| File details Download PDF Report | |
|---|---|
| File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File size: | 400.16 KB (409760 bytes) |
| Compile time: | 2017-07-16 18:12:36 |
| MD5: | 18eedaa80fcd3df3fe531a55e3538a6f |
| SHA1: | 0dd01f9d25355e106a4bb99f5740e779c20c118d |
| SHA256: | b7e3848ef8e575f23eef4e92a48e667fad747c43dd9f8719473cfd876512540b |
| Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Sections 3 | .text��� .rsrc��� .reloc�� |
| Directories 4 | import resource relocation security |
| First submission: | 2018-04-30 15:21:03 |
| Last submission: | 2018-04-30 15:21:03 |
| Filename detected: |
- NOTE.exe (1) |
| URL file hosting |
|---|
hXXp://tentoepiskevi.gr/NOTE.exe |
| Antivirus Report | |||
|---|---|---|---|
| Report Date | Detection Ratio | Permalink | Update |
| 2018-04-29 06:50:24 | [43/67] | |
|
| PE Sections 3 suspicious | |||||
|---|---|---|---|---|---|
| Name | VAddress | VSize | Size | MD5 | SHA1 |
| .text��� | 0x2000 | 0x60474 | 394752 | f6e1e15a4c95dbba92a7f72af9af6833 | 5b6ad3a7f7adfa6eccf28d0bf55580437ceebbbb |
| .rsrc��� | 0x64000 | 0x2000 | 8192 | a3cb684cd3821f610de2a60279add986 | dbec65a74d6fbaf8325eab27553aa4cc0e8c83cd |
| .reloc�� | 0x66000 | 0xc | 512 | 78b3d2ba4d007a288361da1ac274b47c | 7e00b916a210fc7fc5bdb1486dc78cd52854aa8f |
| PE Resources | |||||
|---|---|---|---|---|---|
| Name | Offset | Size | Language | Sublanguage | Data |
| RT_VERSION | 0x64090 | 656 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
| RT_MANIFEST | 0x64330 | 490 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
- API Alert
- Anti Debug
| Meta Info | |
|---|---|
| LegalCopyright: | Copyright \xa9 2018 |
| Assembly Version: | 1.0.0.0 |
| InternalName: | grace.exe |
| FileVersion: | 1.0.0.0 |
| FileDescription: | grace |
| OriginalFilename: | grace.exe |
| Translation: | 0x0000 0x04b0 |
| ProductVersion: | 1.0.0.0 |
| ProductName: | grace |
| XOR | |
|---|---|
| No XOR informations found in this file. | |
| Signature | |
|---|---|
| MD5: | 21016ad5d55ff12e84262ea5e1bc1742 |
| SHA1: | 9aca9e93116799a3a96b7ae422509fc1dc0bd282 |
| Block Size: | 5792 |
| Virtual Address: | 403968 |
| Packer(s) | |
|---|---|
| Microsoft Visual C# / Basic .NET | |
| Microsoft Visual Studio .NET | |
| .NET executable | |
| Microsoft Visual C# v7.0 / Basic .NET | |
| File found | |
|---|---|
| FIle type: Library | |
| mscoree.dll | |
| IP Found | |
|---|---|
| No IP detected | |
| URL(s) | |
|---|---|
| http://crl.thawte.com/ThawtePCA.crl0 | |
| http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( | |
| http://crl.thawte.com/ThawteTimestampingCA.crl0 | |
| http://cs-g2-crl.thawte.com/ThawteCSG2.crl0 | |
| http://www.bitvise.com/ | |
| http://ocsp.thawte.com0 | |
| http://ts-ocsp.ws.symantec.com07 | |
| http://ts-aia.ws.symantec.com/tss-ca-g2.cer0< | |
36e95594-7cd4-3f0
36e95594-7cd4-3f1
36e95594-7cd4-3f2
36e95594-7cd4-3f3
36e95594-7cd4-3f4
36e95594-7cd4-3f5
36e95594-7cd4-3f6
36e95594-7cd4-3f7
36e95594-7cd4-3f8
36e95594-7cd4-3f9
36e95594-7cd4-3f12
36e95594-7cd4-3f13
36e95594-7cd4-3f10
36e95594-7cd4-3f11
36e95594-7cd4-3f16
36e95594-7cd4-3f17
36e95594-7cd4-3f14
36e95594-7cd4-3f15
36e95594-7cd4-3f18
36e95594-7cd4-3f19
36e95594-7cd4-3f279
36e95594-7cd4-3f278
"-#-$9%y&-'-
36e95594-7cd4-3f271
36e95594-7cd4-3f270
36e95594-7cd4-3f273
36e95594-7cd4-3f272
36e95594-7cd4-3f275
36e95594-7cd4-3f274
36e95594-7cd4-3f277
36e95594-7cd4-3f276
LegalCopyright
1.0.0.0
36e95594-7cd4-3f198
36e95594-7cd4-3f199
36e95594-7cd4-3f190
36e95594-7cd4-3f191
36e95594-7cd4-3f192
36e95594-7cd4-3f193
36e95594-7cd4-3f194
36e95594-7cd4-3f195
36e95594-7cd4-3f196
36e95594-7cd4-3f197
36e95594-7cd4-3f293
36e95594-7cd4-3f292
36e95594-7cd4-3f291
36e95594-7cd4-3f290
36e95594-7cd4-3f297
36e95594-7cd4-3f296
36e95594-7cd4-3f295
36e95594-7cd4-3f294
36e95594-7cd4-3f299
36e95594-7cd4-3f298
36e95594-7cd4-3f58
36e95594-7cd4-3f59
36e95594-7cd4-3f56
36e95594-7cd4-3f57
36e95594-7cd4-3f54
36e95594-7cd4-3f55
36e95594-7cd4-3f52
36e95594-7cd4-3f53
36e95594-7cd4-3f50
36e95594-7cd4-3f51
36e95594-7cd4-3f125
36e95594-7cd4-3f124
36e95594-7cd4-3f127
36e95594-7cd4-3f126
36e95594-7cd4-3f121
36e95594-7cd4-3f120
36e95594-7cd4-3f123
36e95594-7cd4-3f122
36e95594-7cd4-3f129
36e95594-7cd4-3f128
36e95594-7cd4-3f222
36e95594-7cd4-3f223
36e95594-7cd4-3f220
36e95594-7cd4-3f221
36e95594-7cd4-3f226
36e95594-7cd4-3f227
36e95594-7cd4-3f224
36e95594-7cd4-3f225
36e95594-7cd4-3f228
36e95594-7cd4-3f229
36e95594-7cd4-3f316
36e95594-7cd4-3f317
36e95594-7cd4-3f314
36e95594-7cd4-3f315
36e95594-7cd4-3f312
36e95594-7cd4-3f313
36e95594-7cd4-3f310
36e95594-7cd4-3f311
36e95594-7cd4-3f318
36e95594-7cd4-3f319
ProductVersion
OriginalFilename
36e95594-7cd4-3f161
36e95594-7cd4-3f160
36e95594-7cd4-3f163
36e95594-7cd4-3f162
36e95594-7cd4-3f165
36e95594-7cd4-3f164
36e95594-7cd4-3f167
36e95594-7cd4-3f166
36e95594-7cd4-3f169
36e95594-7cd4-3f168
grace.exe
e0f93458-d434-42f4-9da3-942e284b2802
36e95594-7cd4-3f98
36e95594-7cd4-3f99
36e95594-7cd4-3f92
36e95594-7cd4-3f93
36e95594-7cd4-3f90
36e95594-7cd4-3f91
36e95594-7cd4-3f96
36e95594-7cd4-3f97
36e95594-7cd4-3f94
36e95594-7cd4-3f95
36e95594-7cd4-3f149
36e95594-7cd4-3f148
36e95594-7cd4-3f147
36e95594-7cd4-3f146
36e95594-7cd4-3f268
36e95594-7cd4-3f269
36e95594-7cd4-3f266
36e95594-7cd4-3f267
36e95594-7cd4-3f264
36e95594-7cd4-3f265
36e95594-7cd4-3f262
36e95594-7cd4-3f263
36e95594-7cd4-3f260
36e95594-7cd4-3f261
36e95594-7cd4-3f219
36e95594-7cd4-3f218
Copyright
36e95594-7cd4-3f213
36e95594-7cd4-3f212
36e95594-7cd4-3f211
36e95594-7cd4-3f210
36e95594-7cd4-3f217
36e95594-7cd4-3f216
36e95594-7cd4-3f215
36e95594-7cd4-3f214
~Bitvise SSH Client, a full-featured, general-purpose SSH clien
36e95594-7cd4-3f280
36e95594-7cd4-3f281
36e95594-7cd4-3f282
36e95594-7cd4-3f283
36e95594-7cd4-3f284
36e95594-7cd4-3f285
36e95594-7cd4-3f329
36e95594-7cd4-3f328
36e95594-7cd4-3f327
36e95594-7cd4-3f326
36e95594-7cd4-3f325
36e95594-7cd4-3f324
36e95594-7cd4-3f323
36e95594-7cd4-3f322
36e95594-7cd4-3f321
36e95594-7cd4-3f320
InternalName
36e95594-7cd4-3f286
VS_VERSION_INFO
36e95594-7cd4-3f287
36e95594-7cd4-3f288
36e95594-7cd4-3f289
grace
36e95594-7cd4-3f49
36e95594-7cd4-3f48
36e95594-7cd4-3f45
36e95594-7cd4-3f44
36e95594-7cd4-3f47
36e95594-7cd4-3f46
36e95594-7cd4-3f41
36e95594-7cd4-3f40
36e95594-7cd4-3f43
36e95594-7cd4-3f42
36e95594-7cd4-3f138
36e95594-7cd4-3f139
36e95594-7cd4-3f132
36e95594-7cd4-3f133
36e95594-7cd4-3f130
36e95594-7cd4-3f131
36e95594-7cd4-3f136
36e95594-7cd4-3f137
36e95594-7cd4-3f134
36e95594-7cd4-3f135
36e95594-7cd4-3f257
36e95594-7cd4-3f256
36e95594-7cd4-3f255
36e95594-7cd4-3f254
36e95594-7cd4-3f253
36e95594-7cd4-3f252
36e95594-7cd4-3f251
36e95594-7cd4-3f250
36e95594-7cd4-3f259
36e95594-7cd4-3f258
a2da5c66-9002-d9
Translation
36e95594-7cd4-3f176
36e95594-7cd4-3f177
36e95594-7cd4-3f174
36e95594-7cd4-3f175
36e95594-7cd4-3f172
36e95594-7cd4-3f173
36e95594-7cd4-3f170
36e95594-7cd4-3f171
36e95594-7cd4-3f178
36e95594-7cd4-3f179
36e95594-7cd4-3f89
36e95594-7cd4-3f88
36e95594-7cd4-3f81
36e95594-7cd4-3f80
36e95594-7cd4-3f83
36e95594-7cd4-3f82
36e95594-7cd4-3f85
36e95594-7cd4-3f84
36e95594-7cd4-3f87
36e95594-7cd4-3f86
36e95594-7cd4-3f34
36e95594-7cd4-3f35
36e95594-7cd4-3f36
36e95594-7cd4-3f37
36e95594-7cd4-3f30
36e95594-7cd4-3f31
36e95594-7cd4-3f32
36e95594-7cd4-3f33
36e95594-7cd4-3f38
36e95594-7cd4-3f39
36e95594-7cd4-3f103
36e95594-7cd4-3f102
36e95594-7cd4-3f101
36e95594-7cd4-3f100
36e95594-7cd4-3f107
36e95594-7cd4-3f106
36e95594-7cd4-3f105
36e95594-7cd4-3f104
36e95594-7cd4-3f109
36e95594-7cd4-3f108
ProductName
36e95594-7cd4-3f208
36e95594-7cd4-3f209
36e95594-7cd4-3f200
36e95594-7cd4-3f201
36e95594-7cd4-3f202
36e95594-7cd4-3f203
36e95594-7cd4-3f204
36e95594-7cd4-3f205
36e95594-7cd4-3f206
36e95594-7cd4-3f207
2018
36e95594-7cd4-3f334
36e95594-7cd4-3f335
36e95594-7cd4-3f336
36e95594-7cd4-3f330
36e95594-7cd4-3f331
36e95594-7cd4-3f332
36e95594-7cd4-3f333
FileVersion
36e95594-7cd4-3f70
36e95594-7cd4-3f71
36e95594-7cd4-3f72
36e95594-7cd4-3f73
36e95594-7cd4-3f74
36e95594-7cd4-3f75
36e95594-7cd4-3f76
36e95594-7cd4-3f77
36e95594-7cd4-3f78
36e95594-7cd4-3f79
36e95594-7cd4-3f145
36e95594-7cd4-3f144
36e95594-7cd4-3f143
36e95594-7cd4-3f142
36e95594-7cd4-3f141
36e95594-7cd4-3f140
000004b0
FileDescription
36e95594-7cd4-3f244
36e95594-7cd4-3f245
36e95594-7cd4-3f246
36e95594-7cd4-3f247
36e95594-7cd4-3f240
36e95594-7cd4-3f241
36e95594-7cd4-3f242
36e95594-7cd4-3f243
36e95594-7cd4-3f248
36e95594-7cd4-3f249
36e95594-7cd4-3f189
36e95594-7cd4-3f188
36e95594-7cd4-3f183
36e95594-7cd4-3f182
36e95594-7cd4-3f181
36e95594-7cd4-3f180
36e95594-7cd4-3f187
36e95594-7cd4-3f186
36e95594-7cd4-3f185
36e95594-7cd4-3f184
36e95594-7cd4-3f152
36e95594-7cd4-3f29
36e95594-7cd4-3f28
36e95594-7cd4-3f153
36e95594-7cd4-3f23
36e95594-7cd4-3f22
36e95594-7cd4-3f21
36e95594-7cd4-3f20
36e95594-7cd4-3f27
36e95594-7cd4-3f26
36e95594-7cd4-3f25
36e95594-7cd4-3f24
36e95594-7cd4-3f110
36e95594-7cd4-3f111
36e95594-7cd4-3f112
36e95594-7cd4-3f113
36e95594-7cd4-3f114
36e95594-7cd4-3f115
36e95594-7cd4-3f116
36e95594-7cd4-3f117
36e95594-7cd4-3f118
36e95594-7cd4-3f119
VarFileInfo
36e95594-7cd4-3f239
36e95594-7cd4-3f238
36e95594-7cd4-3f235
36e95594-7cd4-3f234
36e95594-7cd4-3f237
36e95594-7cd4-3f236
36e95594-7cd4-3f231
36e95594-7cd4-3f230
36e95594-7cd4-3f233
36e95594-7cd4-3f232
Assembly Version
36e95594-7cd4-3f301
36e95594-7cd4-3f300
-=Uw
36e95594-7cd4-3f302
36e95594-7cd4-3f305
36e95594-7cd4-3f304
36e95594-7cd4-3f307
36e95594-7cd4-3f306
36e95594-7cd4-3f309
36e95594-7cd4-3f308
StringFileInfo
36e95594-7cd4-3f158
36e95594-7cd4-3f303
36e95594-7cd4-3f159
36e95594-7cd4-3f67
36e95594-7cd4-3f66
36e95594-7cd4-3f65
36e95594-7cd4-3f64
36e95594-7cd4-3f63
36e95594-7cd4-3f62
36e95594-7cd4-3f61
36e95594-7cd4-3f60
36e95594-7cd4-3f154
36e95594-7cd4-3f155
36e95594-7cd4-3f156
36e95594-7cd4-3f157
36e95594-7cd4-3f150
36e95594-7cd4-3f151
36e95594-7cd4-3f69
36e95594-7cd4-3f68
Gu"0Yy
/]#~
(GZ5
Uu*0
wu+02z
t*"C
MuJ0jy
7{cC
itMq|
$0/~
mCf
[.x q`
e;ygl
9guJs
Fu\0uy
`$&T
o=lf
u{0]y
set_ErrorImage
iuv0
PNG
Y kM
Qzb
B 2!
t; ER
AgLG]
3,0g
1UL,
Sq:9/
s`P
f1 |
Char
1 =V
muR0Ky
bpYgOB
kWT~;o
!?~ _
=}YW
Z7w1
pu>00y7G
i&nK.
59@)t
vup0]y
6Ng|
c`"pu8
|
0<}
```0``
6pz1"
+X _
^_QA
-P >
8:qzE=
cup0]y
```pa`X
9,h
7p9j
UMRb
\^&;?
EPl>r
=jraJW
h0+/
WZ@@
v7Rw
6uk0
FCfmhk
dP}'
7\EH:
<PrivateImplementationDetails>
k}fM
4iSa
Gq6I
?r|a
p|Vt
1eH=
a[Pk
2+vM
)3hC
Ubp<
:7sc
: UO
U6e}
Ac!R
dihg
qYYF
zup0uy
bx A|hHM
]}BV9
`\{,
&wd
q9z*
w,08y>E|
W =e
r|Oq
z^ Kc
&}Xp
Ni=w
RLzH
v B 2
iY[F
Wq 6
>sWd<
3N%^
{uy0ay
~_:(.9
#;<Z
srZyZ
v6|^T
0~y9G7
'U(Y
6iY*
$En|
?u$0qy
4;l^Ec
r <1
|6|^F
```pg`x
I123
PPNZ
EucB
2uWU^
&h~N
0rPZ|&
J:Ji
sJ2 y[Af
`KE-
&(F?P)i
9gB]
8u"0Ky
|u\0Uy
A2^7:7
```pg`X
System.IO.Compression
V_A
gJX/p
\uu0
GXuC-
!e!C_
luV0
B3<Ctr
#=8v
BuV0}y
OhTv6%~"
;**0
<uI0Ay
RuntimeFieldHandle
YZNz
uD'Qn
?ud0ty
T|kw,a
System.Security
```p``8
T;Pez[
;ia-
Gibraltar1
g\;
l-5u
;%mk
)ucB
`uc0
Ovwysx7!&g
GetData
D*F|
mscorlib
7uy0
ctT
>u"0ey
3v=Jz
Ej^d
e;@2y
z>:l
Application
02y&O
8X }q-?kC0
2qTj
8pjc
```(g`p?
Yu^0}y
}BPo
;uy0Gy
hu#0by
v'B 2
[uy0
huU0cy
|02sg!?
mu,%
PI0gy
Bug0Qy
N`P
9Q;/
Fbmf
```Ha`P
g!|[W
9`P
ku`UF&
XBOf$
65*%A
-RoT
Write
S S
EnableVisualStyles
Wf-
wXxN
>A!X
ce!9
<gP
7! S
:pUn "}
AU=bd
0"yGCl
x.!c
guY0
4%n^O2
u`0xy
f. q
Y B:?
ssjp
5Yi!<
HT_8
`M%Lt
40W/
)U+t
e?z
? 5^*
Gu 0Xy
Pp \t
kG.n
y ?
vuv0dy
l8.cY4
v^Fy
v2.0.50727
`|-_
d<YhO
K K9
mu|0Gy
}u`UF&
7uB0Fy
j``T
0<ytG
FF1fRy]
Fu#0
/QXh
2ugb
gniTz
AppDomain
u0wg0
HRB=%$2
8zX^
&*8w
}gSx
@uW0@y
0VN
o]m O
*|J0zn
iL U
9ue&
I-Yg
CC/r
g.2<
-Z}5
Hu\0by
22y N
_2y6F
-3e]W
```(f`x
KtL04y4F`
ac:AhcV
Image
`u%0 y
]$.0C
%f 9
vB27
RDF
Lj2L
-U`DS
"R#/
xZ(9
NK>8A
p[26
6|p7
```Hd`HY
- Sr
vua0[y
k;@2y
```0a`
dua0~y
MemberInfo
7I$y
6(#m
Mw|1_y
,]]f
`0E+
^uJ0py
kJ9o
ToByte
4:Q`G?
URwT8
V1lo
uj0Ime@F
],
gu`XW
LuJ0
Ogy15
{*_U\
OO >
2uQbcD
u 0/y
W^n{
<ovr
P%"W
MeU
AC[R
<uk0ey
T"&?-
c`p
Krk5
M=_8
]"/vf
KuQ0Ay
NV6W
&&w\
V,Im(:}
fKe3
m|`h
C<n7
(02}
^?ss
Xu<0uy
"iSW
nmaH\+
mL04y
{o{|j
uz22y
CC L
Guu0Yy
zuk0ky
G<CI
zMI
03y'`?
W&N6
01yqF?
````e`
$44ffbd77-61e8-48c2-97b7-0422ebb7027d
<f 8
<}F]
{uw0Sy
get_Controls
sbY-
@8 '
u"ul
sRJ^N
}Gs4
_\b?
```hf`x3
Type
|Rs#:
l|%B
z$?4yVH`
Ku{0qy
4CCx
.;sC
~G/5Z
dfcX
fHO
a 67x
wb{~
v3$3
HuR0|y
r1Wn*
0ta
Yqf2{
gW]4
:=*}
Nu 0
SvF@
j2wu(
Y"[$.j
|gmv
a}jE
.Y500p
~`P
Plo
n/3!f;
,qHe2
!u80{}
Vu~0jy
h[Z]S
7 +
JuP7h5
Ig/5
{]c<;
sm52y
z^Wy
bu%0ky
~uv0ky
KuG0Uy
|ON!
&TGKK
U-<i
=u}0by
gUAy
6u 0_y
01yqFM
n53Q
lkr:l
f}+k
zuT0Yy
lu^0Py
e_H'
c*<_
%c;\
-to!
_A]W
4jV L
o5F8:
LPg`8
#]w/_
String
:p@@}
[G()
{S3o
^u^0qy
uR02y
"iVZ
3 U\
u<1[y
ay [
;>))
&Lv5))V
>VF.%n
}.SP
,dchL
09y"F?
'K c
JIDAT(Sc``
duw0Wy
FuPWp
=6<J
/c~~W
2R.T
PWjx"$6
|"~/
i9,S29
Rg_T4
c`Lv_
ua0!y
fu|0\y
2u'b
0f C
G<{#
he,y
,~;n(fo
[ Y2
.O/\
http://ocsp.thawte.com0
E02s
uoJm#
_CorExeMain
'.dy
C b~U
nu_0qy
/+_r|
2uV^G
v1Dy
o3u
3v_X
7uK02y
bo10au
=sNL
0@ucN
DB1e
_QB\G
set_SizeMode
C()i
d00\
]BWqy\wr
xuq0Ey
X
u+02
#7ts
q;42y
J^edq
qeBd
etWV)){r
vs]
84s5
=7;0
```Hf`8":Svi
6uJ0Ay
!FVe
/M6*
5[C'
{U@-
buD0Zy
26]g
j G_Y
=uv0Zy
uG0
Z,<R
.text
ZY0
Lu|0_y
^_vU~/
F70p
<dO-WPC
nu 0Dy
}b`X
C9"<
-%I&
6HBPY
VuX0zy
&J6k
:ua0cy
7KylS
Fuj0Py
x #*
%7aw
m,08y
sHjq
))A`
Convert
Lu]0\y
_-J
^EOz
05y"F?
8>krU
RjePqb
System.Configuration
>u[0Sy
eu]0
Do vp
0r0^1 0
ComponentResourceManager
MarshalByRefObject
g0e0*
0H\7
c 9D
ePq~
x<B.f
:ub=
nup__
b?aY
aQ_y
n|w5J
HyKMo>
(#Ee'
huj0By
6kj{
:zFG
[ue0
PerformLayout
```Pa`
Rg+sV
X;WR
{"rYF1
^`x9
}a>2
YuG0
KuP0by
t rqD=X
j ]Q_
LuP0wy
.;9JU
1PaXUT
Z;?*
FOfQL
vQVy
ekzw
)nM
2up]Vy
d[kZ)dGb
ONg8
u< t
z_dy
Console
02y?G?
e^ v
R8;s ;
p a]?
zy6^")=
gqCb!=
Fw3 ?
ip8m
F:=s]
)2n"sLOd
dT)
0ItmG
)t_U
q310w
t@hV
~fEC&
g_w]"
oms=5
jux0_y
1O;LG
vQV*
cu*0wy
) k);"
.M0c
@0[.
:cby8 F
wkSp/r
t@0}y
````g`(
Vh*10
/U3 @
oUw56HM=
wuv0Ey
qg ?
Bw%?
}o &
Zgp>
w]mq
jKb=E
Y "02}
xpT9
r*Y)
`.rsrc
4.0.0.0
juV^G
L$ k
mH3)
\qn
]#02s
{dJ`
,|~ls
~G\Zi
09f^
b=lkn
:ut6
get_Default
RP t
:?oH2<
G)NmE
< 7N7
=:t0t6t
]XQ?
4 {9
huA0|y
MVWZ
AuR0Dy
E\uu
El c]!d
xu'0ky
VY7s
N `
A@PK
w!mg+
D P)T
: Gc)Pb
cAnc
[yR[6
u 02h
{ud0]y
3e=
0^1 0
9GqZ
Thawte Code Signing CA - G2
l`P
1TUO^]u
Form
`uE(
;k
E<b0
X h
ws\Y
'Symantec Time Stamping Services CA - G2
L
Ss0xY
GetTypeFromHandle
ColorDialog
```(``
q<1
```0b`
g::2x
du}
xtVW
?cXT
7uT0Vy
|=x5
Zmf0
1Gv
-<\;
!?6h2
k-j^g
\s+@|
buF0sy
zswx%&
@uW0ey
wu'0^y
`yRd
[MrKF-
OU~+
121221000000Z
/Jeg
|ft6
PVl+
```pf`X
~ D
&*8j
"#pG
>A.X
X*6r
\aD\
O~1*
FormClosedEventHandler
W)*,/4,
,w:Se
gup0fy
Muw0cy
@uw0ay
LxN]
w$.0u+
Q2wp_
Ddq54y
*nBq
r<>
-=509.>7
/ oo
\jx8RvJ
TimeStamp-2048-20
Thawte Timestamping CA0
_\nf
Symantec Corporation100.
9=kYM
l |YmM
]<^h
Auj0Wy
[uC0sy
A?5sK
Durbanville1
(6
H--)
UUM!
9X5/
#~m 2y
cub0\y
'400|
nT t
FormClosingEventHandler
nFp '
B 21
?R4h
{u'0By
O*11X
D|7|
uv0Gy
Z^FJ
|BYW
W {o
/NgW
&w,0
Lu_0Wy
BtJ02y
H`P
ULxzl
wuB0Fy
]+#%
=y\
```Ha`
O^XxZ
xM$
2ukr
K#Q2
+=KE;
}33/|
APDZ
{'vCW
SettingsBase
.a8m
_`&4
>u'0ty
F.i
K"/ %
n \@l>
Nu*0Xy
~n9
"Um=2y
qUU_
L>(y
]u 02
ju80]y
set_AutoScaleDimensions
_ GmC
4}1e
HEq.
>NW|
ICustomAttributeProvider
5s{wG
Fy\
&*8Q
lAtE8
lV7d
whf"
3|2R,
get_Assembly
kz8w
;- \i
h#$q
?o[.
^OC?y
VRC(9
\)z'bB[
EuG0jy
System.Windows.Forms
pOp;
=|\|^
Iuz0@y
S#UW
mv91
ku'0}y
>u/00x
uAzm
_ ~r&G
r2uJpFV
}Zn2
&*8Y
Tz/#
^> 6
MM0u;
Y{|Vg
pa^?
7^vI``
m5]{
>oI9
ju'0[y
# ;G
t=aj
AGa)
0B+?
2kyHU
Q9V3
W4}cN
I&Q^
z+vW W\Y
%'50
7uF0ty
t{3l
x9Q^
RuntimeTypeHandle
6:k.
h'vCG
grace.Properties
Guf0Yy
~a0>x
```pa`
```(d`p
;A'Mq
iR']
X1 O%
uV;u
tCn
u}12y
v]2>
UaL04y
uS0My
Of^
2u_XcD
Y 8J
```pd`X;3
200207235959Z0J1 0
-Z-=8Y
^\1j
r[~"
$u'0Gy
%02x
Y0'-:
% (=
>.1>z
;Rvo
rF6i
.v f
&*8)
vu|0Dy
e`Wk
&*8W
gCG]D4
L/)sA
W2
>=|t
```ha`
e&EOu
&*8D
IHDR
&*8F
bB6
{iUow
4hW9
System.Globalization
AuI0
&*8t
nL
&*8v
```(e`xV2aQJS
FuE0
&*8q
&*8s
&*8}
ymW}x
VbkK
aHt4
Ay |
lu|0Xy
/X_AR
:$cE
,&c3
r$S2
}j2EobOF
)n;s
`f^\
46]S
Wh Z
AMAJo
-N*vn
```(a`X9w
A \[
```(a`
EventArgs
E&Mv
q=0!y
K,V]Zzj
F6":
j`THv
z'^ 2
CuZ0^y
a`pK~
#VE
X[`R
Control
```0c`
'cfSH
(*"Z
02y$OI
& -2
Gu@0cy
u~00y
:$cH$
y/G
4+int
/'^T
piKW
Fu}0
pR1Vi
qK.N
LIDAT(Sc``
sa)b,
D?-FK
get_Name
02y$O)
TfbF
b '
@UD=
3(_*
F02s
jV0{y
&`Q?
wu#0
::
m"S>
|aP.:
H)`@-c
5n]
=NoR
D >So
E^?~
#Strings
vP9+
xmnLm
#_=>
System.Collections
8;r
f`0<
4?k N
m+1@y
Evidence
p~s_
zq:C
Obt;
PWW\
DTSb
Mgf
Z^r{
gS?Y
0<!P
u:M!
F;gT
Ra> 1
2oNW
u 0*y
`uI0Gy
8.:o
q1KN
J%kU>&
r[#Y
````g`
LO6
SuspendLayout
ysFu
1~b7
WuW0Yy
uu@0~y
zN3$U
[ua0Py
IQ0m
bu]0gy
```Hb`
3lOm{
^II~
21mIAm
}^~d
7MEC
R^O :
20x1c?
Dtiw,pS
O SL
f#Fl
]S02
set_Location
get_EntryPoint
3,;V
vTH{
ig_'
!aQ\
BeginInit
LnQS6
'|*^\
a{0*L v*
06Q|G?
zq [
[u`0~y
h!mm
<u|0Fy
R=hz
7=^f
8_U:Z
fuZ0^y
h6<!
]102s
J{4r
9ux0sy
@!97
5*D b
qrUS
E1D
3 Gxz
Vu<0
cua0Cy
0t7~
tq30D
IIDAT(Sc``
m) D
c,%4yAQ
DateTimePicker
!8UF
6$rEe
^uu0\y
K\^@(u%
1hFZ.4r
9u<0Hy
Dud0`y
OHIJ Hh~
+@ E
|'vQVy
ImO
k_g(
YIVj
Mu*0
ssqhVl
mk6I
]3Fj]
5iN53
0FsfE?
Bu`H
| ` `C
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
h~ u
"aQB7
c`X~
mU _
J`P
NwR1
CsrO
^{e+7b/
a]S
7ucB\@
```P``pj
B1,y
;z2y
d02s
qvE[
T3S7
L<3;
~Liny
uNI?
? \x9c
6!6n
qzE=
V:ll
3j2_
130126000000Z
Array
n\(e
}sSx
fTm;
b07x
Llk{
-`29
9VWf6
P5!PEg"2
S%eeL
~Smj
Z/kz+%
M[?
*\GS
[~lQ
^p
|c}8
06y A?
f}ec8a
ICollection
glan
~RW
g=/A,-
DJnt
DUo
8u}0Cy
```hb`
-<)E
euT0ky
MvV|3U
E1X,
Me8m
Thawte Certification1
eo=j
w=w?dz
ContainsKey
ju"0\y
|B2*
@uY0Cy
}1Vw
74<r:
mr2g
8}VO<
:uV0uy
0b9
^0<h
vB2*
v&02x
:/-}
BLs6
r"EChn!o
u#0:y
~O4<
rVv9
h %0
^ 2H
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
/7~s
Gk5c
Vw,f4
1NV0
%\rJ
W}=}S
5,.m~U#
dqs)9G
System.Runtime.InteropServices
8v]]
mu^0@y
p0ua
}up0fy
E O2q_
muK0Uy
hu}0Ey
WHP0
uK;s
uQ0{y
_=HX
h&gX
O Z_l<
RuntimeCompatibilityAttribute
CuG0
`0`7
R<L+}
PN +#
HYkeU2
H`Cv
FH{.
)@h9
W#/z
==?s
08n:
a=rCZy
```Pc`
0;ySG$
40200
ra!2y
g&"<y,U
'8*)
Yur0@y
D0&~
=NnF
Label
uF5P|
3 ]S
R'x=
<4y,J
;Y+'
^UiW
U(-\
0|7<
"?|B
z7oN
$mv|
]C%>^ q
_~2
( (02}
6u1s
=ug0by
uE0jy
u__Q
9
`Uk]^
9W0<
S<4_x
X$7e
vtb02y
m'\
]:pfm
r; 2y
S=\6
UuK0
J&ud<O
KJvc'_
&]R^
e8]I
Sb5#:
mY7EI
uN02y
~uy0_y
AvLo
>5o
Q= r
nu*0hy
8h
T-}2
8=Y
:nU%
Lx[L
da=*
O{ml
3r<
G_r{P
Xu]0vy
+(~'
YF{L
y(nB
EFAn
](02s
p#hn
) Oc
V|Wp`
pJg=
RxjG
Sag
Cuc0|y
i9(F
@u*0|y
@5~m
G?%Z
bn %
gLlB
&Enb`(
!u#0
!r'
;(=P
g (/q
InitializeArray
r]2?
][U7
7, ?I
/MO9#8
>:?]
D2-,x
{{UC
#`P
a_~q
&wbgH
Fu55
pU0V7
i$1t
MethodBase
>uR0
{c =
K7V793
v|t;
iq @
auu0]y
pL,/
swH]
Default
DuY0]y
gU28
Zut0by
RK8g
YVhv
?QT*Z
u903y
`uP0
.}d_
```0d`
nWq^2?
tUV?
j#%1
;u}0wy
?Q s>'n8
- ;>
kn-g8
f&k*
z\R$
RW0p_g
z*Fh
jKNT_Tj
/=.re
Ft!1d
';`!
}"3#l
/zS5ky
$c'1
gnf`
02y&G
[uYU
ResumeLayout
yE F
hCA-
jazehMZ
OVCG
&e\Y
"Wqu
A|oj
`i&j
9o Td
[F_~,m
zwLa
OL1p
Vd4Ot
wu\)
ValueType
cugBS
{"O
mRk
{&X}
set_TabStop
;7;O
m}q+
` gC
HJjV5G+
e&,V
,gOL
Y/jm
Buc0fy
```Pc`h
yr 'T
\({
]8Xk
jue0
!dIHB
G!;}N@
A]9;
m)m(
pQ%l
GraB
E`P
kNe<
201229235959Z0b1 0
axhp6
;Z2y
n5R\S
T ~,S1C=b
's&#S
:mh
5Srh
x8)?
zn[
KVf$
Buq0
=Fv6u
y- S
Thawte1
yub0cy
System.Drawing
@ oAB
&}gbm^r*
M`P
xPdi
nuF0ay
S\n"Kq
T\/~
q;52y
T8KcJ
:uQ0^y
04o;s?
?'1
I=c\P
gUV<
Dux0Wy
N^*30x+z
<)d9
WK[2
pUAy
@X@yS1
Juk0Ky
P6|Bw
{6q}q
duV0xy
"NY
[ cU2
&oZ:;=|S*C
`uw0|y
guk0
)*2p%
07\m}
-VS_
sqq_S%
06Q~G?
2~`L
c{lK
7^A
eu<0Zy
V"~36i
1~(#&#
uAxh
3oS[
9%N&
G~%e
d`HR
ToString
w$.0e+
a/N|X
http://www.bitvise.com/ 0
wQ[;g&C6
0~sfE?
u"0 y
{F!0U
9uX0Qy
B'f,
DY\`HV
Fc1I
_-{)
e.CHs
t'}
gu!0]y
C 5}zmg9
^Q9:
Uu 0zy
}KT`fMY15
35=U
FormClosedEventArgs
/xJU=p
#?oA
9uk0Ay
J^_P
rBK+
@S&R
!;1#
. S
rBK.
^Qs9d^
8-C4
Lu{0~y
ju[0
3V&<
```x
ILx$StD
]lPsU
W=~b
h}lH
a# +
" V3
|Y43
Hu~0Ky
```P
z*CP
```X
uC|
add_ResourceResolve
'vfG+X
Kub0ty
lqw6
S@0^
AssemblyTitleAttribute
_;0$-
```0
e @P
-vF#
j gbW
U M}
```8
.cctor
Scv2
|uUY^
+8n-3
aH".w
\} {v
u0cF
|ha0
vaOz
uu*V
G99~A9
FuX0 y
sfE?
[u$0yy
+WLW
~crU
,opXY
s7Nxg
bn61
add_Load
fuk0ty
6uZ0xy
_QB
[ Y2
hu 0|y
GE+R
c5VU
[S>'
l3`jf
ya2N
e?5>`
f'F}
@=(tm
!>}/
e?bb`
h]O~
eY.ti
qwd:=
q'-v
C0F0157F4DEFB1F755968C5F80170A654C8023CF
hsLu
z^Ij
lKZ
{_[_
~up0Gy
5S/1x4
M|k~r
(=]_
+g{p
]FS$0C
2vD}
set_Image
0[eZ'_
(vO
q ml
~u#0Yy
get_CurrentDomain
Data
j;r]Wy
eEZ-
h=P9
FuB0Xy
l&4y
3L |g
/96k
>0<0
Vj30
u!
;|\e1[j
]UJ
du=0Wy
g32y
0EiX
buY0Py
um5ay
<u<0yy
KEGm
kK!8Y
}e2. j
Uu@0
pHYs
.ctor
p02y/B?
Duj0
|N181%
JN+/^Q
ub72y
s0;y
0npfE?
Nz:fo
FQj 7
@uv0[y
kuu0 y
au@@^
GiX
v- +
}SyScq
>2e<
11.0.0.0
5R1rD
t 0'k6
oVhz
,BK.3
s8cL;
^c%2
u_11y
>=TY
Al ( p_o
lD%j0[
&2fW
RJUE
GiX#
KBAX
iE"i
Invoke
=]wx
u({&Y
vS p
SetData
u 02y
zghp
/3,_
70z;
s/uug;X5a
t_g;
~zE=
JiI;
.k/`4
^80kA
f>?V
/!8ADtd
YL;o
zK20mF
JX1d
]c9DiI
0J1 0
Lu'0ty
mh|lj
`0N4L
u|6>9
sc$8o
5CxVW
@wE.((4(
K ;"
G~\
eV:g
RiY@E
HFVq
$`z,N
Y9\1#
vv]
Mw,1`y
uC<2y
@u$0sy
Enter
uI0Yy
q311q
,_>y29
~ ekJX6
!xoG
Juq0wy
R{_3o
luK0
]wl]
z37Z
1e85
3(7m
Cu%0
7_ '
@.reloc
/ {ym
;uz0hy
L;<s
!bmsZ{
BuJ0xy
f*O3q
Jj~&
4V10h
,L)8
CuY0[y
Wu~0[y
Sm72y
*y!{
k+'&u}c
GGDj[
t+}Uy
-4E<
!A='
Zu!0[y
2u%X
g1p
.0!nw.;!
{u<0Xy
302s
XuW0py
bu_0yy
l?>AE
8uP0Qy
vuB0|y
9I2?
rGx\S
|\X/
${>:
0iS=
~ur0By
s313k6^8
,,jg
zl<$.3t
^N9\
1qJZ
\#+a
83wj
h0gg
M |
vyKi
4)p,
BH[p
p,W
8DY}
vBs
s313h7
{^|e
C#56
<lYx0
yuP02
8)@w'e`Mz
/DX2
^V+)
s; 2y
??:s
FJuv
'p 0
539:
)[o[[@M
jNkx
\+Q-<\
MOn|o
e1ZW
s LN
Y 8U
vm_|,
Y 8Y
I~%G
Y 8]
T3-Sy
3.|n
\e]J
0[x_H
q3d
\gO+
CQ;_9
%-':
U</~
(x1e
Y 8w
Xu\0
qpa*
9|'
Y 8z
;*#h
2\j$
MemoryStream
w>f`
L!
GuW0Cy
TOY@
cVG$S
g8.0A
luf0ky
+iX+
! z
au`0
g +W
#G{eJ
&0BQ
set_TabIndex
( n[
c.VAw7L
CPZ%g
Fu!0\y
- :SO
Nu<0Jy
L87K
DD;J
P2RQ
_ui0Uy
H?g`
~:3&x
Vu*0gy
_h30
7+~I
Nh(]
^ 2V
x "{}
Y 8;
6420\
qtc&V
qG[M
```(``(Y
B32F
||\2y
22yTN
J9J{{
TI}"8K
q`P
;T<~
bur0Jy
IWs+
;y2y
08_km?
@<F
3td /
=uC0py
MJwu
y>9t
Assembly
3&u V
?S]p
02yY
nyG3U
02|4F
cuG0@y
3}l3,)
q"RW
00BQ
(7</9u
nURov
IKhz
^ur0
'wBYN4
q s{b
````d`X
Iw;
ILZ$
mW2\u
juCQ@
nub0Sy
mu80Gy
mrFp30
`P
ju&0
huG_q
MqT
2u|HcD
03yNB?
C1[~
5,qh
duR0Jy
kuI0
pB[[
2u{rcD
u,0:}NG
aBGu
X%>q
'u301x
12L~>
!RPn
```pf`
PT B
/i*}M
z=x;
1wV<^
=qgt
18m1
^u_0ty
** !
"VkC
IRL6
Nw j
kD2
,&S/:D
Xu$0ey
b},2
uJ0
1*P1
DE|Tc
aF( #d
_d27x
]602s
\"-e
Wuq0Fy
huW0py
y>Uj
:*-6
`0pW
*r}W
.30t<
KN0d
lFw$'kX
KIDAT(Sc``
<u_0[y
l)/f
,cM2
u<1vz
;uP0
#VT2x
w8.0 +
```0f`
+"p)
_WbX
U02s
}bQc
}?N5
|uqQA
K3Wy
vu+0
yB+N
h_nU
\LfRXw
n[Ts
% [2
jhL?
_?=4
IContainer
pG0h+
{C'0`
Yo{y
```(d`
RgnG
W&3L|
f77:
```Pe`
u[DD
kR2d>*5
W n|
w$.0G;
-@vr
J!bX"z.
huC0`y
kx`A
Ku"0vy
.k"]w
NN~)q
c-C
MXR
KoKV
c>*{
[y;UV3
Pn r
G5Tn
j6@t
= 6+
9lWB2
ISerializable
wU]k <
Y9F6
k0vw
eG^lUdX
6UxV
*#ni
?oa`X
&W !
{/zi
dX ~
f`44y9T
7M8T
Byte
r ,f
EditorBrowsableState
@)6H-
W>#%f
<8K\Y#
```Pd``T
CultureInfo
_u#0}y
}<3C
e`hc
```(f`
]rNM
|J3t
!nNR
hM}
kp[&O
AuE0`y
dyr[B
ju}0ty
set_AutoSize
n>~=
wu^0
%b<;c
%{><;y
Kb|{
BSJB
fJDG
(.\V
X <
X =
l[vJ
140908130941Z0#
X
vu$0Ay
M ZT2+
Vogx
nuD0
<ghD@
2<>'
02y$Oq
disposing
eAIk
4]m_
"I#1\
{Zc'h.
1^n4
>uK0wy
@K=}
80604
&<hw"%
au!0Fy
;<U&
%b[[?
Z'|-T
wuP0Jy
IDAT(Sc``
;]/8
uo22y
x4G?
9 \-D
s6,c
kuG0]y
:nk
9ozm
/YzZ
gQ@
}u}0Sy
8?`{
10<
^Ex?
si4=
yJ0$
o"rb
>uW0{y
9UHM
4mM?
Guy0Qy
_)S+s
Fuz0Dy
_7lw`
1 0
DockStyle
a&w]
yS ^
System.Resources
GetManifestResourceNames
#w hd
E c+
6u+0Ey
tUAG
6&* ^X
Au{0by
7ai(
]X02s
sb`p
Am3g
uyphE
Y$W.<SY
%uWt4
l|seT
$u&0Cy
w 7~fn
woz=
06y"F?
811Ly
lu`0ky
P1d"fs
d>)
02y!GA
7?'_
Cu&0Xy
n~TTC
(mSc
set_AutoScaleMode
SkW@
:^xTh
UUH ly
?S v
7Ky'S
.,n=
`&ug]
a;EQ
AssemblyCopyrightAttribute
v0^
9u^0wy
iM7
k96C]|
2u@xu
Y`P
`XmJ
wNtP}
a%Hsu> +
@u 0Xy
O8W,sh
HV2J
`,%4yRR
Y 82
mE S
Cu[0Py
XuB0uy
zuB0
E(4+|D
cu%0yy
obx~v
t6f0<
e Zs
Wuy0zy
`uP_\
SAg3
XsU6
sbY9
```Pg`(
#*6"9
~uU0Ay
6uu0
0|tWK9
Hu`0|y
cux0py
J c\[
u302
j%a_D
.)WWm
}M ^
h43j=
mdYTuHVsU
{*QQA
```Pg`0
\+{0
Lu*0Qy
c2^V
Y 8z
"fT;
Y 8~
o?{MCBY
Fo? '
huJ0Yy
^!Kad
Y 8w
Muv0ky
`$6e
```he`
Y 8o
zk6y
6K:P
Y 8`
6E2qr
<Module>
Y 8e
uwGY
"/V~
^k/;qi
;p?G
^]J@0TGw ^l"
)QkgB $
=F3&p
`{L04y
Q&)l
IFYE
iu%0Hy
5FW+
7:g'OU
Iz/.22
p{7H
< Azx
fuF0Yy
vc2k
KKe*
Wui0Ey
%,sc&
#ecG
]602s
!!n4
6$OZ
p^FM
w\e
AuK0
`_2y
-p)q
get_Evidence
4kJ+_T
?='f
C:a
uu0!y
|bduN
'02x7
X[}_]
UfJe
|e)
Read
v6z?
50301
_8V%U;y
PLZa
*'FS
dxOl
[T%
:uE0fy
z#zZ"3
bzVy
M0]2
'Uj&-
_R?3
DDsF
-Zy-5
t}!oz
2udHcD
P8rY\4
y3+.{
r333{
E3{e
t10,
v0^;
g< }
'^O+W
zZS}
M:/y
,b@e/D
*^Vc_
b~p
xui0Ty
w#*O
>u]0
6y?G?
Mua0By
KuD0Ty
]102s
cW\]
)u"0
Point
zY>6X
~uD0zy
fuU0
P GA
gAMA
EF %:9
Sm 2y
Ily0
yb*?k
pDLD8
Z02}
jr 1Jq
Nr4`>
`U2K
W>q+Q!
-:wH
AutoScaleMode
|M`k
as;t
VW3Y2Zk
0|Z}$
vuss
G=v*
ZrjI
LinkLabel
&5-wKvhM
Ao}u
qtj{E&
wuZ0_y
lux0Yy
uc02y
vDm:
vDm<
6uC0
20<_
3b(y
auX0
0]sU
Ayov
RM)>
`F~T
<U7M
2Wy})NHg
_uV0Fy
```Hf`
uq=0iy
PIT9
= 9_
"(~>G
0P;p
vu{0by
buQ0
u 02y
w#mv
[b~c
c`x~
1,s;
=uF0sy
=u`0Dy
DuV0\y
mNZ{7
r%dV
'+>H
02y C
_1 K
_ 7n.$A
(NQ{
!Jst
ControlCollection
b~!~f
G/d4
Sw2c
8u^0zy
SBl;
j8W=`
g]W>
oXd/
nv,0
`U2>
7u`0Uy
hN M&
8zS@
]5CyC
RUu}
,}(D
?]Z&
7W)t
~kSiQ
lut0
Gub0Fy
.FeT>c
Eu"0wy
fV[6
lu`0vy
Cuv0Uy
-L`0]G`Q
_Assembly
*,;=
4Z^?
HIDAT(Sc``
System.Reflection
wZ8c
uu_0Ky
aQKy
auF0\y
bex8
hue0gy
set_Name
^u_0 y
[L~H
'0<t>T
500H
$7!h
1ypG?
a8|TWy
Dv{{
{H1Hm y
Y 8u
7u&0
```0a`8
7u*0zy
zTs
vM[)s
U43`
o:Sh
0>D>
@u|0ty
cDKy
ae_=
uVTu
UR
F!J}U
aQK;
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD3$
8uY0Uy
v&1\
E&en
GS=
cuK0
c}k;
:6!!p
1inUgWf
_Ld+
Append
set_ClientSize
>f`X
:<\;
Object
4yFK*CF
?-6Q
w7Nd
'W~
BE#6
}]m^
Qj&
0?)oOD
95;5
Ja3Tn39
Juw0
S`P
Bd2a
O*U%6
2uYbcD
18<<:
arg_`B
MPqZ
\OB^
's<2I
mud0ay
Igsw
<uq0@y
g#OlzRb
*\wSH
j&{Q@
uncnvn)e
2uiHcD
150216235959Z0
\Tr|
p{s+
f][<
^ &C
k5ub
6'L)X4: leqa
y7?:
[`P
B'kU
WML
zW*L
cRoI0
`5l6azwqyr{4
-HDp
AO \
.g'o>
Eug0Cy
+f]186
-Tv3
[owC
u)$my
dH@;
Hc$ y3
|u$0Qy
NM o\
?]~9
G{vX
2J.Et
R44Kc
aYP
ESiG
^=*Zi
Nzv,
K^{ v
u 12y
Duy0
vui02
{uw0`y
_S5P$
X&)z4
+C]\
GJbr
QZ~[
-S{&HE4
SQ I
8
guwHcD
cC5[|
Mi(Z
CompressionMode
2>]e{
<{Co
4iL9'
JuP0}y
Jr>GX
;u,08y
~r;>(
-cFhEz
uG>LbU
Pm+#J}Y
}uE0]y
b}{O
P01!
3System.Resources.Tools.StronglyTypedResourceBuilder
ub2 y
jP 6
8u#0jy
'P h
+t>,
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
;f?]e;
|Qjs&;
L6@ oA
O \S
"U5]-$
fTuB
4:Q:G?
Hua0 y
_uJ0{y
13vWf
e 7R
)=nU
#KV3
?fX|
65<
/_,l
UU6v)
5.c3
STAThreadAttribute
J5x 20/(
Q wH
!This program cannot be run in DOS mode. $
M8.0
51Bs
v\*E
b0 [
#$5(pM
us0u
o7|bX]
e2',
@u*0Zy
O"'!
o?.58
^LMW
7XIk
p;L2y
e6?&o
````b`P
Mz==
9~Hi
Dispose
4Kui
{u`UF&
nRjp
>`P
;K-Y
u%09y
'_~Sk
]lP>
-wC_m^
rx&
hui0Qy
grace.exe
Gur0[y
qItO
gO N
775%
wuF0By
+k~.
~uq0Ey
/(c) 2006 thawte, Inc. - For authorized use only1
q+2e
|k2y
- r
8/=b
+8W-v
^70]
EPJyL
2h6f6
=r E
/:7nL
R.2h
NS5-k
m|iI
7u_0dy
rXqB5
Bui0xy
uN00y/G`
u9X3@
mXp
_V>
[7<}
[d}6
q<jd
~Ev2
>ur0ey
F`P
5f }A
uFeS
tcZo
d8dl
^[L9
H02x
8ub0Dy
6-f
j6T
#GUID
h9jjzTo&
p^OJX
]C"M
])v
Z'Y+a}
u,0:}
=uP0Wy
Ju.t
'<h]
yj/U7
UZf\
uW)P|
Software Development1
kuxn
-o.
\w&^zf
02y1_
Uuw0Zy
cIFy
R8c5]
6v,08y
vm:Y
EQ^
=lrw
rj[f
O_v{
Huf0dy
{X5M
1s1
fu}0Py
nqHs
Q BF
&xhK
y5E6
0J}4s
_u_0 y
bJKBoT
Yua0|y
*)^!"
M Fk
7;7y
FIQuW4>
e +
b P4
\u\0
Al@d
pU^y
wup0Ay
muZ0sy
?:./gh
010$
6 5tE
,v]>
|u#0{y
4BUc0
7 +? T& s_z52
n00|
```hd`X
F"-U
*s$
1 yI
IuU0uy
?uR0
```hd`P
66h
[PE{
u7ja
KuW0
nt`"
6f~a
System.IO
NuY0
6z0H^
_s pFdP
U?UE
:up0yy
eRP0
http://ts-ocsp.ws.symantec.com07
VWY7N
Vuq0wy
=l09L
[sW_
}u}0Qy
5L-J,
M _B
Fu&0Ky
8u~0Xy
9_W0
a_@x
&)y>O
; .$~
wEQ
db,_~
/ ?v^
],kgX
'Symantec Time Stamping Services CA - G20
Rk`eu
{ [=M
] v
i:v3
V'| ?f
Olon
Ke*r
^!A&
ZQm$*
s32 L
Idm
NrW
^E!K
(02}
\ur0cy
gS48x
'Wws
02y&G0
U/nY
p`P
1|EP
=|X*
? 6f
=~Wq
[EMYnD
}P^0B
"h8*
b`Xzq
pv.t
UOm(
[ua0Sy
8=<m
e`hg29
#)Vn
Uu<6_
Esvi
WUQ
t50
wp<=)
*T+J
v4c@^
}[E3
Fu@0Wy
100208000000Z
n/Cw
vIB5
uB0 y,A&
}=xEc-G
JuG0Zy
Hu|0`y
aOP~
a!{B]
{NGiX
>\h (z
w_.N
Z;'EN
Jl ?p
)GEG
<|Kl
_bHI
@b"[
;?AQ
l_gF|
To@x
_%X"
|
~H2t
`p9?
@ZH|6'0#
='X^
MN{#
48A0 m
AS8v
Oowy
om1X
nu~0
M`8p
g 32y
4 R$5
+http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
b1CCO
{UG?
wyN
4c\[
Mgt%
Vm``0
3X7*^p
7uT0@y
g$.0t
? Zi
AssemblyFileVersionAttribute
t]nt%S
gnF
zf[=R
?--
TmL4
:a:O
buq0^y
ww#j
p@F4
tZ}Z
vuT0Gy
p~4Us
tg0ay
```hg`
r[g~
'gM+
6Jpy
xu[0
eu!0hy
0!0
Int32
^09w
mO\F1
nL,``
\p0 6k
a:{F
Luj0Ay
<up0ay
+Yb
ISupportInitialize
_|"=
,`P
thawte, Inc.1(0&
add_FormClosing
2vDt
SLSa
03yUL?
{u]0Sy
3,|u|ko
vua0
$V{(
hud0Jy
5lb`
7|j~
```(g`
fuR0Xy
p|)2y
1.0.0.0
~GWF
j3=Q
&6Ae
Exit
Ws [
|\$:
w/>O
L}LNx
oQ589
3V,)
grace
$~\
o>_`qd
Nyq/
ap z
\-;C
CMYO
uu*0sy
7s=f
Ny[we@u-
d7CL
Fu80Zy
)oDo
\uX0
gt[
`uc0Ky
M$.0\+
yaEX
^L<c:@p
e}.A
im\;eD
NNZw
{9w?gv
Wu=dx
Yue0Ey
k_@x?
+4 E
U02}
tJE
3PT|(
NFRf
2$iX
u{02
+AbA
]gRi.
-Ke`
yut0sy
?|b|d
mJ /
Random
ZuQ0ky
A&;
)#7 W
g8.0u
yJ2HF
h?d"
D- sS
+<z[
2y6F}
)%%a
FuR0Yy
pO0C
#G$:W
?:Q$G?
`U0N
=ux0cy
`[C^
]yl5]
vuj0Qy
/(sB
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
```0```
cut0}y
e bw
Wu*0
EuK0
&Buq
3WbXh
qKcu
System
@v31
Zu"0{y
e]2!
YI,r5^
guF0
gG]
Close
cc^&27
)Ki]
k[X5
uS06y7G?
?_lK
eC^0
%/v]
IEND
?r5
)\3i
8uc0Qy
Yuv0@y
^_V
21&9
I_=eNG
SW!B
YW$Mi0bVg
ov_(j
```0c`(V
N'ekiAE
kuTUF*
U7&n
fDW
ResolveEventHandler
Lu80 y
Ng*p}ctb
t(.S
K{g=
q%h,
-DGT
+>G`q
Or^Kb
jO|``
~.>mqu
MuA0vy
yug0 y
A4-*N(
>XZ|z
FD^=
ODG^
au%0Yy
nT>{2
a g9A3P
+0ba
X a
pZ r1
V\0ey
:ux0fy
hYh y
muj0
vvk@
In.gD
z]W-
uO02y
&m7|
Ln{c
hI(@z
}4ZWa
^Z(
3|x
SYZ_X
|1F0i
A?1[
SBi+=
>2}y
>j6+:
kuy0
2uAbcD
t24#o(lvk
]uE0Ty
P Q|
Iuq0 y
!;[{
O9.3%R
z^U:
yEG?
IuB0
{g 1
%&\s* Q
9/C|
< 6f
M$.0Q+
O7?-
@R|g
Concat
R$8Q
buE0
|X\rP
D\_00
IQ8r
#LvI
StringBuilder
%~ C
m5I?h
*tsG_W
IX9l]p
M QNM"JH-0
DY_n}
eS4W
;EwQ
/f,9j
fuq0wy
j`P
DuV0by
dCXg
~iogJ
03y"F?
_a\~
Stream
&D T
*http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
eU@
_ue0Dy
Kb?4
URxW
Eug0
B 2
?uV0ay
#&Gi
r\q~
cI1S]
X=A$
iC2n
' 8\
3?{a
%|kv
au*0fy
yBC6
X@b%
H +\
]Qz.V
sBo-\
02yI
.-Kg
(m^?
<B#GS
+YS
4%,eH
AWAm
>"hcS
=KyKc
[n.
^fli
)0B
&dn$ h
}V:
X 1
eb7L:>CGK
(B/Yf
W7mD
d`H1o
Z1R=
LgX<1h
s|I2y
'Z&z
xj=7
b}zIV
Yud0@y
Xncp
System.Text
J'B 2<
Zu$0
$btS
3FW
>J-kC
BWDj<
M$.0\
-6*
gR>#
JN[W}
8@'G
^,~O
_NZ>`
M$.0k
V<oX
\ `DW
=u&0Jy
Q[t
M$.0c
5n6bsP
u"X$
tg\So
M$.0{
[uu0_y
M$.0s
+uT02y$@
FormClosingEventArgs
0Q
('Fs#K
-+kN
mM ?q]L
i G/
ku[0Ky
+{/L}"
xqm?w
}u"0
0?m_T9
WrapNonExceptionThrows
O{ pwE
TimeStamp-2048-10
M:b"m
# *k
GetObject
elc)d
LhnN^i
EVjH-
huX0{y
zCC$
,sk*k
;WIN
k6|TW*
ztw#U
^u^0Cy
Cu'0vy
@=9p2
E&5=
;uW0by
]{7b
Mb)7
lQo 6
9|ZqD
bk(/
tZpj
m"=]H
%YRZ
2018
xu`0Vy
XvN{
j3a__:
RU51<
;T}*
pgEk
-S|x\+eRa
]MK?
y_Gd
Z0KU6
E5-/
_|*v!
ResourceManager
58}aH
G9WgW^K
{S'/
uJ00n
g;K+=r w
7uR0
Zuu0{y
dMH*
s9r@
6! W
k{PK
Bux0Ky
YDN9
00ycG
ylZV
w`M3=Tse
Nug0Fy
F}x_
Mr[)L
yuK0
GetExecutingAssembly
=Qg;=W
u802y
u;42y
:'dm`en
vuR0
0<yz:
Wu"0[y
Uu}0
&^8/
1XA
~,
Du>Rc
|uw0Wy
V%8E
dUm~
kuw0ay
f-Wp
\A&$
Du@0Uy
Symantec Corporation1402
Dx[
pUb
9ej bz
f0\<
muR0
~L0ay
95F+
2uGXcD
muE0qy
af)n
9EpqT
G5Xf
un00y
GTan
^:*
vT]m
pfE?
@u@0Ey
FHW+
sU\v
Dur0Gy
;Ef5
buv02y
lq54y
%t"~
zuF0Vy
'j7_
Vuc0
qAR]?
,d8'
x-d
[u+0`y
7uG0dy
#= !
u Wz
Fuj0Dy
OrIO
$1cb
9uA0uy
4n\e
ToArray
{uK0[y
jM)?
zuU0yy
&bV1
0\Z7
muD0uy
&0<a
EditorBrowsableAttribute
201230235959Z0^1 0
zRG
u[22y
)Y)z
}wOqD
1F>N4
'`P
{;bj
uj0ay
%{"=
yyYn
R`MSh8E
{X6 k
oUkC
ContainerControl
H{.c
)02}gX?
dOGw3<
oG*V1|
)Q!>s
yz}Q
]"N!S
;uv0fy
;uI0Yy
|_PV'
a?G{
"x5N
;0B
$u 0By
=w2JA
L't/}ex
g,[f
uuB0xy
WweTv
, T5
<0kU3
/f`p
W(?_x
lu\0
yui0Sy
__R)a
2u`rcD
fuP0Ky
Load
Ntw
w$.0}+
CuE0
%l !
ml Aw
eNlT.B!g
JOAb
m}nl
}uy0Hy
vqF
AUA
ui0
3 4a
mUMOE
G?Y[
iUzV~<
} &
zuG0Cy
;q2y
`qF
SJV/
a<:y
sgXh
q7 }
]Q^9_
'tRZ
|B2:
Dictionary`2
Yuw0
"#!(
System.ComponentModel
g`0>
_u%0By
GU4C
M855?
kuJ0vy
|Qez
MuV0 y
hoty^
Koyna
cu`0
d;"2y
v ^ 2
B *`
K&M}
" ]"
pWI(B
=uP0xy
3We8M
~D_S
bu<0py
Pp:_
tue
v0tI
B'zJ
vbyMq
y@b%
{ua0ty
8'^ 2N
W"8)
v~f]
Bu+0Vy
y*)i
EuF0ky
XUKy
V'u]
gua0yy
mIA ~
/oto
;Bn?
RuntimeHelpers
RUBAg
i Yh
2ucQ@
8f?qA;
fud0
u;0.y
W{IJM
(tQh
T]t5
/<}1B
g`0^
sUjV
kO m
\uZ0}y
Z>qqM
```0g`Xm
WN7\Z
+LF#
3USnr
kut0 y
u802y
juI0
vJAa
Thawte Code Signing CA - G20
s9r@x
IIS9
-}Q-
Iu*0Vy
v= 4xY
70$$+*HE
XqER
gU@y
Monitor
16y?D?
7z^V
?k"XK
]jxdE
:d1
1l1U|
*^;zo
nuA0uy
_{_m
8d<>
8jqzE=
06YYE?
2uWXcD
Cu`0fy
WuC0dy
GuZ0zy
`ug0
Bitvise Limited1
ComVisibleAttribute
fg%
/ ~3,b/a`
V3<O
b[@UQ
KH-I-i
vuJy
&g$M18
d;(2y
'z 7
VZ:o{
Y (h
b`H/-7
Wc>=
Bu\0]y
.8mU
e-\+
O+-}
v;\4>
;r-A
T<.IlIY
&x5-
]y02
)sYte0d
6-UX
a_U
y@UF5
juUY^
Size
~& q
8uf0|y
"W*o
@Kpa
If]2
V[u5
N-YK
sAE.
xkhsO"IY
?=VW
79t6
3&F kO
W% $>}@
Koz/x+]
MethodInfo
3#Q M'[p
5%{Wg
Next
iv)s
.http://crl.thawte.com/ThawteTimestampingCA.crl0
5'\:
xZ)b
y;AO4
JuT0wy
1|xp
dff~
Bitvise Limited0
WuY0Dy
Jz/E
U gF
juy0qy
c; 2y
Certification Services Division1806
SetCompatibleTextRenderingDefault
G?sZ
\ *g
T^Xu$a
hud0
b8v>
HuZ0`y
{T]S
:q#C,
00y+F?
7ue0Dy
^uA0By
Yklh
|u"0hy
,*{s8BT
_BM:
m9P^aH
:u!0Qy
w$.0P;
System.Security.Policy
#gMg
o2\Y3
uui0hy
SPm1G
|ujb
lu@0Py
8f\F
O Yz
MA~[%l
5*F,
/;e7
^?IQ
=u'0py
Z'B 2,
;~wG5
SuppressIldasmAttribute
u|l:
kX,{]
sRGB
QKVK
rB27k
]vdk
#"w9O
nYMf
T<eT
bu|0By
6z mn D
zKK,
C d\
2ubb
#PTa/~
Xuq0^y
vqz}
+http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
n P9
V$8T
lgnB7/#
pnFa
Kut0wy
~g,f
&*6('
CompilationRelaxationsAttribute
Xzke
F4gl+
?u 0Ey
lO`H}
20xId?
s<vS
~UF
````a`
{u~0
22xog?
f8bT
H<Zj}0
8uk0Qy
d7B 2
'02x
^cpa:
YuG0Vy
zcv~
{u{0}y
a;fu
e?}_
?*?Z'
u(62y
2 $k5
dS YL?x<g1?
_ub0
Au*0`y
yR}M
'tgNo
KnU K
*[e
5@/@
&<E*
Yzs0
buD0Hy
~}:_
#ZQo8
G_-D
G_rm]/
dx~}j
muk0`y
MS^~~T
`g#ru*
8u`0ay
2utrcD
]BZF
5SOk
iT(:Wn
02y!Gv
8mP!
qW ?
]uD0Cy
e|u_
T"l:
Lu{0Gy
&/$v
^wL&
T`P
:bqr
v`P
8uY0_y
nu*0wy
N7~0
]. r
Im[~
08o-o
|^s
LuE0
zuU0Vy
Uuy0By
Jd}e
_\WJ|
22y$N
6?B%
tA?
u^;9V
<O)m
MIDAT(Sc``
0qx4G?
2(Bi5P4
UW)_
lJ5||6
:C8W
Xy]_
v0a
KJAp
v|M2y
Juz0Ty
$'E7
toOMqx>
]HR{9
Q=zI
a,3?k
Cua0
ub36o
~Usy
01yqF}
02y$O
LwR+q
-l:K+5b
HSH0
System.Threading
PictureBox
s{ai
:u\0 y
?Tz5
H<uc
ft,0
UuA0Ey
eu]0Vy
a}vY
1a:_
WyN?>Ym
C&|5
u.00y?G
3l2f
e:P`
7b1M
^H&XP4"
K~g[
gud0
ResolveEventArgs
h.j||
{;hO
u^00y'Gp
01yqF
v0)30
3oIV@
eL04y
d`xip
)3R^
jqF
I`Z8w[
j0/A
w0}
futUF&
?un0Iy
{uu0jy
-'K2L
OKPdR
X pj
i0mN
k9Dg^oN
8w}|
6+}qU
l-xl7
GuidAttribute
}ux0Ay
|uz0]y
VuC0
+\wfp
_+6
uH2my
_sDC
#Fc`
```H```[_
l8Cn
wUJy
o[IBX
Spp?
/zV>K
~JY"
E@kCH
kuE0
Jd5U
]HChOm
#vB[
{ ;
c|]l{-
ZE#*`
'nL e1H
g*1.|
J#(.
uuf0Sy
-kNx'
ku~0cy
2O^Q
UgG}
vcP*
QKnN
>$ [
}Os"6m}
8-9=
s3zV
r]Wy
x.G?
vuTUF;
c>yR
U3H
Zy^nYn
U;.
s_sL
]u+0 y
6d+"
<YE0
Uu<0[y
```Pa`(.
y#c.2=
mu<0Gy
f>~s
_Muw
*>VF
Thawte, Inc.1$0"
MuB0gy
-baf
t_j )<
s q:S
Xub0
:3Z.
)J [<zR
,w1Xu
Eu~0ey
wI\^
N=1K
```P``8h1_
Od6T
7[K]d
16#D
u5% l
9u+6mf
@ l8
-V0
NR6=]
p"6
G<r/
#&@v
Njz]
{m7,r
02y$G
Y ^b
o-`;
, CZu
y ,K
Western Cape1
Copyright
juAUS
tDZy
y)np
VuV!"p
v^I|
7v51
[m_
ci^%+
ur0Fy
-}!?
Oa>s
M=vt
N2;y
Lob-u
>o>=/d
iG<:=
luy0`y
<`E
G|+^l
<6\o
{BXa
U, |
]NoT
8NE#|
k<%0
F_1k
YQ'
vUk]^
[0BQ
p3u'
=ui
4M1\q
luf0
>u_0sy
)aL04y
Huk0by
g+4B_
y>G=
LuR0
UQwdu
$NG-
Ir7Kfit
83Rlf
G & /
]KL
70ED00C92FF5D713F18279C54CC104E044BF579C
set_Item
|1+{
\k/`x"w
Hu!0Hy
`q_4C
kwrwI
\y$Jk%
u)5%{
S{|5
{;9a
?gVm
M gUAy
|H bz
_}2
)*?>-
u0r^
BfRqK;
Duc0
=;^C-
%O?)
iu$0sy
,mQH
2 !fS
F-YK
<Vi O
\l4)
t>fa9s
Xr[+9U
Yud0hy
VO~MW
LimX
7Ni(
cuG0Hy
uEEb
Yuu0jy
W,kK}
BiX1
zG?D
LXez
gR0C
+D E
wy\
sZ1
n9C^
Q_Jy
d343y
jLG-
?iJcAE6p5
)oto[BoA
s6h>)
b4qW
Og^e
iVPUE;
`{6,>
>b`Z
^|U2y
/I`UQ
+Pp}lD
`utUF&
wy\3
B'B 24
set_Size
>ui0,y
~2HL
?}p|{
9ue0 y
huZ0^y
nu`0`y
--at<
} ^ 2
?$NN
vxPKp
a``8
pKlyg
i7B 2
TS,
B]QL.
v0B
:mA?b
Y 8y
z5Sl
.bty
V1i&
uv01y
J mb
0^0J1 0
Hcy>
add_FormClosed
.00x
~B Nv
Lve.(
uv0Qy
w8Ur6
?_!!
MXH{VY
e IBQ
cx$t
5ePH
,~"\
vT2
b;f]P
\;Cn
2ueb
Fhl
:DB(W
w0\
auZ0zy
/MkO
z0tl6d4
tY\0
x3 ^
u%0\y
u\02y
NZ<H2
>ut0ty
System.Runtime.Serialization
u732y
```hc`Pv[
8fg>
'`C/
:uP0ty
uj,>
gGn31
A"1^
gjdkdjd
>uy0`y
V.Ul
O $*
U>y]
_{+6
QLAZ
aH6^
nL\o
u542y
&FM4
NDD8
"4'<b
LuZ4
16y4E?
#(aj
Juj0Uy
!u`0
On
77y}
luV0_y
f.I
M ?n
+a;I
Ql=:
pT]l
Dux0cy
IEquatable`1
vuA0{y
zud0Wy
T~gO
set_Text
4oI^
zud0
+Symantec Time Stamping Services Signer - G40
H MS
.17y
ys3D
{ `U@y
VQEE
7uR0Ay
\uj0Sy
fF6e
````b`
c3>kM|^
`,k 3t
,p&7E
n8}v
ROml\3
:ob.
cug0\y
_@Qa
System.Runtime.CompilerServices
1WFJv
6{Yyx
7uD0 y
50.N
@u*0uy
=u'0vy
`g^|
' %9
v/on{
#3 V
Muf0fy
` y3
\uZ02
M*~g
nuU0jy
<uc0wy
qb1>a
cR_`
(w)'
,{35h
juk0Wy
0O Bh
c;5sx
Zui0py
}mTO~
thawte Primary Root CA0
r@0;y
9?f5
(.S6
>zQHp
FmU* lE9
#7y:
|~$&
}uz0By
Jsj[
f2q>P
LR R
S9:$S
u- S
Mc S].
{uj0xy
/S=Q
N t9q2:
gRK\
oAQx
U>&O
OS#
0>y?j?
lMQ3
Settings
U s.
```h``0
<g^@
*7Le}"
''-
` I t
h6r7
F<Ts
cuI0hy
u|R2y
buk0{y
Vo;u
cdOb
Duq0Fy
wRSI
>T6=
u~lC!
+]c]X
u.7z
9t3/y
Mzar
blE@
\0u^m
'vW[
#http://crl.thawte.com/ThawtePCA.crl0
?u'0Py
cl"X
0uO8
d`w2y
d. @
IDisposable
R/E~
Cup0qy
Synchronized
}u 0Gy
EDe#
_N._1
$Gp9
VNv]
CD@y
SyHh
bJ=r
01y"F?
hu*0Sy
sUQnV
jwOy
X{m[
dh3,}(
Bu"0
k 3
: -2
_>L g
onXwj
~P#G
WuW0ty
Wg*v
GuW0Hy
?^3:B
Uuz0
VeriSignMPKI-2-100
*agt
6uH_2
?u_0py
AssemblyProductAttribute
WuP0Yy
~1)RL#i
vu"0ty
V ?d%
xu#0
]z k
@/N!
au|0Ey
k-%z
Ty:+
3]r02s
p3t!
>u`0Ay
@QL'
NM f
#Blob
#F&yB
RG0d
NIDAT(Sc``
jNv3
E _z
Nu80`y
lB 61lz
Nu&0_y
[~5[3Z
-d|t
02y&Gv
=ug0]y
pNzj
uS029
XDP7}
87:O2
Kuk0Sy
:B$y
&0$0"
`1EF
ny C
|)t
```Hb`h
uP0^y
buc0Sy
`'un|c
eHXo
SizeF
P%6UZ
'nce
'dmf
1A4}9d
Xux0Wy
%1/f
w-e`U
Iu\0_y
O^Ub
_VP],
,/6f[V
WriteLine
n'X_
PDN3
[w4^
V:`K
<`P
G m~
5kVI
121018000000Z
5T#,
r8jMU
,^#[
DeflateStream
Xi~2
-NMd
System.Drawing.Bitmap
sg-P_
Vor=
Ye -
j{]X
h|dV"Dt
[u$0Wy
,dPe
`&a.
lo7
om E4
=U']xgdfJ
3du9
!EC]
=up0 y
<u"0Wy
+wBe
9<?]/
z?Pp
?)<b
J}K}M} J%
APzB
O]Wc)j7
vDWy
7`}jZ_
set_Dock
8t[;>
VEDx
:#_I
EndInit
BUPX
u3ww
\=]4;{,
{uE0Wy
96}
HuD0qy
K ]>
KuE0Uy
q902y
6u{0]y
t|G2y
]$02s
'1om
s'MSf
/QaX
y9{4
02y!Gc
=u\0 y
x\`8k
$?Gk:FR
Zu\0^y
jGyb
vBS
V^0 y
ApplicationSettingsBase
u<02y
cV^6
z6*~
`)t-;
wogp
IN"#{b
9uu0
fW~F
!+<D
2uIbcD
7T}47
<w De2
\u_0by
6(4
BuP0Cy
Y)2?2(2
,\rU
EventHandler
~u"0hy
ZyU<pY
u%1\
ka G
:*m/
vh,[
e Ja
G5Ul
&aa.
UuE0Xy
.2R;
%vm(yq
O02x
8vCA
20x_f?
GFu7
02k6b6
K620
^y,j%W
xb 4
rx`[
-0+0)
~"L+
Lqa:
B:T
<.zj
< e3
_SP3"
xuV0hy
z^Uy
:tVEqWK
2ID{
GeneratedCodeAttribute
}ui0
f`P
~uF0Ey
iyyG
?I|6F
IEnumerable`1
E oq2l
K?]`_
_K( ;GF
N[d
;uV0Zy
>"Gg
LvbXx
v30>z
l9 f
}^{{Z
xl5y
ku[0hy
`y~VG
t20
Iuz0^y
Az!8
rv.M
kuG0
:uX0[y
a8BT
R>UO
fV
PictureBoxSizeMode
d34"y
X.B
dy#`-
=|o0
FuF0Wy
T^q0f
M{>
6u#0Sy
2y6F
"`P
JZ.X{
Zzpv
9l K
UY9-
k.v)D
u402y
^3Tk|
>}qd
><s*
[Z9A
f,7S
u#Tu
@uQ0 y
u\ [
TNj$
PXS
}<p&FT
6"\4
$i~+7
"\>h
&BNA
E
#`P
S~fw
cc`Y
eff87e99-b5ca-a5.Resources.resources
$~wD^J
]u|0Jy
`r`]
Hq^ps=
`V]
&,3K
Gk~}
/`+3a=
;u`0vy
Luy0sy
3U;
N_$9A1
]tI[
=w8,
Yb+6
"h?x
1]H&
x)N B
4Zo{
u&0jy
1B\[
B(v#
gi{]
zvqz
```p``
WI t?
ju^0Py
mscoree.dll
ju{XcD
IEvidenceFactory
&jCF
89Y^
Vu#0xy
Ims^
W{/W
##6fP7
ku]0]y
_= N!
&;J
M(i%7
gq5<y
7]D{
mykey
|uq0py
9`C
03riSP
Iue0Jy
Sz G
I],o0
Q(dP
}k"k
h[)7p
H*#
ex]=sCc
m gUA.
System.Collections.Generic
5.cqp
ms/J
Nr5
sY`1z%f
f, k
+T^L2
\vnO^
[s l
KuC02
q`HR
D o=t
nrzv30?z
V [e
LE+v
aO]$
^ nQ9
Z}(8
&v}g
gs*]
Q`P
-z8\
`uY0
20xYe?
g`P
`0e
^++12
0$yHM
$yZ3-x*a?
[v%
vuj0]y
@1f
X=`z
T3}q
HBh~
Lu&0
juU_@
PFDt
_K"+
nQp-1
ZJ}B
JPu;Ss
gfW
'$}j
%/e
5SJU
)GnV
Ku`0
dm 2y
rtJ!
gu@D@
u+0:y
g``7P
w.gd
=>KZ
BF~c
{'ZI]l
ku[0uy
#\++
4`CW
System.CodeDom.Compiler
wdy
g>87~
?JP!@
3ZaUC
l9gV6
OJuF
{e0#
smttd
!t*O
muZ0vy
]u[0hy
2ucB]
Pk?E
3-t
.qT&
uD0Sy
EEB[nz
]uV0
h?Z~&
}u<0 y
>3Io
gO;qA6 ?
I+Wp
h-;
utc$UZ
Ou k
PI0cy
f\A
~02s
XRew
bu`UF&
,1mx7
B 2)
AuZ0Hy
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven03b_64 | Seven03b_64 | VirtualBox | 2018-04-30 15:18:04 | 2018-04-30 15:20:57 | 173 |
11 Behaviors detected by system signatures
Exhibits behavior characteristic of iSpy Keylogger
Severity: High
Confidence: Very High
Crashed cuckoomon during analysis. Report this error to the Github repo.
Severity: High
Confidence: Very High
- pid: 2568
- message: Exception reported at offset 0x12410 in cuckoomon itself while accessing 0x40 from hook RtlDispatchException
Attempts to remove evidence of file being downloaded from the Internet
Severity: High
Confidence: Very High
- file: C:\Users\Seven01\AppData\Local\Temp\NOTE.exe:Zone.Identifier
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 7.54, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00060600, virtual_size: 0x00060474
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- url: http://ocsp.thawte.com/
- url: http://crl.thawte.com/ThawtePCA.crl
- url: http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECQHwgn9x49XTUub8kBoiBM%3D
- url: http://cs-g2-crl.thawte.com/ThawteCSG2.crl
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- post_no_referer: HTTP traffic contains a POST request with no referer header
- suspicious_request: http://ocsp.thawte.com/
- suspicious_request: http://crl.thawte.com/ThawtePCA.crl
- suspicious_request: http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECQHwgn9x49XTUub8kBoiBM%3D
- suspicious_request: http://cs-g2-crl.thawte.com/ThawteCSG2.crl
A process created a hidden window
Severity: Medium
Confidence: Very High
- Process: NOTE.exe -> C:\Windows\system32\svchost.exe
At least one IP Address, Domain, or File Name was found in a crypto call
Severity: Medium
Confidence: Very High
- ioc: y.gl
- ioc: 5g.gb1
- ioc: ..8mvq
- ioc: f.7bX
- ioc: m.11
- ioc: d.oq
- ioc: 3.0f
- ioc: h.ou
- ioc: 0i.wy/
- ioc: yqq.cd
- ioc: z.lh
- ioc: q.fg
- ioc: q.yi
- ioc: u.p0
- ioc: v5.ei
- ioc: t.y4
- ioc: o.k7
- ioc: v.45wm
- ioc: q.0p
- ioc: j.lm
- ioc: ..3ojp
- ioc: g.64k
- ioc: o.bt
- ioc: v.ou
- ioc: 6.3a
- ioc: g.0l
- ioc: u.a9S
- ioc: i..f
- ioc: u.a9
- ioc: 6e.l.O
- ioc: e5.an
- ioc: c.jz
- ioc: i.d1
- ioc: ..1r
- ioc: -3.i2
- ioc: n.67
- ioc: k.0t
- ioc: 5o.tzd
- ioc: n.32
- ioc: u.4gV
Creates RWX memory
Severity: Medium
Confidence: Medium
Presents an Authenticode digital signature
Severity: Low
Confidence: Low
- md5_fingerprint: 427ba95afb2b06328d07b51db184142d
- sha1_fingerprint: 55d8b82cdde540b5c74614d391cc82e8d281b14c
- cn: Bitvise Limited
- sn: 47892489505324246902125166947113404435
Attempts to connect to a dead IP:Port (1 unique times)
Severity: Low
Confidence: Very High
- IP: 192.168.56.1:80
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven03b_64 | Seven03b_64 | VirtualBox | 2018-04-30 15:18:04 | 2018-04-30 15:20:57 | 173 |
10 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\NOTE.exe.config C:\Users\Seven01\AppData\Local\Temp\NOTE.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Local\Temp\NOTE.exe.Local\ C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows C:\Windows\winsxs C:\Windows\Microsoft.NET\Framework\v4.0.30319 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll C:\Windows\System32\p2pcollab.dll C:\Windows\System32\qagentrt.dll C:\Windows\System32\dnsapi.dll C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\* C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\* C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\* C:\Users\Seven01\AppData\LocalLow C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_* C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_* C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821 C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll C:\Users\Seven01\AppData\Local\Temp\NOTE.config C:\Users\Seven01\AppData\Local\Temp\NOTE.INI C:\Windows\System32\l_intl.nls C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol23.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll C:\Windows\Globalization\it-it.nlp C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT C:\Windows\Fonts\ahronbd.ttf C:\Windows\Fonts\tahoma.ttf C:\Windows\Fonts\msjh.ttf C:\Windows\Fonts\msyh.ttf C:\Windows\Fonts\malgun.ttf C:\Windows\Fonts\micross.ttf C:\Windows\Fonts\segoeui.ttf C:\Windows\Fonts\staticcache.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll C:\Users\Seven01\AppData\Local\Temp\NOTE.exe:Zone.Identifier C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources\grace.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\grace.resources\grace.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\Globalization\it.nlp C:\Users\Seven01\AppData\Local\Temp\it\grace.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\grace.resources\grace.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\grace.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\grace.resources\grace.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.default C:\Windows\Globalization\en-us.nlp C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.default C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.default C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.36041843 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new C:\Users\Seven01\AppData\Roaming C:\Users\Seven01\AppData\Roaming\Microsoft C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.36041843 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.36041875
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\NOTE.exe.config C:\Users\Seven01\AppData\Local\Temp\NOTE.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821 C:\Windows\System32\l_intl.nls C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol23.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT C:\Windows\Fonts\tahoma.ttf C:\Windows\Fonts\msjh.ttf C:\Windows\Fonts\msyh.ttf C:\Windows\Fonts\malgun.ttf C:\Windows\Fonts\micross.ttf C:\Windows\Fonts\segoeui.ttf C:\Windows\Fonts\staticcache.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
Write Files
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_0C3ED29BEF4CF7C1E6D844CE85F2769D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_FC7A9DA8472B690C312E56406A6254D4 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821 C:\Users\Seven01\AppData\Local\GDIPFONTCACHEV1.DAT C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.36041843 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.36041843 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
Delete Files
C:\Users\Seven01\AppData\Local\Temp\NOTE.exe:Zone.Identifier C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2568.36041843 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2568.36041843 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2568.36041875
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOTE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllPutSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllGetSignedDataMsg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{000C10F1-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllVerifyIndirectData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObjectEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.11
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.12
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.3
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.4
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyRevocation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocation\DEFAULT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\TimeValidDllGetObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\TimeValidDllGetObject
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\UrlDllGetObjectUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\UrlDllGetObjectUrl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetCachedOcspSwitchToCrlCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetMaxCachedOcspPerCrlCount
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3c4a2718\1b7a8d8
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_CURRENT_USER\EUDC\1252
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.3.5.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b15630\40102180
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|NOTE.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|NOTE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|NOTE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4b15630\7707ed39
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_CURRENT_USER\(Default)
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\NOTE.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6B73420A
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetCachedOcspSwitchToCrlCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetMaxCachedOcspPerCrlCount
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7ac727df\7b5311d7\61\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7b5311d7\1b0ed4d\61\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Core,3.5.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet\WebBrowserPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\MediaPermission\Xml
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet\WebBrowserPermission\Xml
HKEY_CURRENT_USER\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6B73420A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
Write Keys
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList HKEY_CURRENT_USER\(Default)
Delete Keys
Nothing to display
Mutexes
Global\CLR_CASOFF_MUTEX
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW kernel32.dll.InitializeCriticalSectionAndSpinCount kernel32.dll.IsProcessorFeaturePresent msvcrt.dll._set_error_mode msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z kernel32.dll.FindActCtxSectionStringW kernel32.dll.GetSystemWindowsDirectoryW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap mscorwks.dll._CorExeMain mscorwks.dll.GetCLRFunction advapi32.dll.RegisterTraceGuidsW advapi32.dll.UnregisterTraceGuids advapi32.dll.GetTraceLoggerHandle advapi32.dll.GetTraceEnableLevel advapi32.dll.GetTraceEnableFlags advapi32.dll.TraceEvent mscoree.dll.IEE mscoreei.dll.IEE mscorwks.dll.IEE mscoree.dll.GetStartupFlags mscoreei.dll.GetStartupFlags mscoree.dll.GetHostConfigurationFile mscoreei.dll.GetHostConfigurationFile mscoreei.dll.GetCORVersion mscoree.dll.GetCORSystemDirectory mscoreei.dll.GetCORSystemDirectory_RetAddr mscoreei.dll.CreateConfigStream ntdll.dll.RtlUnwind kernel32.dll.IsWow64Process advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddVectoredContinueHandler kernel32.dll.RemoveVectoredContinueHandler advapi32.dll.ConvertSidToStringSidW shell32.dll.SHGetFolderPathW kernel32.dll.GetWriteWatch kernel32.dll.ResetWriteWatch kernel32.dll.CreateMemoryResourceNotification kernel32.dll.QueryMemoryResourceNotification kernelbase.dll.InitializeCriticalSectionAndSpinCount kernel32.dll.ProcessIdToSessionId imm32.dll.ImmCreateContext imm32.dll.ImmDestroyContext imm32.dll.ImmNotifyIME imm32.dll.ImmAssociateContext imm32.dll.ImmReleaseContext imm32.dll.ImmGetContext imm32.dll.ImmGetCompositionStringA imm32.dll.ImmSetCompositionStringA imm32.dll.ImmGetCompositionStringW imm32.dll.ImmSetCompositionStringW imm32.dll.ImmSetCandidateWindow mscorsec.dll.GetPublisher mscoree.dll.CoInitializeEE mscoreei.dll.CoInitializeEE mscorwks.dll.CoInitializeEE wintrust.dll.WintrustCertificateTrust mscorsec.dll.CORPolicyEE wintrust.dll.SoftpubInitialize wintrust.dll.SoftpubLoadMessage wintrust.dll.SoftpubLoadSignature wintrust.dll.SoftpubCheckCert cryptsp.dll.CryptAcquireContextA wintrust.dll.CryptSIPPutSignedDataMsg wintrust.dll.CryptSIPGetSignedDataMsg imagehlp.dll.ImageGetCertificateData user32.dll.LoadStringW ncrypt.dll.BCryptOpenAlgorithmProvider bcryptprimitives.dll.GetHashInterface ncrypt.dll.BCryptGetProperty ncrypt.dll.BCryptCreateHash ncrypt.dll.BCryptHashData wintrust.dll.CryptSIPVerifyIndirectData bcrypt.dll.BCryptOpenAlgorithmProvider bcrypt.dll.BCryptGetProperty bcrypt.dll.BCryptCreateHash bcrypt.dll.BCryptHashData bcrypt.dll.BCryptFinishHash bcrypt.dll.BCryptDestroyHash bcrypt.dll.BCryptCloseAlgorithmProvider ncrypt.dll.BCryptFinishHash cryptsp.dll.CryptCreateHash cryptsp.dll.CryptSetHashParam cryptsp.dll.CryptVerifySignatureA cryptsp.dll.CryptDestroyKey cryptsp.dll.CryptDestroyHash ncrypt.dll.BCryptDestroyHash userenv.dll.GetUserProfileDirectoryW sechost.dll.ConvertSidToStringSidW sechost.dll.ConvertStringSidToSidW userenv.dll.RegisterGPNotification gpapi.dll.RegisterGPNotificationInternal sechost.dll.OpenSCManagerW sechost.dll.OpenServiceW sechost.dll.CloseServiceHandle sechost.dll.QueryServiceConfigW cryptsp.dll.CryptHashData cryptnet.dll.CertDllVerifyRevocation profapi.dll.#104 sensapi.dll.IsNetworkAlive rpcrt4.dll.RpcBindingFromStringBindingW rpcrt4.dll.RpcBindingSetAuthInfoExW rpcrt4.dll.NdrClientCall2 winhttp.dll.WinHttpOpen winhttp.dll.WinHttpSetTimeouts winhttp.dll.WinHttpSetOption winhttp.dll.WinHttpCrackUrl shlwapi.dll.StrCmpNW winhttp.dll.WinHttpConnect winhttp.dll.WinHttpOpenRequest winhttp.dll.WinHttpGetDefaultProxyConfiguration winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser winhttp.dll.WinHttpSendRequest ws2_32.dll.GetAddrInfoW ws2_32.dll.WSASocketW ws2_32.dll.#2 ws2_32.dll.#21 ws2_32.dll.#9 ws2_32.dll.WSAIoctl ws2_32.dll.FreeAddrInfoW ws2_32.dll.#6 ws2_32.dll.#5 ws2_32.dll.WSARecv ws2_32.dll.WSASend winhttp.dll.WinHttpReceiveResponse winhttp.dll.WinHttpQueryHeaders winhttp.dll.WinHttpQueryDataAvailable ws2_32.dll.#22 winhttp.dll.WinHttpReadData ws2_32.dll.#3 winhttp.dll.WinHttpCloseHandle rpcrt4.dll.RpcBindingFree cryptnet.dll.I_CryptNetGetConnectivity cryptnet.dll.CryptRetrieveObjectByUrlW sechost.dll.QueryServiceConfigA sechost.dll.QueryServiceStatus rpcrt4.dll.RpcStringBindingComposeA rpcrt4.dll.RpcBindingFromStringBindingA rpcrt4.dll.RpcEpResolveBinding sechost.dll.LookupAccountSidLocalW sechost.dll.LookupAccountNameLocalW rpcrt4.dll.RpcStringFreeA wintrust.dll.SoftpubAuthenticode wintrust.dll.SoftpubCleanup ole32.dll.CoTaskMemAlloc cryptsp.dll.CryptReleaseContext mscoree.dll.CoUninitializeEE mscoreei.dll.CoUninitializeEE mscorwks.dll.CoUninitializeEE ole32.dll.CoTaskMemFree ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware kernel32.dll.QueryActCtxW ole32.dll.CoGetContextToken kernel32.dll.GetFullPathNameW kernel32.dll.GetVersionExW advapi32.dll.CryptAcquireContextA advapi32.dll.CryptReleaseContext advapi32.dll.CryptCreateHash advapi32.dll.CryptDestroyHash advapi32.dll.CryptHashData advapi32.dll.CryptGetHashParam advapi32.dll.CryptImportKey advapi32.dll.CryptExportKey advapi32.dll.CryptGenKey advapi32.dll.CryptGetKeyParam advapi32.dll.CryptDestroyKey advapi32.dll.CryptVerifySignatureA advapi32.dll.CryptSignHashA advapi32.dll.CryptGetProvParam advapi32.dll.CryptGetUserKey advapi32.dll.CryptEnumProvidersA mscoree.dll.GetMetaDataInternalInterface mscoreei.dll.GetMetaDataInternalInterface mscorwks.dll.GetMetaDataInternalInterface mscorjit.dll.getJit uxtheme.dll.IsAppThemed kernel32.dll.CreateActCtxA user32.dll.RegisterWindowMessageW user32.dll.GetSystemMetrics user32.dll.AdjustWindowRectEx kernel32.dll.GetCurrentProcess kernel32.dll.GetCurrentThread kernel32.dll.DuplicateHandle kernel32.dll.GetCurrentThreadId kernel32.dll.GetCurrentActCtx kernel32.dll.ActivateActCtx kernel32.dll.lstrlen kernel32.dll.lstrlenW kernel32.dll.GetModuleHandleW kernel32.dll.GetProcAddress user32.dll.DefWindowProcW gdi32.dll.GetStockObject kernel32.dll.GetUserDefaultUILanguage user32.dll.RegisterClassW user32.dll.CreateWindowExW user32.dll.SetWindowLongW user32.dll.GetWindowLongW user32.dll.CallWindowProcW user32.dll.GetClientRect user32.dll.GetWindowRect user32.dll.GetParent kernel32.dll.DeactivateActCtx gdi32.dll.CreateCompatibleDC kernel32.dll.GetSystemDefaultLCID gdi32.dll.GetObjectW user32.dll.GetDC kernel32.dll.GetCurrentProcessId kernel32.dll.FindAtomW kernel32.dll.AddAtomW mscoree.dll.LoadLibraryShim mscoreei.dll.LoadLibraryShim gdiplus.dll.GdiplusStartup user32.dll.GetWindowInfo user32.dll.GetAncestor user32.dll.GetMonitorInfoA user32.dll.EnumDisplayMonitors user32.dll.EnumDisplayDevicesA gdi32.dll.ExtTextOutW gdi32.dll.GdiIsMetaPrintDC gdiplus.dll.GdipCreateFontFromLogfontW kernel32.dll.RegOpenKeyExW kernel32.dll.RegQueryInfoKeyA kernel32.dll.RegCloseKey kernel32.dll.RegCreateKeyExW kernel32.dll.RegQueryValueExW kernel32.dll.RegEnumValueW kernel32.dll.RegQueryInfoKeyW mscoree.dll.ND_RI2 mscoreei.dll.ND_RI2 mscoree.dll.ND_RU1 mscoreei.dll.ND_RU1 gdiplus.dll.GdipGetFontUnit gdiplus.dll.GdipGetFontSize gdiplus.dll.GdipGetFontStyle gdiplus.dll.GdipGetFamily user32.dll.ReleaseDC gdiplus.dll.GdipCreateFromHDC gdiplus.dll.GdipGetDpiY gdiplus.dll.GdipGetFontHeight gdiplus.dll.GdipGetEmHeight gdiplus.dll.GdipGetLineSpacing gdiplus.dll.GdipDeleteGraphics gdiplus.dll.GdipCreateFont gdiplus.dll.GdipDeleteFont gdiplus.dll.GdipGetLogFontW mscoree.dll.ND_WU1 mscoreei.dll.ND_WU1 gdi32.dll.CreateFontIndirectW gdi32.dll.SelectObject gdi32.dll.GetTextMetricsW gdi32.dll.GetTextExtentPoint32W gdi32.dll.DeleteDC dwmapi.dll.DwmIsCompositionEnabled user32.dll.SetWindowTextW user32.dll.GetProcessWindowStation user32.dll.GetUserObjectInformationA kernel32.dll.SetConsoleCtrlHandler user32.dll.GetClassInfoW kernel32.dll.GetStartupInfoW gdi32.dll.GetDeviceCaps user32.dll.CreateIconFromResourceEx user32.dll.SendMessageW gdi32.dll.GetLayout gdi32.dll.GdiRealizationInfo gdi32.dll.FontIsLinked gdi32.dll.GetTextFaceAliasW gdi32.dll.GetFontAssocStatus advapi32.dll.RegQueryValueExA user32.dll.GetSystemMenu user32.dll.GetWindowPlacement user32.dll.EnableMenuItem user32.dll.GetWindowTextLengthW user32.dll.GetWindowTextW user32.dll.SetWindowPos user32.dll.RedrawWindow user32.dll.ShowWindow cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptGetHashParam bcrypt.dll.BCryptGetFipsAlgorithmMode kernel32.dll.DeleteFileW kernel32.dll.CloseHandle advapi32.dll.LookupPrivilegeValueW advapi32.dll.AdjustTokenPrivileges kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW mscoree.dll.ND_RI4 mscoreei.dll.ND_RI4 kernel32.dll.SetErrorMode kernel32.dll.GetFileAttributesExW culture.dll.ConvertLangIdToCultureName gdiplus.dll.GdipLoadImageFromStream windowscodecs.dll.DllGetClassObject kernel32.dll.WerRegisterMemoryBlock gdiplus.dll.GdipImageForceValidation gdiplus.dll.GdipGetImageType gdiplus.dll.GdipGetImageRawFormat gdiplus.dll.GdipGetImageWidth gdiplus.dll.GdipGetImageHeight gdiplus.dll.GdipGetImageEncodersSize kernel32.dll.LocalAlloc gdiplus.dll.GdipGetImageEncoders kernel32.dll.RtlMoveMemory kernel32.dll.LocalFree gdiplus.dll.GdipSaveImageToStream oleaut32.dll.#8 oleaut32.dll.#9 oleaut32.dll.#10 gdiplus.dll.GdipCreateBitmapFromStream gdiplus.dll.GdipBitmapLockBits gdiplus.dll.GdipBitmapUnlockBits kernel32.dll.SwitchToThread gdiplus.dll.GdipDisposeImage cryptsp.dll.CryptGetProvParam cryptsp.dll.CryptImportKey cryptsp.dll.CryptSetKeyParam cryptsp.dll.CryptDecrypt cryptsp.dll.CryptEncrypt kernel32.dll.GlobalMemoryStatusEx shfolder.dll.SHGetFolderPathW advapi32.dll.RegSetValueExW kernel32.dll.CreateProcessW ntdll.dll.NtAlertResumeThread ntdll.dll.NtGetContextThread ntdll.dll.NtReadVirtualMemory ntdll.dll.NtSetContextThread ntdll.dll.NtWriteVirtualMemory kernel32.dll.VirtualAllocEx kernel32.dll.VirtualFreeEx kernel32.dll.VirtualProtectEx kernel32.dll.Wow64GetThreadContext kernel32.dll.Wow64SetThreadContext ntdll.dll.ZwUnmapViewOfSection user32.dll.DestroyIcon user32.dll.DestroyWindow user32.dll.PostThreadMessageW ole32.dll.OleInitialize ole32.dll.CoRegisterMessageFilter user32.dll.PeekMessageW user32.dll.IsWindowUnicode user32.dll.GetMessageW user32.dll.TranslateMessage user32.dll.DispatchMessageW user32.dll.PostMessageW user32.dll.GetMessageA user32.dll.EnumThreadWindows user32.dll.IsWindowVisible ole32.dll.OleUninitialize ole32.dll.CoWaitForMultipleHandles user32.dll.SetClassLongW user32.dll.UnregisterClassW kernel32.dll.DeleteAtom user32.dll.IsWindow gdi32.dll.DeleteObject advapi32.dll.LookupAccountSidW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx advapi32.dll.EventUnregister
Execute Commands
"C:\Windows\system32\svchost.exe"
Started Services
Nothing to display
Created Services
Nothing to display
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven03b_64 | Seven03b_64 | VirtualBox | 2018-04-30 15:18:04 | 2018-04-30 15:20:57 | 173 |
5 HTTP Request(s) detected
http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D
- Hostname: ocsp.thawte.com
- IP Address: 23.50.155.27
- Port: 80
- Count: 2
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.thawte.com
http://ocsp.thawte.com/
- Hostname: ocsp.thawte.com
- IP Address: 23.50.155.27
- Port: 80
- Count: 4
POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/ocsp-request Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Content-Length: 83 Host: ocsp.thawte.com
http://crl.thawte.com/ThawtePCA.crl
- Hostname: crl.thawte.com
- IP Address: 23.50.149.163
- Port: 80
- Count: 2
GET /ThawtePCA.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.thawte.com
http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECQHwgn9x49XTUub8kBoiBM%3D
- Hostname: ocsp.thawte.com
- IP Address: 23.50.155.27
- Port: 80
- Count: 2
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECQHwgn9x49XTUub8kBoiBM%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.thawte.com
http://cs-g2-crl.thawte.com/ThawteCSG2.crl
- Hostname: cs-g2-crl.thawte.com
- IP Address: 23.50.149.163
- Port: 80
- Count: 2
GET /ThawteCSG2.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: cs-g2-crl.thawte.com
Detected family: #Ispy
TheSystem Itself @ 2018-04-30 15:32:02
#infosec #automation
TheSystem Itself @ 2018-04-30 15:21:09