MalScore
100/100
MalFamily
Malicious

ff.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 38/64 Related 2790
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 466.50 KB (477696 bytes)
Compile time: 2017-09-21 21:41:54
MD5: 7779ac627913c32b4f650caf3dc9681d
SHA1: d34fa3b1a8414ea6b4f2e29b4bb902fc45edec8b
SHA256: 88d406ad84d85acbc64a31616977770426f0c4d7ed848d86cb93d1ff219c2f28
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 \1xP .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-07-04 07:57:02
Last submission: 2018-07-04 07:57:02
Filename detected: - ff.exe (1)
URL file hosting
hXXps://cdn.discordapp.com/attachments/454535326069817344/463035083713150977/ff.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-07-03 11:14:02 [38/64] VirusTotal
PE Sections 4 suspicious
Name VAddress VSize Size MD5 SHA1
\1xP 0x2000 0xc63c 51200 d737ece7202e7f277b093eef40478fea 6034f2dfee6230e36135316ce0f8dde05b8ac17b
.text 0x10000 0x67218 422912 d49ba49464c36fb80d4283b283205c40 875aa337cf88bc40e6a291d989812eb99c11fb5b
.rsrc 0x78000 0x600 1536 03c0cc0ca1cb8ca64b61733b61b54410 c4b00b471dd70243d9f5b77cc3545af26f5df543
.reloc 0x7a000 0xc 512 e81a80c38992ec6b3b4d5dcfcfc5314a 9e183541b5aafa70e971c0b49a528b0c5d6a7e57
0x7c000 0x10 512 3b789e0dc86e545e97449cdb30b76b42 50105d619b4cf923965b23809c005f446774862c
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x780a0 884 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x78414 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: \xa9 2017 - 2018. All rights reserved.
Assembly Version: 0.0.0.0
InternalName: done11.exe
FileVersion: 31.6.20.30
CompanyName: developer uae limited
Comments: 37,000 capacity
ProductName: sochi stadium
ProductVersion: 31.6.20.30
FileDescription: Socchi stadium
Translation: 0x0000 0x04b0
OriginalFilename: done11.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
mscoree.dll
KERNEL32.dll
IP Found
31.6.20.30
URL(s)
No URL found 
VarFileInfo
Comments
31.6.20.30
2017 - 2018. All rights reserved.
e2c4a01f-40b1-9d
b&!
37,000 capacity
ib&
0.0.0.0
8dc4bc49-c862-fb
OriginalFilename
StringFileInfo
sochi stadium
Translation
$this.Icon
Assembly Version
FileVersion
VS_VERSION_INFO
Socchi stadium
InternalName
217054c7-4074-bd9
217054c7-4074-bd8
000004b0
ProductVersion
FileDescription
217054c7-4074-bd1
217054c7-4074-bd0
217054c7-4074-bd3
217054c7-4074-bd2
217054c7-4074-bd5
217054c7-4074-bd4
217054c7-4074-bd7
217054c7-4074-bd6
LegalCopyright
bc4519c8-fdeb-060
CompanyName
developer uae limited
ProductName
done11.exe
1b&
hIj
sy.'
)>mO
PNG
8>Y3
UR3
vkThz
L(8&
3TEU
B	P
HLF^(Xk
f":'
}aJbj
M=+(
Xvtx
W>*ZfD
/mD)
=@9J
l2hF
2?)V
2:!Z
)1UE[
4b_`\
Ek%cX
t[[5n
&,\,
1_^{L
o5VK5<
#W7*.[L
,i;?
:iD/
CryptoStream
XRO%
kkvu
0,;C
Fh$5
,nsQU
+*ms
PIAO
N#m^
8f(
GBAw&D
R+n{0
Vzs
,Z"
:iDV
WQg0
H6XYb
}#k*
Z.Q"z
;73UZ
b'-[w
b+/{7N1kN?
U2{W&;w"
[CC
}(iwp<
,w{6*
Vb"'
~*5
r/[BTC\
r}}
Gdae
AzsO^
EUr'
l*$l
Vb"f
EnableVisualStyles
e"I'
HSzg
@ii
"R]^'
rGwL
|-?
r~~^|
_I[Z
UVj
">i(
8q7
7{$(Ho
hV}ED.//
`zC~
;mU%
\5Y_5
%vyoB~$
65kQS-
KLoO
l*u
oz-;Q
hm0>
1n?X
WE
-\
{n\<0
lucrare.exe
'$QF
sl~76j2
DT&d
235&</ }
oVE_%M
iwU/
set_Text
Vf"/$E
e."d
Km<
YjX
i7)n
[ME%
JLAju
4?@	
]Mt:
S${4D^U
-ePly%e
nNQJN:
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
Npuv+
:jJk
L0U0
1W[S
TR&"b
T%'V
gM=e
;7CR
!1kz
'M`7
V~-t
%W2]
07=E
H&5!D
|TACN
mg`
Char
X?Iq
RA;h
>n/Q1j.
/Nd?
u#Sr.I
?9gE
3k3)
g7Q*
`H&.60
f?Vr
W:{mR
ru
j%
P%i>
6sjr
RG1c
get_FullyQualifiedName
6WO>
"R._
+"V+
A$	f
|$w
%%8*
5$~"s["
P3Ll
w7/.Y
Qo1_
47kf
v
v@6p
TGO_-N
|oj+\
.text
c#cW
K4L/B
GetObject
7W=w
S}-x
lWOj
.Dw1
.8]
]4YD
AQ?{
IUOWSJ
rSqW
3Km;
5X[.
A4L9
$vPu@
2Vpu`
#34Sc
O*HL
pt'6/
SY-Lc
SOazN+
Dw*y
FNEL
$F*+
voK]
Z$nV
* %h
q _|+Y
0K].}
Q3W*
x>F&
5s(v
YUM|
deb/
CreateDecryptor
bkik
4>J
V+Y.
,U6<SO
E|&<
be,
|M+bD
w<IA~
XX7
]br~
Settings
wqPL
y~iW
dF6E

T`]+
/""?
W3Jq
.%1p
Zg?K
c1i3ct
b@xV
YDa/
esV=T
nnFoW
Q
4b[
-z?$K
)3El
LUm}
DUUDY
>y%L
@3T
'T!Tk
N.5q
TargetFrameworkAttribute
S_+m
U}cA
HW&_A
+Qx*
T]+d
E{+!
^`Z&
,mr2TE
0}"eT
|8%S
~E84j
^c]8wOK#-
get_Assembly
>^!=!
[F$
&O u
NHq3c?
w\9w
lEH'-u
YjdC
*&Z'
/b2`
l) n
\
W_d}3
d70D
R'US
ku`'
^`n
r""5"c
VH=g
Mjf
LX5_
Ub5;
K.rFI
<~Yu
rw2w-
Luf%%l
l|i}@
&_uQ
.rG
q7wu`
VZy\
SVv.H
IHDR
j	j;
c5^Nv
j%;
Zz[
=,LL
>U&y#d(
?^.BK/b
_2jL
;kYq
~,h=
zM$h
WB9%j
System
EventArgs
Application
_0t1h
tLFH
R<bEGJ
2H-p<fT0
~-hX[a
Ll29+
5@7:
:HZ~
_e16`K
MethodBase
{}z[+
#%mi
u7WH
aKn
7bF
"|_m
KSQr
rnjf
}QAkv
p4_;
bp@m
2t!~
width
|?1.k
LwB`23
W?}w=c
k)E7
R.8@<
FJ;W
?zoz
?wE,>2(
8W{s{
lLR?
upRK
"{Oux[
HkPV
EM"5
TJ3T
*6-1
)B~lz$
b7vy
zG1$
Ti'5
w
-$
5"L#[A
P3NP
kl85
=)Wt
rDEY$r
U?B#
Xq^u^
d~$q9
:/be=
FL/Eq
.5L,
kpn,?
CdYHv
0^mV
U)iO
p!1o
_-Lq
TnY"
7Hi
8uIo
\}mu
9updD#
Bb&f
doke
*rU\
Y}r;
Ls//
ai~y
w_O-M
N
8/
F&5Ug
SGE
\k
A.
.8b&
V+$Lir~
>k!"
CXyi[R
G&3+l
Uye~
5sYsL
-GR
;,OEX
=+j>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>
F-K"
JfHb
02c-h
eT[X
5wjD^b'
*#QQ^
,*sBZs
xde&J
!ht
T ]z
H$V5W
I1Zfn
o_%?
ue
h
Z*zH
qzjf
:9a}
jxK^#
<8_
lhZ:
}iw%
vZU$T
#|Qd
=z_xC
r'E%nk
set_Name
Default
-qJu
Is=%:Z
[Ajn
?4eeF
i;&aa.Zb
LDLq
Qm}/L2
uV1[]
ook[
vZ8M
j+A>
a,.L
6K%=2
pGEL
8-gv
jw4Y
*I@
~
VU2d
qY0j
;IdH
%jCO
RJzw.Y
1x_a
Wd
&
DRW
G;w?T
.//O
.6$f
YR7jbjT
1Y$R
jw43
-eo"
2TTM
72a`bV$XuU*l9
CK%U4
uPO
^HJ%
n]oHId0
L8rtH
n8Wc
4|QoV
Jidv
x`885
zNT!
{<Ra
Iid
(
??`H
CCpN
Ga{p
"er6
Ms5Q
E6[H*#G
jlAIW
[i+
Ms5D
rTr9
I<'[
Y
C_IJ
_	w
Tlost
Un|W
{975S4TL
$y0)
=EE5
hwj6vR
~-cotc
&>]_z&
EKyN
:@H
pgaF
5DEL
! y=w
+p@BB
)So)8M
$|J-
tlR
nmJo
48_
|Fq
X6iY
]%[%4
MCo
'~2
4J>I
"4|gR
\Ai[3
%)M.+wDX
W`L
YLS@
D1[K
aIZ
T%BEK
<9~S
W@`\o
SOQK,
CG?6j
M\&>}
v/B8|
oO
g
sAOW
c>N"
[m@W/
:T|g
-T*k
@2=_
`Kd!MW
R"e$.
PD-zV
Km
e2
j+8eh
Y5{Tp
CMoHtR6g,OX
#u5Q
YA2A}6Z
o}F8
C<x5
nz5~
gjoU
:fok
"~o?
EUyn4
nm13i
/oO&
EWuch
*BV<
Invoke
[[Gh
3=Eh
SfHV
$nG5
[O[s
^Qb4
/1\<
TY{9
bx^>
2Q;I
mjxu
s=	I
w-oo
=~~L
xVuRU
A`-=
T`I#a
h:L
1irWr
ZJV5
%$3Y
R,>4o
08sA
*M
7
8P<WI
*M
,
a	cq
k3+T
|{Je_
8F&l
7(f2
tDU
syl/
aD,[
9~L
R>yp
L{c]h
yf'^
^mt@
B!
,V@\"
cSw*
[N}mC
~v~h
3Db,nUr
R9iqB>
N3ls
h[=O'
C#R|
-
/a
6"*#S
9[VU
jxnkP
|&\#
ShUVm#k
O=%44
*g=mz&{
Hs9u
System.Drawing
PgK
%bI|
#at	!c
1?B*
sO&$`
iE'f
.	f
F1}q
M6#A(z
_v`nl
jXGJ
NWL0R
fo7}
W>Y%L
A0Yf
w|V	k.U
0A/;
.-Q1i
VYqN
"9W$kw
U /4h
RuntimeCompatibilityAttribute
ho"b
rWhbD"
Dr'6
b<5A}
/-+K
GSK-4
"gwW
<1\,
u762
DV5Q
a_=^,
+Ne{
YAmt
j.lw
'7Cd
rGqp
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
-ot%=
l05sc
Size
[7>+
Uw"d
)#b>FroG*
~o[K
!Ke4+f
hfH@
#NY9
IContainer
nfg6
H>5>_cJ
% q7
Y^uz&t
EE5t
ISerializable
"1f/
}#aW
"w-nH
*mzNMc
_3n@
&i6
]w{<v
]l'
Xl7/
;&b
an-'f
,E
e
NXz
QS5b\
:Fyc(
/R=L[
+cn|
N/E<
ResourceManager
G:=[w1
$i+W
OZp_G
ku+&
ContainerControl
p J]
0p,>
)k)h(f
S@"
1kt!
K%K+
<)pN
VpOO
Q+iU%
'rWQw
U97d
rnV.
*b|.
Lid%LE46
/	UU
4)ou
<N!M
pYo~
QxnY
6&&
/CUkS
2WoT
GO/
$FU/V
l0fsN
v{32V
%|r:6
K$c\
Q&Q:4V
M=3m6
5,
q
<TvT
`DP#
xgQk
3-
spH.["
7K6Q
)5P
Xa;V
<Sbo
y;r2.
Close
K_y7
0Nt5Li
hH,oi
S}cA
r70D]]k
dW!I:
(w/-
Y? P
u\!T
I[[R
>`Se
l
L6
!.h(
4"r
?;RA
VMKp
gn^h/!K
`bwDS
RL7
]rQ&
:,bR
17/)
7JL-
.5Z
OR
y
GF4
F`k73^S
2l}-wd
yjAJ
'4@@
xUE<i
O$dm
}s}O
SNku
add_LocationChanged
wUFY2
BX;E_
mscorlib
H	s
.5(X
BX##S
bCyej
`^G/
PNtMp`')
f(>;g
(x]*
nv{Z
SuvEa
Nr` s
%Q^h
^g
p
en}3
".mT
e
Hr
1r020
@U\2
RuntimeTypeHandle
rj*f
^W9UU
@M\J
#'=
-JCJ
2'iz
G:7+\
E%O
yBGS
vYj_
dFx>
w,M
Q2F>
/-e|
%C,;
AP10
QGyK&
tiN $
G'PM
UT-O#
&F"|f
XE'k2
S+fGX
w8r(
vls
cei"
-<Nj
;`
|I]%
+iY3X
t#-Z
_h1?
fcRzz
aNxP(Jj
!IM*
1.+V
k kR
BUoEk3
4qyfJ
)*;B
C{[vi
:fYl
36KGB
Xns>
vT
=
,rK}
f2$s\
$mz#
Hd
8
av-*
^
M_
SRWe
D3uqR
]	qE0
7O`.$
7+UU
3ET-N
W92F
uo{Lp
*$)'
0ORF
8f
x
71SV
zaIH
1[JW
{4tw:
k.%*
-?z9R
2a|p
9UsW
8c-
set_ClientSize
5/?;{
byMj
be"
6N/Thr-8
W1U5
5C$ZIj&
vhWm
_2=|?u>
f'FYk
oGD1
dZA!
vNwp
M6JMe
_-\B#
g8cJ^*{
*[OY4
V~I%6UR
k; \
)!:v
4\mq
dj^0J
]/8*zo
S}%B
:ATi\
"r
f
`s,:
kkn7
8~+y
f(	\
YSMEI-]eDT
aOL\e
lCUY#
j;3l8
W[Gl
]%nY
7@=L
}%Eb
X6Jrt
w
}44
FfsRHk
E^D"
wsck.3
%ENtT1
wIu~
t.DUny
E<#Z
]&!=
e=K)&u,/NV
Lu	T
4$mF
`(6~
CrT6
3X4`
G:=MDE
'
P<
["~q
~Yx5
^C[~l
$<uA
*$JX
v{2z
$|Nf
u=z{
O.aQ
]&mM
r5Qn
set_Key
" dP	b/
IB	CB7
Bffx
V)]
mP^b
ol8wao
aHlP
MethodInfo
r6o3
bh=OZc
CompilationRelaxationsAttribute
s~</
[XY O
km}%.
MemoryStream
?$UDn\
;[j}O
K~?h
f:_@
#k"pkI%u
O	`w
AC3k
.vKF)
=I-g
wwwwww
>K	8
c`o\3
z%yXt
>39*
%
]|
dY u
kB18
-G|
y6Z>
H^Q2S
nxmVl
2`,^q1
X7#
qcM$
zC{p
d}u#X
y$R-
W5F#
6[CS
^OO'
3',z
OPTh
QQQQQ
QGD,~

;y1+
Smbw
H70X
QI6
l:N)
#lx@5
[]m"
Concat
cQsc
9QQ<
:%GrW
c
6
j lN
Q:dXdu
I$Ol
C&b;
|H&O
}\o"<
hJ`%
t)!:
92$cJ
@>6i
TSJ);
*DlO
g`?T
{L$a
FA;]
X72^ iuitB
>.FO
R\.uU}
R[Bw
aaUE4
;{tr
System.Text
Nvt
"
9
fo3N
;%f-
oQ._
aT%

ir
^
MZ
]dq]#
]dA:ij
1y+ J(]
rT[I
1S?
Y"x9I
4?re
'2&#
d@
v?al
EPcs
@Jr/W
@"LyE
<7U~Ve9VJ
j"3,
};xO
8843
]HQ
_MQt
~L;r
Rikf
dIDATx
m#G"o
AS]K
9(CU
8q"o
M!`F
)[!1*o
_ZMS
%r]3
_CorExeMain
DebuggerNonUserCodeAttribute
DZXd
>)dA5
ALZNt/
E/G
cC):M
B_9
_
*g-$
{"4th
|l;Cr'
VjT~J
>]t%
<-Ly-
Microsoft.VisualBasic.CompilerServices
:q5K
P}me
qt^9
ToArray
Mfz,
9.CN]*
$6YnN
%kcNU^
1e=
hkbL
Fr&K
vAfh*
N@OAa`
em	*
NoZ\
<ck&
ql<k``
9v|
Q
"&,w
1=YD
oz:h'
1}=_
fO

+
V6A'
1'8c
1$h2.
uIED
w&(;
g,8@
WWOO
[dD
pQ&
'UU|
%VE#
yq0Qm
nZp
an'e
Mj2>j}
&XOA
jlAi
TF".
&nUW+
:>A
w\1P
I^',/
[(NW
(3Qj
OAp[
ouN`g
Mkvn
|>n{
n
ZR
xw'&
NG~}
fb}v
0aJ\%Wt
q:8Z
cLAn
g-8m@x|
L:sN
/&xb$
2NnQW
uZ.I}
%GOl
G*hkw
T	T3!R
J=a{u
NWLF&h
F,g{
^NRe
{p/l
@:7"
u-L&
%2\V
4j6y
l">#
QoJ$zC
H1*0
4ZhVd
$~!
t{c
-U}m3
JwCu
KC55$
~)f|
4j6Q
NaO#
1.0.0.0
,O"~
+ ]
0w(~j
Yxq+
7n1>7
j6zi]
Stream
lnT]
h7)
Q0d.
PM	9$
Nr"H
-u0
1+1C
dO6J
*k!?
DlAM~8
Y*+y
7GMkcYE
cKL8f
^saw
<,|S
|;a,
p!qv
W#%/!
}29m
N6G$ZB
"jIr
ZoOx
Sa
2
V:g^`W
]E=%4
#jA^
l-i1
W~[`
3)+*2
@5SH
^U[J
J|f4
$Wv%f
i {F']
u4rJD
U|0V
vLvM
jflt#x
)y$`
lP}L
vh.R
d!_k
TEsQW
"sfUD
b&#]
W7Rz
"&-*
P8!U
/W	m
qCpy
a{T8>
+} 2
5M%s
Q	W2
^*.lj-$p
^I'h!
XDFL
tq5A1
eYKL
!rub
`S}caT
&N=2I
93[}.jY
Q
96
LU3}-=lq
AWC>
F.-8T
rY"T`
_ tq?
sow@$
_,XA
%F"'
z
}
set_IV
$17K
&U3e
Y,yT
|c9p
YGAl
P}]#
m<9S
}
_W"1&!w
[KGS>"o
*@&L
uvy$
g8%Ls
OaXBP
o33`
b=ql
:i.Ra
R--,
z 
&]
q#pG
,U
GEk{
w|ZY{
eEUD
GlM4
)R^bs|
Q
}6'
!z0&
*48uI
vPShNl
QKYJ
!V5AX
VK&
e d-
S-]_
zZZm
ESC~
F=	M
*KR*
yg,GU
V|b;M
i/X6
2vmD
p]-6
g[A]b
+x#f=
PaZ
X
Q[Yt
z];y4j
x|E
L@
W
Q#~Z
c!8a
"K%F
/,i}
$J<4
v/=X
D_BEd
$J0p_
$@p!
~NO"s
yY#gj
w[<X
$<7:$h
@_b
7[(*
%i>M|
K8eGG
8'i&
7**oEC
\
a).Nm
8Jdx
wEUY
zY)-
^RCC
4^D&oLE
GC\s
a)-
}rNt
4	tw
'=4jLb
]MYy
g{(Je
[_KK%^
j;,T`
"h|}
:'Py
k,9T
}2La
1^/i
k.XB
{TsbVKMWSt]
tv\8!
\?V
jAfK
1;!I
H]}
we
58.|
+.XK
>Zhb~
IDisposable
c#
FW2]
jbr\,J
[al
vMkr
nyj\
V8fU
cyOTq
cZEB
yOd:6
$GLP~
-Q[-
muQy
T^NW!h
_YB[
!c`,[
mA4.
ir=sM;
sc.kuB
GI*>V
Ss7EA
3sSR5Z
)Tg9
pTC
W5U5d
DX)e
Zms`
G1M
6!0g
[OSe
ujUE
-7=?
#GUID
Z
Jh
/ G~
4svtNF
jB=Y
r&hA
Si#cni
QYTi
)pRE
Cw=
`7^n"
"	2m
UnOUlH
yeB<.
^51\
ur0}
Fq5BU{
#_]v
BGl[
p]H]
B=|
8ct2I
qLwV
5TKT
?$DMT
vKD
z&pC
c::
DN??>
UU%]
Su4
Fu6lS(
D{oU	&z
<+5Lp
*D. 7
gddq
/v\;
z*\#Aae
l'qO
b5sn]
reLp
!Yz
$W&\
b_Z5
X Uj
82wA
O(V
&V&g
[k#}]2g
,OMf
gnxZl
^?
bu
'`^8
D@O5q
sSW9
>%"&3
GLgk
kHE3}.
I'MBT5
j}q(tb
}J/M
H=dj
xu"O
/>R2
!"c8xN
PRRIO"J
{$u:
N^_(
,q25{
P\iq%7f!
XgFK
Ve|r
J}of
JpK4
]YY&C
CCEU
z1Y<-;
sV%Y
u_x`
tNb.
G?_J'
7E425
:	M7
uprf
XW~V.
ScnR=
7UNR+
lRY!m
qf9
]6{N
Hv	+RH
&<on
(-Ab
M99^
mM,d
sB#l
(q}V+
u2GH
?yt9
(VAs
Z]^.
~>R6
EEW"
h+}|
XC]
/YV;
(J5+
s'\<
*\U_
+jFlJzB
DQUtsx
?2b"~
-jI
l"zu
$ TMy
s/98*G
pvNo
g>
/+zK
U	SN
0tUM
&*'
A> r@F
k*/
QZ-u7;
STbg
q\Z5
pjTgH
E (.b}
yGSOYI
e
,[
0xA7L
lKO
^O|sV
r~O%
!KMS
jvJy
YkY7+&o|
O/t
doW6W
@Q28Ok
Marshal
|hO0
TDQN
gpsS
>[=u
_/YC'
>>-_
5lO<
\)he
<fF6
y`82n
:*[eMC
3Rm&
q"+
Q	%q
z&Uy
kuM}6I
M7Wo
5e/X
cg"!L
g0Mf
D
	.&:
m.m6
_Y.resources
@)O#B
';$TB
X|9T
@[%Q
k47r
UKun
Zht-d
O"Ws7
1\"lb
]3d4
b1Ag*
E0=4
W1drz
G,5eC
#Q
j
AssemblyCompanyAttribute
DfMW*
{j6_b#[E|
<L[S
c)P8
uGjVq
iWMrmm
cOEK
Zu=??
~
?9
4~
FU>A
:VXR
^]`P
AppDomain
"&xz
mCcw|
vXV5
ErmW
Hruy-
]'X}
"l.r
k3iS
r^Z)
Mj"'
PADPADP
#Of
\|nr
/~&G
)wQ*[J
(+@*
rir`
gz@L
1Ec3
:{^]\xv
G<=@j
)MO_
3
h&
Lk13
-c-{0OneC
y;'9
FV0"&,=
Y/:39D
OU6q
'@
69#sd
j*/*
eUE=%,
Control
[C}Q
9W|
5`r+R
r^Yfm
l3\%
pW!:
7lI5U
Type
h3`g
QU5r
(!vD
<1O=
BO5t
MMd$N-
`")IL
t>T
*lOd
rQlcF
_W
Y
}"8y
Ta6S
Z23KU
e[$
a
;U
"2.n
c@|
4v^
c],s!l
AjR}c
dM\F
QR4Us
rFw\
[f3K}
>:.X
83sy
M&S1#
f)Co^\
hGve;K
3*v0=1
NTTO
c0/5h&.
m6p(
/tDO
XV{k
DNDkS
v\"X
i#ZMb
H#GSN
/[
pK
,A'f
ChN]
K}S0
=c{4
S%NU
[lWY
,vV&7
c\#4
QTTb
IE*C
dVU*
QMK4
7$H
KRN-
7**xL
9W$G
;Vy
-"}
dcsvJ
=%Tz$b
yn6Rp
:)S6
omM1
=ETt
aDus
RKp[
8qj)A{<y5
Efy94
RUKKS
:3Zw-
kS$j'""s
n8Ng*
n/1{
k"&O
`.rsrc
Hng
G
xB{
Q5;$
t~6so
E@VD7
>S3l
jUGd
W>T^b
u!,s
,9#dz
syS$
+*}2
=N3O
-es2
gQM3e
__G^g
i	MuS
`%VlZa$
eM!s
`;8\
K!yI
r~3_H{
vO__k!
JQSQ
7-n@D
eR
_Mz_
z+_
,,G=U
XVdf
hW}s
u8fF2[
6@e8
8 _)
DwCj
f`
C#49uE
.~9/
70aH4
T
RW
vxpm
\!f7
TTT_
eW-+
.Xs*
P1g:
53w,
L2
SroSIkw
0SVW
zWW!
e	Hx
set_AutoScaleDimensions
01wb
9c~+
*|?p
qV]e^
]wg
6>YlK
O|)x
Jfa;V
- 0?
b,+c
G1&V6HfkS
yU7c
qXH9
wluK)q
1U$j
VCl^
r|.\CJ
exw/q
+C)n/Wo
EEzli
".rL95
m@+^R
bgmO
]SC!
0/X'
b|n*
'GU4j
zy^F
p,j
7+sMH
%mKC
$/Y]
4hEE
Q>j9+b
^`yQ
3\(
cEl2H
System.Runtime.Versioning
drVGZD
+kpu^#d
8.1s
d
oq
IconSize
a4QI
:zn38
Lc#a
Jpw8
2c5ca13
QMlX
[EJWRMR
bUE"
!%"
/r]*
#Strings
%X*[O;dXdNV?J
6CZ
MkQ7
w!yW/
k?{}
DEEV
kS7;&
-1WU
(lX'
C;\J
)jnR[
+zur=K*54
7Va5
]9qj
]U-g
o6E0
lP$b
;JWM
N[]0zQ
zm++]':f
;],(
w)"u
y:@8
<SKY
KIyl
7:12
^:*@+
vZ)9
pG4P
C70
gb2f,x
HyxF
"f{#
I_C~
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
\k
?
sUrGg
}8i<\L
y559
GRan
EpXQ
9427
Uq`7}
QKA,Q\+
&9 t&,
lFZE
W,uvK
W~AO
2{f
M.-S<
UkUS
br+3
zU4~
i"54
#m$:
)uI/
8_j'
5.sC~
v\ S
*Lt<
w@2c
]0mi
R}c)
o[~ut
50&v
T36
R}cA
=ME;n
:fS/
TUlVl(
?>7e
s^15
"f:X8
owDJx
l_Io
\)\)N@
,nMh
?[tpY
$)t
8k:
uDui
s[rm]e
b
!!
0SMU
Form
;a(<c\
V|g;
ETTUb
pM]u
nGE9B,
)#uI
^C1d'
BJof
YGOR
Yb<QU
rXP7
gpV7jv
XVIoObe
%BL"=)
\7KZ
k_
K
S3 B
5VQe
Sh6K
9e%g
D^fb#
WgU[5K
sw:z
S;PO4
EFap
/Q+SS
k5Nl
2btlYK
P1#b$
S%EE
K
rl
VD_`g
Q	i(
TQ~
08J
!xl9
b["0
0k	}
4znG7~
CAK
|7{uu
9b>
OG|E
(]&E/
KW=(
z.LR
jV
-
3&H?|*
(cEj<
1M3WDG
ResumeLayout
2deTv
g
].4
MWQP
V0
0FFi
h58J>R
ValueType
System.CodeDom.Compiler
|w6s@
%[/)uX
SetCompatibleTextRenderingDefault
Nxoq
G.Vk
"f8&&c
ZUpvL
4(rty
,Ob\
HWQ5[WC
Un;|
wHeG
_[1E
xnT&
Q%ZJ
FiG*
QK<b
p9\e0X
]
vH
d<KMW
m+i(
Y_Ip{[Z
cUL{F
;i%gW
kw
M
U<:S
KU
T
ToString
h^Q3
IHpJV
<kf
mw&i
lT(KX
k
-
mi5k/Y
bWx4
K&b
HIu

~yuv
d~>#|
R6?s
Yl.K
q|oD
qw>C
_<_D
System.Security.Cryptography
In86
Kh*7
.m=L
f-w2
y;@q
,GqK
IDATx^
t55Z
/UFn
t.;H
~zSs
%vTH
UW
_5^P2e
BLZ"
OKL~d
.ctor
@g y
\wJ+
2'p:
i
xZ
V71|=
N6DU
T[oM
$
V{E
PK4:
%ndI
wJf8
v4.0.30319
xV8D
}az%
Aqss
r5jR
w
}f'h
1Bo>Y
+<OD/c",
m:hs
1~{_Wi
Module
G]+h
lLB|
w6g&
IO
h
GU-%^.
u+5>
I;zM
@.reloc
W-/{nw6
wlKf
HZcs
UEA540
eKvi
AzN^
W?u8a
(ymK
m"=z
sr j*
H
P~y
\0`{
F6e|
l|N\
{]g[aM+
28>&Rp
e]E=%4
Dcy
:`4
Akfc8
(?%wV
Wz"p
'<2T
-GB78j
z^f$
(%NG
OOks
-{+O
Q
1Q
|2#U3
OOOr}}
<zfI
|m9yx
~9?
uE?cj
)8N<s
JGWCN
=|]!
_b<V&
C9 ^N
`FK.m
rjg$.r&
EU}1
C+|d
WtuC
9Mlh
20aE
^"~~CLx
Do""
3UU\
<Y%ApzV
coq"
il~
Ya@o
/2w\[
!w(%
|g:m
%DvS
~8~_
[&N:
X#O/
T*<TL
TUlE
%}U
*"`K
-^gY
I3C
;
~0?`
v3/r
?i^EE
(1"C
}	vd1
y/Lz
GvJm
]t]4p
AKD%G
IOKI]
_t=d7C.
E8@
nTTL
Y jf
D_J(q
C >!
hEo`
EFg
<aRsW
z/N
M,n7R
l@zl6
%R\iR
jn3]e
m>G#
9#zd
sSr&
hg'E
Eq'c
LfSOc
.. 6KM
!/W6w
W7A3aF
R{j2
-/H6
-\Io
JvFX
..RA
5nYH)(u
:Zy[L
ojmCt2?V
_o.resources
y|Yx
O&}f
sqDM
<C:Y
l(i)(i
IComparable
!v|l
[*7x
m
zR
=`pD
:'3=
g; ]
=4+k
cH0r
0A<|
d$G?5
]xFr
W#fMy@
xu=Q"H
6G"d
AY\>
5}r2:g
H_JK
jD~i
)=YG
bcO-
Z\S[,
\ffo
_xZ:?
5mlFz
.NETFramework,Version=v4.0
l&'''
csi3MJ
n0xT
BSJB
;_bz9
ek!.
#`UL
5MP]ci
OA0is
M%
|IlU
Y~\l
xF
.`6E
3okC
Ik/[
MAc
5NQ( (
bpV
gAMA
#W4lj
r &6
`v`
0VniP
X\$
y||y
$1BY
WtXA
[n7j
*{O
}"2n
|zyh
3W9w*e
EV=bsu
UQ-=6
eGTq
q@K$
KQWK'
2J66
UGLb
EUUE7
9rMY
e,ZP
R26A*R
]Ynk
O+"Oj%
%AGI
yoMl
#6acqt
|yK:
2F.D[
|,,E{
=F
2018
1A!P
%jxOd
_C):M
D.m($P
pkso
DGo]
G*xsD"
i5jy)
^EEM
Sewoshato.Resources.resources
SYIt
v
9^$r
Xu-/^j
ksdr5
d.+
Rx3M
WPOWU
|6q9
fcncq
L=J:O
W#sG*
?K$s
$ME_
I[H.K
TDLF
rl)E@
68c968da-7615-8d.Resources.resources
kqUG
ve#vPO
YMO
d9?T'
R?n8
)wL{
a,;]v
s<2"
=s>[
`Nku?
j<DMX
6W$'pfz~
sW%fh
ECvb
rl&M
M]Op
$oV:UzX
mscoree.dll
yKQEU
F2"
{W5M;
[yzz
E^U1
__I%
9&X"
$3Cs
yQH6
6B5D*
f,n#
BVC>X
z"riE
e}K5
]]M5$;z
.rGD
UW$D
t+v(
t>|9AtR
*QV4
C%k*
~e/:
S? ;
7efru
uTy9
^h;B
T 7k
n79i
Hu{x
S5^Rf?M^
Pe6I
Ol
Uwr'*
?NIS
;tT#y
VYHp
'EI
Z71$}
eqB
@]?6
5F)sj
U:7$|
CEl}+j
?iQ"
W}fZ!
4JL,
@]?:
ZP(@
M+$g
7	xB
5LDo1
#US4E
A]/M
psMSKc
J/6
WJW&
$O%>Q
"2AV
j&cc
>Mp9/
-6Z&
9zj_
oKoC+R7
W"8|
xuyo@
n
xC
VE[KT
{|jU
QFp
YI-O
^d0T
S{Rog
q&&8
X*.7(
g.YxVb/
TtY)Q
w8gQ
Gl"h
orm%
tpUP>
kAs~o
pF
-
b-4M
-}Aq
x]:5w
IDATx
OT5I
dL
M
x0vl
UUw""xOi
-
:Oy
Q'q4
x|/d
>jGB
I(2Nf]Z
SXpM
ehb!x
oc07k2G
?0CfbzyN
S=:T%
3n|ox9
Microsoft.VisualBasic
/MKpa2
D`RQ
TzR
Q$ez
ND>p
AA0n?k
Z?i}S
=lc
6B103F80004F24144EF81D75CF2602DAE5F393BF
J.~S8
[$KOL
Z	]0N0
vP*
15.0.0.0
v>G#
q#B[c
T$8'
A/3]`]k
*SSz
*\/2=Q
XZBSg
eF|G"tK
gZQ
QUVL
~HYL
%Fk\
[

"
F*"#
o#wM
or%M
5sF@
N))t
zE:#
bu#MxO
guTe
}u4r
QMCM
<xjimx_
Thread
oQ11y
EEEEEE
X.sCO2C5s_N
_}:!
wwww
,ev8
~V[My
?@+~v
hIO]O
3oJh
v=
J\j$
*kMu
ofq%
#rxL
ZYi{
[PcaD
L2I;S
+WGP
*6	)
/dUMs
i+(*
0}OKH
d~>W]
$p!FHx
56WZ&
]EE_
[Qsni
5@{
UsUU-5
b{cH
/^Ff_9
F&fs
}B#k
t3QRVVM\
Weg
*b|-`5Z
8/5B
d}*O$r*
F#W$E
K3
MS{4
0snV
P{Cr
BZ:
=PcwI!
`S]c
U%-CfkRV9
"fbmn
?,vF
5hl'
tq<l
WBjKh
3	Yc
bPRx
Os[i
wwwwwwwwwwww
4ck
TX0l
y1Pol!
KSBw(
T/~
O$%y
v[U
XM!s
&[Kc
Gn
>M
G=qiW
nO<M.
1@).
oKH.
dc7
An<X@N5
]
;Q^
d18CS
mY#uaW=|8
r;!+H
:W'+
Smmf
W.MG9
Ne1/b
<.(*
XhRL
NC
gA%\3"
]59(SPw
z8ELvOby
Ashampoo Snap 10.0.6
C5=e
UwC
h8Mp6
Omv/]n
]iUD
]]Mi
1PbnL<
%cMp
frM
G
M>w!~
'f!m[
t*ooo
p	:c
FiME
ENE-G
D
t/b&y
pr$PT
9pl
M('G
jxhD$
MghN
P<&q
M/,
|B+e
E UJ
ComVisibleAttribute
.ETi
VPK=
a1kL
CAF:
[cb+
IG%!
}OE5+
g3C
e
TS
K]U\
:E|4
i{	{l
q#A<
8zjK
{gb"+
ETDUU
z*Ki
p&'0
u1'o#'8
vPSF
GI?l
3;
k
GE|P
$mB2n
jOnI}
;	~9?
X,`-
,_IEt
'8Mf
-1_n
F02hmT
dIk/
sqpq
lU~M
dzxYU
nW%S
KlU3
g\aD
m~xr
U6+
!q
W9Qy\
;M4[
*:Tr#ck
JiWu
]Kxi
DXJ
C":
sd[9
h?t'v
cO{Y
Y>b9
fy/"
sXk,
JH+)e
.NET Framework 4
&oWe
3-\?V
.wV\
P?~
w:F
.Viq
;VR2S
w.]v
ZxD?
J7yi^
kY3Q
%0w0P
p26W
Cse%-
vza-`
QI?{
UV.mrd
f*q/&
'ts
g~FK
i(
13V
^,r~
W-:Qf!
<3yegn0
GetHINSTANCE
f.%=
]B!1
sWh1R
88E[Ms
w/!1
t>0
/U6{
J09"L
rIdr
6iTr
l
?V
xmb}
QO;Q
w_y.<|`BiV:QN
OV~;
6eps
.Yg
n
os2{
80ux
ZfW~&(
jlp3u
T
Copyright
%]($"|3
s35t
V]s
SYMj
Czk"
W&5j
nSu+
;U U55
S^-
~3ef
rD?N`
[4!M
jU\.
bC
5;
G81R
:??w=
Dz}u
_T2;
MqZI
*#sEzH
|/YSp
EAhT
W~$g
v9cMOEz
oI3D^m
WtH#l
H{EB
Wu?F
',:A
K}zV
^>^
q
p)
^R&Z
a<-e|
&Fq)
3TJk;hU
S:1]
hrYc
FnQ_
B9pQ
>
v<)lZp
8@u
k|C~0
,JZU
MNUU
U'c.U
_Gf"
l9SI
=~Y^|<
\l,d
5%?
t"b4
D];]
m9`dxn
s !:-
Ey@d
\!PXh*=
81nw
cl!ss
7:Y*
]a)>
;:,F
_+qM
w're
A?<[
/d6;
W@Z"
@_N!,
KQ;c
;r=2
"TU|
skW4
92@i
1$j9
MKMN
t,6;I
O//
K-/z
5#^X
\4w{>
:'5|
ie6fP
R$50
mToTD
$Hf{H{
ZErp
A5C)
FPKw
CAx1
9ST+
Fj}g
qyUg
r^tHB
z/[i
=S7=
`\F5
<n`#
n+'
RQvImi>SZ
3E5[]f
o\'n
?o{$
2DNa},
Lzjz"
w}ks
_YP0
AssemblyProductAttribute
.@!{@4)
"\fr
I^a5 L
kz[
&e,
uuEtQ}/3
<Module>
?S
o
F:4d
zA(r^
4}#
xT*
}@yF'
c:	i)V
a\Ai
dnp}
8\)v
>Yw7
c~,9
5bd
SizeF
ir:}"
) km3
W*x9
M?0m
$c2b41180-c702-4a90-a647-556e1f510dea
$x~yhYp
IN/>
h3Iw~q
^).R1.
8&`
<9"d
'#enH
H[/F
]ZT{{2
1r"ff6k
PC
e"
Uj:e
L\v$
ZFAE+
cI'W
,9-B
#lO0
+
NR$t
Yf{Q
D{$'Bi
K#tc<
cU5+
^|Jo=
*}t
lbA+
*`z/eEg
Jjf(B4(
U3Eb;
)oRp
Az3M
5EEc
MYMh
EK$.
C.lR
+RW-
}	s;
x%4Lt
T&.Y
o,6h\r
EventHandler
Y"/)s
yw*r
-435
m$b/z
3_rx
{W'&
o7e#.8
qA~
GeneratedCodeAttribute
tR@C
5L19Ev
Oqt
!x.4
3tKJ#m
K*`U
r"'
m[kbA
%LqV
-2n
D
$DU\
AmW>
:
rl
k.9/'
M3Tz
?i=
uWv]
6>l<g
,mz+
set_Icon
System.ComponentModel
N7%'
S.*I
(l
"
\qI
TcoyE
4nJ_
ConJm2
Ta]@
WX&v
wpR%
$w
*
s#iQ
\,}pj
TTTTEEEE
*l{k
e5S`Y
Zg,DGW
xw2-
/]{T
System.Windows.Forms
G&Fd
P)4sd
\qS\3
m=uL
s5gs
nbGf
nf'P
3EE_
6&&i7
wk `
R5vm
urn"
<;x+
Th#[4
gEtM
Wi](
:[m;o
-? ,
{@Q	Y
6Js]
3kJi
8`hl
sDDTTTDE
&8yyj
YZa=
k<~J
&mV2
cDTU
X#*/
*5U7)
;]q|\
mB	"
\x[#
W}F
1tyt
5
UQ9T
o	JTO
6p#`
WOsJ|
OEuF
VR15F
NuW9
')%q
%|8kvE
v==LJpb
{?^5
Tz!j/
Wv6s
Q$XJ*<0
;z,Z-3:i
)O;C-
.97^
16UX{
)`9@r
Cem4NeK55&Wf
. 5hU
&j`P
_qa.
5uk+
Y1t|v
Wr"y
op_Explicit

t&
5D]QH
H"ek
k}Id
L<"c
M1{Oo
pWsQ
i$in{
TnZt
ZlC]
/B,D
z*n_*
#Z~UW+
3+VN
($UK
N3}K-
Y[Zn
IVEz
fM3k_
l-?-
iSes
8
rP
SuI-
/J?
[v|y"
%4Ab
E:DG\y
S3,Da
$L}{c
Qu|4
UpkOU
#L8]BU
O3~=
\$/io
l	x
>
;$
p>+
oM6
TRqE
b/4x
-"B5
A$6O
vu{q
|LO
ax`
4R5D
QWc<9KS
V?P{A
.U7
x>A1
<9XLk
k9yu
?Q
Uki]EJ
SettingsBase
\<oc
oYiL
\E/
#Blob
)aQ]c
Lw;%
G-+&
eL#h
8M0ZA
tL3_
q5m
~U]1<-
5h@nV#
RMT
%Cm
s'>-
wMjU
mNRj]1[
(q.'
?4]h
&-9bx^~
}of
X38QI_
8=|`h
x|%W
8v	o
w'"lMtN
t%=
Btd$
G"T,
|P(7
ViR<
EjnnN
MtQ=
T- g
oKtXS]
*Bq
5a>#
&[?8
`~D]
LxMG
acBL
\UY]k
r"!k
y*,W
'@%SM
fh4F
c=Q7
b]e5k
z**"js
QQ|
6
K+Q
V[-5PWC
+jnX
qZuU
r9<9+T
B
0.|
:B'B
"vDi
!kQez
I'4%b
Ur5sF
System.Configuration
uFiUj
&+t
v}3Q
T2?[
g:$:
.E
GQQS$
Ji6S
b;E,d
g:$-
h6vig
Tvwx
=qkGE
C5s0
z#k[n>5
HRji
/f!G
X5	G
0ji+T6
OFDBZ
Rk0Q
(#'F(
roTjnL
]ijBB
$yS&)q
2g
?
"v{ZR
qX{l
$W^$
Zmz*L
XP{i
IconData
o|9
_
8Dlo
75ED
:DO
X&+y6g
GTOF
w&yx
<:}|
?
N
vEM'
+N>4+D
=j>=D
*7-h
gu";
TkW4nof
G`w[
pG_c
|T*s-
5kQW
m/Gp
height
B999)~
qmN)HkS
6:wf
Txa
s9#$
T:gq
]Ehs#
QsW5
lbhp
3cteC
N0SBE
#^#G
y,8I9
11.0.0.0
SO
")
3a_Q
QQQS
7C09
lucrare.Properties
+s&T
2m>{
\~ln
}S?\
&y"&
t!(7
NNI4-
=YOC%E
&q!U_K
yk+S
nsM	h
f_P!
)m)&
3Toy
System.IO
WrapNonExceptionThrows
KlJoO
-Pvb5
gjo~
0K1!
Lp*.o
iTG"
>Aht
=[u+
X-r4Q
ifY)
@@yc
){V]J
#43<
x4U[
%Er+[;
f$K5
E>?0
mR]*
dI;:]
uR77[
Gd3u
-J"m7
E$1A
{.Oj
r|.m
%,M+
u5Q
Y}j.
z*.
rs	F
q*2{
it-q
tPq$
,`Dz
Xn
]Q=
HV
.7V_
<:#-4
R(IDATx^
3UDD
49o-
1P!\Q
T&*z
VirtualProtect
d0 D
o6"9&
{1\L
;r{Kx
qU o@
{].
]	"K'T
-TLf
TOuUq
K.&RU
hPS8'3
Kywo
K5U$
MJ2
&gKG
#^)*NH
System.Diagnostics
ib5H
\auB
dd@
x[8h
UW1X
b5- u.Fz
}T7;#'
g
r
RI2Etj
8pmF
'a0V
g&zfA
Vx6q$
Jn/2
x
d5
4u2N
Array
MK;X
S>g#dt
}?.B
SP2{.
657r5
+`~s
yjt
WEQOOY
~i+]
UIJt
b~oE
Bfa~
Z
y!
/I7dR}
kech
81E-
_{T3
>Q<|#
S9#d
l~)8Jl
.bm3|A
6Xe5
e~0\
4XLV
yN|S#
+x.)Wv
GMIo
I(R4R
=y,j
?56jf
L^f:/
8BiU8
,*W%D(
nwe)
#"VO
VMNL
DTTs
-5cG
}I<{
"2VT
Je\y
T}VjG
TI
>ZD
~;<4
J\!pX
Mzwdk
4_
*
aOKC
HaF
Niv
\1Csa
LTW$D
_-[2"m@4r
g!v
l/Xi
Q};:4S2
W"?r4
Ta|i
V0Ax
"*&y
eovX
(+ @
cTy;
@vu77
O#.54
4l^/
r<Hx+
va@ V
?Fsa
%luQKL
_4I~Q
JuIs
V+yyyIy
p.Z$1
f)n,
!HDp
=y@;6
9`kd
nmsU
B^.Z
xUQM5O
1&*
>eV
$[D2
vsL^
4lhwt
NUvH
GuidAttribute
eAp#
w
pzL*
!t~O
)3nP(
tuZC[
9=8VR
@CF+
My@P4TU
bC.L
Xk@7rV
)t1wp
L\oL
-O4d
0!g}
#xP\&
6,29
\z.U
^(um
'NV'l@*
ORwP
9dU{
O	Hf
hW}cI-
dmB+Z
iE%,<CB
[mTU+KYm
>C1x
bjiW
mTl
UInt32
P$p-
#v&n
2	fW
sw&s]QE
t;4nj
*o4h
'+s?
6iA"
"KU:
jnY.
c$t+
(*y~
55JF
V0	9
.`WN
ICryptoTransform
#)}5.=
46\3}
AssemblyTitleAttribute
ZT"R
tj#51
e	}2AN
R2)
&
h
)4Z
'7B'
w5K@
33kt^
add_Load
ij*
7SyS
8!bf
3Lpb
_5RW
?^Ng
$I<pGJ
ew.
XX8x
*Es%
NUUT
~s8D
*cz
Q$k
L
amAE&9}EF
ZJze
ibS31
<
EB
:Je]MT
$*Z$
TL{S
r4P%p7
[FYe
W&IEP
u5}5
<:xy}
P6].
0< )
LGM5yC
5,R3
;Z
OOOr{{
kscE
sy*\
P[o$
bIQQ
Uw"&yg
VA=">
zfx}
7PkB
XbUY
j&y&y
y2^_
)f\
36_Q_
5Tu
FrameworkDisplayName
EG+|
U
0^	w(
?+3+
]?z*RK
@u{n
k	dOT9
rcJg
+T]#*
pRVRa{
-=s?
'!Nb
-}o>
get_Chars
<x3
CryptoStreamMode
;sCE
oS?(j4
zJ*jyj
4Lz
e5T
S=eFt
Zq8h
<}^,
ciNwAvV(
_=Jz
UD~n\
p)X'q
R+~]
<}^b
EkyJ
9WCW
.tTw
i;}
H+En
f&*
Q| kWr
Z88R
cs o
vzXu
Assembly
"O$<
R*pR#F*W
n]Mo
`ozy
zS>(e
mP(>
&%!zt.:,
{X
$
ky||
System.Drawing.Size
)w4T'
bfrB
^*LD
DUEvh
(G4G
SuspendLayout
NII{
MnbK
`2gFm
yl(
%$I~
f{q
?-
!
set_AutoScaleMode
m1H+B
u4J
1K>g08k
RRCK
i
#	)6
^Ji%
V 9u
9N%<
w:.i
\Lu|
-S6%'
Y?'b
IB+{
4A!w}a
+U|F
L8TB
S%UR~
i{~w
E&z;&{
qfqC
i]Eo
Kqmki
yt:S
lz:(
3?tf
f|S\
3]So
JHH{jq
3a{CT
C*>G
HE4j
gjnS
v^0;<'
@j8:
Lkm
N*tl
59UUw"':
M1\
UkbN
*[z4v
Z5}5
e9ei
|a%-
A>]V
!a(
9xt
GI,q
9<bU
s]T._
4Tk[
L
^*i]
AssemblyCopyrightAttribute
MRjn
dr+#lJ
\'~4
kS&f
DVy}[
Sb
J
dWhl
!MAP
2;9W
6f;;r
zFz-
|%3{DOD
UP1
|LrR
@$%wD
8qOOK
k+a{]#V6&
nR6j
JJ+P
sg	J
4KZG
c;	\
sQ3i
F=7re
FlLd
0\&,(
/jk
dIz
fvaj
6"K62
#tS=
LEuS
Nmc}
P	1)
2jY3
]=Ka
Qls\9
BOv>
R!"q
;<|<OT
XK1!
/kqq9
/"99
.cctor
UkGL
OX_z
Q{LLk7
TF5/dac
X]vH
Dy;t
azIN~
tO>t
:08N
-opl
j7wr
sDUv
mV2<
Y"k$
C%d5
1_Zg
lI`K
955U
:KF"
:$zkkUU
@$4m
QXn*
System.Reflection
mrW*x
{jsW
`0JT
EOK%
Y)il
;=L]l
A7fF4
R:sJ
iO6+
~3pW
G
~^4
,zW6
Hod0
ZUA<
M$ms
LXDoX
0*9<K
#)9H
"\C(
Z{,o
:Z
6[0g3u
AssemblyDescriptionAttribute
fO}!10ZfGqyqF
L!ep
B)fW
{<_x
Z{n6;o
"8
v}>4Zz
>QTf
]tg*%
,1JevM
R&4&
7bf2
,
UV
h&
LvA
*b|*f5
NjHVH-
A9o9%
.MA@>
Fij08
dZ9V4Lf
Dt^{
OdeM
]-DL
'_]T
r{[7W
Y
0`
-<R*
l;]6
@%!?[
I
\5
Z:,y
E*o4
UO5B
arz#
4j35
WpQ+
7kY
WVzZ
y&ys
lmTE{
4r#Q
J	e|U.|
|sS*
}`/x
=BNP0J
4+GWSSm
5deb
zDV'
l
MY
myeJ.
>Ur9u52
dvTz
TS3Tt
/W
G
Cj#O
Ae5{>u
,Vpg<
dwQu
/:$u
TGE>uyt
|COv
hyJ>k
arv/k
%h(
$
2/e
QQ[o
XR:U|,
opYm
st:r$
sC9:-
$1
V
h$WWW
P2c:
Goeq
'	T1
''.[
>0Ni
&0XP+di
-lA"
])+'ue5
/4iv
P8Ys
K&
lM+`
]G4i
H/\b
fh}A^
hqr*
fcBz(
Zp(+
DB>g
I
OP
4Unv
Pw&l
4!rt
t_N,
im{>5
bo3l
p1NQ
s24
l+aKMq
5\rQE
R%IDATx^
98W	+
"w/=
Ut{(%l
KTjA&
=5M[
z+5j
aous
6Xvrl
`;W]9
e)	^>
Vqbk
+6=)
Xi j
R:5]
Zl7RT
jWR5
,6LSP
"'>|
:()2w_.xl
u{S!
w+@~Z
}w.*(>
2APCj
(FQ-
`cwW
EEG#
@r4M
f~s3
qR/5
h@#x:U
5ysbg
64ca
u{L*
Nr[VQ
w*5U
YrSW
:2,
zw+u
""r"'
M?e(
6FLJ
P G
c#kQ\
k3IY}
/@B\
S\%
00i^
Create
u+'o
fa;!
+Q`wv
.*f>
-2]
j&.
5hDc
q}_>
dEF4
l.+?1]
h@#i"&
0O(H
Q7:r
bDwUo
+A}oR.
.pk2
z33U
JkEL
{lyma
U"r [w
yRzY`{$j"
ODy3m
bWK=ud
h|.
r?N{
NM*:
N
%D
nrG45Xp
x6oK+p
`t	tqn
e}Fh
K~t|r&
QcWg
MHNm
5 YK
m{dX
~uF3
QLS4
MQfu
/mzAm
_
o-4
gH\L
^FP
7T.!
s<Q&>
*((
$2sN
:dUV
)}KS9
%E3]
AssemblyFileVersionAttribute
&$+
C+
v:Yc
XM,b
System.Resources
3$?K\
ys0B
<@]?
Z!~&
UiQB
e~|zyr
&j"=
",<	D
.t|UiX
H.JN(
g;'KP
spIMI
W;*U
[%IpdK[g
;WAg
IVjUn
Icon
"t^e
{Fy>'
;,5C
"M+Z
l2Ry
G5K(6O
rwxh
P4M
{K "
jgjT
7P_r
%r.Y.
hj&v
RZi
74W#
@]4iMm
}DnL
k2fk
CDD~
KM5{)
:v[-.
r:T.
,rmr
F1P1b_
H@`b
c154
DErin
Krv}\HS
i?"}
HuT
~`
4
!u%
a
WS
6ADb
/rGc
<$C}c
SOC%[
CCKSL
muRY
hUv
99Ur0
^	G<g
K\>+
65(8
c_:/&
RBbr
wLG?
EUC3
L}^.
KQOWM
z|/
!yZg
tH<%
;5b&
y[77UF
_@P+
O#|TrO65
y!e3=
?Iz%|\`
j5!TEk
}|fq91
W5GL
6Aw
igFh
F+fE
mn1=
5E<2C
EK,
Lbc~w
kM$G&
AV/0
nbir
nUy'
I`p`Vt
cU{vG
qI\i
lmun(
(sESV
I&j"
&tdT
'(DI
gZBS
=m
8h
E3.
8&\/
bOdI
<ka
q%:_
R,o1
|i=5
#
3<Ja
;%Uo&j
W,vcX
$<S^
aXjc
8)yP
tQh 6mzJ
|=SWh
[^=p
:sL[K
\m*>
Zue{
;%v
EDce
!]i
nwv(0
7OoWc
u4P4
^ZU?
MreC
\_Ci
*\js
tS5Dcyx*
cO=r
lftS
I1DI
wZrL
Hs<B
\jh
$_5>
TR:k
WwRH
GetDomain
bL]n
7=dF
:<g?
t> MU
EditorBrowsableState
AssemblyConfigurationAttribute
|CS>
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
x01u
#&sC
}DZ)
CultureInfo
K^/x
!`h,
1"F
rl|#
-Gg-
i,c~~
-XB;
fkKg
gUv.$
9R&K
,oTe??
mniY
l[4O
i0\+(
f;$E
uHToyE
cIDATx
6*'p
}zzk
x?"T
Rijndael
Z7*,
x6if
&?HsQ
8UV&
F\V1lys
9o2
5SOO
7?Sd
`~	0
,QV:*
*v|
u
R^\0
dCh2
4W9rE]
}p<u,
AqZJHv
~,|P
<v&+
Qaci
:\?`
{Q\2u
TD^O
5U_
o
h>hF?!
~_x2
r<`+
>^rbf-n
\eQG[s
Y_4{
zi
NM2
MS3L
/5Rc
m$/-3&
;};V
@M6UXk
[o0C
,Ek[
mL(6
j8Ul
#3x&
yXQ?c
G]Eh.
{3CF;?
8iEoT
9xw+m
C#Y,"
%G@]
:<Xu
ab6'
Bt];
NxUx]M
.2l*
}ul
\dk$
@Dz0
pL>\J
-[@H
m?_Q_
B.tl
1Y%V>
=s31n
'*O\LMD
g{Ov
rhZ
nB"g7
%FF3
6J:J
LKna
Zn DVtx
g91f
,Uf[
f-+#b1U
mat3
1ON"
@qI$
ws.QH
!^>)
:7R1
;%|
bp>h
;sn!
Cwc>
D08S
F:jE
Z{:Ir
Pk=J
BXq'
/}.n
gU+F
:\<~K
=<w\
s{J{
V.c`
0jI[
Z\B"P
awIo
T"`5#
e*W:^$
p)`^
Me1.Gq
a-NtJ
SymmetricAlgorithm
zY}Dj~
";^H
$kWJZ
|*:N
3j#WC
|RkF
Z$TI$s
f;?a
xj'0#
G,pDZ
o)iI,
pQ-"
Q 7<
M3:|
?qf5
b<Sl
-U`
Ws#E
L (+
$$eu
4DDk
U\oTw:jX
+[JV
-YG+
r]$5
6=nx'
1Vhy
jq:O
rW2F
el9(0
APUP
cUsr
'8zw
% 69
gXbF
]5$UM
5;R4ETs
n^S
_w]<
Kq]8+=.
C%M?
4^Ge
R5X1b
;bvw
k#Y
y&yr
I_ ug
gsW9
Tjij&G
=UD
O
<i{
rsUQrTT
tEY-
.6eu
*o(
%N~B
TYEMI
Synchronized
Q4| |
5Zb-
\.q\j"~
q0X
g+=Y;
\UXY^*
}2?5l
9yH
p[>V
8t>m
y+ax
vYs(
O
|~
9$8
h`R
`2yd
jY4I
&TJy`Y
+]U
6[
i
IMGR
b~\$
R'IDATx^
W~ml
Bitmap
l[61
0&!:
BQg%4
B85	\g9
[,OG
*K<B
ENE$[p
MwUj
F?R@
n0Y0
LS `
%;U#
BEK
TMkX
"&Z3
`,wF
qk*C
-Q^C
t#WYy
Write
0<b$T
ApplicationSettingsBase
tyxQ`
o=k,
`;j/
54j#
'pf
4xRR
[JN3a
rr2.
}{g
3"_
++l
mC9C
GRR`N^^
<v$D
pfck
f.xp
tA\S
MQ?/
KTU;j
c.25
%D|Ok
+`15
~_\Ib
}fdX
mzfq
hXHx
7o<f)
p"[U
0<H[
'nLl
i!@^J?7
qz
y19n
it
|YGhe
vyi#
EO&^
[g^W
rl2>
-TD6T9
[+~
n@91
< cZ
Fy9yrA
Zz;t
z&9t
#MKe
*`fb#
ur.34
S1dBI-
_KIK
{HS-
O]CX
sY:f
j2Fi
n%{(
hFOl
jq|R
wh>tBQ
_4dh
6e`m
D4I^
tD\E
+1F9
L8Wk0Qs
GC~`
iLS3
ZZ4K
uU\qU
+dr*"+sE
`C53
{OO
]3
tk
[%m{
EWm_
.hVX\
o8bS}=
@lC[
,{Jy
%WzV
m03i
EPOG	?
6Y$V2=r1
f
d
K;pjp
pI[;aJ
&[fz_Ce
>"r>
f}E'
uDT^Fr
US%}e
7~tEoI
bLYSmrb:
.z]"j
mg?vB
<LI&uK
R=$V
i}o>}.l
EcJf>V
$h:y
21-.
9vXM
U-?4
jWiC
`^>;
,ntKn
pzoeWU|
W1r
K&I^
te~h
&Ho+
b}TLc
YdV%
WWWT
j<P1
kX0
A:1H
S~u?B
0<WC
>NyB
R#YL
.FGQ
I$,b
'k1 g
RuntimeFieldHandle
hIDATx^
t{lE
]%F
NMhK
rGx|
nv`m-,{b
Q[)(w
qTw
*Nc2
Sb2\
n\F3
,^mst
b9%tQ
"(ICx
8pQo&
eZ
Kd9a
Gi&!
TW;$j;<
uns]
)nZ1
Boo#
hih
hjj1
'}#W
3oBE
^hT'
qu$7
6d*
{
!
=elw
?z7!
w4XT}
kSs\
+N;
iM,N(
6YGv
}s,T
*}$!
Yn M
:}a'
#I?7
RQV]
Tl1u
, W2;"27
I8 0>
~B"&
e}mu
s]/=
GuMP
>|"2~V
_[Jl
'.[>
{kki
FMc_"
I2mY]
UE6
Z5U<`
{u<UOu%C
3)f=BC
AssemblyTrademarkAttribute
Q&YT
D*xy
D^Gr"n\
BokXW
kZ~z
Y4^T
RosIc
\tr>
1OU
rN|ih{N
mrSS+7
X
V
/$e.;
y
da
m]+fe
z=xz
wwwwwwww
Rep
&
\[3$]
Dc=X
c`T}
hkY1
qmcjVF
J&gI
#*c[
-Le+
,cP
w5}
BUI#!JP
.Pa}`
9rW'
Qol01
_i.resources
,Is
4edo
O-~4
v%VC
h/+-
r]0g"
4S*
T;`hu
/1k
'Vkl3
a~$V
LateGet
-X6U
A>CA
RMYf
*beI
4
5kO
9-5nFa
Qpyw
\Q=7
q/ti
w
ZP
IsM&
WV:J
T`:L`h
S7$kaC
\do"
]UG$m
3M5%!
E\W{7
#UUQ
E
%Z
w96[
U<9*
0tn@
=3%A(
Vn?1
<B*U
5}Ft
M[q
*</Y
3BM7
2
V.
}|||
87HHC(V
=]-O[
UQyS$
T7[-
S=$sV79
__c!
Q	*t!
'*")
M[CmK
DsuK
Kj6X
;U6IJ
bI#U
t*4"+y
Dlpk
m$r5
xS;0)
uQhj
rUkft
aX(;
vs7F?k*
lUOK
%vWQ
8ze~
6MK\
jy!Ior5D-*
<00#
!p#W
=)B@C
3GW@
<eg\
.14^qf
4<Qk"?
k,(U
h]yAz
4e<6
~Nn]zT
svoj
*7O(
B&Ho
9F11
g=dj&k
#Q9UW
>TDL
Z[Nz
{S,
iXta?~
W\$4
/p/2S
c0k3
V	eu
Sc
}sSa
dS#^
a$8S:
o<\
~z!N
%5jd
u2|d
kernel32.dll
s	n+=3luo;
pbFi
h)
{sEMMr"
7X|[
_dP}a
""*s
fTH,
?OF
e&MS4
\Oj
P>f%%
.W&{
>\IG
sN0{Q
\pkj
)%*+
4(+
27=\
hc}3g
wwwwx
%O|8
(7\gp
&>cZV
Hf\t
xwAS
liT;
7m4-av'
KAx@
z~pvj
3ZDLUh
<Nu9+
/|0~U
x:7gA
O
8}
USNh
18,hF
U$&n
zP5c?
9575D
'
+U
g6w*o
e7UN
Z=w+
V8k#Dl
{(L?
9Z_$(I
z,iq
EkrDDD'
/TDi
ct=xV
S9V'
)n-|
?.)tXj
5->i
K
MQ>
Fh}g
{g*';I\2i[~
bD	`V,mZ
{qqq
53|?f
(%A+
,xZ{
z4hA
(%A=
bh0
C
J]
)" FG
lBK~
#]Bu
ea4
u
STAThreadAttribute
i|=qX
},'h
osE+
7\A=X
System.Globalization
fe6yE
|ul,
q11(
erPF@
Zc?(
a18i
19Qr].
Z*nUNE07
j?
}
O,>%
0%G+e>
;9&c
System.Drawing.Icon
+lv^3+c
1I"m
OF4x
_3O
KC*i
DTE-
bMYTA
U4#cs
K0|7
"Td.
~*P\[
dr7
nEU\
'o:K
nBoY
&yxs
!X7k
Y>gAA
&fe6+U
3h,6
lFuIf
N
bW
~P12
}~Yb
#Q3N\
9S~I
Fg.G
|I'%
0e8`
r<Zp
UU2Ru]==]4
TV5u$
~D@
i9+k
qG3B
)!3\
)]Rc
qOLEQ
**nTT
/ OS
~
/[.vm
6u
2*Lz
>"i
KfT;
/1ls
\:sk
2"b&-+
9m>?
;
3s|
W:FG*
C`Cf=
*TVA=
jIqtO
ComponentResourceManager
N~x6
P$7tE
gEd>$
Fruu
.5^gu
"CcOWX
TnWF
Y#%0
I
jS
Dzh
XHW
90 w
rETsZ
[2Ha
4rnsS
1(\3y
pnp?
4]y
m	|JHY|%
S&S_Y
c>]J
,E5,
wH.4
7J,j
7,4T
,{F+
D>(a
*+`c^R_
.h)}
3>p
L$8BD
{>q
%-4U
2A%l
Epf-
uG
U
U3m{
VjU
(V9I
<lTI
vzUS$UET
%NXu-
E[So
AO%,
-*:-}G#{RZR
4?Y
(1w[+
_^ALIuN
.q%DS
&/Vfn
"=rk
m1/
_P2l
!@^n
get_Length
zK(7
]GK<Kn
/_[aHp'
$mdJ
OX+jo
wU}caS
lucrare
i>js
HiMN
+[=C+
TDV".
__)m
]?c
7iO	4
|1~zU
_JV
QCch
-xzi
WYmP
`cbA
S=*8
7+8#i
n*O]
TE5E
M]8[
,oG5
1$KH+&
%eE%s
A=2i
&Ku#
){AY2@e
ck3^
_C.resources
b\Ul
he'I
WQm)
R&IDATx^
,@&
-2&W
x'G{
(#}C
TD$g
Y"2'
39vR
N,VP
==+
EDk;
v4t!u
#AX#
#_u
q*\#^
;2?FgI-
TK_3
BT(DW|
{4W}X
:xm1
]S&.4
sjl/Q
-+n6
MRUYK~
nd+:P
k2=w
VT8q>
l#?-
s,/L
^O...
nne
::y
RmBUeWU
JGE"I
\+4-
-5}uET
]UO5
vt	9ej
KR9V
-<c@
GkB=M
Data
"w_N
3$Hh
Y4/g
^j*/
ItJz
pHYs
`9K1
,=b'
Cyt{J*
Wz[s
IGp.
!This program cannot be run in DOS mode.

$
X_K4U
9rk*
=Vmz
1f2Npfo
+i,Qa
C/4p
a,JX
,mnQ
UQUSW]
6[*j
N^0$ w
0u ']
F';
+ 4
kL;
D&uFt%h
wlw
Kw'2s
QHgE
9LS{u
nu;9
t
n9
iD!m
X-RU\m
gdr@
s:b*
--ex
NL%u
tiyA
Byte
i9H
g/
5)h\
Dispose
F'."y0 Y
FR"x
;NMG't
Gz`3C
'a M
Zmmc
Qak}
<qL@l
-D<a
I]Kr
7
l}9
5ESx
V)=v
caR]E
AIKU
UbL
E33D
rj:4
=]DZb!
bl7`
`	*+/
dSg.
W7R""5Q<9
H%w[?
s[O]d
_e4e
r$@
=9-B
SR&H
Uue.
&<>]
#EDd
1>s1
By#q
&bbm(k
L0pB
7K|K
s2klaR
dnoYF5
DiG*
XFC
\*R&
s0cY+
(4WBkrt
'ThU
LN{}'
-3"lq
K)r
RQ
Ro@m
lwE
k#kZ
<3P*9e+
hnsR]
t2cA
?=qe@B
zdv8m>
H(n/k
yQc
\^h=r
/R!$^
mLlNl
c&`stsw
["4Mt+
[QorN
85!Q
>p.,
DFV\
k*M$
3!
m
4f[W
rX\Gh
j\$
y/1bK
,_O^*
@M2j >
-	\S;
*#Q.
bj[#/
E0p[
CYF
WTL6c
p3aR
aQqZ_
DDDB
zcO$
B	
9
F6/9 7
V_#?
$\`>
w**~
jvll
K%}j
4 R
S0
q5dN
"1Pp
nHXx6
oJXy
V?A:S
nmc"
-,GSc
>g'|
T=J_e
O&Yn
\^F$^~
8 fJ	kq
C-S%
s>u&
eiY2mivt
O6#{
DZJv
;%^\
@%4)
L[IV&
[^h[
p"X0
8ux_
60c%
ViK{
4^y
=u da
l@G
eTZl
rjR^m
Ej*&
G""Se#
QAwf
p-V,
''Og
?{_4,
>4j,9
RI4
ck12
~uA$<
+S5LuS
8k?.
SF]-
O_}O
2TIQ%
#=}
i
/
f
+#b,
n
Tx~Ju
Lwxl
ML#P
E6%2>
[E8M
C;@>v
x7h4Y
\#h2
;h`)@XP_u&
\i8>
Sxs$
[>rL
qHp_
4Y~i
Hkn`
Tku9yU9
[0LBz
vJ_%
hj4g3
:*.~
GnjK
hnARK
N3<m~
VE<f
nTU\
@PH.
+UWC
j	I
%MO5
=HR<F
-Z"?k
9bH$
<vS$
NNS>~
_{ih
!
Mn
z=rG5
S~=g0F
w		o
AutoScaleMode
j{yy	9Ge
"?UD
y\PW:Ao
pG	1
U;Dz
#vntlkQ
T,EFSS
:\Ho
'{K>@@z
5"cG"7i
KT
J/n3B
"#.k
wWlt
GKUI
~y>C
T&;cU
D(	XG
;LEz
];Ad>~d
Y+Qy
Ags6
x]9O
DNDCiu
`?FS
yG/
>GCQ
*8-2
jkj*
-7Zbk
chn\
,I-/|
84934C862B19CFCE71389A9974AA88D21E38DA8A
E2,a
T`J
<$
a
B~#@h
bsLPL
nS",T
6mDkQ
P-aS
Append
Jq21
x{6RPd~
#l#30OF
_Zgha
AK@m
UkmU
&CMFG
Ic{[
y)tc
$9.E
cm,W
dvyoTU<Q
_lS
3er#
$^W}
%E'p
-LF7
%j*#
o2	4
oj#cUF
@/3/
:F*+
c"}
^B3h
.[	~9?
? H<
#:d.
KQTM.
I@R5%
f+23)
t)1i
DG&~
qDkv
TTEEEE
uGS*
kI*D!
BD
1oEYL
mXpi
AS(]g
Asl
Z.TX
_'tUP
2!j!-
G.Ks
DDG&n
9#W5
]K*#
VwGh
^@)Y
E_J30Dx
.>Jk
8D'dK{Km6#
=l
/
]P_H
Uu[H
0y9}p
S+Y
rnOO'
iUSV
[p WE
<EtM^y
UU;~u
,	vE
VW<?T
!@dV
sU5GF
\yl}N
%|l$U
.w;55
3Wi\
b?!.
nU8']/nz
1INY
IntPtr
(|H+
USTY
9T|g
D3!J#+{
WK-5;aV
U}4Q
#
IFUX{
!r.K
XQ_+
`ZLcR
F4qnk&h
C|+&
WDk#UVV+
(x
jVkIY
bzzz
'C,[
<J??
C u/av
lQH#
`0(,
Qv /
!k[:m
mC.Q
5Z
5
>,\(
TZ&f:"
r**d
]34PG
<na`
_GWMNGq
3^
RuV
^b}m
w/"(
AM$J
I*Q
SM;[
,U:{T
A
	uzVg
+6XRhd
aZht
>ly!$}?
\NOO
1Rbk
^WU )
46i&>]B
];X2
^
P^
.nTT\
36	Pa
R0\V
^-iIA],r
cYI3
H,`3
_=[@2
"a\N
>	$5c}
I0tN
TfMG&nE
Bu_MF
ls9e&u
aUC]uu=
~!]K0
4zW4
4]
k
kO:=
DZ><
<P"Uw
e]^
wRo>
/
QPP&
z*>
^g#\
B0|
Bw2w
cETb"
CQG4
Dv]7
Sp9O
~%RG
\nQ
b\id
u,MI_#U
IEND
PJFw
mnk)X
-rGku
ku97*5yS-
k\tr
{J`V
3>MH
1\`?h
6P9a
k:i'
fy\E
ejpCB
Eb&Y
IA$SG
MJUU0b{v
pDL
]
tu"!
-[
/
oU\V
M]QV
/5" M
8k\x
;uOE
StringBuilder
9nUNwj=
~7tZ
@AY
xIXj
g
!ITL
8Q#a
Xb;
CompilerGeneratedAttribute
"4$t
^TUj
>u2UNY
3&
K
uV.m
W~)b
b
0B}
H$5C
T/Sw
ZZ7Es
kAj&3,
!J8y
<	B-
7/x\
{ Mq=
+|-s(
s*>G3
!cj*[O
th1h
==eZ
EQLtUW
fC;J
ysSC
@Sx3
5k!on
hLHm
Ei6e#
inlm
9SQ]
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
0nqw
t5u0
R{Jc
String
\.)`
4P}=
!\k=
zv42
jSQL
;*x
OTnZ
72l
InitializeArray
Y3xk
"""*
KAMgI
,V
[
,z |
mIWTP
C[eZQ
}!&@?
*$cc|
JDk)
EUiT}
EditorBrowsableAttribute
l)#j
5oC2
nV^
7|MO
.S_"
eP2QCN
mx)oH<D00
NnN|
e9&.
Cp'jz
@FC?r
Dt?U
RX1,
9?Z*
Load
\hP
(R>?[
E
TB%%C
TahH
O]fT
"&I#
-^rt[
md46
_)MO=l
;+A
bbuI
kU:
q8/r
p'?7
uz"h
j[ch
An.H
-eKL
Dz% E
RuntimeHelpers
c3@
1nPA
zFlI
fEdy
JFIF
{Us{|(
o^
kB 303
$TT]
n"Bz
]fD"
Object
{L@
Z!k[
OETi
zhk
3System.Resources.Tools.StronglyTypedResourceBuilder
WCrJk
6@hd{
,L7\
*`-
V&IO
*Eg.
2M"
[Q)
G/4^F]
@6=3;
GvdJ;
%?19
hSMy
^?,S
"+*|
Ai4;
mdML
4hYn
.yMJ
rjxU
xy]3Y3YP
[H

t(=O
;pz`{MgK
;k(z
\fIdhV
noGF
7lOY
>EDnh
jFdL
xw1s
xkJ;'
f}u}Pjn
~`x&
Exif
&mUV
rnTTTTT
?Zf1
Te<l
U6z(
zDh<g
ux5e
&x:A
kuiv
K#h`
4Y2\
gZf-y
%o"f
eE5%&1
[hjkgF:E
'/WfL
B)%-
o	_g
z2d[
2L0Z }l
mIjY
rn"ow
Gv*\~f
"lmx
sm%D
DkQa_N?[
or
2\Ha3#@a[?
_Gi6
9h9F
fHzVU*_
In<1
Zp	,r
6mDW
(jNyY
XXTY
RX/\
System.Threading
@3K"
nTNRl
&OnW
21NNC&
V<*V
Km.~K$
_^^f
r7FZt
?<<P
R]cI
;#Tg
Q1=,
cXnz
L$|R<
_,8lO
ddiG
WT8C{
O_QO
_r	y
x85
7
S*v^
M-7kM
K^+v
4T^E="b
@K$7
iDW:
(.4U4Uq*$
,NUS_
H
&;
CIi
EtnV
fYdtK-
*wjZ8
{v.
5K0,r
lly7
E,OG
GOMt
=`lHNy
K`NX
9RDFjk
mj8i
P
`6
!HZN
o7<B
ZTtH
+-4-F2
(sQf
_
*'
0?Do
e$B\
vM~o
]q~S
FD*
))&t
9#nML
\Diy
L1V8
*ZXaz
KQQIP
du5TZ
`l<V
&NEL
j0pk
d%FlR
n"yo)
d%A'
4Naq
|b98mQ
DEDM
vp2fkE
cB$_*)
I*K_
]c766
C
kB_H
,
5Q
^:;">
8AV`
}z@H
{G
*sW1
v#mh
goV|^q
\wCW
B"fh
|0GR
&>mg
:cME9D
ng`[]c
]ICl:
iuZ<
T;a
d%4^
J={X
GetTypeFromHandle
AXkj
'J\F
NA8
KxwO
3L"g
$Njor"#
OB|Z
dlQK
[fwq
AKYKGS[M
System.Runtime.Serialization
DZLu
r,OE
2V`
PfA
p"`V
qXpDV
_X:`
:?nm
{8A
"S:i
System.Runtime.InteropServices
9)*O
xI^
*Y-lKj@
xd"I]}o
l%N]a
uk=K
.C]{
FDI
1
kZ"*
829V
~
F[$u
System.Runtime.CompilerServices
>m`}
Jrfz
H
.e[
tS~e

} gf%
I$dm
TMUM=
NewLateBinding
TUzh
(zk|A
tS~e'
\((n0$
:M]d
i
3W
VecI
b;LC
7D%S92
k_?@)
i[-?e
|^{~
Gk0b
|_m=
V#UMw
hV}'
UnzU
ME5C)
chqcI
hy <fW
QrpC
&K	{4
<
'ajli
$dS`/
1Z]Yf3:>
Ga}^
I^vZl
iNAu5
yiqb
!A
af
Zii^
hMz3
zb0
WR9
|$Mh
%r'u
UTx
1h)[r
~Yn>
!'	y
*Cs=
_mc
8
4UTc
RqC:#
.^HI
~!j&
/D"|k
1r>37
Yinz
xDnP
d<GJ
`Obe
/ [~
+
tE
)#/[
p7m^,F
pmg9
PRSH
yl@Ah,
\q5 +5[
&*kDW+2
7@%
4z7j
E_4
]0,	
&
thu:
A}KZ
KWhU
z=d^P=
m	Z
kf<9
)Om;
p9?'
9oH=
=En{9G
_b.resources
TIP%DU
sW7'*d
lpfg
J=%n
DYK@
BvO":Fm
,6zV%
uSF{
eRM0
W'97e
$G:$
1-UIUIP
Iv,k
Q?sI
aj69
1c$#
ivWos
gjq
&:ot+
$/VL)
)LJbk
ev<
"~iZ
j7K$1
TM]>
get_Module
UG$u85
_$(
Jwu'
%"u7d
ty&y
*$Yk
Ndx\
nmt4
W;wW
}l$/(
SAc'
!t%?[
A3H"3
S7;5^M
mKW*
2j*f
+{/`Ze
A2]R
~T{.
nBZT
]L{(
Ixc;7
oI;
TR/
jK6MYF
m>R
Xsld
ODe7M`
3.vu
#w>'
Or{,
ATx|
x4*V
VMVX
35G1
vLw_C
U9EA
[b2sW
System.Drawing.Bitmap
F
m
6az3
I%;v
SSBC
M#+a
z"#H
2R~N
A.	F`
.ReI
R'tt
(6U
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-07-04 07:54:31 2018-07-04 07:57:26 175

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2018-07-04 07:54:31 2018-07-04 07:57:26 175

8 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\ff.exe.config
C:\Users\Seven01\AppData\Local\Temp\ff.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\ONIAWKNGINZ962a5b0d#\*
C:\Users\Seven01\AppData\Local\Temp\ff.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Windows\System32\wbem\wbemdisp.tlb
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\OLEAUT32.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\42b4bf0e39d3ededaf7454ee1e3f6823\CustomMarshalers.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\42b4bf0e39d3ededaf7454ee1e3f6823\CustomMarshalers.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll.config
C:\Windows\SysWOW64\stdole2.tlb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c1ad6bd64a23a5d912f171480ee2f9a2\System.Management.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c1ad6bd64a23a5d912f171480ee2f9a2\System.Management.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll
C:\Windows\sysnative\wbem\WmiPrvSE.exe
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository
C:\Windows\sysnative\wbem\Logs
C:\Windows\sysnative\wbem\AutoRecover
C:\Windows\sysnative\wbem\MOF
C:\Windows\sysnative\wbem\repository\INDEX.BTR
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\WBEM9xUpgd.dat
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\WMIDataDevice

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\ff.exe.config
C:\Users\Seven01\AppData\Local\Temp\ff.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\System32\wbem\wbemdisp.tlb
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\42b4bf0e39d3ededaf7454ee1e3f6823\CustomMarshalers.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\42b4bf0e39d3ededaf7454ee1e3f6823\CustomMarshalers.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll.config
C:\Windows\SysWOW64\stdole2.tlb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c1ad6bd64a23a5d912f171480ee2f9a2\System.Management.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c1ad6bd64a23a5d912f171480ee2f9a2\System.Management.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll
C:\Windows\sysnative\wbem\WmiPrvSE.exe
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\WMIDataDevice

Write Files

\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\WMIDataDevice

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ff.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\ff.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\59245B46
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Classes\WinMgmts
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\Scripting\Default Namespace
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\409
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\9
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\410
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.CustomMarshalers__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.CustomMarshalers__b03f5f7f11d50a3a
HKEY_CLASSES_ROOT\CLSID\{D6BDAFB2-9435-491F-BB87-6AA0F0BC31A2}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{D6BDAFB2-9435-491F-BB87-6AA0F0BC31A2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
HKEY_USERS\S-1-5-20_Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription
HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\59245B46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\Scripting\Default Namespace
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{29C33724-2DB4-437F-8D9F-CF610068A4BF}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{96588179-8AB1-4680-A060-9972C564941C}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{BC163476-C110-4E13-9913-33CDA73BED4B}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{FE821036-CBC7-4828-AF72-786292D4B041}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging

Write Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider

Delete Keys

Nothing to display

Mutexes

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetFullPathNameW
kernel32.dll.SetThreadErrorMode
kernel32.dll.GetFileAttributesExW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
ole32.dll.CreateBindCtx
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
ole32.dll.MkParseDisplayName
oleaut32.dll.#2
oleaut32.dll.#6
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.GetSystemDefaultLocaleName
ole32.dll.BindMoniker
sxs.dll.SxsOleAut32RedirectTypeLibrary
advapi32.dll.RegOpenKeyW
advapi32.dll.RegEnumKeyW
advapi32.dll.RegQueryValueW
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
sxs.dll.SxsLookupClrGuid
kernel32.dll.ReleaseActCtx
oleaut32.dll.#9
oleaut32.dll.#4
oleaut32.dll.#283
oleaut32.dll.#284
mscoreei.dll._CorDllMain
mscoree.dll.GetTokenForVTableEntry
mscoree.dll.SetTargetForVTableEntry
mscoree.dll.GetTargetForVTableEntry
mscoreei.dll.GetTokenForVTableEntry
mscoreei.dll.SetTargetForVTableEntry
mscoreei.dll.GetTargetForVTableEntry
kernel32.dll.GetLastError
kernel32.dll.LocalAlloc
oleaut32.dll.#149
kernel32.dll.CreateEventW
kernel32.dll.CloseHandle
kernel32.dll.SetEvent
ole32.dll.CoWaitForMultipleHandles
ole32.dll.IIDFromString
kernel32.dll.LoadLibraryA
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetProcAddress
wminet_utils.dll.ResetSecurity
wminet_utils.dll.SetSecurity
wminet_utils.dll.BlessIWbemServices
wminet_utils.dll.BlessIWbemServicesObject
wminet_utils.dll.GetPropertyHandle
wminet_utils.dll.WritePropertyValue
wminet_utils.dll.Clone
wminet_utils.dll.VerifyClientKey
wminet_utils.dll.GetQualifierSet
wminet_utils.dll.Get
wminet_utils.dll.Put
wminet_utils.dll.Delete
wminet_utils.dll.GetNames
wminet_utils.dll.BeginEnumeration
wminet_utils.dll.Next
wminet_utils.dll.EndEnumeration
wminet_utils.dll.GetPropertyQualifierSet
wminet_utils.dll.GetObjectText
wminet_utils.dll.SpawnDerivedClass
wminet_utils.dll.SpawnInstance
wminet_utils.dll.CompareTo
wminet_utils.dll.GetPropertyOrigin
wminet_utils.dll.InheritsFrom
wminet_utils.dll.GetMethod
wminet_utils.dll.PutMethod
wminet_utils.dll.DeleteMethod
wminet_utils.dll.BeginMethodEnumeration
wminet_utils.dll.NextMethod
wminet_utils.dll.EndMethodEnumeration
wminet_utils.dll.GetMethodQualifierSet
wminet_utils.dll.GetMethodOrigin
wminet_utils.dll.QualifierSet_Get
wminet_utils.dll.QualifierSet_Put
wminet_utils.dll.QualifierSet_Delete
wminet_utils.dll.QualifierSet_GetNames
wminet_utils.dll.QualifierSet_BeginEnumeration
wminet_utils.dll.QualifierSet_Next
wminet_utils.dll.QualifierSet_EndEnumeration
wminet_utils.dll.GetCurrentApartmentType
wminet_utils.dll.GetDemultiplexedStub
wminet_utils.dll.CreateInstanceEnumWmi
wminet_utils.dll.CreateClassEnumWmi
wminet_utils.dll.ExecQueryWmi
wminet_utils.dll.ExecNotificationQueryWmi
wminet_utils.dll.PutInstanceWmi
wminet_utils.dll.PutClassWmi
wminet_utils.dll.CloneEnumWbemClassObject
wminet_utils.dll.ConnectServerWmi
vssapi.dll.CreateWriter
advapi32.dll.LookupAccountNameW
samcli.dll.NetLocalGroupGetMembers
samlib.dll.SamConnect
rpcrt4.dll.NdrClientCall3
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
samlib.dll.SamOpenDomain
samlib.dll.SamLookupNamesInDomain
samlib.dll.SamOpenAlias
samlib.dll.SamFreeMemory
samlib.dll.SamCloseHandle
samlib.dll.SamGetMembersInAlias
netutils.dll.NetApiBufferFree
ole32.dll.CoCreateGuid
ole32.dll.StringFromCLSID
oleaut32.dll.#7
propsys.dll.VariantToPropVariant
wbemcore.dll.Reinitialize
wbemsvc.dll.DllGetClassObject
wbemsvc.dll.DllCanUnloadNow
authz.dll.AuthzInitializeContextFromToken
authz.dll.AuthzInitializeObjectAccessAuditEvent2
authz.dll.AuthzAccessCheck
authz.dll.AuthzFreeAuditEvent
authz.dll.AuthzFreeContext
authz.dll.AuthzInitializeResourceManager
authz.dll.AuthzFreeResourceManager
rpcrt4.dll.RpcBindingCreateW
rpcrt4.dll.RpcBindingBind
rpcrt4.dll.I_RpcMapWin32Status
advapi32.dll.EventUnregister
advapi32.dll.EventWrite
kernel32.dll.RegCloseKey
kernel32.dll.RegSetValueExW
kernel32.dll.RegOpenKeyExW
kernel32.dll.RegQueryValueExW
wmisvc.dll.IsImproperShutdownDetected
wevtapi.dll.EvtRender
wevtapi.dll.EvtNext
wevtapi.dll.EvtClose
wevtapi.dll.EvtQuery
wevtapi.dll.EvtCreateRenderContext
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.RpcBindingSetOption
ole32.dll.CoCreateFreeThreadedMarshaler
ole32.dll.CreateStreamOnHGlobal
advapi32.dll.RegCreateKeyExW
advapi32.dll.RegSetValueExW
cryptsp.dll.CryptReleaseContext
kernelbase.dll.InitializeAcl
kernelbase.dll.AddAce
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.IsThreadAFiber
kernel32.dll.OpenProcessToken
kernelbase.dll.GetTokenInformation
kernelbase.dll.DuplicateTokenEx
kernelbase.dll.AdjustTokenPrivileges
kernelbase.dll.AllocateAndInitializeSid
kernelbase.dll.CheckTokenMembership
kernel32.dll.SetThreadToken
ole32.dll.CLSIDFromString
oleaut32.dll.#17
oleaut32.dll.#20
oleaut32.dll.#19
oleaut32.dll.#25
authz.dll.AuthzInitializeContextFromSid
ole32.dll.CoGetCallContext
oleaut32.dll.#285
oleaut32.dll.#12
oleaut32.dll.#286
ole32.dll.CoImpersonateClient
advapi32.dll.OpenThreadToken
ole32.dll.CoRevertToSelf
oleaut32.dll.#8
ole32.dll.CoSwitchCallContext
advapi32.dll.LogonUserExExW
sspicli.dll.LogonUserExExW
oleaut32.dll.#287
oleaut32.dll.#288
oleaut32.dll.#289
ntmarta.dll.GetMartaExtensionInterface
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
oleaut32.dll.#290
wmi.dll.WmiQueryAllDataW
wmi.dll.WmiQuerySingleInstanceW
wmi.dll.WmiSetSingleItemW
wmi.dll.WmiSetSingleInstanceW
wmi.dll.WmiExecuteMethodW
wmi.dll.WmiNotificationRegistrationW
wmi.dll.WmiMofEnumerateResourcesW
wmi.dll.WmiFileHandleToInstanceNameW
wmi.dll.WmiDevInstToInstanceNameW
wmi.dll.WmiQueryGuidInformation
wmi.dll.WmiOpenBlock
wmi.dll.WmiCloseBlock
wmi.dll.WmiFreeBuffer
wmi.dll.WmiEnumerateGuids

Execute Commands

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-07-04 07:57:19

Detected family: #Malicious

TheSystem Itself @ 2018-07-04 08:34:02