MalScore
100/100
MalFamily
Passwordstealera

pputty.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 48/65 Related 2616
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 348.00 KB (356352 bytes)
Compile time: 2017-10-09 17:06:41
MD5: 256d4639b4514c420f482cc9e795cac3
SHA1: 103667324e0c5cc4e670176a3c4bcfcbad06abba
SHA256: 8ef5cb13e0289194103ec83404dbc8539eb99788f0991bd1febb551ebb9e9bef
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-10-26 13:54:05
Last submission: 2017-10-26 13:54:05
Filename detected: - pputty.exe (1)
URL file hosting
hXXp://win.budgetshowdown.com:8080/web/pputty.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-10-11 00:30:13 [48/65] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x56244 353280 dd27a2ee54b218fd5b027038ffeb93e8 63f2ecc63517abe47d2712da94a24c67c48dec56
.rsrc 0x5a000 0x800 2048 a0099238a79c36d03b65c5535813727c 789849ca83e66caf0b647822e1b7cc5b5cf58014
.reloc 0x5c000 0xc 512 6dda1cbc1dabea5865337b7a1e27a3cc 77337259ecb289bc8a64824f665a5d950d12d30d
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x5a090 724 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x5a374 1144 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 1.3.0.0
InternalName: Client.exe
FileVersion: 1.3.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName:
ProductVersion: 1.3.0.0
FileDescription:
Translation: 0x0000 0x04b0
OriginalFilename: Client.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: XML
{0}\FileZilla\recentservers.xml
{0}\FileZilla\sitemanager.xml
System.Xml
FIle type: Library
\msvcp120.dll
\msvcp100.dll
\mozglue.dll
\msvcr120.dll
\nss3.dll
\msvcr100.dll
USER32.dll
KERNEL32.dll
ntdll.dll
IPHLPAPI.DLL
mscoree.dll
MSVCRT.dll
GDI32.dll
SHELL32.dll
SHLWAPI.dll
ole32.dll
ADVAPI32.dll
OLEAUT32.dll
IP Found
No IP detected
URL(s)
http://ip-api.com/json/
http://
http://api.ipify.org/
file:///
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://freegeoip.net/xml/
String too long
yxbo51EHwFuZpbqBel+PB9L1Obn8LvQyLk6BWfX3JNOB1N6R6Dv+D1vmIPuuTepEA8B0qn5Ps9EMI9rbCb/nV7X7QGStiByp1sEc7dr6ZsSQyq1rDeHyqBXZ4uD3IXH2Ad938X3LZb9u1tsULyFrlQ==
tYnU3SwT7KyDJScfAn5bfciIr3TJEU48lbFvOoPrnlfnsSLYE7BCVUaSchHq6hXecgpebSraLBTh3TOg7nLPFg==
NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==
EdKtCwpKpv4R6mW501RTxkL1a6AK438SvS40yFQ7qZs5naJ1FGXcO5EftQYpS4DmJrnPUJ4zxPd1swmy7Owt0w==
yumr4+M4SN8+PF6skZYLcj9GpeIJMVat3GP75uk1PuiZbM+hDs3+DOZJhBALmIf62bqa+wf8Pq0q+Ef9R09YyVZB9dZQPoujamiB/7FplpM=
LBMKd9qV4YKC1GCkVVjz1AeL45Fo9hpYKAqG7AeMBn5KvO6C+5Jk2Ywr5WZVcBZ6LNgDx81ifid49qhKmZ0VMcZiDPLx5B7cWVxwxSfMwm4=
EJlblX8+UmoZELsOSHBbAYuacvspZOPCjFDFgfMx+hTu35LY9GckOj07L6LkkhDaP+frVfmC9qwKaqe9v9zeSQ==
bVxkOILe24EldnGqZzWyAda1rVcW9NLRu91fo2kgdPlIFlIJic5JB51Ozs4p7cWUc1rcDNjxGojuWOOK/uLBpw==
TZZMJ6IwI5uBpfyKvUgDYgpO6STa8rcEBpMqRz2uNvTU3OGlHPFCkpDuuKfqMhXqfwh72qqtNQEKyH62MnbhRw==
Unknown
Type {0} contains generic parameters
Host Name
videoStreamConfig
The video source does not support configuration property page.
InternalName
Screen-saver
GetTypeID
Host
Response//CountryCode
Failed creating device enumerator
{0:X2}
Yandex\YandexBrowser\User Data\Default\Cookies
SELECT * FROM Win32_BaseBoard
StreamCodec can not be null.
{0}>> Session unexpectedly closed{0}
no bytes transferred
Uninstallation failed: {0}
fam
DeletePath Path too long
catalonia
Failed creating device object for moniker
RenamePath Path too long
http://ip-api.com/json/
cmd
No Firefox profiles could be found
GetUninitializedObject
Processor (CPU)
cookies
Opera Software\Opera Stable\Cookies
Renamed directory
PK11SDR_Decrypt
Response//City
Execution failed!
yxbo51EHwFuZpbqBel+PB9L1Obn8LvQyLk6BWfX3JNOB1N6R6Dv+D1vmIPuuTepEA8B0qn5Ps9EMI9rbCb/nV7X7QGStiByp1sEc7dr6ZsSQyq1rDeHyqBXZ4uD3IXH2Ad938X3LZb9u1tsULyFrlQ==
no pe file
<p class="h">[
The value must be between 0 and 255.
{0}\FileZilla\recentservers.xml
DeletePath Failed
TypeSerializers have to implement IDynamicTypeSerializer or IStaticTypeSerializer
Client.exe
:Zone.Identifier
\msvcp120.dll
path
does not exist in:
Serialize
Firefox does not have any profiles, has it ever been launched?
User
.exe
expires_utc
Uptime
secure
Yandex\YandexBrowser\User Data\Default\Login Data
FileDescription
SELECT * FROM AntivirusProduct
schtasks
Chrome
WAN IP Address
[InternetShortcut]
Firefox does not have any logins.json file
.bat
Opera
N/A
Adding to startup failed.
New Key #{0}
#"'&=<?>CBDBMLPOQOROUTVTWTXTYTZT[T\T`_a_b_c_d_e_gfihjhzy
SELECT Caption FROM Win32_OperatingSystem
logins.json
can't load DLL
Renamed file
Cannot change value: Error writing to the registry
Process already elevated.
tYnU3SwT7KyDJScfAn5bfciIr3TJEU48lbFvOoPrnlfnsSLYE7BCVUaSchHq6hXecgpebSraLBTh3TOg7nLPFg==
LastBootUpTime
stream
GetDirectory Path too long
Failed creating capture graph builder
Firefox is not installed, or the install path could not be located
NcFtjbDOcsw7Evd3coMC0y4koy/SRZGydhNmno81ZOWOvdfg7sv0Cj5ad2ROUfX4QMscAIjYJdjrrs41+qcQwg==
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
IconIndex=0
>> New Session created
information
<p class="h">[Enter]</p><br>
LastWin32Error
No devices of the category
%$'0);*<+@0A3E4G8I:J;K>MA[M\[]_^bfjglpmsstt
File does not exist
host_key
FileVersion
RenamePath Failed
URL=file:///
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A
ProductVersion
Failed creating filter graph
PixelFormat is not equal to previous Bitmap
OriginalFilename
No Firefox logins.json was found
\firefox.exe
origin_url
GetDirectory No permission
password_value
Input can not be empty.
Action failed: {0}
Alt
HostName
Software\Microsoft\Internet Explorer\IntelliForms\Storage2
</b>]</p><br>
Could not open root registry keys, you may not have the needed permission
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Path is too long
System Drive
Cannot rename value: Error writing to the registry
Failed creating sample grabber
Local Disk
Unable to write to File Stream
runas
3@'
\msvcp100.dll
wales
\mozglue.dll
Removable Drive
DeletePath I/O error
Type {0} is not marked as Serializable
moz_cookies
libPath
&gt;
Control
name
Unable to open root registry key, you do not have the needed permissions.
3L3H3P3
http://freegeoip.net/xml/
PID: {0}
HKEY_CLASSES_ROOT
last_access_utc
Domain Name
Video source is not specified.
england
Only on 64-bit systems supported
RenamePath No permission
Video Card (GPU)
Response//CountryName
SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions
RenamePath Path not found
Deleted directory
Username
rmdir /q /s "
GetDirectory Directory not found
PortNumber
BlockNumber bigger than MaxBlocks
GetDrives No drives
Install string was null or empty
EdKtCwpKpv4R6mW501RTxkL1a6AK438SvS40yFQ7qZs5naJ1FGXcO5EftQYpS4DmJrnPUJ4zxPd1swmy7Owt0w==
Could not create update batch file.
Getting Autostart Items failed: {0}
isSecure
Pass
ISP
dd.MM.yyyy HH:mm
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />Log created on
Bitmap width/height are not equal to previous bitmap
WinSCP
/k START "" "
\msvcr120.dll
negative length
Cannot create key: Error writing to the registry
priority
Unable to retrieve video device capabilities. This video device requires a larger VideoStreamConfigCaps structure.
Deleted file
HKEY_USERS
HKEY_CURRENT_CONFIG
VS_VERSION_INFO
{0} [{1}, {2}]
SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox
HH:mm
GetTypeFromHandle
root\SecurityCenter2
Domain: {1}{0}Cookie Name: {2}{0}Value: {3}{0}Path: {4}{0}Expired: {5}{0}HttpOnly: {6}{0}Secure: {7}
Must have access to Write in the Stream
host
Main
echo DONT CLOSE THIS WINDOW!
scotland
&apos;
Executed File!
Could not read cookie table
Getting uptime failed
Software\Microsoft\Windows\CurrentVersion\Run
Name
Cannot delete value: Error writing to the registry
Admin
Caption
NSS_Init
You do not have write access to registry:
<br><br>
displayName
Downloading file...
Could not add value
desktop.ini
SELECT * FROM Win32_BIOS
PK11_GetInternalKeySlot
MM-dd-yyyy
File not found
Comments
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
{0} {1} Bit
yumr4+M4SN8+PF6skZYLcj9GpeIJMVat3GP75uk1PuiZbM+hDs3+DOZJhBALmIf62bqa+wf8Pq0q+Ef9R09YyVZB9dZQPoujamiB/7FplpM=
move /y "
00:00:00:00:00:00
Memory (RAM)
PublicKeyFile
{0}x{1}
+ {0}
&nbsp;
Translation
$1:$2:$3:$4:$5:$6
Deserialize
UsLEdDWM8LhElseKxCAz
NSSBase64_DecodeBuffer
The video source does not support camera control.
GetDrives No permission
Showed Messagebox
Unable to read from File Stream
Network Drive
&#35;
SELECT * FROM FirewallProduct
PC Name
Adding Autostart Item failed: {0}
Could not remove value
Access denied
Not a valid SQLite 3 Database File
GET
grabber_video
SELECT * FROM Win32_DisplayConfiguration
(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})
Opera Software\Opera Stable\Login Data
logins
Could not create uninstall-batch file
({0}:{1})
key
TotalPhysicalMemory
Firefox
LegalTrademarks
Escape
Firefox Application Data folder does not exist!
UserName
Guest
Google\Chrome\User Data\Default\Cookies
ping -n 10 localhost > nul
username_value
chcp
shutdown
table
SELECT * FROM Win32_Processor
Failed creating device object for moniker.
Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
image/jpeg
Country
1WvgEMPjdwfqIMeM9MclyQ==
DeletePath Path not found
ControlKey
1.3.0.0
WritePrimitive
del /a /q /f "
@echo off
/create /tn "
ABCDEF
Updating...
MAC Address
8H9PE
No serializer for {0}
value
Process could not be started!
User: {0}{3}Pass: {1}{3}Host: {2}
<p class="h">[Esc]</p>
Execution failed: {0}
Response//IP
^.*(?=Windows)
Menu
\Mozilla\Firefox\Profiles
canceled
OnDeserialization
GetDrives I/O error
$E$
Return
LBMKd9qV4YKC1GCkVVjz1AeL45Fo9hpYKAqG7AeMBn5KvO6C+5Jk2Ywr5WZVcBZ6LNgDx81ifid49qhKmZ0VMcZiDPLx5B7cWVxwxSfMwm4=
start "" "
, try running client as administrator
Uninstalling... bye ;(
<p class="h">[{0}
Cannot serialize {0}: ISerializable not supported
Response//RegionName
Mono.Runtime
http
<style>.h { color: 0000ff; display: inline; }</style>
000004b0
<p class="h"><br><br>[<b>
encrypted_value
HKEY_CURRENT_USER
DeletePath No permission
grabber_snapshot
The value:
Crossbar configuration is not supported by currently running video source.
Port
Auto-vacuum capable database is not supported
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
-
System Directory
FriendlyName
ReadPrimitive
Downloaded File!
has_expired
source
EJlblX8+UmoZELsOSHBbAYuacvspZOPCjFDFgfMx+hTu35LY9GckOj07L6LkkhDaP+frVfmC9qwKaqe9v9zeSQ==
C# version only supports level 1 and 3
The video source must be running in order to display crossbar property page.
GetDirectory I/O error
" /f
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
GetDirectory File not found
UNIQUE
xClient.Properties.Resources
Unknown OS
No installs of firefox recorded in its key.
Multi-dim arrays not supported: {0}
bVxkOILe24EldnGqZzWyAda1rVcW9NLRu91fo2kgdPlIFlIJic5JB51Ozs4p7cWUc1rcDNjxGojuWOOK/uLBpw==
Yandex
httponly
Time Zone
session unexpectedly closed
VarFileInfo
Visited Website
SELECT * FROM Win32_OperatingSystem WHERE Primary='true'
root\SecurityCenter
LegalCopyright
No executable file
http://
exit
Shift
SQLite format 3
{0}\FileZilla\sitemanager.xml
.url
New Value #{0}
expiry
Cannot delete key: Error writing to the registry
&amp;
SOFTWARE\Mozilla\Mozilla Firefox
cookies.sqlite
Directory not found
RenamePath I/O error
/r /t 0
ProductName
Canceled
" "
\nss3.dll
[PRIVATE KEY LOCATION: "{0}"]
Firefox does not have any cookie file
/delete /tn "
file:
User refused the elevation request.
Select * From Win32_ComputerSystem
Unsupported format found.
Antivirus
Download failed!
DISPLAY
PK11_Authenticate
Removing Autostart Item failed: {0}
This video device does not report capabilities.
&lt;
Update failed: {0}
Key can not be empty.
Manufacturer
IconFile=
Cannot rename key: Error writing to the registry
Install Directory
HKEY_LOCAL_MACHINE
]</p>
{0}d : {1}h : {2}m : {3}s
Assembly Version
CompanyName
Firewall
nXY
({0}:{1}:{2})
{0}||{1}
InternetExplorer
Response//TimeZone
europeanunion
invalid header
" /sc ONLOGON /tr "
chcp 65001
The registry:
SerialNumber
{0} MB
LAN IP Address
GetDirectory Failed
/s /t 0
&quot;
{0}{4}{1}{4}{2}{4}{3}
TZZMJ6IwI5uBpfyKvUgDYgpO6STa8rcEBpMqRz2uNvTU3OGlHPFCkpDuuKfqMhXqfwh72qqtNQEKyH62MnbhRw==
" & EXIT
Description
http://api.ipify.org/
\msvcr100.dll
" /rl HIGHEST /f
Unknown type {0}
StringFileInfo
35.0.0
Password
Google\Chrome\User Data\Default\Login Data
{0} ({1}) [{2}, {3}]
FileZilla
Invalid rootkey, could not be found.
Win
persistent
Cannot create value: Error writing to the registry
serializer
get_Days
pPages
DateTime
isCrossbarAvailable
EnumSerializer
?M+a
ByteBuffer
filterMoniker
lMsg
get_IsRunning
get_Isp
KeyPath
PNG
textbuffer
REGISTRY_VALUE_CREATE_ERROR
set_Type
Host
crossbar
System.Runtime.Serialization.Json
2rPI
GetWebcam
TargetFrameworkAttribute
get_ChildNodes
%rW:
set_NewKeyName
ITypeSerializer
?_b`
get_Height
erT5
ValueName
p* *
UnverifiableCodeAttribute
lParam2
lParam1
RegValueData
set_Capacity
ArrayList
K mB
Substring
SampleSize
<Index>k__BackingField
FreeEventParams
keyPath
SetValueSafe
ComVisibleAttribute
GetEvent
set_RemoteAdresses
re
CopyCaptureFile
remove_ClientFail
get_IsByRef
WriteObject
ProxyClients
procName
Version
get_nextId
$56a868c0-0ad4-11ce-b03a-0020af0ba770
rootTypes
CryptoStream
set_Timezone
_mEvents
r ;
LocalPort
Culture
LockBits
_encodeBuffer
set_ParentPath
pbKeyState
GetCameraPropertyRange
FramesReceived
GetExtendedTcpTable
get_Ticks
algid
MouseUpExt
Int32
SetNotifyWindow
r(0
PtrToStructure
ReverseProxyConnect
OnKeyUp
path
set_Isp
Marshal
OnDown
jX(
+2 o
Dequeue
Serialize
keepAliveInterval
get_DeserializerSwitchMethodInfo
ManagementDateTimeConverter
tEXtSoftware
<>8__1
user32.dll
ProcessStartInfo
Dloo
^r*5
RuntimeFieldHandle
GetReaderMethodInfo
System.Security
xClient.Core.Packets.ClientPackets
get_Tag
GetILGenerator
,I(p
$56A8689F-0AD4-11CE-B03A-0020AF0BA770
System.Reflection.Emit
remove_MouseUpExt
get_ErrorMsg
Jm3x
SuppressFinalize
RemotePort
GCHandleType
SystemInfos
pinInfo
(u
WriteVarint64
OnUpExt
-K
IEnumerator
sourceObject
FilterInfo
IsDisposed
SetFormat
valueName
SetNotifyFlags
StringHelper
SystemParametersInfo
,{s
imageindex
DefineLabel
set_encryptedPassword
EnableVisualStyles
EndOfStreamException
Text
CryptGetHashParam
Point
2rLI
remove_ClientRead
pinDirection
get_BaseType
locker
Abort
Win32Exception
get_Host
m
RegionName
InterfaceTypeAttribute
<Target>k__BackingField
ImageFormat
&+M
get_States
<Titles>k__BackingField
imageQuality
ReleaseComObject
get_Processes
InvokeKeyPress
<NeedsInstanceParameter>k__BackingField
add_NewFrame
set_StandardOutputEncoding
HotKeys
SendAndFlushBuffer
set_IsMouseKeyUp
orKeySet
&+P
GetKeyListener
GetWindowThreadProcessId
GetPressEventArgs
set_RunHidden
set_Connected
Format
HostName
XpOrHigher
actualPoint
ICollection`1
GetLastWin32Error
StructureToPtr
mouseInfo
subkeyFullPath
&+
<>9__4_0
set_CrossbarVideoInput
AppDomain
EncoderParameter
GetDecoder
GetNumberOfCapabilities
ToDateTime
get_Is64Bit
get_ParentPath
GetUnderlyingType
szUserName
get_Bounds
get_CurrentDomain
stopCookie
<LocalAddress>k__BackingField
&+(
FromStream
Ldloc
GenerateDynamicSerializerStub
*2rk
GetConstructor
&+6
<URL>k__BackingField
OpenSubKey
oneShot
MouseEventHandler
WheelScrolled
Newarr
os
oj
get_Application
FromBase64String
rootKeyName
o'
LastError
% }F
AssemblyTrademarkAttribute
OpenAccess
ToByte
MkParseDisplayName
ReverseProxyDisconnect
ConstructorInfo
_decodedBitmap
Crp4
get_TotalMinutes
ox
Path
set_Text
remove_MouseDown
0A[i +
<KeyDown>k__BackingField
UTF8Encoding
TValue
get_NewKeyName
GetMouseListener
Ldarg_2
Ldarg_0
#Blob
set_LastLocated
ppenum
IMoniker
pszCanonicalized
get_Year
lcid
set_LocalPorts
DoUploadFile
PlayingFinished
RedirectStandardOutput
Authenticated
list
get_EnumUrls
BindingFlags
set_OperatingSystem
IDictionary
Type
streamConfigCaps
Username
LocationCompleted
get_ValueName
s=
<Image>k__BackingField
IEnumerable
DecodeZigZag64
0 rsK
GetTempPath
get_TotalSeconds
reader
containerType
triggeredAt
DeriveBytes
<Processname>k__BackingField
set_PID
<Webcam>k__BackingField
set_Width
set_Hidden
get_Kind
get_encryptedPassword
K MC
,& oJ
_HSa
set_Webcam
CreateDC
get_ExecutablePath
Char
SafeHandle
SetLogFile
8 uy
urlHash
ProcessModule
dwAdviseCookie
set_id
System.Collections.IEnumerator.Reset
Handled
get_OldValueName
get_LocalPorts
MouseUp
get_Name
GetValue
Handles
GetChangeRegistryValueResponse
bScan
<ID>k__BackingField
AForge.Video.DirectShow.Internals
payload
get_KeyChar
System.IDisposable.Dispose
%r,H
get_X
get_Y
DeleteDC
inStr
+,A
GenerateTypeData
memcmp
add_MouseDown
ReceiveConnection
Search
- ~
get_RunningOnMono
HardwareId
compressor
ZjX(
set_Processname
4r 4
target
(
LogDirectory
VideoResolution
GetRenameRegistryKeyResponse
scrollDown
idHook
DoVisitWebsite
OpenWritableSubKeySafe
ManagementBaseObject
get_OffsetToStringData
System.IO
mimeType
,0
<Command>k__BackingField
get_KeyCode
DialogResult
ToBinary
remove_ClientState
_encodedFormat
get_Now
formattedKeyValue
set_NewPath
.text
List`1
encryptedPassword
set_DesiredSnapshotSize
GetString
i(D
set_Proxy
Clone
WindowsPrincipal
Component
lpvReserved
XmlReader
X}y
GetFolderPath
EndOfStream
Ldc_I4_0
flags
GetDirectoryName
add_MouseDownExt
set_KeyName
WaitHandle
ToList
Convert
add_ClientRead
get_InstallPath
X r3
object
System.Configuration
OnNewFrame
FlushFinalBlock
DoProcessKill
get_AddressFamily
get_Monitor
SetCameraProperty
GetPhysicalAddress
add_VideoSourceError
webcam
AvailableCrossbarVideoInputs
CreateKeyListener
GetRenameRegistryValueResponse
AllocCoTaskMem
FlagsAttribute
ConnectionMediaType
SkipVerification
];Q
ToBase64String
get_HostName
Reconnect
DefineParameter
EndConnect
GetStreamCaps
OpenMode
Monitor
SetSyncSource
op_Subtraction
<FileName>k__BackingField
1 r
<>9__3_0
lpFileTime1
lpFileTime2
set_Match
set_URL
get_RemotePath
AddToStartupFailed
CreateDirectory
rgelt
EightPointOneOrHigher
StreamWriter
row_num
.!5!|!
Free
encryptedUsername
EncodeZigZag32
GetElementType
newFileName
pocsUrl
GatewayIPAddressInformation
- r
stop
- r
GetKeyloggerLogsResponse
r##
ToAscii
DriveType
System.Net
Conversions
$3C374A42-BAE4-11CF-BF7D-00AA006946EE
loadCerts
- r#
needToSimulateTrigger
dwProvType
`.rsrc
LastAccessUTC
cFilters
4.0.0.0
get_PinCounts
IsNameOrValueNull
get_timesUsed
System.Collections.IEnumerator.Current
CreateDecryptor
s_typeSerializers
get_Default
set_Source
CanRoute
get_Procedure
KeyDown
Priority
set_formSubmitURL
kernel32.dll
result
ImageIndex
GetHostEntry
Enumerator
DriveDisplayName
videoCapabilities
filename
authKey
DeleteValue
RegistryHive
get_Filename
set_disabledHosts
parentWindowForPropertyPage
pCapsFlags
REGISTRY_VALUE_RENAME_ERROR
WriteByte
get_timeLastUsed
Flush
FileTime
get_VideoCapabilities
punkISFolder
get_TickCount
xClient.Core.MouseKeyHook.Implementation
set_Browser
OpenBaseKey
jYl#
get_LastAccessUTC
MessageboxButton
GetEncoderInfo
ElapsedEventHandler
ConnectDirect
country
NewSegment
MonitorIndex
nXSrc
jrr5
Encoder
DVSD
GetCurrentThreadId
Regex
mssK
set_TenOrHigher
PlatformID
get_Authenticated
586{6J7
NullReferenceException
set_Webcams
set_SerializerSwitchMethodInfo
altGr
GetIPGlobalProperties
MouseEventArgs
set_IsConnected
set_Client
guid
GetRootKey
<DeserializerSwitchMethodInfo>k__BackingField
SetOneShot
get_version
get_IsReady
Keylogger
<GetGenWriter>b__3_0
WebRequest
enumMoniker
SafeHandleZeroOrMinusOneIsInvalid
IEnumMoniker
GetProcAddress
wstrURL
AddHistoryEntry
GetWebcamResponse
IYUV
get_ParameterType
GetReaderPrimitive
EncryptedData
+- r
GetBytes
?ca*
set_Secure
h}z
h}}
h}|
h}~
Process
dwThreadId
ProcessUp
ReadAllBytes
xClient.Core.Utilities
get_FilterCollection
DoPathRename
crH5
property
LocalPorts
procedure
encType
lParam
StringComparer
gR*
crossbarVideoInputs
Write
dwLayout
<ValueName>k__BackingField
set_ExpiresUTC
ExceptionCtorInfo
ProcessMove
OrderBy
Ldtoken
set_timeLastUsed
BYTEBUFFERLEN
get_Assembly
Stop
IPEndPoint
DoDeleteRegistryKey
System.Xml
get_BigEndianUnicode
mouse_event
plii
System.Management
ExpiresUTC
DoClientUninstall
OnMoveExt
nZ(
uParam
m_typeMap
driveDisplayName
& o
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!-- Windows Vista --> <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> <!-- Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> <!-- Windows 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <!-- Windows 8.1 --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> <!-- Windows 10 --> <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> </application> </compatibility> <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" > <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> <dpiAware>true</dpiAware> </asmv3:windowsSettings> </asmv3:application> </assembly>
set_AccountType
Primitives
DoDownloadAndExecute
System.Timers
set_Folders
lpszDriver
)B*F*
get_Text
snapshotMode
ExecuteCommand
WrapNonExceptionThrows
inherit
get_LocalPort
obtype
client
<GetGenReader>b__4_0
remoteports
,h(p
set_Host
dataPath
get_StartupItems
CreateSubKeySafe
VistaOrHigher
ReadPrimitive
isMouseKeyDown
Ldnull
<RunHidden>k__BackingField
get_AvailableCrossbarVideoInputs
auds
<CurrentBlock>k__BackingField
op_Explicit
get_usernameField
<SerializerSwitchMethodInfo>k__BackingField
RenameSubKeySafe
Br_S
GetVersionInfo
Rfc2898DeriveBytes
Reset
ApplicationContext
STAThreadAttribute
get_IsKeyDown
whichMethodToCallback
set_Tag
IHDR
System.Runtime.Versioning
Action`1
DoWebcamStop
get_ProvideSnapshots
MarkLabel
System.Globalization
localport
hwnd
<Data>k__BackingField
REGISTRY_KEY_RENAME_ERROR
eventArgs
SetCallback
get_HasValue
FileVersionInfo
REGISTRY_VALUE_CHANGE_ERROR
nYDest
inputPinIndex
>rH4
set_XpOrHigher
AddMatch
System
EventArgs
get_HardwareId
Application
System.Collections.IComparer.Compare
DoMouseEvent
K NA#&
Tailcall
<GetFormattedKeyValues>d__15
BeginFlush
m_KeyListenerCache
ParameterAttributes
ImageQuality
SetUserStatus
iuuu
get_VistaOrHigher
get_SourceObject
cypherText
GetSubtypes
DoShutdownAction
dimensions
remove_MouseMove
Win32NT
periodTime
SuppressUnmanagedCodeSecurityAttribute
get_logins
RenderStream
CreateInstance
GetCurrentBuffer
get_RootKeyName
add_MouseMove
Stloc_S
ExitThread
Property
MethodBase
#Strings
remoteport
9%qF&
&r=;
System.Collections
Image
ThrowExceptionForHR
_ !Y
GetWindowText
<Handle>k__BackingField
set_DriveDisplayName
isInputPin
get_Address
Enter
Environment
get_ExpiresUTC
ShouldOperationContinue
ReverseProxyData
9!9J9#:):e:p:
BUFFER_SIZE
get_Minutes
RenderEx
<FilesSize>k__BackingField
set_Padding
Matches
*Vs
set_RegionName
GetEventArgs
systeminfos
-!(p
set_Data
sizeDecompressed
EndInvoke
Decimal
<GenerateTypeData>b__0
QueryFilterInfo
QueryAccept
get_AddressPreferredLifetime
BufferCB
get_Persistent
WParam
get_Position
System.Diagnostics
GetUrlHistory
dwhkl
baseName
GetType
MouseListener
PathType
dwParam
B h[J
GetDirectoryResponse
p*rJ-
get_MonikerString
lpszOutput
set_Application
ThreadStaticAttribute
ProvideSnapshots
p*rD2
hWnd
$36B73882-C2C8-11CF-8B46-00805F6CEF60
get_Path
set_RedirectStandardError
Activator
rz'
IpAddress
' oH
isFileHidden
lpSystemTime
Handle
Description
get_SevenOrHigher
c&(c
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
<Name>k__BackingField
callbck
get_Win32NT
hwndOwner
<>1__state
GetSupportedTypes
CustomMessage
set_States
pszUrl
rZE
RemoveAt
EventWaitHandle
GetMonitorsResponse
- r(A
;q
physicalType
uFlags
targetServer
set_Persistent
crossbarVideoInput
get_SnapshotCapabilities
WriteVarint32
get_BaseStream
ManagementObject
get_DomainName
NewFrame
serializer
<Files>k__BackingField
OnSnapshotFrame
Title
RegSeekerMatch
PaddingMode
get_UTF8
TemporalCompression
framesReceived
CompareTo
get_Width
ContainsKey
set_WindowStyle
Peek
IsKeyUp
lr~5
, rON
graph
monitorIndex
get_encryptedUsername
CreateRegistryValue
set_Expired
get_HasSubKeys
IsNonChar
PhysicalAddress
set_RootDirectory
szInput
set_LocationCompleted
Socket
set_RedirectStandardOutput
get_URL
downloadurl
CopyTo
m_byteBuffer
Func`2
outItemOpt
ToDictionary
Where
txts
dwReserved
Secure
level
get_NewValueName
*2~
Processname
IEnumerator`1
BitConverter
UnhandledExceptionEventArgs
get_AbsoluteUri
GetDisplayName
_encoderParams
set_FilesSize
set_IsNonChar
get_City
rawData
add_OnHotKeysDownHold
get_Handled
ntdll.dll
Height
GenerateDynamic
port
get_encType
r3>
get_Second
TextReader
SetLastDirectorySeen
get_Lon
get_ExitCode
get_Passwords
OldKeyName
TableName
CompareExchange
set_HostName
get_Decoder
pMax
FileSystem
System.Core
CreateMouseListener
Client.exe
baseTime
runGraph
Int16
IOControl
<GetSubtypes>d__2
Delegate
STATURLEnumerator
<GetSubtypes>d__1
<ConnectionId>k__BackingField
r-#
r-!
Webcams
ParameterInfo
FromImage
sourceKey
get_Timestamp
get_Unicode
Seek
set_RootKeyName
IBindCtx
monikerString
GetExtension
set_Verb
AssemblyCompanyAttribute
pinsFetched
$56A868A9-0AD4-11CE-B03A-0020AF0BA770
?rN4
DeleteUrl
<Resolution>k__BackingField
LocalVariableInfo
get_Bmp
LastIndexOf
Enum
<OldValueName>k__BackingField
CopyArray
get_Day
GetMonikerString
set_Name
CryptReleaseContext
hFile
Default
GetStaticMethods
cbSizeFileInfo
MouseMoveExt
set_Path
AddRange
Time
Push
:r04
UrlString
Procedure
OnWheel
get_Length
GetDesktopResponse
hEvent
hModule
ProtocolType
ConnectionId
GetDrives
SnapshotResolution
values
<FromRawDataGlobal>d__11
W ~
RenameValueSafe
GetCurrentSample
<Version>k__BackingField
r
destKey
GetSystemInfo
Contains
get_DesiredFrameSize
sample
keyName
LastVisited
get_Processname
MAX_PACKET_SIZE
IPGlobalProperties
IKeyboardMouseEvents
cPages
-J+Z
$56A86895-0AD4-11CE-B03A-0020AF0BA770
Skip
FormatSize
ValueType
System.CodeDom.Compiler
GuidAttribute
FileGet
SetCompatibleTextRenderingDefault
pins
LocalAddresses
CollectionBase
ReadVarint64
get_CustomMessage
ToLower
VideoCaptureDevice
IsAssignableFrom
IDeserializationCallback
Passwords
irl5
get_Port
DecodeZigZag32
get_Count
j1~
CreateRegistryKey
DoStartupItemAdd
ErrorMsg
HMACSHA256
pVar
j1Q
set_HttpOnly
FormatPtr
&s5
+* o
frZ5
<>9__1_1
<>9__1_0
m_MouseListenerCache
FileTimeToSystemTime
-4 (
nXDest
GetValueKind
lpKeyState
keyboardStateNative
DisplayPropertyPage
QueryId
get_Button
DoLoadRegistryKey
GetWritePrimitive
get_GeoInfo
GetFormattedKeyValues
add_ClientWrite
get_KeyDown
+X
GetRange
<Encoding>k__BackingField
monitor
<RemotePath>k__BackingField
Compress
KeyName
+L
Ldarg_1
get_InstalledUICulture
_encodedHeight
UInt32
ToInt32
StartsWith
_ BY
get_CharBuffer
Ldloca_S
matches
get_Version
ConnectedTo
fileName
Is64Bit
6 757]7s7
ToString
K 4B
+!
set_Timeout
ILGenerator
<state>
2rHI
name
cacheSnapshotCapabilities
iphlpapi.dll
Utils
Parse
<RedirectOutputs>b__7_1
<RedirectOutputs>b__7_0
get_Username
&
pinIn
get_SubKeyCount
get_Webcams
outputPinCount
get_TypeMap
DeleteHistoryEntry
_encodedWidth
_r05
IsRunning
<>9__8_2
=:A e
<>9__8_0
<>9__8_1
Split
MajorType
newValueName
hrf5
Save
Ldelema
tblClass
set_Lat
MouseDoubleClick
DebuggerHiddenAttribute
get_UserName
get_FilesSize
Connected
Unadvise
ICryptoTransform
BitBlt
_imageProcessLock
<IsConnected>k__BackingField
firefoxPath
IsInRole
Use ToUnicodeEx instead
OnDownExt
args
AssemblyTitleAttribute
GetDeleteRegistryKeyResponse
receivePin
xClient.Core.NetSerializer.TypeSerializers
CryptAcquireContext
GetState
S&~
oldKeyName
GetKeyboardLayout
_jpgCompression
set_KeyPath
__result
<ErrorMsg>k__BackingField
formSubmitURL
get_Caption
GetPasswords
GatewayIPAddressInformationCollection
iavs
wScanCode
System.Security.Cryptography
MemberInfo
startTime
*2rpI
LastUserStatus
get_IsMouseDown
SettingsBase
playList
Start
Combine
message
size
city
*rr!
get_Expired
ControlStream
set_FileName
-S-d-
System.Collections.IEnumerable.GetEnumerator
set_Command
<Monitor>k__BackingField
FieldInfo
CopyValue
Data
EnumUrls
remove_KeyPress
set_LocalAddress
RegistryKey
set_Caption
HookResult
ColletCrossbarVideoInputs
cZjX}v
Enabled
Client
Int64
Send
TextInfo
get_OEMCodePage
"L"x"
o\
_index
,Us(
set_Passwords
.ctor
oH
<NewKeyName>k__BackingField
oO
remove_NewFrame
Constrained
MessageboxIcon
browser
get_IsSerializable
mscoree.dll
f{9D]r
bindContext
get_SystemInfos
ManualResetEvent
cObjects
hotKeyDelegate
<RemotePort>k__BackingField
get_DriveFormat
Call
set_Status
set_StandardErrorEncoding
filePath
Main
hProv
-e~m
Invoke
<virtualKeyCode>5__1
datapath
*j(
UriKind
newKeyName
set_VistaOrHigher
get_PathType
<GenerateTypeData>b__1
<>3__data
rD0
v4.0.30319
GetRootKeys
DrawImage
Name
<CountryCode>k__BackingField
buffer
Screen
set_Version
]r$5
Caption
DoDeleteRegistryValue
get_IsClass
Finalize
isKeyDown
AddUrl
).NETFramework,Version=v4.0,Profile=Client
CloseDesktop
set_Quality
PixelFormat
get_RootKey
get_MessageLoop
jYl#
Array
width
remove_MouseClick
IsExcludedKey
get_Matches
@.reloc
datetime
Width
set_LastAccessUTC
lpbKeyState
GenerateIV
<NewValueName>k__BackingField
slot
set_As
enumPins
newName
<CheckBlock>k__BackingField
get_Capacity
GetProcessesByName
set_encType
NetworkInterfaceType
%r H
WriteAllText
SpecialFolder
Byte
get_Chars
<>3__key
needToDisplayPropertyPage
CryptoStreamMode
.&rbA
Y}{
MoveNext
GetMonitors
cPins
DataProtectionScope
SetOutputFileName
System.Collections.Generic.IEnumerator<System.String>.get_Current
get_LastError
GetCreateRegistryKeyResponse
description
set_SnapshotResolution
DeleteRegistryValue
SetMode
get_Output
<ImageIndex>k__BackingField
TextWriter
DynamicMethod
MakeGenericMethod
set_CheckBlock
macAddress
AddSeconds
filters
System.Collections.Generic.IEnumerable<System.String>.GetEnumerator
pDefault
GetHashCode
set_NeedsInstanceParameter
set_Win32NT
<KeyPath>k__BackingField
rv2
SetFiltergraph
MessageBox
oc
InvokeKeyDown
DoRenameRegistryKey
CreateBindCtx
get_Location
interfaceID
CountryCode
System.Collections.Generic.IEnumerable<System.Type>.GetEnumerator
<LocalAddresses>k__BackingField
CurrentBlock
IsMouseKeyDown
FileClose
InvalidDataException
maxblocks
Target
parent
logins
filter
GetCurrent
SetTcpEntry
NewValueName
IList
get_Number
Directory
subkeycount
snapshotResolution
FrameworkDisplayName
s_primitives
set_HardwareId
region
`r65
pbData
FreeHGlobal
get_LocalAddresses
MakeArrayType
get_Item
GetGenReader
get_GUID
InternalsVisibleToAttribute
get_Block
fuState
FileStream
WriterMethodInfo
get_VideoResolution
$3C374A40-BAE4-11CF-BF7D-00AA006946EE
RuntimeCompatibilityAttribute
msvcrt.dll
get_FieldType
set_CreateNoWindow
Assembly
set_OldKeyName
UInt16
1.3.0.0
Unsubscribe
, r
Subtract
CreateFilter
ObjectDisposedException
OnUp
OldValueName
httpRealm
lpwTransKey
%- &
get_id
set_AllowAutoRedirect
Action
get_EightPointOneOrHigher
Round
ReadToEnd
GetEventHandle
resolutionToSet
rb.
Synchronized
set_BlockSize
WindowsIdentity
GetFileNameWithoutExtension
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
set_IsError
AllocCapFile
Open
GetHdc
RegistrySeeker
Size
PostMessage
hookId
$B196B28B-BAB4-101A-B69C-00AA00341D07
lValue
H ~
ParentPath
get_IsMouseKeyUp
ChangeRegistryValue
RenderFile
SortFileTimeAscendingHelper
remove_PlayingFinished
CryptHashData
Hidden
$29840822-5B84-11D0-BD3B-00A0C911CE86
MakeByRefType
InstallPath
hDesktop
hostname
get_DriveType
get_formSubmitURL
hMod
get_Type
xClient.Core.Compression
_pressedKeys
events
BlockCopy
<KeyName>k__BackingField
get_CodePage
+),C,X,q,
get_Lat
Clear
set_MessageboxIcon
7,898I8=;S;T<
AMMediaType
targetStream
GetLastInputInfo
riid
DoRenameRegistryValue
<>m__Finally1
GetProcesses
F4@+
unixTime
ruO
get_IsKeyUp
DeserializerSwitchMethodInfo
MouseButtons
Port
SetFilter
DebuggableAttribute
REGISTRY_KEY_CREATE_ERROR
Ldloca
nCode
HEADER_SIZE
get_BaseAddress
FileOpen
G f
passwordField
Ldflda
<MessageboxIcon>k__BackingField
uMapType
op_GreaterThanOrEqual
ProcessDown
xClient.Core.Packets.ServerPackets
GetPathRoot
SetAuthenticationSuccess
param
get_BytesReceived
get_AddToStartupFailed
MouseClick
RootKey
set_HasSubKeys
IPAddress
WebClient
IsModifierKey
get_MonitorIndex
add_MouseDoubleClick
<scanCode>5__2
get_DriveDisplayName
p*r"2
_logFileBuffer
ExtensionAttribute
ResourceManager
hS*"
m_typeIDMap
filessize
<DownloadURL>k__BackingField
QueryPinInfo
get_Description
UnsafeStreamCodec
IComparer`1
output
GetPasswordsResponse
lNoNotifyFlags
DisplayCrossbarPropertyPage
get_Files
dwRop
IsGenerated
GetDirectories
ParameterModifier
set_passwordField
ArgumentException
videoResolution
z()
IOControlCode
K D
set_UserAgent
ReadByte
5 515]5s5
Double
3N~
MessageBoxOptions
timeout
JoinFilterGraph
set_ImageIndex
dwFlags
z(X
get_MaxBlocks
IComparable
~
z(V
Interlocked
set_Country
dataList
hostsManager
cchBuff
<Region>k__BackingField
AssemblyCopyrightAttribute
Message
set_X
set_HostKey
add_KeyPress
setLastDirectorySeen
GetFiltergraph
image
BitmapData
,hr
get_HttpOnly
GetGenWriter
get_IsDisposed
desiredAccess
startIndex
streamConfig
GCHandle
inStream
Empty
dwDataLen
defaultValue
HttpWebResponse
get_As
controlFlags
j/ r~
^rU;
DeleteFile
pcchCanonicalized
outputPinIndex
FileNotFoundException
scanCode
Persistent
12.0.0.0
KeyPressEventArgs
pEvCode
+ r
-!
IndexOf
ElapsedEventArgs
timeLastUsed
GetProcessesResponse
Close
_urlHistoryList
s_emptyByteArray
Space
~?bu_
get_UnicastAddresses
SortFileTimeAscending
QueryVendorInfo
get_Quality
file
Predicate`1
GetAuthenticationResponse
apPin
set_LocalAddresses
moniker
Read
unkPtr
GetSubKeyNames
AdviseTime
field
$AFA0DC11-C313-11D0-831A-00C04FD5AE38
Password
Ldarga_S
Yr 5
set_nextId
get_SetLastDirectorySeen
set_Matches
get_Value
<Output>k__BackingField
8r$4
set_IsMouseKeyDown
set_Arguments
SetCursorPos
HasMoved
set_Interval
- (;
r('
lpPageClsID
KeyPress
remove_MouseDownExt
TKey
Ldind_Ref
GetCaps
gAMA
resolution
EventFacade
SetCurrentCrossbarInput
SocketType
get_RemotePorts
Compression
wVirtKey
GetConnectedMediaType
GetDefault
frameRate
filetime
FindInterface
ProcessKey
get_Clicks
ar<5
GenerateDynamicDeserializerStub
R:A
DoChangeRegistryValue
.cctor
SubType
AsyncCallback
FileSystemInfo
get_OldKeyName
mscorlib
GetArrayRank
FileMode
YUYV
RegistryValueKind
GenerateReaderMethod
&rZH
<Webcams>k__BackingField
DoUploadAndExecute
set_Action
connectionId
lpvParam
GetMethod
IOException
DeserializerSwitch
CallNextHookEx
newpath
SourceObject
DecodeData
videoStreamConfig
FileName
remove_ClientWrite
Kernel32.dll
Kill
<>2__current
Guid
lpSTATURL
pErrorLog
$56A868B1-0AD4-11CE-B03A-0020AF0BA770
ProcessWheel
RemoteAdresses
Disconnect
pwszBuff
sync
ipVersion
<OperatingSystem>k__BackingField
get_SnapshotResolution
titles
pass
Join
UnicastIPAddressInformationCollection
codecBuffer
screenNumber
System.Reflection
clock
set_ValueName
operatingsystem
version
OleCreatePropertyFrame
RuntimeTypeHandle
lEventCode
method
DriveInfo
BytesReceived
DoPathDelete
z%(V
:a 8
Helpers
profilePath
get_IpAddress
set_MessageboxButton
UInt64
oI
sender
ToInt64
GetMethods
LastUpdated
set_Monitor
SetMediaType
wFlags
action
Ldfld
Q ){
Append
StartupItems
. 7
ContainsKeyChar
<IsError>k__BackingField
OnDoubleClick
RegistryView
rawHosts
op_Equality
Instance
% o
3$~
cButtons
runhidden
_lastWindowTitle
ToUnicodeEx
X j
p*rR2
countrycode
get_DesiredSnapshotSize
keyChar
listSize
MapVirtualKeyEx
RenameRegistryValue
set_Handle
j_ea*
Delete
StreamReader
get_LastUserStatus
<>c__DisplayClass11_0
AssemblyDescriptionAttribute
get_IsSealed
,&~
get_Index
<>l__initialThreadId
<Filename>k__BackingField
GetResponseStream
rb/
set_Output
Browser
*.s
dwExtraInfo
keyData
CopyKey
GetTypeFromCLSID
<Id>k__BackingField
set_RootKey
streamTime
GetCreateRegistryValueResponse
- r
_encoding
get_InnerList
<PathType>k__BackingField
states
processname
)+E
REGISTRY_VALUE_DELETE_ERROR
Folders
information
set_timeCreated
CompareFileTime
1 (;
Expires
ParameterBuilder
*~(M
.!///:/_/
get_hostname
set_SevenOrHigher
AddSourceFilter
Expired
get_IsGenerated
UnlockBits
RemoteAddress
lpFileName
Flags
$0$D$o$
Emit
~U
dj(
OpCodes
DirectoryNotFoundException
get_Message
!This program cannot be run in DOS mode. $
System.Collections.Generic.IEnumerator<System.Type>.get_Current
set_MaxBlocks
callback
, ~
, ~
File
set_NewValueName
SocketFlags
Throw
-h(k
RestoreDefaultHandling
InvokeKeyUp
ppmk
Dispose
"L$g$ %!%
DoDownloadFileCancel
get_PID
EncodeZigZag64
set_IsKeyUp
%o@
<ParentPath>k__BackingField
xClient.Core.ReverseProxy.Packets
GetCurrentProcess
messageboxbutton
get_RemotePort
TrimStart
lpszDevice
Binder
set_RunningOnMono
remove_OnHotKeysDownOnce
get_Hidden
timestamp
VideoCapabilities
pinIndex
:Y y`
7:A
CreateDelegate
<.ctor>b__8_0
^rE#
rL'
get_Key
ComInterfaceType
<CustomMessage>k__BackingField
ToPointer
hotkeys
System.Runtime.InteropServices.ComTypes
get_Millisecond
milliSecsTimeout

set_Handled
GenericSerializer
get_FileCount
GetAuthentication
set_usernameField
stopEvent
remoteadresses
get_Ordinal
hive
BSJB
get_Scan0
GenerateWriterMethod
<AccountType>k__BackingField
get_MainModule
a!h!
DoEvents
_ea*
set_Exiting
anyKeyInTheExclusiveOrSet
op_Inequality
get_Browser
IPAddressInformation
get_Stride
set_PCName
cacheVideoCapabilities
HashAlgorithm
reason
SeekOrigin
keyVal
xClient.Core.MouseKeyHook
Strings
Block
p*r,2
PCName
IntPtr
thread
qG:8
caption
DataContractJsonSerializer
TypeMap
add_PlayingFinished
webcams
<NewPath>k__BackingField
<Port>k__BackingField
Hostname
number
gdi32.dll
m%
get_EightOrHigher
+-
KeyEventHandler
get_TextInfo
get_Param
get_Timezone
GetWebcams
GetSyncSource
_ignoreSpecialKeys
System.Linq
add_ClientState
Callvirt
set_City
Offset
System.Collections.Generic.IEnumerable<xClient.Core.MouseKeyHook.KeyPressEventArgsExt>.GetEnumerator
InvalidOperationException
KeyListener
set_Is64Bit
wMsg
set_SystemInfos
IDictionary`2
- r;L
Callback
<DriveDisplayName>k__BackingField
set_WorkingDirectory
get_FileName
FileInfo
*Z~i
CreateSession
AssemblyConfigurationAttribute
kind
JpgCompression
get_Source
poszFilter
pathtype
xClient.Core.Registry
pchEaten
IsMouseDown
set_LocalPort
, rJ(
Ceiling
&r[?
TimeSpan
OpenShare
(1
pSteppingDelta
<Folders>k__BackingField
Current
Mutex
set_version
-8~
SizeOf
<FromRawDataApp>d__10
UnicastIPAddressInformation
VideoSourceError
TrimEnd
UnhookWindowsHookEx
pszProvider
DictionarySerializer
set_hostname
set_CountryCode
messageboxicon
phHash
folders
enumFilters
<RemoteAdresses>k__BackingField
set_InstallPath
chars
set_Key
%r-:
IsEmpty
-P.`.p.$1
fileSinkFilter
UnescapeDataString
endIndex
get_NewLine
vKey
IPHostEntry
clear
ptr2
SetWindowsHookEx
ptr1
Subscribe
get_ManagedThreadId
Boolean
add_MouseWheel
get_AccountType
allowEscAbort
set_EightOrHigher
userTypeSerializers
set_ErrorMsg
<Key>k__BackingField
MethodInfo
bufferSize
Stind_Ref
StringComparison
<SetLastDirectorySeen>k__BackingField
m_serializerSwitch
CompilationRelaxationsAttribute
r]
nY2
DoCreateRegistryKey
,
<Country>k__BackingField
OpenDesktop
ppUnk
get_Is64BitOperatingSystem
MouseWheel
MemoryStream
set_Index
CreateClassEnumerator
Value
WriteFile
pceltFetched
disabledHosts
get_HasExited
Filename
, r
Connect
xClient.Core.Recovery.Browsers
Random
bytes
, ~
get_StandardError
ThreadPool
UrlCanonicalize
2-3G3
add_Elapsed
<r<4
add_KeyUp
Single
SetSuspendState
Create
virtualKeyCode
SetStatusFileManager
$C6E13380-30AC-11D0-A18C-00A0C9118956
get_MimeType
<Quality>k__BackingField
configdir
PrimitivesSerializer
HostKey
set_MonikerString
baseFilter
TryGetValue
$6A2E0670-28E4-11D0-A18c-00A0C9118956
set_CurrentPath
GetWriterMethodInfo
HasSubKeys
IEND
get_Region
Kind
Microsoft.VisualBasic
set_EightPointOneOrHigher
City
CHARBUFFERLEN
startCookie
$56A86891-0AD4-11CE-B03A-0020AF0BA770
set_Height
isError
ThreadStart
get_RegionName
m_charBuffer
GetParameters
context
SetResolution
set_UseShellExecute
set_IsKeyDown
Clicked
point
set_RemotePorts
FormatterServices
;r64
get_IsGenericType
cY10
DeclareLocal
Rectangle
MonikerString
<>3__type
<fuState>5__3
GetAllNetworkInterfaces
IsConnected
NeedsInstanceParameter
bufferThem
InvalidCastException
get_Handle
get_IsInvalid
V:>zp3
Concat
set_Method
,(~
<Matches>k__BackingField
FindPin
StringBuilder
get_Data
<Block>k__BackingField
provideSnapshots
Switch
r\B
@ N)
pTime
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADi
add_KeyDown
<Path>k__BackingField
ToDouble
)
DoDownloadFile
CompilerGeneratedAttribute
pocsTitle
<MonikerString>k__BackingField
get_IsValueType
get_RegFilterCollection
WorkerThread
rr2
NewKeyName
get_AddressList
Newobj
get_timeCreated
&r$I
-)r
set_Username
Unbox_Any
get_ItemOf
DownloadFile
GetTypeID
OpCode
SecurityException
Copy
ReadStream
get_IV
rX/
add_ApplicationExit
timeCreated
keys
System.Text
GetName
get_ByteBuffer
MouseMove
Item
get_ID
<PCName>k__BackingField
user
get_Command
System.Collections.Generic.IEnumerator<System.Type>.Current
MessageBoxDefaultButton
add_MouseClick
System.Resources
BeginConnect
RegistryEditor
System.Collections.IEnumerator.get_Current
get_Ip
get_Id
get_LocalAddress
RedirectOutputs
Quality
<Y>k__BackingField
get_Delta
FromTicks
FrameRate
set_Target
&ry?
ManagementObjectSearcher
firstCharRead
DoShellExecute
Stopwatch
get_CrossbarVideoInput
Files
GetObject
$0579154A-2B53-4994-B0D0-E773148EFF85
X}x
get_ImageIndex
set_LastError
source
readBytes
input
localports
appendText
m_userTypeSerializers
SignalToStop
enumerator
format
actualFrameRate
XmlDocument
(z
SetStatus
LocalBuilder
SetValue
Ldc_I4_1
GetDownUpEventArgs
GetDesktop
get_DownloadURL
GetDirectory
&(z
ArraySerializer
bj`m
get_LocalIndex
filterName
Show
get_ConnectionId
CheckIfCrossbarAvailable
dwFileAttributes
Exit
nextId
get_Values
get_FileVersion
SystemException
inputPinCount
FromBinary
minValue
videoInput
$6B652FFF-11FE-4FCE-92AD-0266B5D7C78F
oldName
sizeCompressed
set_Region
z u)
set_logins
String
ImageLockMode
GetCurrentActualFrameRate
ExplorerUrlHistory
_CorExeMain
DebuggerNonUserCodeAttribute
Adobe ImageReadyq
EncoderParameters
remove_KeyDown
AddUrlAndNotify
get_Secure
_timerFlush
StopWhenReady
KeyValuePair`2
set_Authenticated
QueueUserWorkItem
Timer
- r4(
get_CurrentPath
krx5
Command
set_timesUsed
DebuggingModes
_readLock
GetTimestamp
InitializeArray
set_Processes
get_LastLocated
hidden
rootDirectory
get_Hours
_read
GetByteCount
GetPixelFormatSize
DeleteValueSafe
needToDisplayCrossBarPropertyPage
Microsoft.VisualBasic.CompilerServices
Microsoft.Win32
Timezone
<HasSubKeys>k__BackingField
block
ToArray
set_KeyDown
DoCreateRegistryValue
7 8d8w8
pdwAdviseCookie
EditorBrowsableAttribute
DateTimeKind
keybd_event
RemoveFilter
get_Image
AppendFormat
xClient.Properties.Resources.resources
FindAll
System.Collections.Generic.IEnumerator<xClient.Core.MouseKeyHook.KeyPressEventArgsExt>.get_Current
get_Encoding
2rTI
Keys
set_Attributes
ArZ4
localAddress
get_CurrentBlock
XmlElement
QueryDirection
scanArea
DoClientDisconnect
files
SerializerSwitchMethodInfo
get_IsAbstract
set_guid
Y
p*r.-
EnumPins
compressible
EnumMediaTypes
LocalAddress
Drv4
delta
get_IsGenericMethod
Resolution
isMouseDown
Load
IStaticTypeSerializer
2No longer supported. Use AverageFrameRate instead.
_prc
DesiredSnapshotSize
EndFlush
get_Minute
System.Drawing
GetEncoder
shell32.dll
get_FullName
Count
FirstOrDefault
BeginSeeking
get_timePasswordChanged
Processes
<IsDisposed>k__BackingField
isMouseKeyUp
Dictionary`2
get_IsConnected
BeginInvoke
ToCharArray
set_FullName
remove_KeyUp
add_OnHotKeysDownOnce
<Action>k__BackingField
_readStreamLock
get_OSVersion
m_Procedure
get_Webcam
CanCallDirect
IUrlHistoryStg2
urlHistory
ClearHistory
<Passwords>k__BackingField
get_OperationalStatus
filterInfo
$93E5A4E0-2D50-11d2-ABFA-00A0C9C6E38D
6,6T6
CallingConvention
set_ImageQuality
%(w
RemotePorts
%(t
AddressFamily
%(p
FormatType
get_IsEnum
CrossbarVideoInput
DirectoryInfo
hdcSrc
Output
add_MouseUpExt
set_DeserializerSwitchMethodInfo
j j
RuntimeHelpers
FilesSize
set_encryptedUsername
CurrentPath
Ldlen
p*r82
get_Country
get_Platform
rO>
REGISTRY_KEY_DELETE_ERROR
pcname
code
get_DesiredFrameRate
set_CustomMessage
BaseListener
+ o
rA!
+`
#$#>#d#
query
34 +
<Processes>k__BackingField
+l
set_httpRealm
vendorInfo
prR2
Object
timerFlush_Elapsed
IDAT8O]
IsMouseKeyUp
+@
CryptDestroyHash
get_LocationCompleted
<PID>k__BackingField
XmlNode
set_Lon
IOrderedEnumerable`1
GetFileName
Webcam
SystemTime
3System.Resources.Tools.StronglyTypedResourceBuilder
Region
pTcprow
@[l(V
get_Hostname
Name countryCode
QueryUrl
IsModifierKeysSet
WaitForStop
get_IsArray
Render
-(~
get_KeyName
ContainsSubKey
GetTypeData
timezone
set_FileCount
ObsoleteAttribute
SerializerSwitch
Frame
Select
Index
<States>k__BackingField
DoStartupItemRemove
GetFrameRateList
KeyPressEventHandler
EditorBrowsableState
get_Password
SnapshotCapabilities
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
RedirectStandardError
p rtI
ContainsValue
index
CultureInfo
rate
celt
-
get_Zip
<>7__wrap2
<>7__wrap1
get_MessageboxButton
GetStartupItems
oldFileName
GetConnectionsResponse
get_PCName
- r
CodeGenContext
m_DoubleDown
CipherMode
get_Target
_staturl
SelectSingleNode
usernameField
nHeight
Stream
set_Block
KEEP_ALIVE_TIME
DoAskElevate
DoShowMessageBox
EnumDesktopWindows
sRGB
Ldloc_S
IsNullOrEmpty
z t)
writer
s=
Conv_I4
shlwapi.dll
Status
LParam
stream
3e+?
<OldKeyName>k__BackingField
p*r`2
BindToObject
DoDownloadFileResponse
genType
flushInterval
` N)
0 r,J
MaxBlocks
remove_OnHotKeysDownHold
GetStartupItemsResponse
XmlTextReader
errorMsg
$56A86892-0AD4-11CE-B03A-0020AF0BA770
lInstanceData
Brj4
<MaxBlocks>k__BackingField
typeMap
GetMode
set_Description
CodeImage
AccountType
BeginReceive
uAction
AllocHGlobal
snapshotCapabilities
OnClick
set_Priority
<SystemInfos>k__BackingField
add_MouseUp
reserved
SystemTimeToFileTime
GetCurrentCrossbarInput
uScanCode
wqww
rO!
WaitCallback
xClient.Core.MouseKeyHook.WinApi
OperatingSystem
WindowsBuiltInRole
<LocalPorts>k__BackingField
pinIndexRelated
set_StartupItems
System.ComponentModel
stepSize
EventHandler`1
remove_MouseMoveExt
OnMove
Alloc
get_IsInterface
ToLocalTime
. r0
GetValueNames
currentblock
GetDrivesResponse
System.Threading
collection
RenameRegistryKey
get_Month
msTimeout
TypeData
get_ContainsGenericParameters
CancelDefaultHandling
<Hidden>k__BackingField
status
ppbc
rr.
UnhandledExceptionEventHandler
SampleCB
HotKeysActivated
element
FieldAttributes
ObjectSerializer
+(~
DesiredFrameSize
GeoInfo
<RootKey>k__BackingField
GetImageEncoders
GetForegroundWindow
set_Serializer
set_Y
HttpWebRequest
ReaderMethodInfo
mediaType
set_Hostname
set_Number
get_NeedsInstanceParameter
get_Resolution
Match
set_DesiredFrameRate
IComparer
EightOrHigher
Shell
DoClientReconnect
Buffer
get_Current
OpenRead
set_IpAddress
set_Resolution
set_ProvideSnapshots
nMaxCount
ole32.dll
get_NetworkInterfaceType
Microsoft.Win32.SafeHandles
pressedKeys
wParam
get_disabledHosts
Execute
brB5
ppvOut
AddSourceFilterForMoniker
AesCryptoServiceProvider
get_MachineName
set_Ip
libPath
GetValueSafe
=rB4
get_AllScreens
set_Id
fWriteHistory
search
KEEP_ALIVE_INTERVAL
XmlObjectSerializer
NotSupportedException
+ rsK
set_StartInfo
mode
\vZ"ZB!
set_ID
renderer
TypeID
m_Handle
System.Drawing.Imaging
get_XpOrHigher
+
FILETIME
Next
MouseDownExt
remove_VideoSourceError
rXI
rootKey
get_Attributes
+
category
+4
(
GetSystemInfoResponse
GetKeyloggerLogs
3k~
+
+9
get_Seconds
+(
IPInterfaceProperties
SetKeepAliveEx
set_Timestamp
GetWritableRegistryKey
[i}r
[i}q
OpenReadonlySubKeySafe
ArgumentNullException
maxValue
filtersFetched
get_Major
+U
MakeGenericType
get_ImageQuality
NetworkInterface
xClient.Core.NetSerializer
+d
+t
System.Collections.Generic.IEnumerator<System.String>.Current
ReverseProxyConnectResponse
length
+r
m_PreviousPosition
remotepath
_enumerator
RootKeyName
<Caption>k__BackingField
m_SingleDown
WaitForExit
processId
Pause
localPort
DeleteRegistryKey
hKey
DataContractAttribute
set_ConnectionId
set_Item
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
HighlightSpecialKeys
ToUpper
type
quality
start
_inputWriter
data
ISerializable
OnKeyDown
MessageBoxIcon
deviceMoniker
GetMaxAvailableFrameRate
DoProcessStart
<Username>k__BackingField
IsWellFormedUriString
Exception
add_ClientFail
set_IsMouseDown
sort
<IDs>k__BackingField
remove_MouseWheel
- rW#
TenOrHigher
bufferLen
nWidth
IndexOutOfRangeException
GetKeyboardState
poctNotify
<RemotePorts>k__BackingField
_encoderInfo
GetGenericArguments
OperationalStatus
set_Length
get_Exiting
GetTypeFromHandle
IAsyncResult
set_AddToStartupFailed
scan0
remove_MouseUp
FileAttributes
get_Connected
Castclass
GetEnumerator
_imageQuality
*.sD
SymmetricAlgorithm
*.s\
<MessageboxButton>k__BackingField
~V
!r=;
searchTerm
GetDelegateForFunctionPointer
MessageBoxButtons
NewPath
nPin
EndPoint
1 r
Xn?N
~m
IsKeyDown
pdwDataLen
Graphics
DoShellExecuteResponse
,4(
GetKeyState
SetBufferSamples
XmlNodeList
ApplicationException
GetGenericTypeDefinition
get_DocumentElement
get_Titles
ToUInt64
connected
GetResponse
System.Runtime.Serialization
get_StandardOutput
$C6E13370-30AC-11d0-A18C-00A0C9118956
prD2
remove_MouseDoubleClick
SHGetFileInfo
GetClassID
FileAccess
KeyUp
Stack`1
IsError
GetProcessById
lpFileTime
Exiting
parentPath
get_ProcessName
set_Position
&s7
ReconnectEx
get_LocalEndPoint
nXi
iX}{
zs\
get_SerializerSwitchMethodInfo
text
System.Runtime.InteropServices
Semaphore
unconnected
Enumerable
Math
UnmanagedFunctionPointerAttribute
GetTime
set_KeySize
j}
set_VideoResolution
buttons
numbytes
get_OperatingSystem
Decoder
advapi32.dll
o
Client.Tests
pszPath
GetPinCapabilitiesAndConfigureSizeAndRate
handle
Deserialize
get_RunHidden
System.Runtime.CompilerServices
FreeCoTaskMem
zs
vids
memcpy
inLen
processes
timePasswordChanged
SByte
z&r
set_RedirectStandardInput
Move
;E<f<x<
GetDeleteRegistryValueResponse

filterState
<MonitorIndex>k__BackingField
pr"2
pTcpTable
.NET Framework 4 Client Profile
Queue`1
RootDirectory
frame
set_Filename
outStream
packet
Source
oleaut32.dll
<HostName>k__BackingField
get_IsNonChar
L X S _ 0 Q
WaitOne
0*0@0g0
set_IsBackground
newFilePath
add_MouseMoveExt
state
ManagementObjectEnumerator
get_Client
DeleteSubKeyTree
psfi
.
KeyEventArgs
$C6E13340-30AC-11d0-A18C-00A0C9118956
GetWebcamsResponse
get_IsTerminating
ReadVarint32
<GetFieldInfos>b__1_0
<GetFieldInfos>b__1_1
IDisposable
get_CountryCode
outputPin
Exists
System.Security.Principal
get_RemoteAdresses
GetCameraProperty
hSemaphore
set_LastUserStatus
Titles
@rT4
set_DownloadURL
IDynamicTypeSerializer
GetFormat
graphBuilder
retInterface
Q
set_Files
CreateSubKey
PowerState
<Number>k__BackingField
set_Mode
set_Org
Label
rgO
9r*4
ValueCollection
set_IDs
ClassID
AssemblyProductAttribute
OnKeyPress
Timestamp
<Type>k__BackingField
Equals
System.Net.NetworkInformation
CharBuffer
json
<Value>k__BackingField
set_MonitorIndex
username
cacheCrossbarVideoInputs
WritePrimitive
set_Zip
,5(\
DataMemberAttribute
get_SystemDirectory
set_Message
DownloadURL
Multiply
MulticastDelegate
MouseDown
<RootKeyName>k__BackingField
lpString
pszContainer
ComputeHash
QueryInternalConnections
PathTooLongException
GetConnections
AForge.Video.DirectShow
FixedSizeSamples
K B
Number
value
Bitmap
<LocalPort>k__BackingField
<City>k__BackingField
m_deserializerSwitch
get_Hour
get_CanWrite
HttpOnly
isKeyUp
Brtrue_S
get_Priority
UnauthorizedAccessException
custommessage
EndReceive
hHash
get_Org
get_UtcNow
set_IsDisposed
_b`
RunHidden
Ldelem
streamReader
FindFilterByName
Sort
get_Exists
set_CurrentBlock
get_Serializer
CreateEncryptor
ProcessWindowStyle
SimulateTrigger
Grabber
get_Status
get_FramesReceived
accounttype
ProtectedData
<.ctor>b__8_2
<Tag>k__BackingField
<.ctor>b__8_1
#GUID
1$2A2c2
$56a86897-0ad4-11ce-b03a-0020af0ba770
ImageCodecInfo
typeID
<keyboardHookStruct>5__4
arenaOpt
IsWindowVisible
remove_SnapshotFrame
phProv
get_KeyPath
@ # @ 5 @ T @ _ @ e @ k @ s @
System.Net.Sockets
imageSize
rE!
DefaultMemberAttribute
$56A86893-0AD4-11CE-B03A-0020AF0BA770
States
command
$3C374A41-BAE4-11CF-BF7D-00AA006946EE
set_SetLastDirectorySeen
s_stringHelper
lpfn
SnapshotFrame
get_IDs
ToUInt16
X +=
X +>
pMin
DoCloseConnection
ApplicationSettingsBase
CheckBlock
, r)O
Nullable`1
FileCount
set_Image
GetFiles
<Match>k__BackingField
ArgumentOutOfRangeException
lplNoNotifyFlags
GetEncoding
GetFieldInfos
capabilities
Enqueue
dwOutBufLen
o
- ~
- (\
needToSetVideoInput
EventHandler
get_GatewayAddresses
Thread
m_decoder
AdvisePeriodic
X +|
X +a
isConnected
set_PathType
Release
X +h
height
SetDefaultSyncSource
get_Action
get_HostKey
Encoding
get_LogDirectory
set_Password
sampleTime
pinOut
gr`5
hosts
r7#
Name regionName
get_CurrentThread
localaddresses
GetFields
GetPages
SetAttributes
IEnumerable`1
WebResponse
set_IV
EnumFilters
valueKind
set_Port
$55272A00-42CB-11CE-8135-00AA004BB851
set_timePasswordChanged
keyf
BindToStorage
System.Collections.Generic.IEnumerator<xClient.Core.MouseKeyHook.KeyPressEventArgsExt>.Current
z~V
IWebProxy
remove_OnHotKeysUp
propertyName
get_StandardInput
GetIPProperties
timesUsed
RemotePath
>&>T>gD
Country
get_CrossbarPinInfo
AddrOfPinnedObject
<RootDirectory>k__BackingField
get_TenOrHigher
bytesReceived
TryParse
host
DoClientUpdate
parentWindow
System.Text.RegularExpressions
get_IsRoutedTo
set_DesiredFrameSize
ReleaseHandle
socket
extension
oldValueName
:";o;
get_InnerXml
pinCategory
keyDown
Replace
Zero
_pressedKeyChars
ReleaseHdc
z~
ManagementObjectCollection
AddFilter
get_Match
get_IsMouseKeyDown
keepAliveTime
add_SnapshotFrame
lpInitData
get_RootDirectory
<Kind>k__BackingField
1 rG$
set_GeoInfo
CryptCreateHash
TypeSerializer
add_UnhandledException
GetNotifyFlags
K 6?c%
get_MessageboxIcon
rh/
SevenOrHigher
DeleteSubKeyTreeSafe
get_OSSupportsIPv6
set_Value
get_httpRealm
wincx
drN5
get_Folders
GetTypeDataForCall
System.Collections.Generic
LoadLibrary
m_encoder
Serializer
uCode
count
SHA256Managed
Compare
get_VolumeLabel
get_InnerText
get_Encoder
ReadObject
EndsWith
AssemblyFileVersionAttribute
set_RemotePort
set_OldValueName
System.Windows.Forms
Unprotect
FullName
<Message>k__BackingField
fileCount
get_guid
set_Titles
%rY!
Er|4
DesiredFrameRate
startupitems
WriteLine
DoKeyboardEvent
System.Drawing.Bitmap
lEvCode
WaitForCompletion
set_Kind
<StartupItems>k__BackingField
get_IsError
<IsMouseDown>k__BackingField
add_OnHotKeysUp
get_PixelFormat
<FileCount>k__BackingField
get_CheckBlock
other
GetRegistryKeysResponse
LoadXml
Sleep
set_RemotePath
#$@
r7!
clicks
GeneratedCodeAttribute
disposing
nYSrc
- rTM
GetDoubleClickTime
get_NewPath
Route
Remove
blockNumber
get_MainWindowTitle
RunningOnMono
&*V
get_passwordField
addQuotes
LastLocated
firefoxProfilePath
set_Encoding
subscribe
<X>k__BackingField
uVirtKey
<Text>k__BackingField
maxAvailableFrameRate
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-10-26 13:48:16 2017-10-26 13:51:09 173

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-10-26 13:48:16 2017-10-26 13:51:09 173

8 Summary items with data

Files

C:\Windows\sysnative\wbem\WmiPrvSE.exe
\??\PIPE\samr
C:\DosDevices\pipe\
C:\Windows\sysnative\wbem\repository
C:\Windows\sysnative\wbem\Logs
C:\Windows\sysnative\wbem\AutoRecover
C:\Windows\sysnative\wbem\MOF
C:\Windows\sysnative\wbem\repository\INDEX.BTR
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\WBEM9xUpgd.dat
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\Windows\Globalization\Sorting\sortdefault.nls
\Device\KsecDD
C:\Windows\sysnative\Branding\basebrd\basebrd.dll
C:\Windows\Branding\Basebrd\basebrd.dll
C:
C:\Windows\sysnative\tzres.dll
\??\PIPE\wkssvc
\??\PIPE\srvsvc

Read Files

C:\Windows\sysnative\wbem\WmiPrvSE.exe
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\Windows\Globalization\Sorting\sortdefault.nls
\Device\KsecDD
C:\Windows\Branding\Basebrd\basebrd.dll
C:
C:\Windows\sysnative\tzres.dll
\??\PIPE\wkssvc
\??\PIPE\srvsvc

Write Files

\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\PIPE\wkssvc
\??\PIPE\srvsvc

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LoadUserSettings
HKEY_USERS\S-1-5-20_Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_CURRENT_USER\Software\Classes
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo\FilePrint

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{36001453-74F5-4D51-9CF9-0244EDAE1F69}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{3CC79130-D6F8-4A2D-8A6D-5068F4BD3351}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{583F5682-8FB6-42A6-BC1F-573D74933B97}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{A076851C-5907-4EF6-ABE4-9F21C451CA12}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation

Write Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider

Delete Keys

Nothing to display

Mutexes

Resolved APIs

ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
vssapi.dll.CreateWriter
oleaut32.dll.#6
oleaut32.dll.#2
advapi32.dll.LookupAccountNameW
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
samcli.dll.NetLocalGroupGetMembers
samlib.dll.SamConnect
rpcrt4.dll.NdrClientCall3
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
samlib.dll.SamOpenDomain
samlib.dll.SamLookupNamesInDomain
samlib.dll.SamOpenAlias
samlib.dll.SamFreeMemory
samlib.dll.SamCloseHandle
samlib.dll.SamGetMembersInAlias
netutils.dll.NetApiBufferFree
ole32.dll.CoCreateGuid
ole32.dll.StringFromCLSID
oleaut32.dll.#4
oleaut32.dll.#7
propsys.dll.VariantToPropVariant
wbemcore.dll.Reinitialize
wbemsvc.dll.DllGetClassObject
wbemsvc.dll.DllCanUnloadNow
authz.dll.AuthzInitializeContextFromToken
authz.dll.AuthzInitializeObjectAccessAuditEvent2
authz.dll.AuthzAccessCheck
authz.dll.AuthzFreeAuditEvent
authz.dll.AuthzFreeContext
authz.dll.AuthzInitializeResourceManager
authz.dll.AuthzFreeResourceManager
rpcrt4.dll.RpcBindingCreateW
rpcrt4.dll.RpcBindingBind
rpcrt4.dll.I_RpcMapWin32Status
advapi32.dll.EventRegister
advapi32.dll.EventUnregister
advapi32.dll.EventWrite
kernel32.dll.RegCloseKey
kernel32.dll.RegSetValueExW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryValueExW
wmisvc.dll.IsImproperShutdownDetected
wevtapi.dll.EvtRender
wevtapi.dll.EvtNext
wevtapi.dll.EvtClose
wevtapi.dll.EvtQuery
wevtapi.dll.EvtCreateRenderContext
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.RpcBindingSetOption
ole32.dll.CoCreateFreeThreadedMarshaler
ole32.dll.CreateStreamOnHGlobal
advapi32.dll.RegCreateKeyExW
advapi32.dll.RegSetValueExW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
cryptsp.dll.CryptReleaseContext
kernelbase.dll.InitializeAcl
kernelbase.dll.AddAce
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.IsThreadAFiber
kernel32.dll.OpenProcessToken
kernelbase.dll.GetTokenInformation
kernelbase.dll.DuplicateTokenEx
kernelbase.dll.AdjustTokenPrivileges
sechost.dll.LookupAccountSidLocalW
kernelbase.dll.AllocateAndInitializeSid
kernelbase.dll.CheckTokenMembership
kernel32.dll.SetThreadToken
oleaut32.dll.#285
advapi32.dll.RegOpenKeyW
oleaut32.dll.#12
oleaut32.dll.#286
ole32.dll.CLSIDFromString
oleaut32.dll.#17
oleaut32.dll.#20
oleaut32.dll.#19
oleaut32.dll.#25
ole32.dll.CoRevertToSelf
advapi32.dll.LogonUserExExW
sspicli.dll.LogonUserExExW
authz.dll.AuthzInitializeContextFromSid
ole32.dll.CoGetCallContext
ole32.dll.CoImpersonateClient
advapi32.dll.OpenThreadToken
oleaut32.dll.#8
oleaut32.dll.#9
ole32.dll.CoSwitchCallContext
ole32.dll.CoInitializeEx
oleaut32.dll.#287
oleaut32.dll.#288
oleaut32.dll.#289
oleaut32.dll.#283
oleaut32.dll.#284
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
cryptbase.dll.SystemFunction036
ntmarta.dll.GetMartaExtensionInterface
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetLocaleInfoEx
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetSystemDefaultLocaleName
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
oleaut32.dll.#290
winbrand.dll.BrandingLoadString
security.dll.InitSecurityInterfaceW
cryptsp.dll.SystemFunction035
schannel.dll.SpUserModeInitialize
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
user32.dll.GetSystemMetrics
ntdll.dll.RtlInitUnicodeString
ntdll.dll.RtlFreeUnicodeString
ntdll.dll.NtSetSystemEnvironmentValue
ntdll.dll.NtQuerySystemEnvironmentValue
ntdll.dll.NtCreateFile
ntdll.dll.NtQuerySystemInformation
ntdll.dll.NtQueryDirectoryObject
ntdll.dll.NtQueryObject
ntdll.dll.NtOpenDirectoryObject
ntdll.dll.NtQueryInformationProcess
ntdll.dll.NtQueryInformationToken
ntdll.dll.NtOpenFile
ntdll.dll.NtClose
ntdll.dll.NtFsControlFile
ntdll.dll.NtQueryVolumeInformationFile
netapi32.dll.NetGroupEnum
netapi32.dll.NetGroupGetInfo
netapi32.dll.NetGroupSetInfo
netapi32.dll.NetLocalGroupGetInfo
netapi32.dll.NetLocalGroupSetInfo
netapi32.dll.NetGroupGetUsers
netapi32.dll.NetLocalGroupGetMembers
netapi32.dll.NetLocalGroupEnum
netapi32.dll.NetShareEnum
netapi32.dll.NetShareGetInfo
netapi32.dll.NetShareAdd
netapi32.dll.NetShareEnumSticky
netapi32.dll.NetShareSetInfo
netapi32.dll.NetShareDel
netapi32.dll.NetShareDelSticky
netapi32.dll.NetShareCheck
netapi32.dll.NetUserEnum
netapi32.dll.NetUserGetInfo
netapi32.dll.NetUserSetInfo
netapi32.dll.NetApiBufferFree
netapi32.dll.NetQueryDisplayInformation
netapi32.dll.NetServerSetInfo
netapi32.dll.NetServerGetInfo
netapi32.dll.NetGetDCName
netapi32.dll.NetWkstaGetInfo
netapi32.dll.NetGetAnyDCName
netapi32.dll.NetServerEnum
netapi32.dll.NetUserModalsGet
netapi32.dll.NetScheduleJobAdd
netapi32.dll.NetScheduleJobDel
netapi32.dll.NetScheduleJobEnum
netapi32.dll.NetScheduleJobGetInfo
netapi32.dll.NetUseGetInfo
netapi32.dll.NetEnumerateTrustedDomains
netapi32.dll.DsGetDcNameW
netapi32.dll.DsRoleGetPrimaryDomainInformation
netapi32.dll.DsRoleFreeMemory
netapi32.dll.NetRenameMachineInDomain
netapi32.dll.NetJoinDomain
netapi32.dll.NetUnjoinDomain
wkscli.dll.NetWkstaGetInfo
cscapi.dll.CscNetApiGetInterface
kernel32.dll.GetDiskFreeSpaceExW
kernel32.dll.GetVolumePathNameW
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Thread32First
kernel32.dll.Thread32Next
kernel32.dll.Process32First
kernel32.dll.Process32Next
kernel32.dll.Module32First
kernel32.dll.Module32Next
kernel32.dll.Heap32ListFirst
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetSystemDefaultUILanguage
oleaut32.dll.#15
oleaut32.dll.#26

Execute Commands

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2017-10-26 13:48:16 2017-10-26 13:51:09 173

3 HTTP Request(s) detected

http://ip-api.com/json/
  • Hostname: ip-api.com
  • IP Address: 185.194.141.58
  • Port: 80
  • Count: 1

GET /json/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: ip-api.com
Connection: Keep-Alive

http://freegeoip.net/xml/
  • Hostname: freegeoip.net
  • IP Address: 104.31.11.172
  • Port: 80
  • Count: 1

GET /xml/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: freegeoip.net
Connection: Keep-Alive

http://api.ipify.org/
  • Hostname: api.ipify.org
  • IP Address: 174.129.241.106
  • Port: 80
  • Count: 1

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
Host: api.ipify.org
Connection: Keep-Alive

#infosec #automation

TheSystem Itself @ 2017-10-26 13:54:09

Detected family: #Passwordstealera

TheSystem Itself @ 2017-10-26 14:00:06