MalScore
100/100
Poster.exe
File details Download PDF Report | |
---|---|
File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
File size: | 62.00 KB (63488 bytes) |
Compile time: | 2060-07-08 19:29:15 |
MD5: | 4072fe5f4dc40364bb47e2026113f07f |
SHA1: | 7235a9a5fc4064f3295639afb5b2f3db732aa0d3 |
SHA256: | a60aed639c2caf18d42ee7ac6ed14deab8dfb9994f89cfad98acb34157762a73 |
Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Sections 3 | .text .rsrc .reloc |
Directories 4 | import resource debug relocation |
First submission: | 2020-05-16 01:24:04 |
Last submission: | 2020-05-16 01:24:04 |
Filename detected: |
- Poster.exe (1) |
URL file hosting |
---|
hXXps://zd4b.lonlyfafner.ru/Poster.exe![]() |
Antivirus Report | |||
---|---|---|---|
Report Date | Detection Ratio | Permalink | Update |
2020-04-29 21:15:03 | [52/71] | ![]() |
PE Sections 1 suspicious | |||||
---|---|---|---|---|---|
Name | VAddress | VSize | Size | MD5 | SHA1 |
.text | 0x2000 | 0xed50 | 60928 | f47f0b9e3e2a12bc6a6b78242621aa90 | f26731ad28df9a08eb30d4feb81f788371fb0db8 |
.rsrc | 0x12000 | 0x4d4 | 1536 | 3dc4d7e96ff90648d0ee592ac8c54db0 | 2066b5b3c76644a1add9bcf322ea1e6fb630644f |
.reloc | 0x14000 | 0xc | 512 | ad9e10ffabdc78aee9f36b652befc6ff | 659df5c7797c1b34fdc6b4c19ab58e2ed8aff946 |
Meta Info | |
---|---|
No Meta found in this file |
XOR | |
---|---|
No XOR informations found in this file. |
Signature | |
---|---|
This file isn't digitally signed |
Packer(s) | |
---|---|
Microsoft Visual C# / Basic .NET | |
Microsoft Visual Studio .NET | |
.NET executable | |
Microsoft Visual C# v7.0 / Basic .NET |
File found | |
---|---|
FIle type: XML | |
System.Xml | |
FIle type: Library | |
KERNEL32.dll | |
ntdll.dll | |
mscoree.dll | |
vaultcli.dll | |
USER32.dll | |
SHELL32.dll |
IP Found | |
---|---|
188.119.112.229 |
URL(s) | |
---|---|
http://checkip.dyndns.org | |
https://wtfismyip.com/text | |
https://api.ipify.org | |
http:// | |
file:/// | |
http://checkip.amazonaws.com/ | |
https://ipinfo.io/ip | |
http://bot.whatismyipaddress.com/ | |
https://icanhazip.com | |
http://www.geoplugin.net/json.gp?ip= |
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02b_64 | Seven02b_64 | VirtualBox | 2020-05-16 01:16:31 | 2020-05-16 01:19:32 | 181 |
14 Behaviors detected by system signatures
Uses suspicious command line tools or Windows utilities
Severity: High
Confidence: High
- command: "cmd.exe" /C taskkill /F /PID 2728 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Seven01\AppData\Local\Temp\Poster.exe"
- command: "cmd.exe" /C taskkill /F /PID 2728 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Seven01\AppData\Local\Temp\Poster.exe"
- command: taskkill /F /PID 2728
- command: taskkill /F /PID 3068
Creates a copy of itself
Severity: High
Confidence: Very High
- copy: C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- file: C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InternetSecurity.url
- file: C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InternetSecurity.url
Attempts to repeatedly call a single API many times in order to delay analysis time
Severity: High
Confidence: Very High
- Spam: Interpeter.exe (3068) called API GetSystemTimeAsFileTime 822649 times
Uses Windows utilities for basic functionality
Severity: Medium
Confidence: High
- command: "cmd.exe" /C taskkill /F /PID 2728 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Seven01\AppData\Local\Temp\Poster.exe"
Anomalous .NET characteristics
Severity: Medium
Confidence: Very High
- anomalous_version: Assembly version is set to 0
Drops a binary and executes it
Severity: Medium
Confidence: Medium
- binary: C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.exe
A process created a hidden window
Severity: Medium
Confidence: Very High
- Process: Poster.exe -> "cmd.exe" /C taskkill /F /PID 2728 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Seven01\AppData\Local\Temp\Poster.exe"
Dynamic (imported) function loading detected
Severity: Medium
Confidence: Very High
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ADVAPI32.dll/RegEnumValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: mscoreei.dll/RegisterShimImplCallback
- DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
- DynamicLoader: mscoreei.dll/SetShellShimInstance
- DynamicLoader: mscoreei.dll/OnShimDllMainCalled
- DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorExeMain
- DynamicLoader: SHLWAPI.dll/UrlIsW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: clr.dll/SetRuntimeInfo
- DynamicLoader: clr.dll/_CorExeMain
- DynamicLoader: MSCOREE.DLL/CreateConfigStream
- DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream
- DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
- DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
- DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
- DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
- DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
- DynamicLoader: KERNEL32.dll/RaiseException
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: mscoreei.dll/
- DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
- DynamicLoader: ntdll.dll/NtSetSystemInformation
- DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
- DynamicLoader: KERNEL32.dll/AddDllDirectory
- DynamicLoader: KERNEL32.dll/SortGetHandle
- DynamicLoader: KERNEL32.dll/SortCloseHandle
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: ole32.dll/CoGetContextToken
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: clrjit.dll/sxsJitStartup
- DynamicLoader: clrjit.dll/getJit
- DynamicLoader: KERNEL32.dll/CreateEvent
- DynamicLoader: KERNEL32.dll/CreateEventW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/LocaleNameToLCID
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/LCIDToLocaleName
- DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
- DynamicLoader: nlssorting.dll/SortGetHandle
- DynamicLoader: nlssorting.dll/SortCloseHandle
- DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/CompareStringOrdinal
- DynamicLoader: KERNEL32.dll/GetFullPathName
- DynamicLoader: KERNEL32.dll/GetFullPathNameW
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: KERNEL32.dll/GetCurrentProcessW
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: KERNEL32.dll/SetThreadErrorMode
- DynamicLoader: KERNEL32.dll/CreateFile
- DynamicLoader: KERNEL32.dll/CreateFileW
- DynamicLoader: KERNEL32.dll/GetFileType
- DynamicLoader: KERNEL32.dll/GetFileSize
- DynamicLoader: KERNEL32.dll/ReadFile
- DynamicLoader: KERNEL32.dll/ExpandEnvironmentStrings
- DynamicLoader: KERNEL32.dll/ExpandEnvironmentStringsW
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: KERNEL32.dll/CreateDirectory
- DynamicLoader: KERNEL32.dll/CreateDirectoryW
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: ntdll.dll/NtQuerySystemInformation
- DynamicLoader: ntdll.dll/NtQuerySystemInformationW
- DynamicLoader: KERNEL32.dll/CopyFile
- DynamicLoader: KERNEL32.dll/CopyFileW
- DynamicLoader: KERNEL32.dll/LocalAlloc
- DynamicLoader: uxtheme.dll/ThemeInitApiHook
- DynamicLoader: USER32.dll/IsProcessDPIAware
- DynamicLoader: shell32.dll/ShellExecuteEx
- DynamicLoader: shell32.dll/ShellExecuteExW
- DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
- DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
- DynamicLoader: comctl32.dll/
- DynamicLoader: comctl32.dll/
- DynamicLoader: ole32.dll/CoUninitialize
- DynamicLoader: ole32.dll/CoRevokeInitializeSpy
- DynamicLoader: comctl32.dll/
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: KERNEL32.dll/LocalFree
- DynamicLoader: KERNEL32.dll/GetCurrentProcessId
- DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
- DynamicLoader: KERNEL32.dll/GetStdHandle
- DynamicLoader: KERNEL32.dll/LocalFree
- DynamicLoader: KERNEL32.dll/CreatePipe
- DynamicLoader: KERNEL32.dll/CreatePipeW
- DynamicLoader: KERNEL32.dll/DuplicateHandle
- DynamicLoader: KERNEL32.dll/GetCurrentDirectory
- DynamicLoader: KERNEL32.dll/GetCurrentDirectoryW
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: KERNEL32.dll/CreateProcess
- DynamicLoader: KERNEL32.dll/CreateProcessW
- DynamicLoader: KERNEL32.dll/GetConsoleOutputCP
- DynamicLoader: KERNEL32.dll/GetACP
- DynamicLoader: KERNEL32.dll/UnmapViewOfFile
- DynamicLoader: KERNEL32.dll/DuplicateHandle
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ADVAPI32.dll/RegEnumValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: mscoreei.dll/RegisterShimImplCallback
- DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
- DynamicLoader: mscoreei.dll/SetShellShimInstance
- DynamicLoader: mscoreei.dll/OnShimDllMainCalled
- DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorExeMain
- DynamicLoader: SHLWAPI.dll/UrlIsW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: clr.dll/SetRuntimeInfo
- DynamicLoader: clr.dll/_CorExeMain
- DynamicLoader: MSCOREE.DLL/CreateConfigStream
- DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream
- DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
- DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
- DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
- DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
- DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
- DynamicLoader: KERNEL32.dll/RaiseException
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: mscoreei.dll/
- DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
- DynamicLoader: ntdll.dll/NtSetSystemInformation
- DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
- DynamicLoader: KERNEL32.dll/AddDllDirectory
- DynamicLoader: KERNEL32.dll/SortGetHandle
- DynamicLoader: KERNEL32.dll/SortCloseHandle
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: ole32.dll/CoGetContextToken
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: clrjit.dll/sxsJitStartup
- DynamicLoader: clrjit.dll/getJit
- DynamicLoader: KERNEL32.dll/CreateEvent
- DynamicLoader: KERNEL32.dll/CreateEventW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/LocaleNameToLCID
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/LCIDToLocaleName
- DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
- DynamicLoader: nlssorting.dll/SortGetHandle
- DynamicLoader: nlssorting.dll/SortCloseHandle
- DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/CompareStringOrdinal
- DynamicLoader: KERNEL32.dll/GetFullPathName
- DynamicLoader: KERNEL32.dll/GetFullPathNameW
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: KERNEL32.dll/GetCurrentProcessW
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: KERNEL32.dll/SetThreadErrorMode
- DynamicLoader: KERNEL32.dll/CreateFile
- DynamicLoader: KERNEL32.dll/CreateFileW
- DynamicLoader: KERNEL32.dll/GetFileType
- DynamicLoader: KERNEL32.dll/GetFileSize
- DynamicLoader: KERNEL32.dll/ReadFile
- DynamicLoader: KERNEL32.dll/ExpandEnvironmentStrings
- DynamicLoader: KERNEL32.dll/ExpandEnvironmentStringsW
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: KERNEL32.dll/WriteFile
- DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
- DynamicLoader: CRYPTSP.dll/CryptCreateHash
- DynamicLoader: CRYPTSP.dll/CryptGetHashParam
- DynamicLoader: CRYPTSP.dll/CryptHashData
- DynamicLoader: CRYPTSP.dll/CryptDestroyHash
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
- DynamicLoader: CRYPTSP.dll/CryptImportKey
- DynamicLoader: CRYPTSP.dll/CryptExportKey
- DynamicLoader: CRYPTSP.dll/CryptDestroyKey
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetACP
- DynamicLoader: KERNEL32.dll/UnmapViewOfFile
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: mscoreei.dll/_CorDllMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorDllMain
- DynamicLoader: MSCOREE.DLL/GetTokenForVTableEntry
- DynamicLoader: MSCOREE.DLL/SetTargetForVTableEntry
- DynamicLoader: MSCOREE.DLL/GetTargetForVTableEntry
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: ole32.dll/CoCreateGuid
- DynamicLoader: KERNEL32.dll/QueryPerformanceFrequency
- DynamicLoader: KERNEL32.dll/QueryPerformanceCounter
- DynamicLoader: rasapi32.dll/RasEnumConnections
- DynamicLoader: rasapi32.dll/RasEnumConnectionsW
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: rtutils.dll/TraceRegisterExA
- DynamicLoader: rtutils.dll/TracePrintfExA
- DynamicLoader: sechost.dll/OpenSCManagerW
- DynamicLoader: sechost.dll/OpenServiceW
- DynamicLoader: sechost.dll/QueryServiceStatus
- DynamicLoader: sechost.dll/CloseServiceHandle
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: WS2_32.dll/WSAStartup
- DynamicLoader: WS2_32.dll/WSASocket
- DynamicLoader: WS2_32.dll/WSASocketW
- DynamicLoader: WS2_32.dll/setsockopt
- DynamicLoader: WS2_32.dll/WSAEventSelect
- DynamicLoader: WS2_32.dll/ioctlsocket
- DynamicLoader: WS2_32.dll/closesocket
- DynamicLoader: WS2_32.dll/ioctlsocket
- DynamicLoader: WS2_32.dll/WSAIoctl
- DynamicLoader: KERNEL32.dll/FormatMessage
- DynamicLoader: KERNEL32.dll/FormatMessageW
- DynamicLoader: WS2_32.dll/WSAEventSelect
- DynamicLoader: rasapi32.dll/RasConnectionNotification
- DynamicLoader: rasapi32.dll/RasConnectionNotificationW
- DynamicLoader: ADVAPI32.dll/RegOpenCurrentUser
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegNotifyChangeKeyValue
- DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
- DynamicLoader: winhttp.dll/WinHttpOpen
- DynamicLoader: winhttp.dll/WinHttpOpenW
- DynamicLoader: winhttp.dll/WinHttpCloseHandle
- DynamicLoader: winhttp.dll/WinHttpCloseHandleW
- DynamicLoader: winhttp.dll/WinHttpSetTimeouts
- DynamicLoader: winhttp.dll/WinHttpSetTimeoutsW
- DynamicLoader: KERNEL32.dll/LocalFree
- DynamicLoader: winhttp.dll/WinHttpGetIEProxyConfigForCurrentUser
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: clr.dll/CreateAssemblyNameObject
- DynamicLoader: clr.dll/CreateAssemblyNameObjectW
- DynamicLoader: ole32.dll/CoGetObjectContext
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
- DynamicLoader: CRYPTSP.dll/CryptGenRandom
- DynamicLoader: ole32.dll/NdrOleInitializeExtension
- DynamicLoader: ole32.dll/CoGetClassObject
- DynamicLoader: ole32.dll/CoGetMarshalSizeMax
- DynamicLoader: ole32.dll/CoMarshalInterface
- DynamicLoader: ole32.dll/CoUnmarshalInterface
- DynamicLoader: ole32.dll/StringFromIID
- DynamicLoader: ole32.dll/CoGetPSClsid
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: ole32.dll/CoCreateInstance
- DynamicLoader: ole32.dll/CoReleaseMarshalData
- DynamicLoader: ole32.dll/DcomChannelSetHResult
- DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
- DynamicLoader: clr.dll/CreateAssemblyEnum
- DynamicLoader: clr.dll/CreateAssemblyEnumW
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/ResolveLocaleName
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetTimeZoneInformation
- DynamicLoader: KERNEL32.dll/GetDynamicTimeZoneInformation
- DynamicLoader: shell32.dll/SHGetFolderPath
- DynamicLoader: shell32.dll/SHGetFolderPathW
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: KERNEL32.dll/GetFileMUIPath
- DynamicLoader: KERNEL32.dll/LoadLibraryEx
- DynamicLoader: KERNEL32.dll/LoadLibraryExW
- DynamicLoader: KERNEL32.dll/FreeLibrary
- DynamicLoader: KERNEL32.dll/FreeLibraryW
- DynamicLoader: USER32.dll/LoadStringW
- DynamicLoader: KERNEL32.dll/SetEvent
- DynamicLoader: KERNEL32.dll/ResetEvent
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/CreateWaitableTimer
- DynamicLoader: KERNEL32.dll/CreateWaitableTimerW
- DynamicLoader: KERNEL32.dll/SetWaitableTimer
- DynamicLoader: KERNEL32.dll/GetSystemTimeAsFileTime
- DynamicLoader: ntdll.dll/NtQueryInformationThread
- DynamicLoader: ntdll.dll/NtQuerySystemInformation
- DynamicLoader: KERNEL32.dll/CreateWaitableTimerExW
- DynamicLoader: KERNEL32.dll/SetWaitableTimerEx
- DynamicLoader: ole32.dll/CoUninitialize
- DynamicLoader: KERNEL32.dll/LocalFree
- DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
- DynamicLoader: KERNEL32.dll/LocalAlloc
- DynamicLoader: WS2_32.dll/WSAConnect
- DynamicLoader: WS2_32.dll/WSAEnumNetworkEvents
- DynamicLoader: WS2_32.dll/WSAEventSelect
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: diasymreader.dll/DllGetClassObject
- DynamicLoader: diasymreader.dll/DllGetClassObject
- DynamicLoader: diasymreader.dll/DllGetClassObject
- DynamicLoader: KERNEL32.dll/GetCurrentProcessId
- DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/GetStdHandle
- DynamicLoader: KERNEL32.dll/LocalFree
- DynamicLoader: KERNEL32.dll/CreatePipe
- DynamicLoader: KERNEL32.dll/CreatePipeW
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: KERNEL32.dll/DuplicateHandle
- DynamicLoader: KERNEL32.dll/GetCurrentDirectory
- DynamicLoader: KERNEL32.dll/GetCurrentDirectoryW
- DynamicLoader: KERNEL32.dll/CreateProcess
- DynamicLoader: KERNEL32.dll/CreateProcessW
- DynamicLoader: kernel32.dll/SetThreadUILanguage
- DynamicLoader: kernel32.dll/CopyFileExW
- DynamicLoader: kernel32.dll/IsDebuggerPresent
- DynamicLoader: kernel32.dll/SetConsoleInputExeNameW
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: Winsta.dll/WinStationFreeMemory
- DynamicLoader: Winsta.dll/WinStationCloseServer
- DynamicLoader: Winsta.dll/WinStationOpenServerW
- DynamicLoader: Winsta.dll/WinStationFreeGAPMemory
- DynamicLoader: Winsta.dll/WinStationGetAllProcesses
- DynamicLoader: Winsta.dll/WinStationEnumerateProcesses
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
- DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
- DynamicLoader: kernel32.dll/LocaleNameToLCID
- DynamicLoader: kernel32.dll/GetLocaleInfoEx
- DynamicLoader: kernel32.dll/LCIDToLocaleName
- DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName
- DynamicLoader: kernel32.dll/RegOpenKeyExW
- DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids
- DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: kernel32.dll/SetThreadUILanguage
- DynamicLoader: kernel32.dll/CopyFileExW
- DynamicLoader: kernel32.dll/IsDebuggerPresent
- DynamicLoader: kernel32.dll/SetConsoleInputExeNameW
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: Winsta.dll/WinStationFreeMemory
- DynamicLoader: Winsta.dll/WinStationCloseServer
- DynamicLoader: Winsta.dll/WinStationOpenServerW
- DynamicLoader: Winsta.dll/WinStationFreeGAPMemory
- DynamicLoader: Winsta.dll/WinStationGetAllProcesses
- DynamicLoader: Winsta.dll/WinStationEnumerateProcesses
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
- DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
- DynamicLoader: kernel32.dll/LocaleNameToLCID
- DynamicLoader: kernel32.dll/GetLocaleInfoEx
- DynamicLoader: kernel32.dll/LCIDToLocaleName
- DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName
- DynamicLoader: kernel32.dll/RegOpenKeyExW
- DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids
- DynamicLoader: ntdll.dll/EtwUnregisterTraceGuids
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: wbemcore.dll/Reinitialize
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
Guard pages use detected - possible anti-debugging.
Severity: Medium
Confidence: Very High
Creates RWX memory
Severity: Medium
Confidence: Medium
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Severity: Low
Confidence: Very High
- command: "cmd.exe" /C taskkill /F /PID 2728 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Seven01\AppData\Local\Temp\Poster.exe"
Attempts to connect to a dead IP:Port (1 unique times)
Severity: Low
Confidence: Very High
- IP: 188.119.112.229:6677 (unknown)
SetUnhandledExceptionFilter detected (possible anti-debug)
Severity: Low
Confidence: Very High
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02b_64 | Seven02b_64 | VirtualBox | 2020-05-16 01:16:31 | 2020-05-16 01:19:32 | 181 |
9 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\Poster.exe.config C:\Users\Seven01\AppData\Local\Temp\Poster.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\* C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll \Device\KsecDD C:\Windows\assembly\NativeImages_v4.0.30319_32\Poster\* C:\Users\Seven01\AppData\Local\Temp\Poster.INI C:\Windows\assembly\pubpol28.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll C:\Users\Seven01\Documents\IISExpress\Bypass C:\Users\Seven01\Documents\IISExpress C:\Users\Seven01\Documents C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.exe C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll \??\MountPointManager \Device\NamedPipe\ C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.exe.config C:\Users\Seven01\Documents\IISExpress\Bypass\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.INI C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InternetSecurity.url C:\Windows\Microsoft.Net\assembly\GAC_32\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\* C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.INI C:\Windows\Microsoft.NET\Framework\v4.0.30319\VERSION.dll C:\Windows\Microsoft.Net\assembly\GAC_32\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\* C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.INI C:\Windows\Microsoft.Net\assembly\GAC_32\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\* C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.INI C:\Windows\Microsoft.Net\assembly\GAC_32\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\* C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.INI C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\da1168042051657ac82cf92e5e70d045\System.Transactions.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\da1168042051657ac82cf92e5e70d045\System.Transactions.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll.config C:\Windows\Microsoft.Net\assembly\GAC_32\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\* C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.INI C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll C:\Windows\assembly\GAC_64 C:\Windows\assembly\GAC_64\mscorlib.resources C:\Windows\assembly\GAC_32 C:\Windows\assembly\GAC_32\mscorlib.resources C:\Windows\assembly\GAC_MSIL C:\Windows\assembly\GAC_MSIL\mscorlib.resources C:\Windows\assembly\GAC_MSIL\mscorlib.resources\* C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC C:\Windows\assembly\GAC\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC_64 C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC_32 C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC_MSIL C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Windows\System32\tzres.dll C:\Windows\System32\it-IT\tzres.dll.mui C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll C:\Windows\Microsoft.Net\assembly\GAC_32\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\* C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.INI C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\iphlpapi.dll C:\Windows\assembly\GAC_64\System.resources C:\Windows\assembly\GAC_32\System.resources C:\Windows\assembly\GAC_MSIL\System.resources C:\Windows\assembly\GAC_MSIL\System.resources\* C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll C:\Windows\assembly\GAC\System.resources C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources C:\Windows\Microsoft.Net\assembly\GAC_32\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4682dfaba405f2d15ce03781815472e1\System.Xaml.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4682dfaba405f2d15ce03781815472e1\System.Xaml.ni.dll.aux C:\Windows\assembly\GAC_64\System.ServiceModel.resources C:\Windows\assembly\GAC_32\System.ServiceModel.resources C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\* C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_it_b77a5c561934e089\System.ServiceModel.resources.dll C:\Windows\assembly\GAC\System.ServiceModel.resources C:\Windows\Microsoft.Net\assembly\GAC_64\System.ServiceModel.resources C:\Windows\Microsoft.Net\assembly\GAC_32\System.ServiceModel.resources C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.resources C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb C:\Windows\symbols\dll\System.pdb C:\Windows\dll\System.pdb C:\Windows\System.pdb C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb C:\Windows\symbols\dll\System.ServiceModel.pdb C:\Windows\dll\System.ServiceModel.pdb C:\Windows\System.ServiceModel.pdb C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.pdb C:\Windows\symbols\dll\System.ServiceModel.Internals.pdb C:\Windows\dll\System.ServiceModel.Internals.pdb C:\Windows\System.ServiceModel.Internals.pdb C:\Users\Seven01\AppData\Local\Temp\taskkill.* C:\Users\Seven01\AppData\Local\Temp\taskkill C:\ProgramData\Oracle\Java\javapath\taskkill.* C:\ProgramData\Oracle\Java\javapath\taskkill C:\Windows\System32\taskkill.* C:\Windows\System32\taskkill.COM C:\Windows\System32\taskkill.exe C:\Users\Seven01\AppData\Local\Temp\choice.* C:\Users\Seven01\AppData\Local\Temp\choice C:\ProgramData\Oracle\Java\javapath\choice.* C:\ProgramData\Oracle\Java\javapath\choice C:\Windows\System32\choice.* C:\Windows\System32\choice.COM C:\Windows\System32\choice.exe C:\Users\Seven01\Documents\IISExpress\Bypass\taskkill.* C:\Users\Seven01\Documents\IISExpress\Bypass\taskkill C:\Users\Seven01\Documents\IISExpress\Bypass\choice.* C:\Users\Seven01\Documents\IISExpress\Bypass\choice
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\Poster.exe.config C:\Users\Seven01\AppData\Local\Temp\Poster.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll \Device\KsecDD C:\Windows\assembly\pubpol28.dat C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ade5aa3c89481539adcaf7d9526dc8ac\System.Configuration.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\62dec581cd40afd680502a581d529b7e\System.Xml.ni.dll \Device\NamedPipe\ C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.exe.config C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.exe C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\da1168042051657ac82cf92e5e70d045\System.Transactions.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\da1168042051657ac82cf92e5e70d045\System.Transactions.ni.dll C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll.config C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Windows\System32\tzres.dll C:\Windows\System32\it-IT\tzres.dll.mui C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Net.Http\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.Http.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4682dfaba405f2d15ce03781815472e1\System.Xaml.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4682dfaba405f2d15ce03781815472e1\System.Xaml.ni.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb C:\Windows\symbols\dll\System.pdb C:\Windows\dll\System.pdb C:\Windows\System.pdb C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb C:\Windows\symbols\dll\System.ServiceModel.pdb C:\Windows\dll\System.ServiceModel.pdb C:\Windows\System.ServiceModel.pdb C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.pdb C:\Windows\symbols\dll\System.ServiceModel.Internals.pdb C:\Windows\dll\System.ServiceModel.Internals.pdb C:\Windows\System.ServiceModel.Internals.pdb
Write Files
C:\Users\Seven01\Documents\IISExpress\Bypass\Interpeter.exe C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InternetSecurity.url
Delete Files
Nothing to display
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_CURRENT_USER\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Poster.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_CURRENT_USER\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Interpeter.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.ServiceModel__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.ServiceModel__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.SMDiagnostics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.SMDiagnostics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.ServiceModel.Internals__31bf3856ad364e35 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.ServiceModel.Internals__31bf3856ad364e35 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Transactions__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Transactions__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.IdentityModel__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.IdentityModel__b77a5c561934e089 HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Interpeter_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_CURRENT_USER HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409 HKEY_CURRENT_USER\Software\Classes HKEY_CURRENT_USER\Software\Classes\AppID\Interpeter.exe HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\CA27B310 HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Net.Http__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Net.Http__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xaml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xaml__b77a5c561934e089 HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default) HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Classes\AppID\taskkill.exe HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\ServiceParameters HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\LaunchPermission HKEY_LOCAL_MACHINE\Software\Microsoft\OLE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\LoadUserSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\#\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CDROMVBOX_CD-ROM_____________________________1.0_____\5&106AF171&0&1.0.0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267A616A&0&09 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267a616a&0&09\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0A03\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0A03\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI_HAL\PNP0C08\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI_HAL\PNP0C08\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\ACPI_HAL\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ACPI_HAL\0000\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\Device Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\LastUpdateTime HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\HardwareID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\IDE#VBOX_CD-ROM_____________________________1.0_____ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\IDE#CdRomVBOX_CD-ROM_____________________________ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\VBOX_CD-ROM_____________________________1.0_____ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\GenCdRom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\CompatibleIDs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\CustomPropertyHwIdKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\Device Parameters\Icons HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Device Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Device Parameters\NoSoftEject HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\HardwareID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\Intel-PIIX4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\Internal_IDE_Channel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\CompatibleIDs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\*PNP0600 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\CustomPropertyHwIdKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Device Parameters\DeviceGroups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\#\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Device Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Device Parameters\NoSoftEject HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\HardwareID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\IDE#DiskVBOX_HARDDISK___________________________1.0_____ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\IDE#VBOX_HARDDISK___________________________1.0_____ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\IDE#DiskVBOX_HARDDISK___________________________ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\VBOX_HARDDISK___________________________1.0_____ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\GenDisk HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\CompatibleIDs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\CustomPropertyHwIdKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Device Parameters\DeviceGroups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\ActivePowerScheme HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\User\PowerSchemes HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ActivePowerScheme HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\381b4222-f694-41f0-9685-ff5bb260df2e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\94ac6d29-73ce-41a6-809f-6363ba21b47e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\238c9fa8-0aad-41ed-83f4-97be242c8f20 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238c9fa8-0aad-41ed-83f4-97be242c8f20 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94ac6d29-73ce-41a6-809f-6363ba21b47e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\DefaultPowerSchemeValues HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e\ACSettingIndex HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\ValueMin HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\1\SettingValue HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\a7066653-8d6c-40a8-910e-a1f54b84c7e5 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\4f971e89-eebd-4455-a8de-9e59040e7347 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\a7066653-8d6c-40a8-910e-a1f54b84c7e5 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\DefaultPowerSchemeValues HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e\ACSettingIndex HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\ValueMin HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\0\SettingValue HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\ServiceParameters HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\LaunchPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\LoadUserSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2 HKEY_LOCAL_MACHINE\system\Setup HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32 HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\Hash HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{12554FD6-1A29-419B-96EE-2EC9A013F14A}
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\CA27B310 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\Logging HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\ServiceParameters HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\LaunchPermission HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B1B9CBB2-B198-47E2-8260-9FD629A2B2EC}\LoadUserSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267a616a&0&09\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0A03\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI_HAL\PNP0C08\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ACPI_HAL\0000\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\LastUpdateTime HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\CompatibleIDs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\Device Parameters\Icons HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Device Parameters\NoSoftEject HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\CompatibleIDs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Device Parameters\DeviceGroups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Device Parameters\NoSoftEject HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\CompatibleIDs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Device Parameters\DeviceGroups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\ActivePowerScheme HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ActivePowerScheme HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\381b4222-f694-41f0-9685-ff5bb260df2e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\94ac6d29-73ce-41a6-809f-6363ba21b47e HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e\ACSettingIndex HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\ValueMin HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\94AC6D29-73CE-41A6-809F-6363BA21B47E\1\SettingValue HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\SecurityDescriptors\a7066653-8d6c-40a8-910e-a1f54b84c7e5 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\DefaultPowerSchemeValues\381b4222-f694-41f0-9685-ff5bb260df2e\ACSettingIndex HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\ValueMin HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerSettings\4f971e89-eebd-4455-a8de-9e59040e7347\A7066653-8D6C-40A8-910E-A1F54B84C7E5\0\SettingValue HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\ServiceParameters HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\LaunchPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{72E3272B-4EEA-4104-B358-1A282E4FC1AD}\LoadUserSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2 HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\Hash HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo
Write Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Interpeter_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Interpeter_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94AA3293-B515-4FA7-A36B-3CFA64BA5BE3}\DynamicInfo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake\{12554FD6-1A29-419B-96EE-2EC9A013F14A}
Delete Keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&106af171&0&1.0.0\CustomPropertyHwIdKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDEChannel\4&2f42c713&0&1\CustomPropertyHwIdKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\CustomPropertyHwIdKey
Mutexes
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW clr.dll.SetRuntimeInfo clr.dll._CorExeMain mscoree.dll.CreateConfigStream mscoreei.dll.CreateConfigStream kernel32.dll.GetNumaHighestNodeNumber kernel32.dll.GetSystemWindowsDirectoryW advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddSIDToBoundaryDescriptor kernel32.dll.CreateBoundaryDescriptorW kernel32.dll.CreatePrivateNamespaceW kernel32.dll.OpenPrivateNamespaceW kernel32.dll.DeleteBoundaryDescriptor kernel32.dll.WerRegisterRuntimeExceptionModule kernel32.dll.RaiseException mscoree.dll.#24 mscoreei.dll.#24 ntdll.dll.NtSetSystemInformation kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.GetNativeSystemInfo ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 ole32.dll.CoGetContextToken clrjit.dll.sxsJitStartup clrjit.dll.getJit kernel32.dll.CreateEventW kernel32.dll.CloseHandle kernel32.dll.LocaleNameToLCID kernel32.dll.LCIDToLocaleName kernel32.dll.GetUserPreferredUILanguages nlssorting.dll.SortGetHandle nlssorting.dll.SortCloseHandle kernel32.dll.CompareStringOrdinal kernel32.dll.GetFullPathNameW kernel32.dll.GetCurrentProcess kernel32.dll.GetFileAttributesExW kernel32.dll.SetThreadErrorMode kernel32.dll.CreateFileW kernel32.dll.GetFileType kernel32.dll.GetFileSize kernel32.dll.ReadFile kernel32.dll.ExpandEnvironmentStringsW kernel32.dll.CreateDirectoryW advapi32.dll.LookupPrivilegeValueW advapi32.dll.AdjustTokenPrivileges ntdll.dll.NtQuerySystemInformation kernel32.dll.CopyFileW kernel32.dll.LocalAlloc uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware shell32.dll.ShellExecuteEx shell32.dll.ShellExecuteExW setupapi.dll.CM_Get_Device_Interface_List_Size_ExW setupapi.dll.CM_Get_Device_Interface_List_ExW comctl32.dll.#332 comctl32.dll.#386 ole32.dll.CoUninitialize ole32.dll.CoRevokeInitializeSpy comctl32.dll.#388 oleaut32.dll.#500 kernel32.dll.LocalFree kernel32.dll.GetCurrentProcessId kernel32.dll.GetStdHandle kernel32.dll.CreatePipe kernel32.dll.DuplicateHandle kernel32.dll.GetCurrentDirectoryW ole32.dll.CoTaskMemAlloc ole32.dll.CoTaskMemFree kernel32.dll.CreateProcessW kernel32.dll.GetConsoleOutputCP kernel32.dll.GetACP kernel32.dll.UnmapViewOfFile kernel32.dll.WriteFile mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap cryptsp.dll.CryptAcquireContextA cryptsp.dll.CryptCreateHash cryptsp.dll.CryptGetHashParam cryptsp.dll.CryptHashData cryptsp.dll.CryptDestroyHash cryptsp.dll.CryptReleaseContext cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptImportKey cryptsp.dll.CryptExportKey cryptsp.dll.CryptDestroyKey mscoreei.dll._CorDllMain mscoree.dll.GetTokenForVTableEntry mscoree.dll.SetTargetForVTableEntry mscoree.dll.GetTargetForVTableEntry ole32.dll.CoCreateGuid kernel32.dll.QueryPerformanceFrequency kernel32.dll.QueryPerformanceCounter rasapi32.dll.RasEnumConnectionsW rtutils.dll.TraceRegisterExA rtutils.dll.TracePrintfExA sechost.dll.OpenSCManagerW sechost.dll.OpenServiceW sechost.dll.QueryServiceStatus sechost.dll.CloseServiceHandle ws2_32.dll.WSAStartup ws2_32.dll.WSASocketW ws2_32.dll.setsockopt ws2_32.dll.WSAEventSelect ws2_32.dll.ioctlsocket ws2_32.dll.closesocket ws2_32.dll.WSAIoctl kernel32.dll.FormatMessageW rasapi32.dll.RasConnectionNotificationW advapi32.dll.RegOpenCurrentUser advapi32.dll.RegNotifyChangeKeyValue sechost.dll.NotifyServiceStatusChangeA winhttp.dll.WinHttpOpen winhttp.dll.WinHttpCloseHandle winhttp.dll.WinHttpSetTimeouts winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser kernel32.dll.GetEnvironmentVariableW clr.dll.CreateAssemblyNameObject ole32.dll.CoGetObjectContext sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW sechost.dll.LookupAccountSidLocalW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint clr.dll.CreateAssemblyEnum kernel32.dll.ResolveLocaleName kernel32.dll.GetTimeZoneInformation kernel32.dll.GetDynamicTimeZoneInformation shell32.dll.SHGetFolderPathW kernel32.dll.GetFileMUIPath kernel32.dll.LoadLibraryExW kernel32.dll.FreeLibrary user32.dll.LoadStringW kernel32.dll.SetEvent kernel32.dll.ResetEvent kernel32.dll.CreateWaitableTimerW kernel32.dll.SetWaitableTimer kernel32.dll.GetSystemTimeAsFileTime ntdll.dll.NtQueryInformationThread kernel32.dll.CreateWaitableTimerExW kernel32.dll.SetWaitableTimerEx iphlpapi.dll.GetAdaptersAddresses ws2_32.dll.WSAConnect ws2_32.dll.WSAEnumNetworkEvents diasymreader.dll.DllGetClassObject kernel32.dll.SetThreadUILanguage kernel32.dll.CopyFileExW kernel32.dll.IsDebuggerPresent kernel32.dll.SetConsoleInputExeNameW winsta.dll.WinStationFreeMemory winsta.dll.WinStationCloseServer winsta.dll.WinStationOpenServerW winsta.dll.WinStationFreeGAPMemory winsta.dll.WinStationGetAllProcesses winsta.dll.WinStationEnumerateProcesses kernel32.dll.GetThreadPreferredUILanguages kernel32.dll.SetThreadPreferredUILanguages kernel32.dll.GetSystemDefaultLocaleName kernel32.dll.RegOpenKeyExW ntdll.dll.EtwUnregisterTraceGuids wbemcore.dll.Reinitialize
Execute Commands
Interpeter.exe "cmd.exe" /C taskkill /F /PID 2728 && choice /C Y /N /D Y /T 3 & Del "C:\Users\Seven01\AppData\Local\Temp\Poster.exe" taskkill /F /PID 2728 choice /C Y /N /D Y /T 3 taskkill /F /PID 3068
Started Services
Nothing to display
Created Services
Nothing to display
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02b_64 | Seven02b_64 | VirtualBox | 2020-05-16 01:16:31 | 2020-05-16 01:19:32 | 181 |
1 Host(s) detected
IP Address | Hostname | Reverse DNS |
---|---|---|
188.119.112.229 ![]() |
free.pq.hosting. |
Host(s) by Country
Hosts | Country 1 |
---|---|
1 | ![]() |
#infosec #automation
TheSystem Itself @ 2020-05-16 01:24:06