OfZfe K
LfaY >r7= *
?a8U
Z wdi
fd6b7c0d
'}fXY
PZ Xd
^fffYae
affa
ffYfXZXf .J4]
mZfZ ,{
?a8z
ZaX #
fYff
5vZ
J_a+
X  n{
Ha8
XXefZ '
L&n
Z $X.
oA%&8\
ZZZXZafY
nfeXXY n
a48ac01f
X 4`HYeaXXffeZ
26c733ec
>%,Z
YXeX
;ef
7tZ 
.
Lef
T"a8
KZXffafff '
aeaf
zlfZeYfaa G%
fl$
A$x
Ze _^
:Z!~Z 5
dfa d
afea
Yaa
#a P
K[9a
`"a
#a >
u4a8(
0ffeXaYe
]fe
ftU1
)ZaYeaXZaaf
`/faY
88e443b4
TZ #U
feXe
81d3322f
NYfa 0
eefa
{a87
k	eX *CA
09ba5de8
1ff 5
@Kv|Z
set_RedirectStandardError
ScT
84e481dd
?RZ
af /
pZeaXe
af :
8J s%a
QD\Z
,T N
af 2
`ZY
edc40f2d
af N
aZZ
aeYY
2?fXZZXYeXX
Xea k
af P
af S
af W
q	$a8
v6ZY
e  V<
af {
#]t%&
af |
X 1@-
df6ae158
af t
X I)
d0e82495
XYYaYY #mc
Yff ^
XeYe
2d0f7d4d
ZeZ ap
v) f
Qf>a8
aaaXXX
m\Z [
YYYfZ '
Sa H
f+ s
9Z -Z'jZ J9(le
faZae @
~}Peeee
kXfZXaaYZaX
CpX
1=
T5ZYeYYXeYaaeXYZX
eZ
&Z [\
ZfeYfZ $
:faa
+^~
318fb5bf
Efa
)fXfff H
d;&:Z
n}%+
fsa8#
-g&XfY
Z P}
9336b44c
7zfeXeeY
aXa eVt
kf dY
#\a8L
E0Z
F_YefYZZ
}aZ O0={
!4 n
fZa $
p6Z l
+
f4c93819
Z {N
)0`eXa
a Ox
6ZY
eaf
ZYeYf
YaXY #
AR wg
f qqe
&?Q
Delegate
TGXaee w
B9aZ M
wGffa
'TZ E
Vj?
'faN%&
r`a+
=ea8Z
(K E
ZefXZe
T@c
Y p&-
eaXX u}
eZXXXeZeXYa
faY
XaafY
a 5Jy
XXZa  2$
,Za8
eYee F
aYaaX
a8x
Z (~
#Z 6w
ZXXX
Xe m
E%&8
q!1<i
hEa8
a8!
_Z X
c41d8595
19b60e8c
qY"
efXX
ZYaaXa V
a8?
aeYa
53aXe
Xa pM
effffXY
Zf %l
XJZ
9C%&
s=Zef
_Z g
Contains
Z },
|bfe 8
CZfa )
Xeaeae /
handle
E~,
|ZY
8XXe R\
3%v
ValueType
dwLength
~ 3k
ZZfeYffYZYaeY ){(
opt3
opt2
2c (
d^ra8
.wL
#Gj.%+
|8efaXZa
PefXfXY
XfXX Zy
ZaXf
8/w
8ca35035
XeaeY
=;a8
bInheritHandles
Z }]
^va+
EZ ~e
WF
i7a8+
@ 3m
YXa d
aea}0
e A\
>ffa Y-
= '
;ZeXXfa
FWa8
8!8V
oOZ KsY
HZ /DB
G+Za8
=0%+
51<
uGXfe 4
qt%&
ToString
:&OZY s4
F0f
Zfa 6m
oT: .
407b9b45
Zf }"
Y 0-
%YZ b
faeXf w
)LY Y
9b0ff8e0
f Lg
OQVX
3+$ef A
0 nk
Z 3N=
ZyZ
_fe >"
d72a3f4d
YYeZX C
8 	P
860b1697
y?ZfX O
tdsZa+
173a243d

Z 5K
{fX
Zfa j2
Z Yqe
Z H^34a8
d61e904b
aYY 
6
XeZffZafaeff
e90a5097
daY
uuW
a9647820
iZ YP
Zaea
uY "
_fXf
ZYaf K
ZYYa
System.Security.Cryptography
e52c688f
hU
SkipVerification
eaX 0s
b=Z
msYXe
PZY s
/.S
84Z
LQ1OZ
eXfaf {
lpCurrentDirectory
VprYeYf
47d2cb02
5ffa
sxa8
RegistryKey
=Z
 ]q
LYXXYaa x
%^Y 4
aXff
L=&68
+>~\
\fe
#Strings
uZ tS3da8-
33c90ef7
.ctor
s
a8
rZ G\3
mscoree.dll
1cc96133
XeXY
JW
N 4*
>Ff
*M8t
( ZYYZ
Zae so
fe mr
4eY
3!-Xafff +
v4.0.30319
ZXa
aYaea
Ya re
48a8
(YYff
cUz1
e29097e5
Module
faYae
85728e45
4%Z
6[Y )#
E=Y
@.reloc
{YZfXf
0425331d
[tH
feYf ~
M qw
Nefa
^$dBZ
KCa8
iZ A
eY f
"XffXf
LZ 
KeYefX
Xf wI9
0YYY &
5?%+
XZ {hsbZXfYeXY
<Za
)kf
Z |xa8
Za (y
wX w
<Za8
:Z e
XYZaaaYY
gZ
-2%&
&	 z
&	 f
.me
Z Rl<
33eZa Ja
a?cZ
! -2
4d8ad0e8
YYeeX S4
CKAcZ #2
Ff "k
reZaa
gZ -
gZ 0
4a8\
Z V'
8XZXX
HZZXe
EZ ]
&	 1
Z 0qFVa8b
AneeX 7
Yt,a8
/:
fYfZaY c
1 M*
4a8:
fXaf
EZ O
n?!LYff
yF Y
'i-oZ 4"/a8%
3a1443d9
ZfYf
gZ o
'Tq
OaeffXXYa
`f .
XeXYe +
EZ g
>e06Y -
Z i;v
ff
dfafffXXeZ F
^ rG,
Z _b
6d16b84a
:ZXaYZZe r
Evf 0a.+
set_CreateNoWindow
B^EB
eeaXeeYf
eOj
vaf 1{
'sZ n
)!S-l
9>Z
2aCefaaf
pUZ
_]a8
I5I
*Xea K
ZaeY d
WindowsIdentity
]?Oa8
t:"
Z *nP
8e541a21
YaYee}
YXeae
NewGuid
pXe
b6fff2a9
get_Type
DU:Z
WY u^b<Z I
m<EAZ |
MZfYeZ
3aafe
WZ W
:oZ [
"c i
iD 0
0ZZXf
XAfeY
9Q%
RZ0Z E@
ZfaY 3
YeaYaZfXaYX
Dfe 7W
eafZX
Z s+
ee ;
ee 6
faf ;
ee 2
faf ?
eec682ab
get_BaseAddress
ee *
t!f e
Z s1
GetPathRoot
$XZ _z
Z R$)
eZ <h
ee
Eef G
StringBuilder
Sba+
U(RZf ]uv
Z sa
ceX
Z s}
_
Z
P8Za+
|YaZ
Vae
aX AV]ZXeYf
ae #E`&e `
Daf )
NReZXeZ s
kc
MGfeY
l.tY
NVYZ
]e^fa g
XX `
+L k
Bfa8J
) Z
eYaaYYe}_
` b,
+zZ r
0a myw
SByte
3J:
ZY MJ
1489ba60
CZa8}
48a9dd75
}Z 8^
ZY M^
:a8:
13%B%+
uGAa8
RY W
l#Y
=ffef
Ya%
eYa y!
afYaZXf @
GetCurrent
e j2.ieYeXY
Zfa
J%fY
44648d2a
R!,f Iz
yZeeY p
vaYf J
YfZaXY
e'a8?
<f
1d3be6fa
XX Y
ieaafYea
%eqZ
4YaZ h.
ZfYa /
X `3enY
X `f
Xef {\6
XZaX YC
f d
YYf 5
Z l;J
YYf <
$f Y'
CQa+
Jc]fY
8Za8
[f Q
,XeYeY
eafXa {
3eeaY
eXea c
DownloadString
/!#HZfefaeZfaf 
p
zXZ %
o=Z
7a0bd2ca
!)}
.NETFramework,Version=v4.0
ZYZY Uy
c8e86eb6
$!Z
fYYYYX
&TkZ
BSJB
ouZ Rv
4aeb5ed3
B 9Bj
qnHa8
XZfeXXYeYefZYX OL
X M@
5g
XX =
value__
Z KC
OO1
cZ g
yXe )
=XeaaY
cZ {
I(y.aff sC
cZ M
cZ H
a3a2f7ea
#Z <
"kZf G
u fJ.
b2d0f637
&aZeXZe
afef )
AsyncCallback
ComputeHash
ZeroBits
98291bcb
*F%&
aeeZY
[%&8\
t9
[uW
GZeY
a99b3af2
MZ l
$ZaXXZ
le 4
1a [
f rN
XX 5B[?
YY K
~c 	I
YY ^
46a8a8b0
55XX
yZa O
YY i
WaitForExit
4af B
*	YaYef
)xYtZ
Ii&a8J
J	P)
kXeX
Z 72
ka8.
Z)<
1\4
YfaaXfYYX
YY 4
YZ dh1.
=WO x
O	na8$
k=
rGa8
YXYXZeX [lh
eYYaZ
.3\
ZXfYe y
Ba ~S
_Yaa
=aZf `
zb^Z )
) Z
g mR
nfafXe
;Sg"
OeY W/N
BZ c
feefZ R
e1b54d34
+fYYX
daa w#B
ffaa
va%
eef
eY M
@a8C
eY U
@a8O
mxYea
@a8w
eY a
e ~8Y
Z Tt
A TbV
%!8B
39e6f4d6
@a8m
\|%
BZ "
Rv_a%
Normalize
KIZ
jZ *
ReadInt16
feff6146
<-
a D^;
CONTEXT_EXTENDED_REGISTERS
jZ 7
S i_1
Oa`
^Na8
XZaa c?
G@ !oL(aYe I
AXe
aafff
jZ h
80Xa 2
jZ p
" &
B "u
jZ s
NY {
]s,
a FH6
XX 
S
Ea85
41888fba
ZaaaXfYf
ZZfXY |
File
9a%
xZ P-
Z #oE:a+
maeYfa
Uz-
ZeXYfXY
z 5
ZfYe %1(
D o%kJa%
ZYZeeY
f Wy
Z ,T
Fa8
YYYZfaafe
raf &|
3Zfe
eZaXa
Z u^P
Va8
eYeYX *nM
:A
/ZefZeaaff
ef vL
XaZYYaeYe weP
eeZZXeXfYf
Z 8]A
aZYXaeea
Y $
9Ss
SZ
fZaa ;
K'ZZY
@MqC8.
1&!
9tir%&
@Oea
ZfeYeaX
yYh
k:f
\Aa8
:ZaY
1{e
XY ye_
YYXfXa
~f b
Z qu
w."ZaZa Kg
fYe qPH
"Zae O
%aa
Gae
]f da
=aa
o%ZYZa
NLs_Z
09a5e04f
Delete
)TZ
y1e
@IZ
fXaX
)6Z
{Y 9
1pa
set_UseDefaultCredentials
raaeZ @Td
eXXYY v5
fa AHA
v6 o%kJa%
>Ie
]Fa8
P+
faaXXYZZ w/
MZf
YeXe P
+%&8
*9 -p
Z ~ygOfa
*(I ORK
Y 4j
bT%+
6QrZ ,
eaf s
cYe
XZZY )
uZ 
pV
'>ZYYZe
YeXe {
XZ ?5
;U86
Bsgp
cd3d89e2
ZZeZeX M}
eaf +
=ZPZX
'^E'
L& D
L& C
BXf #
XYaaaX
52611495
d2Z c
a2f3ba8b
GetModules
0XXYY
9XffXXfe
YfeX
Ga8:
Ka8I
>aYY
t? 8
Xff 1(9
c?Z
=Tua+
X	YYY
Xaf
w3Z
9ea4687d
*p` =
8b169df7
6c03cdb3
;rufa
YYf
ae
G $*
i@ Z
aeee
%&8T
X(h
Zaee
mHZ 9
Di
*|Z FO	C
aY /
5~gxZ y
Xe c
>"#
ZYa ;O
efXfY
OM
oa8t
?ZX -
YZZ
vbfY k|
aY
Z I+
8ZeXa
vt T~
ffYXf
;gY
,'
aY o
fYf y
Lee 6
aY h
aY e
fffefYf
Z IB
fYf i
Z IX
get_HasExited
nef A9
Xaa @
aY O
AZf
j8efff O
Random
aY A
a7bd0ad3
aY Y
T~eX e
 Y@
i=la+
}EZ
=17
fZ I
s%&8
kZ =SC
'Ze Y
' o"
@eZ o
fZ V
Ceaf l
\B
kZ
0XZ
fZ h
C~XeaY
fZ x
fZ z
fdf20b86
quZZ V
486a850f
eY 	-
+ w~
>< G~
Ak8M
H8X
ZXe
U Ka8
efffY
aXXeaX
ThreadStart
d9YY
c_a8
ResolveSignature
rd 
>
set_UseShellExecute
hWOea
efZ h
efZ e
Pa%
E 
I
X[YY
&?3ZZa8r
04519b86
k a fT
/afa
;nZ
smZ
naX q
Xpe
}Vc 3 J
4ffa 6
CAa8
qZY @
b$4 G
Z Ii
 vVI
zmaaea
Cu1
0f479843
NXe
ht&XXae M
e ,4^
u?D
hvi w
lpProcessAttributes
Z j1
aaaa K
! !%
'.lZ
feeeXaaeaeX
jfaa el
'a8a
0770f3a6
@} j
DownloadFile
ZZe
g]Z g
aXe `
SwZ
#ZaXe
{Z ,T
Lafe
XAe
lYXXZ
ZXYf @
7	eY
Xaeff W
eXff R
Z 7M$a8
A4Z
KZ gv
feZZ wT)
2@Xa ~IJ IW
)3XafX
J
%+
7e9f9065
RuntimeMethodHandle
J|fY
l>Z ^
'a8=
XfaZa
$XZYYX
eYXaY J
aXe ,
ReadInt32
%&8
%=XeXf
Tca m
Z= 
`1:ZaeaZX
SZX 9
7
Xa8
_bX(
}	ti
Ka8_
7zbW H
7V_
_bX(0
9e x
693dd4d0
^s8U
~aZXe
XYf C
Xfaaf oq[
~Z x~Y
e x[
_bX(6
]9Z ]
rY 1
wia%
xnaaffZYaefY +n
r4}
ufeYaYeZ
ia8O
Z "l
_bX(>
YZY
9bc4b80e
20e
aeaf 5
bb15b492
6688c1fd
X ,T
Xaf Q
b6719dbb
YZY +
Xaf U
YZ	Z
4c#
F%Z )
Xaf &
:]ZeX v
2Zf
_L E/
VZfeffZ
YZY |
}Xaafe a
0b155df1
Xaf
]a)%&
9ZXf
yZYeeeaeY
SetAttributes
Z "
FXYY c
Z(ZZXX
sa8q
ea 7(
sa8l
|
 )
|
 /
OZf ~tJpXXfaXY
a1fc81cd
?Zaaf
u!Za8
_HnXee `Kum
[a8w
ZeYXXX
E-N
FfafaYX
SZZXXfe Y
Z wl
w:Za8
7ece4d44
[Ya #
Attribute
YYXfa +v
ZYf 3
ZYf 1
k|ZX
=%*i
q-t !
aYf
^vZ
XfZfZe
8eee
afY 3
,;Z
h!Z
,K8
iZ n
a f%&8
9{f
ff2ba760
bYa
YfZ
aYXa D
`
	 v
%ZZae i{g
BY c
ZSZ
f lOca
`o8*
XaeXa
eYfeYX
afYXf
A7Z 
QNa8M
YeaXa KO>
 J
Zfe
fefYX Z
Ha8G
Ha8B
lngFileSystemFlags
3{ %t)
19X
IsNullOrEmpty
'aXaY
'/aYYaZXe
CZ ,
1eYXZ k
strVolumeNameBuffer
M9Z R:
aY )
fae {.
\aX
u= kZ
!xZ
eXYYffX l
c50db268
Y oA
MaXYYe
YZe
.>	Z 7{^
Yef cV^
FU r
AC f<
0SZ b
CZ a
R4Z
40Y
VYa
a16e3fcb
VQ3Z
^I]%&
BaseAddress
CZ r
kYY P
]ea
affY
T@YfY
bc8442e5
"O/
fY 	`
vZ bv
bXXeYeXeX \
dve
}eZffaYYa
Z O'
fZYZ y?
z"Za8L
Z ||m
?a d
-ZeZXeZ 5x6o
8%&8
la8B
?"e [
Z OL
eYaYefff
X 	\
\WZ @
la8Z
pna8
YYZ
y;
YZX
i;0Ky
(-%&
+cQ%+
jBHZ
Z Oq
$ ?
aa5c7388
afXXYX i
e2ma8
YaY
uZ ~1*
GD
oD%
lxZZYaXe
Hf W
f F"
.LYaZ
^Yf
Za87
GetFieldFromHandle
qa8|
YZaX
P%&8
fdde8bdf
rseffXaYXa
nYZXaef
g,Z
ZfY W
~EdZea M
ZfY i
\NHZX
ZfY d
CONTEXT_FLOATING_POINT
eXf
Gpa t
eeXYf
45a+
Na8K
#f{ KV
Na8A
Q8a8"
='%+
{0	,%&
Z aL4
KfaXY
DZ <
Na8P
XZZ
%Tt
ca
Ny8!
XaY y
OZa8i
zeXZXfZe
Aa W
#Xe
DebuggerBrowsableState
Zae U
9QZ
Zf%+
fY
x	fZY
faaX
XXfZ r
(
X A4
ZYe ?
W'd
6O,
Na8)
DZ J
XaY :
aY }
fXe
:~XXff
HeX }
ZN'
aa CR
ZX &B
XXeZ
fef
Z h,
ZYYXZffaaXYY
\xt
Z 
WX
NYYYffX
fXaXaY
b& (|
Buffer
YYY
YeeaY
51b52127
Z hn
CHXX )[>
5 e\
bef72f13
5PZaXZX
hra
Z ?Y-
ZYfXX
dTo
Z hE
ee |S(
Z hV
Dsf .
eZ a`#
f 	~0uZa
URJ	%&
uZX {
a8i
a8m
[8 Z
XYe oAP
8X  D[z
ZZX L^
)$
rZe
8k
a8V
x1Xef
278203bb
Zf hP
4 SF
kee
Sa8W
Sa8S
XZ &9
tZZe
.Efa F7T, U-I
gkiZe =
effY !
XXaf
ZfXXYX W
faXYf 1
8QZ >
c[I
aeXXfY W
xe `
^\xZY
*Z }q
wa8R
Za O
leZ
Za Q
<X Rk
t%&8@
Za Y
eYYeZXeYXeee
Nb!
Z -4
ZeZeeXaXeeee
t|!
Za k
aGkD8
Za o
Za u
Za y
&XZaZYYe
IEa8a
Exception
aY %
Z v|
IaZXeX
faY J
KZ !
^Ja+
Za "
\%E%
Za +
5faZ
Za 7
rf
f2c8d233
tZZ
HNX
Zefef}2
XYeX ={
l:u{Z
[Qa8G
Q6:a8U
>ZxZXYeYeXf
Ye uyW
La8:
PCaXaZ %
936827d9
R\a8
Xfa V
JP?
Z u
Yj|
affX =
^
%&
$:efXYaYaYe
:faaaX
G
 =
AV~ZZ
Ye myP
xF/a8
5c3ce8e7
{>X5 !
Yfa -
faYZ 
y =v
fffa
<mZfaY
ZaaX
>Wva
La8U
Z uN
La8Z
ZXe 3?}B :q
jca8J
Sz )
XYXYYeefeXe
Math
SpA!ZX
UnmanagedFunctionPointerAttribute
%Aea
aYe a
45466b57
H4x yV{
YfX
%X t
^E
h(mZ
fYf
`a8
[~/Z )X
@Xe
,ZY [
dv L
(:Z
Y (,q
KxZXeefeYX
KuZ
136bdce5
YeZaa
{UaYeXaXe
YafY *
Z \v
a A$
MZae q*Y]
SOa8<
RLefXXa !
aXYef
0eeY
!a r
6f2e10b9
p7X <
sYf
VXZZX
aY !}
wqZ .
{TZ
kGa8
GeY G
@Z !
!a G
[Zaf Wb#
B@f
n0:Z YM
ZYZeXfY 7
ZX C2
XXe E
P{ %
YeZY rJ
aXY
$U%
Ix .
6Y @
hZ ,
XXe e
hZ S
I0a8
* 4F
3QZ ~
get_SystemDirectory
2ea
MulticastDelegate
ow\aYe
fXfa Y
Z MH
@Y 0
[Ca
\Ye
^s]Y
YXXeaeXZ 	o
hZ z
[wae *
IpZ
Z UMC
2=jM8
8b329b03
Oj (`
aeY
eaZaaffffY u
efXf
efa
2cbc3692
eaaYZ \h.
Na%
-af
41a940d3
ZYff C
XafZX 2V
0b1a8537
78065241
uiMDZ
9Z N`l
9c e
ee 	^;P WH
6la8
ZXYXXZa
7af1b0b0
SsY
c573eedc
d<k
X6
e! .,
(G P,
_r:(X A
\&a
}ZZfaa
%ZZ
\eYafYfYaXe G
27e5690b
YeXXe L
^4fa8
XYXXeae
9NV
53ffc3a4
XZX
X CZ
sk%+
0MYY
{ 3y
dQFZ
a 7s
eXYYYf
ffY =
XYYfXe
X C)
SetValue
"Z )
Y Wl
O|aZZY B
d7c6fd88
XYfeeXXYe y
Z n(
Z n*
aYaf
d4b1694d
njZ
cq oPt
Z n8
cd16fac9
f3282cf3
'|ef
(YeYaaa
ffeefX
WX 7J
<>9__3_0
8pi
'
Y
5a8K
8a535ac3
! ^O
Iia%
e3c5e319
eXX Ug\7YaYf
Fyz F@
Z nt
/e o
@2dZe
84fe605d
eXXe N{aee
WVJ2
5a8p
G!Z
18ae306d
3Z
b02a66b5
9aZX
nZZ
nf s
Ya8J
{Z K
Ya8I
Pya+
efY
u 	|
;Sv?
Ze mB
2 {'z
@Pa8Y
/%f
M?86Z
Ze m+
G:hY
%Xfee ,
feaaa d
ta8}
mfX
ta8p
fe 23
!ZXY
ta8F
<WZa8%
Ya8!
Ya8,
eaXXY
Xa U
fffaaf
xj%+
,Xfee
k:o"a%
9xefZ W
a%
 `
Xa K
&') <
vDXa8
N6a8
Xa q
KrvJ%&
;eee
bX
AG
f#eafefY
z$a8
XZ yw
/eX
fAZ x
1Zff
Xa
XYYYf
Z \J>
FZ WV
Zaa
k8Z
,W
8973eaa8
S
XZaa
zIefZf
S

9b957cdd
5a%
%fYXZf
[P Za8
ieeeXe
<
{X
ztaXXafaZZae
sY ;
Z c
8Y Z
x_a8
d |4j9 j
f{jZ I
<ZfZ
"~j
EfYYYYYXe {
Z &G
eYX
?_b`
MZ K"
$_fX jK
ZfeZfY
\eaf |
fYe Rf`
\XZ ;
\Zee _
,%&8
eeX
Yff
XYYZ
get_IsByRef
Wa "
F3Ma8|
sjf
ZZXfa
:YeYX
zUa84
EQ%+
M)0fX ?x
NWNZa
;a8\
ZfY
PtrToStructure
AZ Q
QjZ
Z WD4)a8[
ZfY
|Za
6zeff
eaZffYX m]e;
S^"
,0 $|b
za88
GZf
za8=
op_Explicit
>_aYfefYX
XaX
{Yfa {
ZXZaX
Zaf 8
09e90b60
VZXeeafX
;#n%&
# Mg@"a%
z/Y
0a%
"&@fXf
b3a40385
EndInvoke
'a8A
IEnumerator
eaY
eZYa E3
44Zfa
>X Q
4G!%Z
ba4e4913
rR%f m
Zaf u
4aa35461
|Z y
VXaa
Zaf B
c=' _S%gZXa 
L
XeYf 
y
|f 5
>X b
d7(Z
Xs8&
!<a8
5YZ
eeX W
1dG
>$5
Z C
fXYe
Z C
C|W%+
eeX q
Z C<
?+X *
fa1663a2
ZeYfYX
^8}^
;Xee I3
iQ 1
3cac603d
/Xa _
GetHINSTANCE
YZ LZ
-*8<
_af
{Xa84
1`Za
36a
9.x )]
pX
&fZeXf /
Ta8H
RiZZaff
Ngia
9a8z
o@S
TextWriter
oa8
^Z :
16ffa }7;EX
"`iZ
XYX
'a8y
rgfaXa
Ta8y
0Ca8
R E)
CZZ '
7d7ba0c6
aZYYefeef
%&8
5ff 5,
#LaXY
GetOptionalCustomModifiers
^Z q
a55ed158
b91751e1
DZ OEka8
set_Arguments
3 Y
XaYfa f
n~Z
{fae
hThread
)af \TV
BindingFlags
&Z 2'B
YaZa =mW
f zM
u`<Z
jf /
Caf
Join
WI
YX @.
Zfe @
XP!
)DZ
|O%+
XXYaXa
gPa8
f z;
{kY
efXZeX #&
S K
2VZ <
K7BR%+
fXa
ProcessModule
Z MOp
Y"K%&
Z l7
/Y ^@HJ 6
,BZ
vaea %
918cddbc
eYeYfeeeZ ZB
}FKZX Q
YeXaYe
\ZfYf
5jeXYX ]V
SvX8p
~@wa8
Ca8
Z gx&da8
of i
I9ZaX
=_6%&
@ZXYY
r ve
x%&8Q
gXaffafYea S
ZeYeY PJN$YZ K
ca44de10
ffeXfZ #@
g e
SuEZ
XZf kG
FwZ
SetLastError
~?Z
e vJ
ZXYffe
efef
eaY [
22c0aa8c
%+
ZfaaYYY
$Za8
M[a8
N0Xa
n Gy#
5s1
2O8
Lhs8j
"m`a8
CyaaX =
efeXf
Duf
ZeX
Z @>W
LFZZfeeafX 6C
?ZYe 7
sO2Z
IGZXYe
ry^Xafa a
;OX
c424b493
ZfXYY w
<Y
!XY
SaXY
ZY n
~2/aYXfa
fXfYe C
`|Zea v=
VZ O
s8aY
P>a8
afeae
a4594935
@geX
ZaeZYf @
!0"
ZYfaaYZXa w
U2 9%{\ZX \<
AXf i
krZe (c
MYYZ ?P
yROXaYf
XXXaeea K?!dZYa
X }$
(Usi
feY -
:ER
C.Za8
Sf 9.
uq*
PeZ q
X"rZ \k
Z UPx
Z $*
f I%
fc7fc76f
OZf
Z $;
RegistryHive
Z $2
8Q_a8
aXeeZ
8fda01b2
OpenBaseKey
YeXY ;k
a'"\
Z jSC
2105ab69
?3 M'~
DDjXfeYXX
lngVolumeSerialNumber
a%&8F
ffYYe
Z $z
0{u
kr,Y l
afXeaa
Ze %
a1f73eb8
f95094fc
yTfaZYf %
Ze -
Ze +
`f
fXZ 1
Ze 4
Ze 3
Ze 2
YaeffXY
XYYX
Ze =
'
\Xf
g1 `X?
Ze
ae =
LYYeafXYa
hlH
T%&8
r=vf a5
v/eee
ae W
9d~a y
!daa8
ae ^
ae C
8t"
Ze r
5ZXeeYa u
ae L
ae p
+,fffaXeeYeY
Process
5604a609
Ze W
>Ra8
XeX
zf f)
5XYXYf
a so
"M@vZ d.
eXX 3_a
aXa zJ
!k8(
NYZfY
&aYf
ZZfYX !{0
.a8O
jAZY
ZffY
$|[
meX 3
Zff 	78
re BO&
cfZ
?Z Gl
^ gW
.a8?
A-ZafXe
ZYXYYf
tZa !
Z @kD|a8H
@eafXY
eY II
.a8
Invoke
aZ EN
ULZZXf
HcNa8
System.IO
ZYaae Xzi
WrapNonExceptionThrows
GI h
0dce0734
7&lZ
Yfe +
RuntimeTypeHandle
3X ;/M
P	Y
u%&8o
elEZ R
1Wa8H
ZeefYfY
Z ]
RuntimeFieldHandle
fYXY w
_ Z
Z W|nKf A
Z Ad
.feaaaX
Z %
OwZ
ZaefXXYX
#
Z `Zt
u7ea8
eYf
XZ
|LTXf y
Z AH
]1sZ
0daX
WVc8
9
}
ZX O@
"@aXeaXaa
6JwZ
Ib c
Xe <
$Va8
!Oa8
ZXZe %
!{u+
aaX n
@ef o
woZ
Pe *=R
Z rP3
}3a8
e mz
Xe q
Xe u
\Za
29b97b73
eZfe S
Xe a
Xe c
Xe e
aaZZaaaX
~YeZY
o vG+l
\Za8
cee ;n
&ZYaXZaf
0YfeXZZ :
TQN
e m+
g7eYYZXY
Xe D
^CeXaaf
/ZYffaa
ZYXfZZXe 9l,VZff
69a0a26f
ZZaX q
XXa .
Zf <x
vXP
fXXX
ZefeffXeeYaY}
yeYZYeeXX
da
7a%
XXa
Vca8
ZZaX +
55eb7bfe
eeYYa G
AXeXYaZaXe _<
aYZXX
eXXfa
644g)
System.Diagnostics
Z 5]4y
sbZ M
strPathName
)Sa8
 Bf\
Z b=
result
KefeXaYfaZffe
d06d9b70
sG	Z
70dd2d86
aafY
:IeYX
YeXf
XZee Ie
9
Z
ZYefXYYY
4XXf (
Zaf
ZlXf
QYafXa
=wZ
tDffY
a8}
HgaY
*Za
_4afea
feef1ae7
ylTf
eYeae
Z bl
String
%oZe 0_
241e0051
XeYf
lYffa c
]?eYX
Q) 5
ffYfffefYXe
tZY J
ef4b3a8c
get_UTF8
20f4f893
|kaZ
8iU
#'
YeXX 7$
eaffXX x
Aaef
ga8B
EQYYYefYe
ga8E
ga8]
CONTEXT_i386
afZa (p6
hXYf <'
Xaf Z
AYXeZf
,+ffYXfXfeaYXZXf
aeaXXaa YVb
efYfaZ
0#Z
ZeZ
baffY _
A:X
fa
daba3e92
ZYXaffZ
efYaf 67
ZYXaXa
YXafaXYXaX
aaXeXaef YS
7aY uf8v
07512c45
fa ,
_eee $a
6SZ |K
916b69d1
tO-a
0;Z
5fZafZ
[Za8
+*6
fa K
ZfXeefXX
-<Zfe d
Z #,Eua8Y
bb6be324
xYYX
Y vA
jXe
fa d
qZZYf ?
Y vP
\Tfae )
9LZ
fa s
<Z &
%pa8f
_b
112b0c08
IYef
uZ )9
%&a8
)cY
M>8E
InitializeArray
Z :
f ]'
fffa %
IWZXeeefY
"-/
aaZ
X]? T
8 Os
Z ~.f
YaaZaee !
YZX jT
eXeee
nYf
5YbZ
aY Ef0; |Y
eZ 00
fZaffXa
C ]j
aYYZ +
|eX
XLZ
f 8I
PrvQXeXYXZ [
9eX
I&aX s
ZX hS
0ff k
vSZ
feYeZaXX
PZ &UP!a8d
bcfdca3b
&Zff
{Zee >b?
Intern
a91d9681
LNn
\=I R
dP O
jDZaee y%
mn"a8
DownloadData
eYeaXYX s
dwCreationFlags
Xef
e W!
/b>$Yf
XYffa
){XYf
Trim
gZZ @bi
PEefX
~Za
d35b91a2
ZefeY #
-DoXea
;ya+
2XXZfXaee aA
DIva8a
vZa8
bQh
lZ f)
XZa8
UInt32
J CQ
AYaYZaX u
]aXY
heZ
x*f
Zf J
fZ
Ze F][
)	 i
tff T
f22f6371
R{	a8]
OIZa8
dZa8
d2796853
a .K
=ZeaY
<-sfZf
Z G%
>B [
! rFs
Split
963510b6
;xe
=fZ
O`eZae M_
Lf  Y
; EE:C
3cc6c3da
%_U>
&Y
Z KT3Da8
p@.a8
Z%{e
Z A8_
ZXaX <
w}a+
SkeaY
252dfa8b
Z Gz
\fZaf
Z g~B
}uLi
Hia8
fffYfe
MemberInfo
{'~ZYeae
&a8+
c8eba45e
]a "
c#jZXXfa ,
ZeffXf
LfZ
eaXaaaX
YXf
AYaY M
Zeaf l
qa &
' e
v#v^
fYeZ
0Xeaf
FcZf
Int64
afe
+8~e
lpNumberOfBytesWritten
e*a8
ZYZY
Zeaf *
B,aY '(
u*efa g
7Z [
ZZefa
0100dd7f
7Z r
eXXee )
e kUx
Za8
7Z }
U*jZY q
7Z a
9z$
\lZYYX
kXYY 7
XYea
X _>(
VqZ [k
aaXa +@
hZe w(2
OXf ?
ZeXef
X 
^
4'Z
59327590
a%
7Z "
FrameworkDisplayName
]e I	t
ffafaYX
f .j
aaX V
{yZ w
h/a8?
Z `=
18d7341e
P+
#eaX UH
q_Z 1t7
TZX 3
1DfYXeZ 3k
SpecialFolder
Z ?v
$a+
get_Chars
Z 4~l
GhIZ
afaYef f
YeZaYYa
eb322bde
nY <
#'Z
0{Z
aZe
61cf479e
ae Bk
01c523f1
]4e 0(K
t'IZYaX
ZXeZe 28
|EZe
ZefY
Y*!
cg
w/Y
CffaY Xp+
WX W
lpContext
WX +
WX ,
?Y{ffYXXf y
o#;
NameValueCollection
d457b7ad
ZYfZeY
ea -]
6jWZe
f78
V%+
YYXaY
Yea )QW
ZeZZeZafYf O
ZYaaY #G1
|a
eeeXXa
efZZXeeaX
fXaef X
Za8Y
Za8_
Za8^
TZ z
AeYe
fXfafX
Za8W
Za8T
Za8K
Za8J
TZ `
Za8H
get_FieldType
Za8M
Za8L
yDa8i
:ZY ut
Za8@
8NZ
Za8D
Za8z
Za8x
Assembly
7Ka8K
XeYeaYaZ
Za8s
Za8r
Za8p
Za8w
Za8v
Za8u
8a8p
ff uV
Za8j
Za8m
Za8l
Za8f
Za8e
Za8d
_bY*
oOZ V\
get_ReturnType
7b987988
TZ ;
WZe
8?E3Z
Za8
TZ '
Za8
+>wZ ^
2yYXeaeZfZ vt
3bZ
JTef
Za8:
X&%+
Za8=
9xZfXXXafX
Za83
Za81
Za87
Za86
Za84
Za8*
2Xa
e4%+
Za8/
Za8#
Za8&
TZ 
`F M
Z C*59a8'
V1XX *
fafYZZefeXaaXY
b77ba3ec
r%&8+
1d6a3723
"Y x
Xa *m?
0 a8
>`R
Xf `
0 a
ZeZe
>=
aaX
7*Z VM
YaXe
i ti
zLAX 8*
XYYXafX I
EKQ
B(
Z 8F
/|f
lZaZ
-a8|
YeXY
e G%~
&2;%&8
Tj/Z
\% k
LX>X
`(7$
Za8[
YX M
TYfX 8
YX I
Za8Z
5fXe m
eXfZYfYX
_fe
\0+%Z
YX T
6*Z
ST|
YX o
XYYafXXea
kZfa i)
XfYXfZYYX >
YeYYXYe :
YX w
- w;
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">Per Monitor</dpiAware>
    </windowsSettings>
  </application>
</assembly>
YX
7c05377f
y/afYaXYY
5Z &b\8a8
eeXfYYfZa }
gD ,
.}GhZef +
f `
YX -
=XYXXffeYZf
`7F|a
YX <
3584544a
feXXY
I4 x
diaYX $
YX 0
aa u
w 	.u
eX 
X|%&
aa {
Za8C
)c7ZZ S
yX y
|_ff
Za8A
aXf
eX )
3/;Z %u
b8kaX p
eX '
aa E
c ea
u8EZa8q
ef528855
eX 6
aa I
~OXZf
MEM_FREE
eX B
saXYYafX
?` q<|$X
BKZ
aa !
.ZYZY p
eX U
Za8~
iA(
)lp
ZeZYX
\VKa%
YaaY
ZXX a
aa -L!if qT{;eYYfX
tYaeafY /
eX |
eX s
KXa
ToUInt32
Z E,
`a8s
fe `
fXfYaYZaa
+}a 5
#&a8E
WFG Na
BYaZaY
1 ?}t
EeefeYZYY
TZ B
{f Z
e 0N
,} m
ZXaY
-_8n
563f1be2
`a85
e RaP
fe (
aZ .
67bf1944
6eZfef Z
fe &
`a8%
YeYXaYaYf |B
V*aaY
`lqt
?[ .
fe
fe
bX d0!}YXa T-7
042653ac
9'efXYaefeZZYfZf
P8sZX
F`IZ
4
 ]O
VeZXea
MeX
X R
b4fbdb3f
ZYeYZaY
78afe588
YXX
a` GZ
ZYea u
jfZa
Z 2s4ha8D
eYYYYfa
Yea
J,a8t
\9li
cd4292fa
i
a8
kmX #z
Q5
ZfYZ `
e9823351
RmZ
Zfff 4
1-YeY
kZ n
):a8
(ZYYeZ
ZfZXf
nSize
\Y /
=`  s*
[a%
]Xa
Z aVB
w2K%+
ZZ H
GYaa m
}cta8
{X O
;8Z
.fXfYaaZXXYa
Pn >U
wffY "
.cctor
[ZfXe _
80dbdfdb
zZYXX
z:
2c36e45b
ZYYY
ZaYXXaX a?
fXZf M`*FZ
Z XZSOa8
Za89
eXYfXX
HAZ -(
>XX
7XYf
ZeXf
a D~^+f
^Cf _
ZXaf gj:|Z
r7a8G
mpfXaaeffZ
H@ GQhBZYXXaXZ
6DZ E
AN =
Z fK
]=qXf
-Z w
3TXa M
cZ k
_;Z
2ZZ
&:Z
System.Reflection
9Z A+
X dL
0fb116d3
Z fn
Z fo
57cb15c5
Za8(
Z fu
Y x[
s1Y w
0d53a90e
Y QkL
D+|aX
:eZffYffZ
6e 9|
$rs
0a149a61
PZ O
Q)!;%+
ZeaaYYf}
ZaaaYXeeXe
|A
\AZfaYe
PZ w
fff
GetMethods
Vhua8
ZjX(
ZaaaXYYXfeYfe
Z tW4
9)[
cfYfaXYYXY
Object
UZ -
fYZ @
fbb647eb
P\Ya
'Z }"
XZZaa
9Z 
gY
<a8^
Y
d%&8p
eZa
gFY
]ZYY 2:
aff lm
91dd5c26
7C} {bR
ub7a8l
tZ H"
ZfYea
Z E=r
*X <
+ ^#
df33f340
JXfa
YXfae
6Zaaf
Hfa8
2Ff
UZ @
V'
Xaf J_\
ZaYae
<a8#
afb4de27
dQzZ t
$a8
ZZfYX '
Z*Z
mf
yz u
set_Type
53d54aaa
(3
b 	s;
aX !
68Z
/AmZ
2iha8
fXfZfae
n O9
XX 8@$0YX
rZZYfZ u
eafYZX
aX
NZY
iu%+
Xffe '
d29adc82
yE!
aX f
2e z#
20fce455
aX ^
3c3d6a06
aa 7F
ZfX cl
aaf
eeXfe
^l@Z
Z >
|CZ
sZaXeZ
XZYZYfee
GetCurrentProcess
amZ p
XfXY
Z 4Ts
2.6'
^4/
55ed90df
Z >Q
	 ;
479ae58d
YeZ
afaZ
5081e7a3
f Y^
50be3fb5
^<Z
h8a8
&`Z
Z >~
sZMZ
_a \
UfZa
0h 5

u	a+
OZ %
XYe
)Za+
d084a981
JZ 0
JZ 4
eZY
get_DeclaringType
aaffX
Protect
Zf Ir
&(_8,
UZ #}
*=Y
?g |q
e S'
ri
Ofef
G# g
YYYZXf 8
Yafea WD
ZfffXY
!Za+
]YXaX 7
q> PS
BvYYeY "
KXZ F
ProcessModuleCollection
s s
fXZZ ?
93de7f1d
ZeXY
WXa
Yeaeefff
RFf Y
a "X
#re /
+E~r
]C
Xs S
]P,)
J"aeaYf
aee375c7
G o=
XeXa Nz
naYa :
"|%+
FZYaa
ma8/
Ba8U
aaaff
L1\a8X
8adf38e5
$X r
ma8_
OXe
kefX
$X |
Ba8.
/mLa8
;,*`
Ba87
0# y
ZaY
Ba8:
ma8@
ma8{
Z N~p
5%&8
Z >qPQa8
211281b4
G og
ma8n
&>va8
6a6eddb5
88ZY 9
Zfe +
r^Ze
Z [:
4QYYa `
]:2K
"YZ
f51b856c
k^aef
PXae
c;Z
Y8dfe
[Z (b
{Fk
Zfe
ZYX
aw$
TLZe .P
~Z [TyF
64748e89
-{ u
Zeff
eXX e
fZaaefe
3Xae
^YXf I
f9daf09d
YaaZf m
vPrfaX
QZ _
YXZ
OfYf
Xae {
Ga8:
iO P
QZ u
a '~~
GetDelegateForFunctionPointer
l;Zf}!
L6e
ZaZZ
)Mf E
YYZf 55
Y ?Xh
reX #
QZ 
3eef33d0
Ga8v
%eY E
X B
RaZf
e8ZYa
|0Z
!aYaYaZYeZZ E
)l]
yaae ^=
Z^?
Create
d3Xefee
Xf Yb
o_Iaa U
4fc796f7
XXaZeee
eeaee
PXea ZIie
afYa
ef8b5c5c
afa
FEF8
!Zf i
KkB%+
7448b3df
hProcess
YeZY T
NIZ
?2?Z .>Gqa8
fXY
c0901487
c979bf26
ZYa 8
&Va8
fXefae
8ce558ec
7df69cb6
WfZa )
Nff YHe
^ Eq/
Q5e
6fac31ff
k%ZaYafeeYX 2
0tef
afX 9
cY o)l'XaeaXfY nL
Qp1XZ
Z dT
"Ya j
YYZe
_7fffZ
cb4b0390
Z s.w
Z Uj_
7323d32f
BeYfa {
<aVeYee
Xe V
9Z ~
-Eedi
XZZfeY
MeNf
5?L
Z d/
ZZeee
ZfeefeYYfYe
ZYeeaX rA
09dc671a
8ff9b2f3
}/qZ
Z d6
fXaY x
3be62e46
ff o
f PBP
<k1e
_'3a
!'	YfeeffffeXf
RZ x
fae
e Nt
~gZ J
3b2aacbe
fZY 4W
7D e
QZXXeae
-%&
TaeY
fae +
Xef Mr
Copy
!@XeZ
GetTempPath
ZeXXYY
feXY
YZYY G~
Y )'
Xfee
#Ca8
F
Xa -w
K
c929aa2f
`fYeY b
<Za8T
$aaX
iZaX
f *R
yOa
:]+
;
Z _
ha88
K A
VaX ,~
645c68b8
afYX `
1cd5c148
|rQ8
@[
Ma8{
$Ja8
Ma8p
Z [`q
05ad0e98
X#a8
Ma8[
eXY x!f
Y Ui
Ma8S
2A~ ]
FtXf
"Z
afYX 8
ha8h
,Z \
a"Z
FieldInfo
X kB
U,YfY ;
684b3071
z[q
74300f56
%Wf
]P
=fVa8c
mffefeYae
nhvZ
bZ [
6Yf Ii
)ha8
ZaefXaZfeYYZ
2YaZY Y
/IYYae
"a8I
"a8L
YeX
8d94b74d
Z <x
saffe
aY )jI
'af
ui*
e%eXfa |
f Gd
YXn(
"a8z
"a8x
f52ee460
saa
#Na8
EZ C
Gd<
T3# \L
&eXY
X/%&
XaX K
_a8y
sfeea -
227270a7
tlZ Y	A
&ff
XaX s
|):t%+
e H8AV
gYZ
eX UO
c10e7a23
fff 5W2h
(a I>dQ
YfaY
5Z ;4
Z $AB
aa g
Yaf
YYZfe
2@ $3
A? K
Yaea
%faaafe ,W
2)aaae
5! t
Zae O
_r7gZ
WYffX (
n-`Z
Zae S
Z cf2Oa+
J8f 
A}q
ZXX
DebuggableAttribute
_.($p
gg)
eaXa
UbI )
0873e801
A#C
ZZefeX M
*%&
H:q
dXYfZf
CONTEXT_DEBUG_REGISTERS
477e758a
ffeYY
YeaX
Zae 5
d h@Zf oP
taa _
D,= a
/:%Z kb
.@
#YYX s
bda4e92c
"7Z G
{Ba8`
#aYfXXXX
eY y<R
YZ F
Qr Y&
Q&%+
r=Yaf
ZYZ
=$ZfY
xf !
aaXfZYe
-[EaaeZaYY !J
846649c0
aZfZZfa w
na8x
0eaa
Z RS
na8u
get_IsArray
na8M
6a [
eZfYaYae
{ZfZ
na8E
na8D
NVID
YZffeXf
0aa59cbc
uJZ ]f$
ZX k
afYZZ
Z aF
e711476f
ZX y
"U 2 ^
eZYYaXXf G
ZX C
afae
Yee
ZX L
TLa8
c212e640
)XYefZ
ZX W
ZX X
ZX ^
ZX _
ZX ]
faX L
wb]X %
dff U
ZX -
Y 6}W
ZYeY
j+%Z
?@YeY
Ee O!
%!YXe o
aeaY
ZX 
XaXaaafeYeXY
U7a8
+1A
bcastdvr.exe
%e $
feYX
3xA4Z
svx
d
aXa #
371aa99e
>ff <
R!$.aYf
4L%&
NZ 5
Xff J
".X
7`
zZY
ZXYee y&m!Za 4
Z oZi
ZYYfef A
k	 A>
GetDynamicILInfo
?Xf D	U [
i& {Z
XeaXYaYX
NZ [
ffefaYXX
NZ E
Xff 1
eXffe
@ d*
gY g
XaaYfXXXfeaYY
(ZXeZ '
J4a%
J
_
hPgZfeX
ua8I
ua8M
ua8_
X ?3
ua8f
ua8g
! j
Jcs
Zeeffe g2
ZY ~n#
WebHeaderCollection
M@aXY
Yefa Q
.NET Framework 4
eZ s
fYY u_
+)eZ
Zffafe
5aY
P]

^_[
7YYfZ N]
<mq
YXf AC
fhC 9
ZXX 5
ua8;
*ZY ,i2
RqQfeZYYa
Z z)
#eY @
bXXaY
Y +t
j|_eX
F`aeef a(
>Za :
ZXXZ
e =/
1Kd=s
L,n
YefaX o
ee7349ab
D 6Sf
e tFR
;f \-
YaY I
e974c641
ZXeaafa
TXefZ M
%a
*6a8l
342e7e00
^fX 0
e H7
feX
Ja8f
Ja8y
aef
eY hhu
NQYY
EY e
}aeYeY
*#ZX A
e133a2ba
EY q
Xf T
$eZX qui
!fe
GcfeXeeYZaaa .
\a%
WUf
V|6
fYY
(d_a+
UhS
a nE
get_IsConstructor
yRX
5iD
7deaf71b
3ea4d688
YeXf x
9
Z
UOf
751519b9
ad869e7c
raffaY :N
hZ DH
fZXaaX
Y {L
-t F
"fY
lpNumberOfBytesRead
eeXee 8z'
32e431f2
}ou1
GetProcesses
\ffY g
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
'gD
n\a8a
617b29a1
c2fc4c7f
 86g
7b716367
5`aZfaYXY
aY 6g
get_TypeHandle
!x:f 'r
eYYY
_bX
strFileSystemNameBuffer
Z 2j
a8
Z 2y
{fZaff
aeXZe
P8Z (
8eeYXYef 	5u
cfb01f62
ffeXXf
aYeZZeYXeXY O
GYef y
!aaX [
Z 2^
Flush
aYaY
{a8]
* n*e
z{]eeXYfYfXZfa
Zf I
"ZXeZaaX
GetEnumerator
r*YaXeZ
}h-
ffZ e
X MpP
4116491e
Zf Q
Zf h
DvZ T
afaef
Zf f
(%&8i
Zf c
fe #
{a8n
XN[a8q
ZYef
Zf u
Zf q
Zf r
Zf s
Zf
' z
_`
a8l
dkafeeYe ik
5I	Z
ZaYeZa
ED&
t,;5Z
XXX vd
get_StandardOutput
eYeXY
9Gr
Z
CwfYZa
Zf *
fe :
Zf $
cd0daf6c
Zf '
Zf !
82f22fc9
uZa8
Zf ;
get_ProcessName
Zf 5
{a8&
Zf 1
3+Z
hZfYXa q
ZYeXeYeaYf
0Zf
=YYa f
CREATE_NO_WINDOW
YYXY _
baX
uZXY LG
h9 
n
X
TJ8`
Z LpO
FX]
vJ%&8
TXX
Z k!hha8u
Sva
+ReY
]Kw
X
	 h
DZ n #
Zea 0X
Pa8j
Pa8w
o6Zef d
8 aeX 7(
9g%&
X
	 @
Z 	8DD
X gTy0
(<Z
XeXaeXafXYYaaaYfY 6
uf O`
ZYXe
J;Za8t
+Z "
:|+
'wZa
]KO
Oe o
Z _=
"{Yf
Ua8m
Z ]x]a8
Z _*
ZeYZf
28dbc6ea
s58
=fea }
uB6a%
WOl1XXeXYeeeaXYeX
Ua8E
SZ 6
31e7b791
SJZ
SZ 1
S0YZ
.:C
ZZYZY 6pM
>N?zZ y
!_ 8
Ua8
zxF)
Z 
L
Ua84
AZaX
D)XZ
XY KWN
5 vy
{ea >
ZXaaXafY
TZXeXY
Exists
System.Security.Principal
P},e
y-fY
Z 
w
XX }
z{Z
.%&
(u
e gU
&XX ?n
e gL
ZeYY e
c2ee2021
*a87
NaZX
XX Q
XX S
97955e93
XXefef I
f05539d6
O|>5
\=S%&
XX B
3aa
e OpD
,fee
qYf
*a8y
XX -
$e o
Tff
Dv J!!
*a8@
*a8F
value
*a8Y
ZZae
HZ s
;Ea8
,)7Za+
ifb
Z @JkTa+
feaefXff
2b2e73c4
S jC
d
 _
-+cfa
jrYY
V9&a8O
>Gle
fIl0%+
,aX
% Ne
3%&8
Zfa O
_ef
MZa Vn
Zf o
| wZ;
ya8k
A/aXZaffYX
i%eafZYY
fYYXf
fYa wJ
a E
ya8Z
Read
H*Yff
GZY
IYaff
R$:%Z _7
Z 15C
5k =
2Za
naaYfXfaZX u5
fY =wY
H%.f
XZfXaea
X 14
CkHb
xl ~v~
Te q
-EZ ,
a +!p
eaYfXeY
]pa8
3YXef
Thread
7d419868
MFZ
S=ZZa
7a953b52
p	Z
%IfeYf
_bX(
FZae 4o4
\Zeef
X yVvSZfe
{Aa
_bX(2
_bX(4
.Zf
_bX(8
_bX(:
2Z #
_bX(<
Z x<
_bX(
_bX("
2Z ;
_bX($
_bX(&
Z x%
_bX((
_bX(*
_bX(,
`fa
_bX(.
ZZYX
2a336107
afYYefa
j	.a8i
Yf z
[a8n
TTYYXf V
(aXaZZ
Yf V
4lafea 8,Jg J
n!%&8F
aec84539
fZae
Zea |Z?
[a8D
fY t{
ffa hC*
J{a+
b55037d1
[a84
z bP
qZa8
Yf %
W\Za+
()
Yf -
-3afXZfXXZee a
q.1ZfYffe
Th2
+a8
XeXZ
j)X
Zaa \
II^
eIuZX
Yf
raeef
) y:
;mZ
ZYXYYXe o
}Za
SZ
+ZYXX d
Xfea
HtK2%+
| [o;
{fXf
m25
l[%&
XYeaYf
IYXaZ .
,Xe
PtrToStringAnsi
Y -O
.m
XfY
"tZ
YaYY
Y
 [{7
RP%+
OeY
ef 3
'YYf L
L/GoYXXXaY
:Y:
d Rf
pZa8
Z4%fY
Z 96
wYXXaZe [
fXfa \
qmoQ
q2Z j
(a8E
WriteLine
"!@Y
)$Za80
=#HpZ
XY a
9:FZ
YYee
Z	e
fZ @h
fb3f81ee
6 !
&ra
KZ
Q`kZXYfeee
E "G
YZYXe
\ha8I
s*`GZ
(
gv%+
a8R
Sleep
YZa8T
@Oe S
gYf
8AZ
fY WS
ZafaY
DateTime
[Z }II
Z q#/
8Ll~%&8
ZYXfaZYX
!{I
rNUZ
7a45a04d
GetBytes
Z dat
aX < )
1d<x
*ZX
(a8h
'f 3Q5YZ
YfY ?
ueaefYf 5
F&5
vZ wl
3536029c
)qHz
ZYfY
ee iS@
Z E&%:a8
Z a
cja8r
4045caec
fXfY
qnNa8>
0c66965d
`X N
vZfe}
ZffffaXY M
YlZa8W
|Za8E
>.m=Y ,
Xb
k"Z
IYf
1YZaZa
:@2
P,Z
aaXf
XY 3
GO[a8<
*:Pa8
::4BafYZf
`X 6
S3V
_Xff
_M ]oJ
Z p.2
.ZeZ |
ProcessStartInfo
e]e m
')8
5f )
ZYf
(ha8
ZX +=Y
*fXaffX Q
,Z `oS
Z ]]
Z ]a
4 'E&7 E
OYX
ff U-
BXW &
4dfa96a5
f047aa76
.Z N
Yeff
ZYXXaY
dffX qu
|f w9
KzZZ
Write
];f 4
2&T
aXfXaae
Z ].
Z 1XK
dbf99975
4^E4
yffXYe p
.Z
aYY
Sari
N sE
}Xaa
YYYXfZf [WEU =9
%e
P\[W
395fd94b
TaZ G
aYXff
#96Za8#
sN%&8
{Y g}
GetLastWin32Error
5Z "pFNa8=
eafZ
1> e>
Z ;"La8
:ZfX
qZ 9
e a.
ZYaYYe
JZa
:9Z
b+Z 'qVxe
91af
LZ o|9JZ s
f.lZa8
0ZeY
fXYaZaYXa Y
9bc44096
2>;Zeff u
%afa 
*
6ga8
IZ W
qVZYZ 1
eeaYXZX s
ZfZf 6Q
FromBase64String
_$x$
YYZYXYeae
Xaa H`)
(X^
XYXYff
Tlf
tl =
bQY k)
1oZaefYf
KK<Z
Km
ZYeYa
E"XXXZXaX u
wZ 2=p
19c3d6e7
^ 3W
4ff8a771
Y g|
feZe
'0 /mu5ZYf P
%&8T
a =
'fa8^
O^EO
^;(Z "<C
YZXea [
yZa8
9-Yf
@x?Z I
lpProcessInformation
{kl
XeZ
Z ~P
KY V
O1Z
dZ
kVX Q-B
v/f 7
b0ed5ff8
ZDZ
FC7Z
! 5^
e %nW
teY
6ZYa
Kill
mZ \6
3XYXffY
Jco8Z P
`eeef Dn
}e L
2UZ3Z
7ac15132
SYfZX q
01b6960d
6381e781
X 3y
eXeZe
X 3J
V7Z M~=}a8*
dz	NZ
Z FaA
get_Name
CreateDelegate
)Z U
X BCl
YY Ah&
! Ey
gj}>
(Fv
y[ae
4a023a5b
V/_
ZZY
uXefYXf D>Z
f89c301c
Zef
}aeafY
yV g
ia8t
eZ zwH
eXZY
/Wa8
G /P
fXe CF,
-XfZf 4
b65e2037
Z  <
lSZaaee
a3>Z jav a8+
YM<fY
aZZa
Ze }*
aaZa
Y K
ZZf ,
GdZ
1\Z
Convert
=[/ZX 3
ea3bbd05
K!Z D
Xf
j%&8
fB\f
CXa m
FlagsAttribute
[/a8
@y0
^aY :
]Ya ;
|a8n
QWEa8
0dbebc06
cIXYaXaX
Xf 6
Y
 z(
ZaYea
4f i
4Yef
55c6bc69
B+Z<XeeX
SXX s
Seee
eeZfZ
B#%X
dpZ
Xf k
Xf i
,K
*XkZ %
ZYe Qy s
58%+
YXfe GGf
8ZYfX svk
v%ae D
Xf ^
eXZeaYf
feee
Z 6^
q#a82
eaYff 8
eZYe
6Z ]
Ze YLhS k
@ZfY
@a8C
ZfYY
/q8M
cZeeY
Z sV
bc7cf1b1
1ffX ;
SetLocalSignature
1aafaaafZ
+oM
eZYXZ
6Z o
hZXeXfYae
d :Z Z
1 o%kJa%
wa8/
DzZ
&.Z
6Z 
YZZYZ
ZZff `g
aeX
8abXX
ZeXeX
faY y
eafa
+
 iF^p8H
6Z /
get_IsPointer
Regex
G g-
4Jf
0`ZaY
ZXf -
]/f
+ IW
aX sV
efXaffa
pd /
1983c6ab
eTBZ U
6ca8l
!!d* Z{K
g$o
#bAa8
Y_Y
uXXZX
sZYYfaeX ad
eaaef P
% gT
sCe $wPNfY
_b
 p
LRd
ZXf G
<ZzLXaaaa C
18d2067f
S C(
S.Yi
ZXf Z
Z u,
]XYZXffaX
+bZZae
%&8i
%&8h
%&8j
%&8e
%&8d
%&8f
%&8a
%&8b
]uZ
,? /
%&8y
fYXeY MC
e20a373d
Es%+
%&8p
%&8r
fe 37
%&8N
fYa !
5O=Z Ev- a6.\YYXXe Y
%&8D
%&8G
%&8A
UNBZY '
,xZ
x*Zea
b
Ly%+
:eKMXeaffXe 3
%&8Y
Z Sv
%&8R
%&8.
%&8$
+}TZ
%&8
6@Z
Int16
%&89
%&88
5ae
aaZZYXXeaf
%&84
%&87
s{Z
%&8
e 7"&
{{Ea8
8T5Z
fefa
0xa84
System.Runtime.Versioning
ed4eec24
XfY O
XYfe
Console
-leZ
+F~]
n 7A
fQ~fXe
fYYe
=Ya
ff 7
YY Uf
RXeYe
XfY a
d5+Za8K
TZYZef
ff (
y'[a+
YeX ;
ff .
<a8]
QZYYY
e c;
OXf
ff N
ff p
Eg^}Z
W?X k
h.X
fc3245b5
rfefY
ff f
ff h
UYfeZ >
0U
'Ze ZZ
r|w
eaa
ZYXY S
<faea /gT
*#,=XYe
S%X8
~Aa8/
y5"
Z
{Oa8"
d#aa+
`bL8
srn
O ZX
(X k
0a?
3787e4e9
^ Zn
ga .
jYZYXfefaf
49tf
CreateInstance
eC<f
0I- S
ff k
o{Z
ZOZ
Y '_
*YaYe
faf
eX VBq\ ^U
Q'%&8G
Pa UP:
^fefYXaa t
Z &N_
eYXaeXefZXafaXa
Environment
R- 8\
E&aa )o<
KZaYY
fYaeY
ZfYfa P
PW!aY G
fa x
YZ S8V
ffX
eeaX
DJQgZ
@i Y
ZYY k.
wZ D
_af Y
600692cf
vaf
!ZXea *F
Z +J
r
9a8
ffaYfYff o
a9c0be85
wZ h
':Xfeef _
ML3a
a q
/
Z #J
9a42674c
eYYfZ c
{+a8:
t0C
&f z&
;	!
ZffZXae
0627adfa
`lXaa
FW780
UEZa8#
lpBuffer
DufXXa t
Eq E
0/k 8n
<afYXfZfef
ZZfe
msaXeXe
qZ ~,w
iZXe g
vfaX
w{XaX vV{)
Z@Y
k$]E
)uf
IZYfX
onZae Y
0a8I
Daf
403f49a0
eaZZYYX
set_WindowStyle
0405f87a
*aaX
0a8f
nsaXX
|d/
vGF
;?Z J5
%Oa8
wuYaXYXfY =
7EY
"EZ ?
System.Runtime.InteropServices
!Z $W
#BG
lZ
303c9306
Ac4
Ct Z
XafZ
Z o}
Ca8C
c6bfa4bd
5ZYa
76c39e28
Z iu
E7X
|?Z
ACf o
NEa
TextReader
CONTEXT_CONTROL
af Pf
59df74ec
koZ
System.Core
"a $
ZXYf
Xfaa
1Zf
nkXe
(TeXY
(aeY /
ParameterInfo
xf Yv
lOLZ <
K: 2oK
'Za+
RaafXeXXaYafZefffaf
Vj 4
ZeXXeffa
Zef ;
Oo$4a
aX ~U\
3Oe
{
e
UQ =W
z&\Z A
QfaZfff 7Rj
wZ {l
Wra8
e ;zAPZX
aaYa xjO
Zeff aB
ZZfXaZ
f9ffad48
}a 6
Zf 76
:?f
get_Length
Zef Y
{ZYeef
heaY q
q{ZXXYYfYfYZX
Z t?
System.Collections
e076876c
9XYYXeY c
6XX
|Z n8
Y1%+
ae828da4
D{+ E
j
eY
XffYfaYeafe
Za ^!
Xa Tx
FTfaaY
8aafea W
% Z
effaf
aXf 
.
Z Npe
Ye 5
s.\Xfefaf
&1vYaXeefaaZ
Z 0FY
1dca2c0d
Kp$
YaYa g
$XZ
6f685242
c$+
.eaX gt
, /
7 i'	% 9?
ZZfZfX h
eeffe
LZa8r
aXZfX p
1839cbac
LZa8\
6a8t
Z Qp
V Ut
6a8}
eYaZ 
t!{
ee xcHlf
D3ZfZX
Equals
ZeZY
6a8i
"ZX
@B&
90Z
wdd
NZfY
1Yea
aeXY C
X A[_ Z
6a87
ZYZYa
,ZZY %
y~~
w]aeeYYfa w
9e7c54e9
OD4
dwData
056a1d04
feY
Z Q&
XX 
l
+ o%kJa%
aaefaYef}
<yZZX +
XeffX
YXf T
e F:
QfXZea b
6e5b1d69
ffXX
'ZYXX
YXf 1
afXY sapIZ
e }2
fc0fab33
ZX gc1
uU8o
_ -0
Yafe
{ZZXf 
8N
ZYYaZ
e <,3
1OaX u
ThreadHandle
eYfXYeX
DynamicILInfo
`qXeY
f ?]
0fX
faeaf
Start
DZa8
;( (Za8
YffZffeX
E!
bX iR
d58ab727
.4q"
afZf
8qV
ZYaYe .mP
ZYfZe kye5aeYYffXXffXXXY
eZfXXaaf
faX
feZa
efaZXX
5~g
YaeeY
efX a/
;nB
UV+ *7
`oe
XXXf
5Ye
 lwQ
BYl
P]4
\2f
H,	 8
?Ta .
ZXXaXfe
feY
\e )|
PWa8e
ZYZZeXYXZXYe J
S;Fa8$
Decimal
f h\
BMeYefYfe
ffZ
Z )u
YYYY
eYfa _"
pBZ t*FLa8
Z )M
yZ }
XXf K
.ZXfY
5z
2a 1
eeZaY
XX ]o
mZ ;
ZXX M3
ZaXe
W}xZ ,
YYaX
)lX
N{T `.
QA
Byte
okXeY
Z i`"Pa8
XaZ 50
ZffXYafeYX
fY +X
MoveNext
Dispose
rZeeeYXf s
fafe
get_MetadataToken
183633f3
r%eYfXa
mZ A
Y1c%+
fX }[
yZ lH
7%E%
-ra8s
YX 3hMe 'N.
mZ [
kefYaefaaf '
fYa
ef ='
KXXYe
Z N:l
xueaY
ffefa
raYY
fXXfXXY
eXXe Q P\f
H{a
N#
5
e 0
.!aYef
3aYeXX
ZYYfXa
&dZ :H
?Z 1
$ffZX
YfZXfY
hff
Y \8-Ma
ap8i
jX l
eeef
A 2L 
q
7 j
XXaX
2Z VzA
Zfaf CM
Xaa
+ *t
R3;Za+
c45ce8ad
'ff
Z &m}
beaX
/[a+
ZfYY "
XXZY
Z JU
Oa 0/T
9a657890
p/
SNZ
ZY ;Mr
uZ R4
'^.k
zefe
9/ZfXaYYf
24954ada
LyZY
T,Z D
XYZa
XeeYX
fZYZ
YX qd
rZ Z&7
QZe
Z}ZeeeZ
*%Y
7XaafeaeYeY
/pjea 7cF
!
81g
ae <q
^a8Q
]feX Hr;W H2
f5K%+
d990ad09
Za8>
^a8}
aXZ B
Zeaa
eafY k
ZfYXYXZef rd
LOZ
DX i
feZfYeX
b28226c4
afaXaefXYXae
+s&
EZ =0
zYZ 
t5q%+
99ee2316
^a86
aY S@
^a80
Yfea a
Za 7T
~ba8
ZXf
yxCjZae
85f5fbdc
SYff a.
eY 
9
a56f01d8
085960b4
_X .
A|s
daca1ff1
a WB2=ZYY
/s8]
WebClient
z@9k
| sl'
`"ZeXaefeXYeYaY}
Ca8I
aXXe M<
3%I
XaYf J
YaXa
ZYXfZY
1j M
4ca0437f
ZXfX
@Za8
uQ
{&Z
Z WZ
+eXe
'ja
MYaY ye
2e |
0fb3e4d0
#[8Z mG
^eXf /
RhV pi
2vZ B_
bed07ece
ZfXa
ZffaaYXaY
tx K
JfYYeeY
.wk
'fe Q
ReadByte
<_Z %
52b57c67
2e Y
aaZaYefae
3c494e7b
FQa8
ehZ
NcZ ;]
Z M3
67efbc0c
+za8R
XYXf
vZffeZX
Z W
XXX W
Z W
TZa8f
T
Z :W3
1%-
Mzkt)
]7%&
d@a8t
9f173b09
?T%&
X Ld
ZZafaZX \2W
TCY
c30ceffd
Z V)f
ZYaaaYXf J
_sxZf +
YU%&
&lZ
*Caa [
 c"
16901fe1
eZXYZa
b^LX
V|Z
dwFreeType
|Y >
YYXa
<Module>
a e_t
RD7e 3
s#n
Paa
p \H
xYeXZX
,^_[
|Ada E
eZ 'fm
Aa8^
Aa8\
eae
XZ %wD( x
DJSe
Ca%
Aa8D
fX E
sIY
1db59375
cdf62934
(a%&
lra
aYZa s
A,K C@r
fX m
6&}
fX b
2ZfX
faZ
79Z
Zf SC
R;Z Y
a ]#
484c77dc
]^
Z
fX ?
fX ;
\a8V
n
Z
7Ze
Y m.
K
Y
^eXeaZff gN
"ta8
&KV
FZaeY
jLZ
OY q
eeYX \
Z }_z
Z /7
9bb7ac91
f bB &
c425989b
v~sYY
_bj2
?efaXaa
ee +N
DebuggerBrowsableAttribute
J^EJ
Z p.
Z p"
0 ta
9qa8W
;Z
1f0fbd7f
LYXf
ZXeZf /2
Z /K
2TZXaXe /
CharSet
~
a8
di?e
Z /X
bhJ}%&8d
Z {:?
s?kq d
ke (
>a8r
>a8p
ZYYX
`aXafaZe x/G >
4}Z >
zYe
sa%
[aXZeY
MZ B,
T c`
rZ M
XwZ
aZeYZY
yeZXZY f
ZefeYaZ 7
O;Z
] BY
_iZ
3ab2e217
Append
%aYf R
]a8
ZXae
CONTEXT_SEGMENTS
op_Equality
Zff =
Zff 2
yYaXXefX
aYff
ZYX >|
IZZYXaeae
ZYYfXfaaea
7	P
nfYe
efeXXa f
#a8m
affXf
NaX
eeZf
2 	&
s ]C
|]
bqa8
eXYYf u
f4d41227
Iaa
XZa
}ZaaaXeYee
tK GZ
Z HL
YZa U
Z HQ
F1a8
e k	
*Zee [j
AZ
c6Y
Z !Y
oeXe
*if .r
ZfeX
Z Hp
<Zaaf
@ K3
l-eYXZXY
p& }
a xS
#rZ
ba8
XIfX YC|
$Z
fZYX
aXXYeY
Wf H%
eafffX
Za
ZYY _&
Ue w]
callback
Z H0
ba87
Pb~Za8V
ZeYYXaf
{
a8
c60917cc
YZYe D*nae D
:Z a
YafXa
HashAlgorithm
a7e9cc92
:Z P
LUfe K@
:Z X
EFa85
.=X A
\fX `E
WfXf
ayA+Za8
ZaZ V
V
Z
IXY %
!Z p"
XX 5Mn;8
:Z )
aY Qo
5Z T
18fba1c0
K,ZYaXe
,?	Z
c0b17114
fZZaX !
	Z fq
Microsoft.Win32
+
 K
:)5
ZXfY %K83
rM9Xeaeee 6
v iP
b33a1f43
Z{X @
ff NN
{fY
eXe
xY 5
i4  >
Xf =c
!a8J
%]%+
!3]
Z @
eXaZfXXZ uH
!a8@
BitConverter
)ef
7*a8
[fe
IntPtr
fXYafe
Y PQ
uZ 9+nL y
5BZ
!eeff
jO[
ffafZf }
8$
Z UU
YX s/
afXeaXZaaXYY
bYfY U!vifY |
Z|eZe
l;j-Y
ResolveMethod
fXf
IUefY ,
XXXeZfXa
a675155f
f sK
>ZXfXa
fXf ;
210a9ed2
Z +\*Oa8
0L6ZYX `5.v
S]| |%OeYY 2
eXaa g
p1X
Zffafa L)
t3U%&
FZa
fXfaYe -
Z U9
ZZY
>eeXeXXf
1}
A%&8
fefYX
eZefee
^Z Wd
;uaaaaXaeefaYaXaYXeZ
Y$H8}
/P:`
`
 Zw
bMXeY ?
{G
4a%
aXeXYeeX
r{e
ZYYef q
JaXaaeff
Sa%
[S3
r@%&
fe /
+KZ
<^ 7
7/a8e
nZ L
%a8&
eYeeZ G
+Zc e
Aff
94f739f9
aYf b
U eL.+aa
get_FileName
ZXeeZ
FileInfo
K|Z
956072d9
oZ L
UZ -aL
U w
ZYfYeY
AZ
get_MethodHandle
XaeZaYX
oZ
oZ &
79be122b
~9XYeeX
oZ 1
<q%&
BF h@
hD4!Z
T(a8
UZa8
LaYXZXZf I+
X +4
Za Bvf
Z -=
M1bZa8w
pma8|
h|Z :K
Z vl
7DXZYe
h^k#Z
4Zee
YZ L
MeXeYfeZ
YfYX %_
Z vB
SBYYe
x~Y
Ooff
6Kf X
(6ZY
fYaX
EWZ
YZaf
4005a030
WKa8k
Ze j:#! %6
Z -N
SCeeaaef
ZX <
W>na8
Gaf
/<a8D
sZa8
rR*
tZca8]
|}a8
.Ya y
UeaeYfa
eYXeZef
{Ia8B
'ZYeZZ =}
% 0[O<aZeX
eaXXfXY O^
>aaY
ffafaefXYa I$
1Z p
cYf
ZX ID
lafaaeaXae
sZa8T

=Z
=Z +
=Z *
2h;%+
kXX
0~q
Ve 6<
&Z }|
}y$
!ZYYYY \
XYYa
0`ZaYX
ChangeType
Z sCC
CompilerGeneratedAttribute
Pge
69Z
<ff 3
fYe
'Zfe
/rIa8
RZ .M
19.
i5V
Ya
eafXa
)bZ !
z$wa+
^bZ
Oaa ;
x8EY
Ya "
ZfZ o{
G*1
Ya \
6I c
Ya W
:afXe
G '"
Ya N
Ya L
G54,
afe I
_=&YZXaY |e
YNZ
xvXXXYeaY 
l
fY .'#
=I)a%
Ya t
*C3Z
Z	faefee
Ya p
lngFileSystemNameSize
feYa
6/
Xae
Ya a
88554f7e
ZY h
$-ffa !l
35299c97
GetElementType
tzY
ZY e
2ueaeXX
ZY s
A|$Zf
d\sXff s
ZY w
aeeaYYf pDn
ZY u
*fa
;LL^i
ZY C
3
a8
ZY ]
DV'aXXaa ^
*LZ
ZY )
aaf A
ZY .
ZY ,
/gZ
ZY "
ZXfYf
54a6a80b
ZY ?
ZY =
Kna8
Ea8!
ZY 1
ZY 5
Z N-
L [1
-e j
Z N"
nw
Z
CD3a8
?^ _
0gZYa
\ZeX
XfZ }&
9756d358
-oa8V
/oZ
b8eb1653
8Z 8/1
/_AXf
Yfae
vM'a8K
[7SGZ
,z ,
AZe
Ia8>
^6Z
_ba %d
7Z }|-a8
Yef y
YaX
X
 c>X
*XX
Yef w
Yef O
h
U
Yef C
Ia8v
efE
5beea030
*3YZ 8
Enum
ZZfXa
feaXa
YXff
Sf &
Sf )
aXX
_KXY
Puf 0
{f pSE
vZ 6
iZfeaY
Da+
0[Z F
eeeZX 3
0aa8e4cf
,O ,H
_>5 X
Sf q
NZf
$a%
ZaZaYff
HfYfX he
Y =b{Xea
q_ee
fa >E
efeefeeY +.
X66
:ZeXXY
HefaX
4Z &
?Xe
5)a8|
\*>mfYff 9d*
aXfX ]
Z kl
x]8
BeginInvoke
Zefe oO
0e267299
eeXe 3*
ea u
sZZ
'8ZYY
X @
fRa8S
Z kM
ef }]A
b8502997
>gZa8
ja >
{&%a8w
kZ U
[cZa8`
M2Ya8
%U@
ZYfaaYZ
eZe a
)*VJZ
kZ K
kZ I
Z k8
yOqY8p
@ae 7
e}Ae @
fZYf
?eea X
XMa8
85#Z
KYeXYY
eZe V
aYae
4Hb
O)(
Z ?[
eY 3$"/ZfeX oAA
4]ZXZ
ja8z
f76fd5a4
eee
@u
ja8@
ZZa
VSZ `
&M
b2f69427
g%&8
Xeaefe
&v g
aaffYXef
%+ @
Y9Z Y
'2 rs
e609820c
b4ef010f
}?Z HTp
2dc655ac
faaeY O
b?a8p
[
Z `V6$a84
tZ EE
P63af }
8fa {
WZf
Z (
8j
$a8Q
ceca5232
vYaYX [
ZeYe ]
p@Z
<?5
Zvde
Xeaa
]Z `5
9Z
UD
9Z _
YeeeY
% X9q
NfXe 9O
:Ua8
f 98
PYfZfe
BZaXZfa
o8z
9Z }
a(a%
0@ )-
#XeXea
E5 Z l_
L8Xaffafa
$a8*
Zef E
$a8&
"ZYe
Z tz
_8fa
Exit
bV
[cxXfe z
fb7bfa01
System.Text.RegularExpressions
aeYf
[$X
ZYY `
Vw C
ae [&x
9Z sz
\Z hd
aKfa8V
'fU%+
ff !W
>e `
X -n
i<a8
k2a8T
Z #V
_|XZ }&S0eYYfYa 6
_ZX {
_ZX }
ZZee
!Z C
8Wf
ZYa !
u(W
YZXaXXfaY r
ZfXYfZ
fr5
)a88
/'1N
be37d006
Zero
bsZ N@
50X
Zff
T^_[
YYYff
hM
a1dd2712
S?pZXaf y
$aa u_i
System.Threading
i 
\
6ffYaf ={
)XZf
bd797aa9
)a8F
$Zafa
Hg=Z
zue
vEZa8
Oa{
YfY
db8831ad
(Z 
T
ga8C
Qp>e ^;
afXXY
XfeaXeaZ
eXY
aYfaf
ZXXZaf [
4W c
r^ffaef
get_Current
fZa ]
e\saY dFM
Zff
YZfaaeaZYf
/YefeXY
Z Uj%v Sr
9?w
'ZeXZ
E_Y ^Lu+ )3
:m:
!la8
gZ YF
! /`2.Z
Ye aE
ccZ %
Ga8N
Dw%&
a<X
?J%+
GYe =
ZfYXeYfaaeZfafeeY R-
feZea
+Zf
8AYaaefee
ZaeX
gZeY
XY q
Next
5D;Y
Z LD
XY i
<Z /
$f '
Xef c
saXXf
YYe
9w/
h<b%+
ZYaaYeY
qf ~j+i
pa8-
K0'
lZ 80
pa8<
OZ e&1
pa8A
XY :
%Z l>
XY 6
affX
fS%Z
a166ba2c
'd{ff A
ZeYeeYfXXYeXY ?
!GBZY
.ZX R
ffe
CYefY o
X 
&
ZfeY
0Ta8
Ya8}
;,4
HMZ
pa&
Fh/Yaee B
0c U<6OY
YXaZX I
HGe{Y
k	eX
( &%
=>F
+w(
22c53877
Xaefee Q
EZZ
7bX
5883fa23
2^= o
)X
YYZ s
Saa
 Tm
~}a%
9q{Z
YXa
m_iY%+
koZ Z
,'QAX
GetTypeFromHandle
IAsyncResult
Ze =
)af 5M
FileAttributes
oeZaY L
EX J"
1Ze E
X ?65
XXfXfffe
MLa8
eXa+
[1%&8(
eXa
7)e G
AFE
`[J x\
:%y
jZe
af651774
1f8e5077
aeb38982
l%Z
/a8b
0dc904d3
Y Tf
RaafaXXaXZ 19
aXZ
8 Qc
GetProcessById
/a8B
=%&8
/a8H
ZeeX
Ye y
}fXeZXa
ZXaXZeZ
aXfeYXeffYY
Ye w
}:%&+
a ~y
! _S
0Z Ni&
afa X
G;qZ
Zffaaaff {
"=]Z G
fea
System.Runtime.CompilerServices
afa 4
ffe ;J;
Ye +
aeYX
Ye &
Ye '
ZYXf sK2
F)ef
-ee
FXXaa p
sTp)
8Z mR
6YY 5
]Y ;P
YeeaZ
LZff e
8f8e63cd
LZa8
2e916dd4
[ZZf
UYaef
7YY
)aXX +
va8?
ZXaY L8
va8:
Z MI
^E
399ee429
.Xa WyO
UYaa ;
buZYYXfaYa
07ddb874
w1H
Ya
va8I
GZXa
eXX v?
efZ
ZfXeZf
f633dfdf
:1qaYef
Z 
\Aca8%
( a8
XXffaaeXZ J
VQ z
aZYfe
va8k
Zeafa
ZaaaX
vyZY \.h
:m
va S
3Z u
GZ
pY U*M5
y#`2Z .
<gXZXX }
3T#7)
<Z Fu1
w! I
9I-fYXeeZ
YXef
aXZaf
3Z J
X
MaX
ae [a
Kn|8
CZYZ
3Z /
^X e
ZZ eB($efYf Ly
OtZX 3
Za 'V|K
Y s0
uAZ
w[ 7
Y s>
ZeXee 3
-#f
f 5-*f
fXfX
ZYae
.Xa +
Y q<G
c=X 
K
jYefeaaafeY
YfYeYXX g.
oZ  AZ
1Ba
_b`
Z 9L`
8Ca8
\!Y
ZXa r B7aY e
$Z +
aXeYXXXaafe +
>NZa
3Z xb
ProcessWindowStyle
fZ
/xY
e0cc238a
X /{
$Z <
J" Z[jS I
get_ModuleName
$Z F
hZa8
a75422af
yNF
$Z M
p~af
EeY
BYu
ZZY _)
 S|m
A*%&+
4~
OZe
a So
ZaXY W
"Zee
Z !4
ZXefYXXY
iefX Y
aYe
iHAa8
afX +
lpApplicationName
g	 QT
Z @{=
*aYZefeeeff +&L
!Za8*
@^%&
ZfYe 6
#fXffeXffaae
IR/
d#Y+Z ~
Y%ii
J=%&
.jZa8~
X A@|KZYfZY
)gZ
a-"
2de2a850
DSJ
feffZeYe
Z NIu7ee
H}hZ
Encoding
Y<+
jff
45724171
ZfYe i
]H1af
||ZYa ]y-.
XY l{
IEnumerable`1
ZfX
aXf [
Yaa y
Y ;%
get_Module
c512ad8d
''Zf
aXa
XY {K=ifeXXXeYeaZZ Zh
XZYYYXY
UwZ
"ZY
r.^a8q
9REXXa
|%&87
P:Z
ZYYa
."e
00056564
|%&8+
MZa8
-Y>
fh<Z
XaY
R|w}Yeea
^i
Ki=1
a +9
71634113
ZffZ
eaX
fYX y%S
eYaYefYa Q
Z qiv
"dYYafZ ,
#:Z
Z BD
a ~8
ZeaX w
XZXXfXa &
Z Bf
{@Z
HZffe
@Cg
\aaaYZ
System.Collections.Generic
aeXa
NH Y
ZXYXXa (7
EXY 1
zZfeYfXXXeeXafee H
?XYe
AllocationType
%N~
Nef |
WUX 1
ZXYeX
UQ:Y
ZXea
aYXX 4
XYY
{efY
BQ*a
IfZ
?0'
%&	 +
"gm
e ex
YeaaaZffX )J
#U3XX #
Z ?Ac
Z (K+Va8
bfe98997
VG
)%&8
Iff ^
rZX
m10k
eXae
8GQZ
2Y P
MGa
YZXY
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2018-08-05 11:33:04 2018-08-05 11:36:04 180

18 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2018-08-05 11:33:04 2018-08-05 11:36:04 180

12 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe.config
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\bcastdvr.exe\*
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol28.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}
C:\ProgramData
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
\??\MountPointManager
C:\Windows\System32\schtasks.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinInetDriver.url
C:\Windows\sysnative\Tasks
C:\Windows\sysnative\Tasks\*
C:\Windows\sysnative\Tasks\Adobe Flash Player Updater
C:\Windows\Tasks\WinInetDriver.job
C:\Windows\sysnative\Tasks\WinInetDriver
C:\Windows\sysnative\Tasks\
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Temp
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\sysmain.sdb
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\*.*
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\ui\SwDRM.dll
C:\Windows\SysWOW64\sc.exe
C:\Windows
C:\Windows\SysWOW64
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\*.*
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\SysWOW64\ui\SwDRM.dll
C:\Windows\SysWOW64\wbem\WMIC.exe
C:\Windows\SysWOW64\wbem
C:\Windows\SysWOW64\wbem\
C:\Windows\SysWOW64\wbem\*.*
C:\Windows\SysWOW64\wbem\it-IT\WMIC.exe.mui
C:\Windows\SysWOW64\wbem\ui\SwDRM.dll
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
C:\Windows\sysnative\WerFault.exe
C:\Windows\sysnative
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\
C:\Windows\sysnative\kernel32.dll
C:\Windows\sysnative\ntdll.dll
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\System32\Macromed\Flash\mms.cfg
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe.config
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.INI
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normidna.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfd.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkd.nlp
\Device\NamedPipe\
C:\
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\oleaut32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles\LocalService
C:\Windows\sysnative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fca58fb2-231f-4daa-bca0-77602b638485
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
C:\Windows\System32\wbem\XSL-Mappings.xml
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\SysWOW64\wbem\wmic.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\msvcr90.dll
C:\Windows\winsxs
C:\Windows\System32\wbem\textvaluelist.xsl
C:\Windows\System32\p2pcollab.dll
C:\Windows\System32\qagentrt.dll
C:\Windows\System32\dnsapi.dll
C:\Windows\SysWOW64\it-IT\CRYPT32.dll.mui
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Windows\System32\it-IT\WINHTTP.dll.mui
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Windows\Temp\Cab9120.tmp
C:\Windows\Temp\Tar9121.tmp
C:\Windows\System32\Cab9120.tmp
C:\Windows\Temp\
C:\Windows\inf\display.inf
C:\Windows\sysnative\DriverStore\it-IT\display.inf_loc
C:\Windows\inf\display.PNF
C:\Windows\sysnative\wbem\MOF
C:\Windows\sysnative\wbem\MOF\bad\
C:\Windows\sysnative\wbem\MOF\good\
C:\Windows\sysnative\wbem\MOF\*
\??\WMIDataDevice
C:\Windows\sysnative\it-IT\VssTrace.DLL.mui
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository
C:\Windows\sysnative\wbem\Logs
C:\Windows\sysnative\wbem\AutoRecover
C:\Windows\sysnative\wbem\repository\INDEX.BTR
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
C:\ProgramData\Microsoft\Windows\Sqm\Sessions
C:\ProgramData\Microsoft\Windows\Sqm\Sessions\*.psqm
C:\ProgramData\Microsoft\Windows\Sqm\Upload
C:\ProgramData\Microsoft\Windows\Sqm\Upload\*.sqm
C:\ProgramData\Microsoft\Windows\Sqm\Manifest
C:\ProgramData\Microsoft\Windows\Sqm\Manifest\*.bin
C:\Windows\sysnative\LogFiles\SQM
C:\Windows\sysnative\LogFiles\SQM\SqmLogger*.etl.*
\??\PIPE\lsarpc
C:\DosDevices\pipe\
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\ProgramData\Microsoft\Windows\WER\ReportQueue
C:\Windows\sysnative\it-IT\faultrep.dll.mui
C:\Windows\sysnative\winxp\triage.ini
C:\Windows\sysnative\WINXP
C:\Windows\sysnative\winext
C:\Windows\sysnative\winext\arcade
C:\Windows\sysnative\pri
C:\ProgramData\Oracle\Java\javapath
C:\ProgramData\Oracle\Java\javapath\
C:\Windows\
C:\Windows\sysnative\wbem
C:\Windows\sysnative\wbem\
C:\Windows\sysnative\WindowsPowerShell\v1.0
C:\Windows\sysnative\WindowsPowerShell\v1.0\
C:\Windows\sysnative\WINXP\dbghelp.dll
C:\Windows\sysnative\winext\dbghelp.dll
C:\Windows\sysnative\winext\arcade\dbghelp.dll
C:\Windows\sysnative\pri\dbghelp.dll
C:\Windows\sysnative\dbghelp.dll
C:\Windows\sysnative\WINXP\ext.dll
C:\Windows\sysnative\winext\ext.dll
C:\Windows\sysnative\winext\arcade\ext.dll
C:\Windows\sysnative\pri\ext.dll
C:\Windows\sysnative\ext.dll
C:\ProgramData\Oracle\Java\javapath\ext.dll
C:\Windows\ext.dll
C:\Windows\sysnative\wbem\ext.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\ext.dll
C:\Windows\sysnative\WINXP\exts.dll
C:\Windows\sysnative\winext\exts.dll
C:\Windows\sysnative\winext\arcade\exts.dll
C:\Windows\sysnative\pri\exts.dll
C:\Windows\sysnative\exts.dll
C:\ProgramData\Oracle\Java\javapath\exts.dll
C:\Windows\exts.dll
C:\Windows\sysnative\wbem\exts.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\exts.dll
C:\Windows\sysnative\WINXP\uext.dll
C:\Windows\sysnative\winext\uext.dll
C:\Windows\sysnative\winext\arcade\uext.dll
C:\Windows\sysnative\pri\uext.dll
C:\Windows\sysnative\uext.dll
C:\ProgramData\Oracle\Java\javapath\uext.dll
C:\Windows\uext.dll
C:\Windows\sysnative\wbem\uext.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\uext.dll
C:\Windows\sysnative\WINXP\ntsdexts.dll
C:\Windows\sysnative\winext\ntsdexts.dll
C:\Windows\sysnative\winext\arcade\ntsdexts.dll
C:\Windows\sysnative\pri\ntsdexts.dll
C:\Windows\sysnative\ntsdexts.dll
C:\ProgramData\Oracle\Java\javapath\ntsdexts.dll
C:\Windows\ntsdexts.dll
C:\Windows\sysnative\wbem\ntsdexts.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\ntsdexts.dll
C:\Windows\sysnative\it-IT\wer.dll.mui
C:\Windows\sysnative\svchost.exe
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\
C:\Windows\ServiceProfiles\LocalService\AppData
C:\Windows\ServiceProfiles\LocalService\AppData\Local
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt
C:\Windows\sysnative\*
C:\Windows\sysnative\it-IT\kernel32.dll.mui
C:\Windows\sysnative\it-IT\ntdll.dll.mui
C:\Windows\sysnative\unknown
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_*_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_*
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_*_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml
C:\Windows\sysnative\drivers\*.mrk
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp
C:\Windows\sysnative\KERNELBASE.dll
C:\Windows\sysnative\msvcrt.dll
C:\Windows\sysnative\sechost.dll
C:\Windows\sysnative\rpcrt4.dll
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\ole32.dll
C:\Windows\sysnative\gdi32.dll
C:\Windows\sysnative\user32.dll
C:\Windows\sysnative\lpk.dll
C:\Windows\sysnative\usp10.dll
C:\Windows\sysnative\imm32.dll
C:\Windows\sysnative\msctf.dll
C:\Windows\sysnative\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\sysnative\sspicli.dll
C:\Windows\sysnative\CRYPTBASE.dll
C:\Windows\sysnative\clbcatq.dll
C:\Windows\sysnative\oleaut32.dll
C:\Windows\sysnative\w32time.dll
C:\Windows\sysnative\logoncli.dll
C:\Windows\sysnative\cryptdll.dll
C:\Windows\sysnative\ws2_32.dll
C:\Windows\sysnative\nsi.dll
C:\Windows\sysnative\mswsock.dll
C:\Windows\sysnative\userenv.dll
C:\Windows\sysnative\profapi.dll
C:\Windows\sysnative\gpapi.dll
C:\Windows\sysnative\dsrole.dll
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\RpcRtRemote.dll
C:\Windows\sysnative\IPHLPAPI.DLL
C:\Windows\sysnative\winnsi.dll
C:\Windows\sysnative\rasadhlp.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\*_*_*_*
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD4B1.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD5DB.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERDC93.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer
C:\Windows\sysnative\it-IT\USER32.dll.mui
C:\Windows\sysnative\wbem\en-US\cimwin32.dll.mui
C:\Windows\sysnative\wbem\en\cimwin32.dll.mui
C:\Windows\sysnative\wbem\it-IT\cimwin32.dll.mui
C:\Windows\sysnative\Branding\basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\en-US\basebrd.dll.mui
C:\Windows\Branding\Basebrd\en\basebrd.dll.mui
C:\Windows\Branding\Basebrd\it-IT\basebrd.dll.mui
C:
C:\Windows\sysnative\en-US\tzres.dll.mui
C:\Windows\sysnative\en\tzres.dll.mui
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\Windows\sysnative\it-IT\werui.dll.mui
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer.tmp
C:\Windows\sysnative\it-IT\radarrs.dll.mui
C:\Windows\sysnative\radarrs.dll

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe.config
C:\Users\Seven01\AppData\Local\Temp\FXSCOVER.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol28.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\sysnative\Tasks\WinInetDriver
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\sysmain.sdb
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\SysWOW64\wbem\WMIC.exe
C:\Windows\SysWOW64\wbem\
C:\Windows\SysWOW64\wbem\it-IT\WMIC.exe.mui
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
C:\Windows\sysnative\WerFault.exe
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\
C:\Windows\sysnative\kernel32.dll
C:\Windows\sysnative\ntdll.dll
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\sysnative\Tasks\Adobe Flash Player Updater
C:\Windows\System32\Macromed\Flash\mms.cfg
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe.config
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normidna.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfd.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkc.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\normnfkd.nlp
\Device\NamedPipe\
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fca58fb2-231f-4daa-bca0-77602b638485
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\msvcr90.dll
C:\Windows\System32\wbem\XSL-Mappings.xml
C:\Windows\System32\wbem\textvaluelist.xsl
C:\Windows\SysWOW64\it-IT\CRYPT32.dll.mui
C:\Windows\System32\it-IT\WINHTTP.dll.mui
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Windows\Temp\Cab9120.tmp
C:\Windows\Temp\Tar9121.tmp
C:\Windows\inf\display.PNF
\??\WMIDataDevice
C:\Windows\sysnative\it-IT\VssTrace.DLL.mui
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\PIPE\lsarpc
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\sysnative\it-IT\faultrep.dll.mui
C:\Windows\sysnative\winxp\triage.ini
C:\Windows\sysnative\it-IT\wer.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt
C:\Windows\sysnative\svchost.exe
C:\Windows\sysnative
C:\Windows\sysnative\it-IT\kernel32.dll.mui
C:\Windows\sysnative\it-IT\ntdll.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp
C:\Windows\sysnative\KERNELBASE.dll
C:\Windows\sysnative\msvcrt.dll
C:\Windows\sysnative\sechost.dll
C:\Windows\sysnative\rpcrt4.dll
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\ole32.dll
C:\Windows\sysnative\gdi32.dll
C:\Windows\sysnative\user32.dll
C:\Windows\sysnative\lpk.dll
C:\Windows\sysnative\usp10.dll
C:\Windows\sysnative\imm32.dll
C:\Windows\sysnative\msctf.dll
C:\Windows\sysnative\api-ms-win-core-synch-l1-2-0.DLL
C:\Windows\sysnative\sspicli.dll
C:\Windows\sysnative\CRYPTBASE.dll
C:\Windows\sysnative\clbcatq.dll
C:\Windows\sysnative\oleaut32.dll
C:\Windows\sysnative\w32time.dll
C:\Windows\sysnative\logoncli.dll
C:\Windows\sysnative\cryptdll.dll
C:\Windows\sysnative\ws2_32.dll
C:\Windows\sysnative\nsi.dll
C:\Windows\sysnative\mswsock.dll
C:\Windows\sysnative\userenv.dll
C:\Windows\sysnative\profapi.dll
C:\Windows\sysnative\gpapi.dll
C:\Windows\sysnative\dsrole.dll
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\RpcRtRemote.dll
C:\Windows\sysnative\IPHLPAPI.DLL
C:\Windows\sysnative\winnsi.dll
C:\Windows\sysnative\rasadhlp.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp
C:\Windows\sysnative\it-IT\USER32.dll.mui
C:\Windows\sysnative\wbem\en-US\cimwin32.dll.mui
C:\Windows\sysnative\wbem\en\cimwin32.dll.mui
C:\Windows\sysnative\wbem\it-IT\cimwin32.dll.mui
C:\Windows\Branding\Basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\en-US\basebrd.dll.mui
C:\Windows\Branding\Basebrd\en\basebrd.dll.mui
C:\Windows\Branding\Basebrd\it-IT\basebrd.dll.mui
C:
C:\Windows\sysnative\en-US\tzres.dll.mui
C:\Windows\sysnative\en\tzres.dll.mui
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer
C:\Windows\sysnative\it-IT\werui.dll.mui
C:\Windows\sysnative\it-IT\radarrs.dll.mui
C:\Windows\sysnative\radarrs.dll

Write Files

C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinInetDriver.url
C:\Windows\sysnative\Tasks\WinInetDriver
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Windows\Temp\Cab9120.tmp
\??\WMIDataDevice
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\PIPE\lsarpc
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD4B1.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERD5DB.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WERDC93.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer
\??\PIPE\wkssvc
\??\PIPE\srvsvc
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer.tmp

Delete Files

C:\Windows\Tasks\WinInetDriver.job
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
C:\Windows\Temp\Cab9120.tmp
C:\Windows\Temp\Tar9121.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD4B1.tmp.appcompat.txt
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERD5DB.tmp.WERInternalMetadata.xml
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WERDC93.tmp.hdmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WEREA40.tmp.mdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5\Report.wer.tmp

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FXSCOVER.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job.fp
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}\data
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job.fp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}\data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\hostdl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\sc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WMIC.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net1.exe
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PreviousServiceShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_CURRENT_USER
HKEY_USERS\.DEFAULT\Control Panel\International
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Uploader
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WerFault.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Triggers
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\taskeng.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\DataVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\EnableBackCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\MissedTasksStartupDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksInMemoryQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerHighestPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerLeastPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TracingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\WindowSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6BA0E3C1
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_CURRENT_USER\Software\Classes\AppID\taskeng.exe
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\TreatAs
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\Progid
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hostdl.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hostdl_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes\AppID\hostdl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\989BE1F2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\WOW64
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Environment
HKEY_USERS\S-1-5-19
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\Volatile Environment
HKEY_USERS\S-1-5-19\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ObjectName
HKEY_CURRENT_USER\Software\Classes\AppID\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\file\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_CLASSES_ROOT\.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Classes\Interface\{79EAC9E4-BAF9-11CE-8C82-00AA004BA90B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\TextSource\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\TextSource\1\TextSourceDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Macromedia\FlashPlayerSAU
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\CheckFrequency
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\My
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\CTLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\My\Keys
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\CA
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_USERS\.DEFAULT\
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\trust
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Escalation
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F8B50CC5
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Mfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\LogConf
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\LogConf\ForcedConfig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\SystemCritical
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\svchost.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NoResyncPerf
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\ADAP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ADAPDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LodCtrDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToFullDredge
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToTerminateAdap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastFullDredgeTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\AECFFC7E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\InprocHandler
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription
HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cli
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxSessionSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxEventSizePerSession
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\AdaptiveSQM\ManifestInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\SamplingInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\SQMLogger\Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastEventTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\SystemCritical
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w32time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogEntries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\RefreshSettingsFlags
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\InputProvider
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\TimeProviders
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PhaseCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\UpdateInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FrequencyCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PollAdjustFactor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LargePhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\SpikeWatchPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\HoldPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MinPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\AnnounceFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LocalClockDispersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxNegPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPosPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxAllowedPhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\TimeJumpAuditOffset
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\TimeProviders\NtpClient
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32Time\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\AllowNonstandardModeCombinations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\CompatibilityFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMinutes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMaxTimes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\LargeSampleSkew
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemaining
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\VML
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rpc\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider\Parameters\IPC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wersvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Debug
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Plugins\AppRecorder
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Plugins\FDR\CurrentSession
HKEY_CURRENT_USER\Software\Microsoft\Windiff
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DebugApplications
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\HeapControlledList\svchost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\ntdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\kernel32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\KERNELBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\msvcrt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\sechost.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RPCRT4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ADVAPI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ole32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GDI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USER32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\LPK.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USP10.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IMM32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\MSCTF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\SspiCli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CRYPTBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CLBCatQ.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\OLEAUT32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\w32time.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\logoncli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\cryptdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WS2_32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\NSI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\mswsock.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USERENV.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\profapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GPAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\dsrole.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\DNSAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RpcRtRemote.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IPHLPAPI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WINNSI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\rasadhlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6FD5A890
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier
HKEY_LOCAL_MACHINE\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CoDeviceInstallers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfPath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfSection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InstalledDisplayDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.MemorySize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.ChipType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.DACType
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo\FilePrint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\7F8CCB70
HKEY_CURRENT_USER\Software\Classes\AppID\taskhost.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\DiagnosticModules
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\Software\Microsoft\RADAR\HeapLeakDetection\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\Adobe Flash Player Updater.job.fp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}\data
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\DataVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\EnableBackCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\MissedTasksStartupDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksInMemoryQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerHighestPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TasksPerLeastPrivEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\TracingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration\WindowSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6BA0E3C1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\ProviderName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\989BE1F2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga\ObjectName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\wmic.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\TextSource\1\TextSourceDll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\CheckFrequency
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F8B50CC5
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Mfg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\LogConf\ForcedConfig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000\Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs\SystemCritical
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NoResyncPerf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ADAPDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LodCtrDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToFullDredge
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\TimeToTerminateAdap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastFullDredgeTimestamp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\AECFFC7E
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49E32C6-BC8B-11D2-85D4-00105A1F8304}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1303DDE3-568E-4908-90A0-535586F54562}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{316BE311-6A9B-49C4-BD2C-3474DEB1E133}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{379BC8BF-E2DC-4C85-8C5D-A80FF7520387}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{C5F5B0E8-C0FF-4517-B654-90864AFC599D}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cli
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxSessionSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxEventSizePerSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\SamplingInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\SQMLogger\Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService\SystemCritical
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogEntries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FileLogSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\RefreshSettingsFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpServer\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\DllName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\VMICTimeProvider\InputProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PhaseCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\UpdateInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\FrequencyCorrectRate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\PollAdjustFactor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LargePhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\SpikeWatchPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\HoldPeriod
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MinPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\AnnounceFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\LocalClockDispersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxNegPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxPosPhaseCorrection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\MaxAllowedPhaseOffset
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Config\TimeJumpAuditOffset
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\AllowNonstandardModeCombinations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\CompatibilityFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMinutes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\ResolvePeerBackoffMaxTimes
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\EventLogFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\LargeSampleSkew
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Parameters\NtpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemaining
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\NoReflection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\APPCRASH
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\ntdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\kernel32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\KERNELBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\msvcrt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\sechost.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RPCRT4.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ADVAPI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ole32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GDI32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USER32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\LPK.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USP10.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IMM32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\MSCTF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\SspiCli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CRYPTBASE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CLBCatQ.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\OLEAUT32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\w32time.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\logoncli.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\c:\windows\system32\cryptdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WS2_32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\NSI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\mswsock.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USERENV.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\profapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GPAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\dsrole.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\DNSAPI.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RpcRtRemote.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IPHLPAPI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\WINNSI.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\rasadhlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6FD5A890
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfPath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InfSection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\InstalledDisplayDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.MemorySize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.ChipType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\HardwareInformation.DACType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\7F8CCB70
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest

Write Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinInetDriver\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A083D522-AFD5-43A4-A6B7-25E961E6C461}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PreviousServiceShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{1E45F06B-E567-4C30-A524-CB4EE808D9E1}\data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{59D3986C-4060-4ED0-BE37-2566EE895729}\data
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hostdl_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\hostdl_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\LastUpdateCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Macromedia\FlashPlayerSAU\CheckFrequency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastEventTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\TimeProviders\NtpClient\SpecialPollTimeRemaining
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent
HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent

Delete Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\WinInetDriver.job.fp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart

Mutexes

Global\SQMWindowsConsolidator
Local\WERReportingForProcess2416
Global\\xe5\x88\x90\xc2\x88
Global\\xee\xb3\x80\xc7\x93
WERUI_APPCRASH-91cb76e040d745347fa8ee794b9b2d7f4f5f9599

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
mscoree.dll.GetTokenForVTableEntry
mscoree.dll.SetTargetForVTableEntry
mscoree.dll.GetTargetForVTableEntry
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.GetLastError
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.CloseHandle
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
psapi.dll.GetModuleFileNameExW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetFullPathNameW
ole32.dll.CoCreateGuid
kernel32.dll.SetThreadErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.CreateDirectoryW
kernel32.dll.SetFileAttributesW
kernel32.dll.CopyFileW
kernel32.dll.GetSystemDirectoryW
kernel32.dll.LocalAlloc
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
shell32.dll.ShellExecuteEx
shell32.dll.ShellExecuteExW
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
ole32.dll.CoUninitialize
ole32.dll.CoRevokeInitializeSpy
comctl32.dll.#388
oleaut32.dll.#500
kernel32.dll.LocalFree
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
advapi32.dll.EventUnregister
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
sspicli.dll.GetUserNameExW
advapi32.dll.GetUserNameW
xmllite.dll.CreateXmlWriter
xmllite.dll.CreateXmlWriterOutputWithEncodingName
ws2_32.dll.#116
tschannel.dll.DllGetClassObject
tschannel.dll.DllCanUnloadNow
shell32.dll.SHChangeNotify
wtsapi32.dll.WTSQueryUserToken
userenv.dll.CreateEnvironmentBlock
sechost.dll.ConvertSidToStringSidW
userenv.dll.DestroyEnvironmentBlock
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceStatus
rasapi32.dll.RasEnumConnectionsW
rasapi32.dll.RasConnectionNotificationW
pcwum.dll.PerfDeleteInstance
pcwum.dll.PerfStopProvider
cryptsp.dll.CryptReleaseContext
propsys.dll.PropVariantToVariant
ole32.dll.CoDisconnectObject
wbemcore.dll.Shutdown
ole32.dll.CoReleaseMarshalData
kernel32.dll.RegDeleteValueW
oleaut32.dll.#9
advapi32.dll.CryptAcquireContextW
advapi32.dll.RegCreateKeyExW
shlwapi.dll.PathIsDirectoryW
advapi32.dll.RegNotifyChangeKeyValue
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
ole32.dll.CLSIDFromOle1Class
clbcatq.dll.GetCatalogObject
clbcatq.dll.GetCatalogObject2
advapi32.dll.RegSetValueExW
shlwapi.dll.PathIsPrefixW
advapi32.dll.CryptCreateHash
advapi32.dll.CryptGetHashParam
cryptsp.dll.CryptGetHashParam
advapi32.dll.CryptHashData
cryptsp.dll.CryptHashData
advapi32.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyHash
xmllite.dll.CreateXmlReader
advapi32.dll.CryptReleaseContext
dwmapi.dll.DwmIsCompositionEnabled
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.IsWow64Process
kernel32.dll.lstrlenA
kernel32.dll.GetStdHandle
kernel32.dll.CreatePipe
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.CreateProcessW
kernel32.dll.GetConsoleOutputCP
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.ReadFile
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
oleaut32.dll.SysAllocStringLen
oleaut32.dll.SysFreeString
kernel32.dll.RtlZeroMemory
oleaut32.dll.SysStringLen
advapi32.dll.SystemFunction041
cryptbase.dll.SystemFunction001
cryptbase.dll.SystemFunction002
cryptbase.dll.SystemFunction003
cryptbase.dll.SystemFunction004
cryptbase.dll.SystemFunction005
cryptbase.dll.SystemFunction028
cryptbase.dll.SystemFunction029
cryptbase.dll.SystemFunction034
cryptbase.dll.SystemFunction040
cryptbase.dll.SystemFunction041
kernel32.dll.CompareStringOrdinal
kernel32.dll.GetFileSize
kernel32.dll.CreateEventW
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.CloseServiceHandle
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
ws2_32.dll.WSAIoctl
kernel32.dll.FormatMessageW
advapi32.dll.RegOpenCurrentUser
sechost.dll.NotifyServiceStatusChangeA
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpCloseHandle
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
kernel32.dll.GetEnvironmentVariableW
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.SetEvent
kernel32.dll.SetThreadUILanguage
urlmon.dll.DllCanUnloadNow
urlmon.dll.IEDllLoader
urlmon.dll.CoInternetCreateZoneManager
urlmon.dll.CoInternetGetSession
urlmon.dll.CopyBindInfo
urlmon.dll.CreateURLMoniker
urlmon.dll.RegisterBindStatusCallback
urlmon.dll.ReleaseBindInfo
urlmon.dll.RevokeBindStatusCallback
urlmon.dll.UrlMkGetSessionOption
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CreateUri
urlmon.dll.CoInternetCombineUrl
urlmon.dll.CoInternetGetSecurityUrl
urlmon.dll.IsValidURL
wininet.dll.InternetCrackUrlW
wininet.dll.InternetCreateUrlW
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.HeapSetInformation
msoxmlmf.dll.DllGetClassObject
msoxmlmf.dll.DllCanUnloadNow
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.GetSystemDefaultLocaleName
oleaut32.dll.#283
oleaut32.dll.#284
kernel32.dll.RegOpenKeyExW
wmi2xml.dll.OpenWbemTextSource
wmi2xml.dll.CloseWbemTextSource
wmi2xml.dll.WbemObjectToText
wmi2xml.dll.TextToWbemObject
ntdll.dll.EtwUnregisterTraceGuids
ws2_32.dll.GetAddrInfoW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
schannel.dll.SpUserModeInitialize
ws2_32.dll.WSASend
ws2_32.dll.WSARecv
secur32.dll.FreeContextBuffer
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
ncrypt.dll.SslLookupCipherSuiteInfo
user32.dll.LoadStringW
ncrypt.dll.BCryptOpenAlgorithmProvider
ncrypt.dll.BCryptGetProperty
ncrypt.dll.BCryptCreateHash
ncrypt.dll.BCryptHashData
ncrypt.dll.BCryptFinishHash
ncrypt.dll.BCryptDestroyHash
crypt32.dll.CertGetCertificateChain
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertStringSidToSidW
userenv.dll.RegisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
sechost.dll.QueryServiceConfigW
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyKey
cryptnet.dll.CryptRetrieveObjectByUrlW
cryptnet.dll.I_CryptNetGetConnectivity
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall2
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
nsi.dll.NsiAllocateAndGetTable
cfgmgr32.dll.CM_Open_Class_Key_ExW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
nsi.dll.NsiFreeTable
winhttp.dll.WinHttpGetProxyForUrl
winhttp.dll.WinHttpSendRequest
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
winhttp.dll.WinHttpQueryDataAvailable
ws2_32.dll.#22
winhttp.dll.WinHttpReadData
ws2_32.dll.#3
cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo
setupapi.dll.SetupIterateCabinetW
kernel32.dll.RegCloseKey
cabinet.dll.#20
cabinet.dll.#22
cabinet.dll.#23
sechost.dll.QueryServiceConfigA
rpcrt4.dll.RpcStringBindingComposeA
rpcrt4.dll.RpcBindingFromStringBindingA
rpcrt4.dll.RpcEpResolveBinding
rpcrt4.dll.RpcStringFreeA
rpcrt4.dll.RpcBindingFree
crypt32.dll.CertVerifyCertificateChainPolicy
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertDuplicateCertificateContext
crypt32.dll.CertFreeCertificateContext
ole32.dll.CoInitializeSecurity
wmisvc.dll.ServiceMain
advapi32.dll.EventWrite
vssapi.dll.CreateWriter
oleaut32.dll.#6
oleaut32.dll.#2
advapi32.dll.LookupAccountNameW
samcli.dll.NetLocalGroupGetMembers
samlib.dll.SamConnect
rpcrt4.dll.NdrClientCall3
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcStringFreeW
samlib.dll.SamOpenDomain
samlib.dll.SamLookupNamesInDomain
samlib.dll.SamOpenAlias
samlib.dll.SamFreeMemory
samlib.dll.SamCloseHandle
samlib.dll.SamGetMembersInAlias
netutils.dll.NetApiBufferFree
samlib.dll.SamEnumerateDomainsInSamServer
samlib.dll.SamLookupDomainInSamServer
ole32.dll.StringFromCLSID
oleaut32.dll.#4
oleaut32.dll.#7
propsys.dll.VariantToPropVariant
wbemcore.dll.Reinitialize
wbemsvc.dll.DllGetClassObject
wbemsvc.dll.DllCanUnloadNow
authz.dll.AuthzInitializeContextFromToken
authz.dll.AuthzInitializeObjectAccessAuditEvent2
authz.dll.AuthzAccessCheck
authz.dll.AuthzFreeAuditEvent
authz.dll.AuthzFreeContext
authz.dll.AuthzInitializeResourceManager
authz.dll.AuthzFreeResourceManager
rpcrt4.dll.RpcBindingCreateW
rpcrt4.dll.RpcBindingBind
rpcrt4.dll.I_RpcMapWin32Status
advapi32.dll.EventActivityIdControl
advapi32.dll.EventWriteTransfer
advapi32.dll.EventEnabled
kernel32.dll.RegSetValueExW
kernel32.dll.RegQueryValueExW
wmisvc.dll.IsImproperShutdownDetected
wevtapi.dll.EvtRender
wevtapi.dll.EvtNext
wevtapi.dll.EvtClose
wevtapi.dll.EvtQuery
wevtapi.dll.EvtCreateRenderContext
rpcrt4.dll.RpcBindingSetOption
ole32.dll.CoCreateFreeThreadedMarshaler
ole32.dll.CreateStreamOnHGlobal
kernelbase.dll.InitializeAcl
kernelbase.dll.AddAce
kernel32.dll.OpenProcessToken
kernelbase.dll.GetTokenInformation
kernelbase.dll.DuplicateTokenEx
kernelbase.dll.AdjustTokenPrivileges
kernel32.dll.SetThreadToken
kernelbase.dll.CheckTokenMembership
kernelbase.dll.AllocateAndInitializeSid
oleaut32.dll.#285
advapi32.dll.RegOpenKeyW
oleaut32.dll.#286
ole32.dll.CLSIDFromString
oleaut32.dll.#17
oleaut32.dll.#20
oleaut32.dll.#19
oleaut32.dll.#25
authz.dll.AuthzInitializeContextFromSid
ole32.dll.CoGetCallContext
ole32.dll.CoImpersonateClient
ole32.dll.CoRevertToSelf
oleaut32.dll.#8
ole32.dll.CoSwitchCallContext
oleaut32.dll.#12
sspicli.dll.LogonUserExExW
oleaut32.dll.#287
oleaut32.dll.#288
oleaut32.dll.#289
w32time.dll.SvchostEntry_W32Time
w32time.dll.SvchostPushServiceGlobals
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
ws2_32.dll.#115
ws2_32.dll.#111
dsrole.dll.DsRoleGetPrimaryDomainInformation
dsrole.dll.DsRoleFreeMemory
sspicli.dll.LsaRegisterPolicyChangeNotification
w32time.dll.TimeProvClose
w32time.dll.TimeProvCommand
w32time.dll.TimeProvOpen
ws2_32.dll.getaddrinfo
ws2_32.dll.freeaddrinfo
ws2_32.dll.#23
vmictimeprovider.dll.TimeProvClose
vmictimeprovider.dll.TimeProvCommand
vmictimeprovider.dll.TimeProvOpen
ws2_32.dll.WSAAddressToStringW
ws2_32.dll.#20
sspicli.dll.LsaUnregisterPolicyChangeNotification
userenv.dll.UnregisterGPNotification
gpapi.dll.UnregisterGPNotificationInternal
wersvc.dll.ServiceMain
wersvc.dll.SvchostPushServiceGlobals
advapi32.dll.RegGetValueW
faultrep.dll.WerpInitiateCrashReporting
wer.dll.WerpCreateMachineStore
shell32.dll.SHGetFolderPathEx
ole32.dll.StringFromGUID2
profapi.dll.#104
wer.dll.WerpSvcReportFromMachineQueue
advapi32.dll.DuplicateToken
advapi32.dll.CheckTokenMembership
winsta.dll.WinStationQueryInformationW
advapi32.dll.CreateWellKnownSid
advapi32.dll.ImpersonateLoggedOnUser
advapi32.dll.CreateProcessAsUserW
advapi32.dll.RevertToSelf
imm32.dll.ImmDisableIME
advapi32.dll.I_QueryTagInformation
wer.dll.WerpCreateIntegratorReportId
wer.dll.WerReportCreate
wer.dll.WerpSetIntegratorReportId
wer.dll.WerReportSetParameter
dbgeng.dll.DebugCreate
ntdll.dll.CsrGetProcessId
ntdll.dll.DbgBreakPoint
ntdll.dll.DbgPrint
ntdll.dll.DbgPrompt
ntdll.dll.DbgUiConvertStateChangeStructure
ntdll.dll.DbgUiGetThreadDebugObject
ntdll.dll.DbgUiIssueRemoteBreakin
ntdll.dll.DbgUiSetThreadDebugObject
ntdll.dll.NtAllocateVirtualMemory
ntdll.dll.NtClose
ntdll.dll.NtCreateDebugObject
ntdll.dll.NtCreateFile
ntdll.dll.NtDebugActiveProcess
ntdll.dll.NtDebugContinue
ntdll.dll.NtFreeVirtualMemory
ntdll.dll.NtOpenProcess
ntdll.dll.NtOpenThread
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtQueryInformationThread
ntdll.dll.NtQueryMutant
ntdll.dll.NtQueryObject
ntdll.dll.NtQuerySystemInformation
ntdll.dll.NtRemoveProcessDebug
ntdll.dll.NtResumeThread
ntdll.dll.NtSetInformationDebugObject
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtSystemDebugControl
ntdll.dll.NtWaitForDebugEvent
ntdll.dll.RtlAnsiStringToUnicodeString
ntdll.dll.RtlCreateProcessParameters
ntdll.dll.RtlCreateUserProcess
ntdll.dll.RtlDestroyProcessParameters
ntdll.dll.RtlDosPathNameToNtPathName_U
ntdll.dll.RtlFindMessage
ntdll.dll.RtlFreeHeap
ntdll.dll.RtlFreeUnicodeString
ntdll.dll.RtlGetFunctionTableListHead
ntdll.dll.RtlGetUnloadEventTrace
ntdll.dll.RtlGetUnloadEventTraceEx
ntdll.dll.RtlInitAnsiString
ntdll.dll.RtlInitUnicodeString
ntdll.dll.RtlTryEnterCriticalSection
ntdll.dll.RtlUnicodeStringToAnsiString
ntdll.dll.NtOpenProcessToken
ntdll.dll.NtOpenThreadToken
ntdll.dll.NtQueryInformationToken
kernel32.dll.CloseProfileUserMapping
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.DebugActiveProcessStop
kernel32.dll.DebugBreak
kernel32.dll.DebugBreakProcess
kernel32.dll.DebugSetProcessKillOnExit
kernel32.dll.Module32First
kernel32.dll.Module32FirstW
kernel32.dll.Module32Next
kernel32.dll.Module32NextW
kernel32.dll.OpenThread
kernel32.dll.Process32First
kernel32.dll.Process32FirstW
kernel32.dll.Process32Next
kernel32.dll.Process32NextW
kernel32.dll.ProcessIdToSessionId
kernel32.dll.SetProcessShutdownParameters
kernel32.dll.Thread32First
kernel32.dll.Thread32Next
kernel32.dll.GetTimeZoneInformation
kernel32.dll.Wow64GetThreadSelectorEntry
advapi32.dll.CloseServiceHandle
advapi32.dll.ControlService
advapi32.dll.CreateServiceA
advapi32.dll.CreateServiceW
advapi32.dll.DeleteService
advapi32.dll.EnumServicesStatusExA
advapi32.dll.EnumServicesStatusExW
advapi32.dll.GetEventLogInformation
advapi32.dll.OpenSCManagerA
advapi32.dll.OpenSCManagerW
advapi32.dll.OpenServiceA
advapi32.dll.OpenServiceW
advapi32.dll.StartServiceA
advapi32.dll.StartServiceW
advapi32.dll.GetSidSubAuthority
advapi32.dll.GetSidSubAuthorityCount
version.dll.GetFileVersionInfoSizeExW
version.dll.GetFileVersionInfoExW
dbghelp.dll.WinDbgExtensionDllInit
dbghelp.dll.ExtensionApiVersion
wer.dll.WerpSetDynamicParameter
wer.dll.WerReportAddDump
wer.dll.WerpSetCallBack
wer.dll.WerReportSetUIOption
wer.dll.WerpAddRegisteredDataToReport
wer.dll.WerReportSubmit
user32.dll.CharUpperW
wer.dll.WerpAddAppCompatData
apphelp.dll.SdbGetFileAttributes
apphelp.dll.SdbFormatAttribute
apphelp.dll.SdbFreeFileAttributes
dbghelp.dll.MiniDumpWriteDump
kernel32.dll.GetLongPathNameA
kernel32.dll.GetLongPathNameW
kernel32.dll.GetProcessTimes
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegQueryValueExA
powrprof.dll.CallNtPowerInformation
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
verifier.dll.VerifierEnumerateResource
ntdll.dll.NtSuspendProcess
ntdll.dll.NtResumeProcess
advapi32.dll.QueryTraceW
advapi32.dll.IsValidSid
advapi32.dll.GetLengthSid
advapi32.dll.CopySid
advapi32.dll.AddAccessAllowedAceEx
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.RegisterEventSourceW
advapi32.dll.ReportEventW
advapi32.dll.DeregisterEventSource
wer.dll.WerpGetStoreLocation
wer.dll.WerpGetStoreType
wer.dll.WerReportCloseHandle
user32.dll.MsgWaitForMultipleObjects
wer.dll.WerpFreeString
ntmarta.dll.GetMartaExtensionInterface
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
oleaut32.dll.#290
wmi.dll.WmiQueryAllDataW
wmi.dll.WmiQuerySingleInstanceW
wmi.dll.WmiSetSingleItemW
wmi.dll.WmiSetSingleInstanceW
wmi.dll.WmiExecuteMethodW
wmi.dll.WmiNotificationRegistrationW
wmi.dll.WmiMofEnumerateResourcesW
wmi.dll.WmiFileHandleToInstanceNameW
wmi.dll.WmiDevInstToInstanceNameW
wmi.dll.WmiQueryGuidInformation
wmi.dll.WmiOpenBlock
wmi.dll.WmiCloseBlock
wmi.dll.WmiFreeBuffer
wmi.dll.WmiEnumerateGuids
devobj.dll.DevObjCreateDeviceInfoList
devobj.dll.DevObjGetClassDevs
devobj.dll.DevObjEnumDeviceInfo
devobj.dll.DevObjDestroyDeviceInfoList
setupapi.dll.CM_Open_DevNode_Key_Ex
devobj.dll.DevObjGetDeviceProperty
cfgmgr32.dll.CM_Connect_MachineA
cfgmgr32.dll.CM_Disconnect_Machine
cfgmgr32.dll.CM_Locate_DevNodeW
cfgmgr32.dll.CM_Get_DevNode_Registry_PropertyW
cfgmgr32.dll.CM_Get_Child
cfgmgr32.dll.CM_Get_Sibling
cfgmgr32.dll.CM_Get_DevNode_Status
cfgmgr32.dll.CM_Get_First_Log_Conf
cfgmgr32.dll.CM_Get_Next_Res_Des
cfgmgr32.dll.CM_Get_Res_Des_Data
cfgmgr32.dll.CM_Get_Res_Des_Data_Size
cfgmgr32.dll.CM_Free_Log_Conf_Handle
cfgmgr32.dll.CM_Free_Res_Des_Handle
cfgmgr32.dll.CM_Get_Device_IDA
cfgmgr32.dll.CM_Get_Device_ID_Size
cfgmgr32.dll.CM_Get_Parent
user32.dll.GetSystemMetrics
user32.dll.MonitorFromWindow
user32.dll.MonitorFromRect
user32.dll.MonitorFromPoint
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesW
user32.dll.GetMonitorInfoW
dxgi.dll.DXGIReportAdapterConfiguration
setupapi.dll.SetupDiGetClassDevsW
setupapi.dll.SetupDiEnumDeviceInterfaces
setupapi.dll.SetupDiGetDeviceInterfaceDetailW
setupapi.dll.SetupDiDestroyDeviceInfoList
gdi32.dll.D3DKMTOpenAdapterFromDeviceName
gdi32.dll.D3DKMTQueryAdapterInfo
gdi32.dll.D3DKMTGetDisplayModeList
gdi32.dll.D3DKMTCloseAdapter
wintrust.dll.WinVerifyTrust
winbrand.dll.BrandingLoadString
security.dll.InitSecurityInterfaceW
cryptsp.dll.SystemFunction035
ntdll.dll.NtSetSystemEnvironmentValue
ntdll.dll.NtQuerySystemEnvironmentValue
ntdll.dll.NtQueryDirectoryObject
ntdll.dll.NtOpenDirectoryObject
ntdll.dll.NtOpenFile
ntdll.dll.NtFsControlFile
ntdll.dll.NtQueryVolumeInformationFile
netapi32.dll.NetGroupEnum
netapi32.dll.NetGroupGetInfo
netapi32.dll.NetGroupSetInfo
netapi32.dll.NetLocalGroupGetInfo
netapi32.dll.NetLocalGroupSetInfo
netapi32.dll.NetGroupGetUsers
netapi32.dll.NetLocalGroupGetMembers
netapi32.dll.NetLocalGroupEnum
netapi32.dll.NetShareEnum
netapi32.dll.NetShareGetInfo
netapi32.dll.NetShareAdd
netapi32.dll.NetShareEnumSticky
netapi32.dll.NetShareSetInfo
netapi32.dll.NetShareDel
netapi32.dll.NetShareDelSticky
netapi32.dll.NetShareCheck
netapi32.dll.NetUserEnum
netapi32.dll.NetUserGetInfo
netapi32.dll.NetUserSetInfo
netapi32.dll.NetApiBufferFree
netapi32.dll.NetQueryDisplayInformation
netapi32.dll.NetServerSetInfo
netapi32.dll.NetServerGetInfo
netapi32.dll.NetGetDCName
netapi32.dll.NetWkstaGetInfo
netapi32.dll.NetGetAnyDCName
netapi32.dll.NetServerEnum
netapi32.dll.NetUserModalsGet
netapi32.dll.NetScheduleJobAdd
netapi32.dll.NetScheduleJobDel
netapi32.dll.NetScheduleJobEnum
netapi32.dll.NetScheduleJobGetInfo
netapi32.dll.NetUseGetInfo
netapi32.dll.NetEnumerateTrustedDomains
netapi32.dll.DsGetDcNameW
netapi32.dll.DsRoleGetPrimaryDomainInformation
netapi32.dll.DsRoleFreeMemory
netapi32.dll.NetRenameMachineInDomain
netapi32.dll.NetJoinDomain
netapi32.dll.NetUnjoinDomain
wkscli.dll.NetWkstaGetInfo
cscapi.dll.CscNetApiGetInterface
kernel32.dll.GetDiskFreeSpaceExW
kernel32.dll.GetVolumePathNameW
kernel32.dll.Heap32ListFirst
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetSystemDefaultUILanguage
oleaut32.dll.#15
oleaut32.dll.#26
user32.dll.GetProcessWindowStation
user32.dll.GetThreadDesktop
user32.dll.GetUserObjectInformationW
werui.dll.WerUICreate
werui.dll.WerUIStart
werui.dll.WerUITerminate
werui.dll.WerUIDelete
rpcrt4.dll.UuidFromStringW
radarrs.dll.WdiDiagnosticModuleMain
radarrs.dll.WdiHandleInstance
radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion
comctl32.dll.LoadIconWithScaleDown
ntdll.dll.RtlRunEncodeUnicodeString
ntdll.dll.RtlRunDecodeUnicodeString
duser.dll.InitGadgets

Execute Commands

C:\Windows\System32\schtasks.exe /create /tn WinInetDriver /tr C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe /sc minute /F
taskeng.exe {1E45F06B-E567-4C30-A524-CB4EE808D9E1} S-1-5-18:NT AUTHORITY\System:Service:
taskeng.exe {59D3986C-4060-4ED0-BE37-2566EE895729} S-1-5-21-1822907384-1282624486-319450072-1000:SEVEN03-PC\Seven01:Interactive:[1]
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\ProgramData\{d74bdb-f30dd0-463a-b09f9e005562}\hostdl.exe
"wmic" cpu get Name /format:list
"wmic" path win32_VideoController get name /format:list
"wmic" os get Caption /format:list
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\sc.exe start w32time task_started
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
C:\Windows\system32\WerFault.exe -u -p 2416 -s 288
"C:\Windows\system32\wermgr.exe" "-queuereporting_svc" "C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_91cb76e040d745347fa8ee794b9b2d7f4f5f9599_cab_0aa99ea5"

Started Services

AdobeFlashPlayerUpdateSvc
WerSvc
W32Time

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2018-08-05 11:33:04 2018-08-05 11:36:04 180

1 HTTP Request(s) detected

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • Hostname: www.download.windowsupdate.com
  • IP Address: 13.107.4.50
  • Port: 80
  • Count: 1

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86402
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

#infosec #automation

TheSystem Itself @ 2018-08-05 11:36:08