MalScore
100/100

svhost.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/65 Related 2476
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 135.50 KB (138752 bytes)
Compile time: 2018-01-21 20:57:11
MD5: ac569fd164d0b3231a5caa52a7d7e02e
SHA1: b9cadc8e85f995b2f22552cfd8caea4e0b08bd23
SHA256: 8a100d3324a2c579fcc56203d9f14e0d6e3448b3ed65769136c8dc21376ef0e5
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 '&'& .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-01-24 19:12:02
Last submission: 2018-01-24 19:12:02
Filename detected: - svhost.exe (1)
URL file hosting
hXXp://ih803741.myihor.ru/svhost.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-01-24 13:49:28 [42/65] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
'&'& 0x2000 0x40d4 16896 32ec079c56d8abff10afb6ece9b17f2e 6fddf4704ae209b2ea8f3e6dc6eab86ecc58e4ea
.text 0x8000 0x1cdf8 118272 7df6282b6e2765743e815caae2dc83be 493ac27377af3da16d4b3fd8aa3fc572f852e23e
.rsrc 0x26000 0x510 1536 aeffcdbf0a62bc51890d4efa26f5f043 47b4fae17ac1fc217359e01a9fec17d36a896008
.reloc 0x28000 0xc 512 0dbe1269da7bd3b1ac406f631f76eb1e e7f83504d4b0c298d7ef1da12edd34843413c7bb
0x2a000 0x10 512 53f9fbc5b2a5e3e342006d1da0010ef7 083ede6ee5a9f72616de5b06cbfe67eaf7f60c83
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x260a0 640 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x26320 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright:
Assembly Version: 1.0.1.2
InternalName: vujpdi0f2gg.exe
FileVersion: 1.0.1.2
FileDescription: Google Update Software
Translation: 0x0000 0x04b0
OriginalFilename: vujpdi0f2gg.exe
ProductVersion: 1.0.1.2
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Log
\passwords.log
FIle type: Data
\wallet.dat
wallet.dat
FIle type: XML
\.purple\accounts.xml
\FileZilla\sitemanager.xml
filezilla_sitemanager.xml
\FileZilla\recentservers.xml
filezilla_recentservers.xml
System.Xml
FIle type: Text
_cookies.txt
FIle type: Library
USER32.dll
KERNEL32.dll
crypt32.dll
mscoree.dll
IP Found
1.0.1.2
URL(s)
https://raw.githubusercontent.com/Qutra/Evrial/master/domen
https://steamcommunity.com/tradeoffer/new/
http://
https://
Amigo
1.0.3
Opera Browser
Unknown
\passwords.log
Bitcoin
# Buy Project Evrial: t.me/Qutrachka
Login : {0}
l\R
\Opera Software\Opera Stable\Login Data
\Kometa\User Data\Default\Login Data
InternalName
\.purple\accounts.xml
Windows XP
\Files\
Date: {0}
Pidgin
Translation
.data
clr
HWID: {0}
Amigo Browser
[================== Buy Project Evrial: =================]
.doc
ProfAPIMaxWaitForTriggerMs
Windows Server
Torch Browser
Windows 8
vujpdi0f2gg.exe
Windows 7
UNIQUE
Google Update Software
\Torch\User Data\Default\Login Data
\Comodo\Dragon\User Data\Default\Login Data
Yandex
\Filezilla\sitemanager.xml
Jabber
cookies
\Performance\
https://steamcommunity.com/tradeoffer/new/
--------------------------------------------
"!#!'&(&)(*(+&.-
filezilla_sitemanager.xml
LocalAppData
[========================================================]
.zip
\Cookies\
\\.\pipe\CPFATP_{0}_v{1}.{2}.{3}
LegalCopyright
TRUE
http://
Orbitum
[==================== Project Evrial ====================]
.log
Comodo Browser
Windows 10
\Orbitum\User Data\Default\Cookies
\Comodo\Dragon\User Data\Default\Cookies
Orbitum Browser
9223372036854775807
logins
Server
380
SELECT * FROM CIM_OperatingSystem
dlhosta.exe
POST
{{ InnerList = {0}, Protocol = {1} }}
VolumeSerialNumber
\Amigo\User\User Data\Default\Login Data
000004b0
# Stealed cookies by Project Evrial
\wallet.dat
\Opera Software\Opera Stable\Cookies
https://
SiteUrl : {2}
\Kometa\User Data\Default\Cookies
Google Chrome
# Developed by Qutra
files/upload.php?user={0}&hwid={1}
8.1
.fv
VarFileInfo
\desktop.jpg
_cookies.txt
Opera
.rdata
\Amigo\User\User Data\Default\Cookies
Software
Load
Pidgin :
FALSE
Yandex Browser
[================== Developed by Qutra ==================]
Torch
\Google\Chrome\User Data\Default\Cookies
System: {0}
.txt
strDataDir
1.0.1.2
\Google\Chrome\User Data\Default\Login Data
Chrome
lapland
\Torch\User Data\Default\Cookies
https://raw.githubusercontent.com/Qutra/Evrial/master/domen
.docx
.text
\Filezilla\recentservers.xml
Windows 8.1
-WRONGID-
Assembly Version
processorID
VS_VERSION_INFO
mscorwks
StringFileInfo
win32_logicaldisk.deviceid="
win32_processor
\Orbitum\User Data\Default\Login Data
Comodo
# ----------------------------------
Program : {3}
FileVersion
[==================== t.me/Qutrachka ====================]
Caption
filezilla_recentservers.xml
ProductVersion
Password : {1}
FileDescription
shuffler.php?type={0}&user={1}&copy={2}&hwid={3}
{{ <>h__TransparentIdentifier1 = {0}, Password = {1} }}
OriginalFilename
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Google
Bitcoin-Qt
{{ <>h__TransparentIdentifier0 = {0}, Username = {1} }}
wallet.dat
+380
Windows Username: {0}
6dvh
oje6
7vxweSn
8TERA15HqG2n186pD
cJhP
Ij3f
DateTime
Op31LG
f2HK
Int32
BoPp5
6bOMA
7v1313
87vt3
Pidgin
GetBytes
1DuC
hK65q9
TargetFrameworkAttribute
get_ChildNodes
2j8jm
d5Dj
JLh27
SendMessage
get_Height
BNo1h
cD14
s5hTi
Steam
9maOSj
<MdQhyP
rrfr
_masterTableEntries
44rq
Substring
QiqgEO
2B6HLyL
83lF
tBw5
<PrivateImplementationDetails>
cipherTextBytes
4yM1A
<M8y
TQ9u
Version
J6w7apg
<MveAp89
OmsuMtt9
bGRals
Ltzz
If3fJQC
d22Te
77Spt
jAdFO
rx4tf36
hvewL6
I'yA
<Mt7M
?,$
akgi
Jqp7NFey2F
path
3bBCvu
Marshal
Sv:DY
xsT7N
qd5jo
KjMGOq
5Mn46s5B35P4H
wesSu
tRw?
w82F
Owner
user32.dll
CompilerGeneratedAttribute
vznu
secure
op_Explicit
RuntimeFieldHandle
AutorunFile
System.Security
R9q3ym
QdLM
f3Afm2
3r3F
Q1a2SO
2uPs
JaG5
dgf1
GetData
3Hs41
u6hi4uk
qGjvjI
L/n r6
mcG7
jmMno68v
5PNF5ue
EndInvoke
Application
ck7m
type
q.e
<1eE
HLeMC
1q4129bK1F
R7Sc3
kjRm
K N$:
zq3G3Lyg
msCA
PropertyData
eaO7
D3GaC
IrB7
Write
27mJ1PmlK
zaJNW
szPrompt
Text
984bjj
rNMhhz6
R1LlFb21
eh91
IDataObject
8tBs
4Sr8w39f7Q4y
z2yicE
K9vG
Sasr
NLA7
<MySq7eDy
j5gmJi9L3j
get_FullyQualifiedName
Ouqa
Initialise
a8k6Pjv
A3wh
HgdsyLs8
.NETFramework,Version=v4.5
Passwords
3NqMP
Format
?m$NZ
CryptprotectPromptstruct
6ss6
.NET Framework 4.5
<gbg
<MNARC67
Enumerable
88h1
aHvvgaab9huBB
B378
LGqJ
719iPpB
jBbnH
<MNJg
fkk5u
cPRI2
1f36sz
-0S2
LDqQ
Resize
I5D7
SnP56d
gJsu
F2S8
get_Bounds
ek2682
DataBlob
oSh1
OqNm
Pehh
pG53
SSKCC
kkLN2n34s
eD1Oi
2yy1q
+4fV
jxqb8
9oQHRo5n
OpenSubKey
get_ItemOf
get_domain
lkes
TextWriter
xNJ9
dBK9r
P8ci8z19
{2df70ad6-d916-4c54-bdbf-65e51d5a06cb}
13Lk
luc8
ScwJK
<Q,H)
deO<w
bF6BEoET
N5rO6
gp2Rly
Path
e9G1
2pOji
KOg|
WW_bx
5cymt7
pPrompt
9NSS1SkQH
LaGezx
entropyBytes
#Blob
<-u"fb< |
Copy
LyvzAe
ClipboardFormat
P=*=y
Program
uz7x
OnClipboardChangeEventHandler
2REA3
QAi21poIp
5z99
DecryptChromium
gu1Fx
In1gLL
Q*OO
5rpi
ClipboardWatcher
ClipboardMonitor
5Oswbs59uw
Type
X.Oi@
Username
1gSj1
<MRqpT
QhKf
<MOF
<Protocol>i__Field
kLkO7
FsNxTbHOp4K
nfHAy3
opuQ6g66Ho
ShCLd
<R1tFj
get_Default
n4MoP
J5A623
O55z
QQ57
wfjpBqr
OPnQsnrn
gV}(
178hIy9Q
918h
QRAblcfS
mOy9Iw6
51pr
KNGQ1
4{sL
9bCh88L
ly2T
8(l#
l1l17w9iI
NeutralResourcesLanguageAttribute
Ji2P6p
Char
SafeHandle
H(>`ypP
G7mSrh1
HTuI
fhP7E
LiMr
ty3nyJ
get_InnerList
get_Name
GetValue
iO6y
expirationDate
qGMO
get_secure
78f163
F8m8g
L2vi
Dj83ch
oh17
pCipherText
84ao
tInA
c47gNl
GetDataObject
I5u3
19uD
get_session
wkfncma36
FL1wJ5
w8by
<cRO
i6NgQ52M
BJA8
CK2Hm
oRFC
<MK4y
2xk3opcqv118SF8
LlQi4eT
PmQ6
O3eAS
j3fc4A
TrimStart
45Pl
vA`cPD
IRqQd
yloMc5
785R
okqEG8a1fchrS59
System.IO
M1C8
LCbcw
kv19
sR7D
41qe7
RegistryKey
XI %
jQurPN5
GetEnvironmentVariable
{Co>_H-
KF37y
PDTD
kvR8
rowNum
.text
List`1
<>h__TransparentIdentifier2
<>h__TransparentIdentifier0
<>h__TransparentIdentifier1
GeQHA
GetString
M97fO
G8R63
XmlReader
1227HAQ
fE9d
74xJbp
hs3RHo5
<o3jTI
PAfd
Ivav
ToList
Convert
CTH5ne
5Mbpp3
object
MxQm
JoCe
Sxzx
NsvTH
w8q6S
KN6cn
System.Reflection
z1KaM
SLk3vR
323y
<Mp8
8FD1z
tiKI
3zJm6Lfl2ftQ
71u1L
xefMs6
tL;~g
RK,T
y[UM
si8lq
BJRk8Ma
set_secure
9JfPN
32x8
Console
mwtgnq
6wGr
i ~V
<MT3MS
startIdx
Or)zS
afvp9
768v
D,6t
Mk66SH
TgQfOPc743
MCQ8s3E
1O973cc
JMm7hHK
eMfD
z6Gh
fhbkC
bLAxL
SIGF
bkHuHTIhx3
N15Fj
hostOnly
R71G
KtgL
System.Net
I7vsu
xDia
<1Rp
l911I
q9Nr
`.rsrc
MEvE4
4nd8g
IFormatProvider
T1AK
oEBO
RJKemn
upBrjt
9i9u
&pI9
kernel32.dll
DigO
H6b71F
result
xuckx
kuf6
<jiKN1
4bIfw8
BOAk
6Bwb
Enumerator
hwlGyriwOK
oC7y
objXmlNode
95z1I
set_IsBackground
irAboN
4m_GU_
n3w67
bG32xE
HnABoDynT
nPRoTv
RLag96C2
89cQ
93KKNO7FQ
<MLGanATP8r11O
z:Y*$
$E03E40A4-6D4E-4B2E-A552-18B4CADD5B53
9&:6j@"
3K1O5
nIvy
Load
Dbq6
SetEvent
8Saf
Eq7mN
A4hcg3z
avO6
2p5y
get_IsReady
_fileBytes
n2482
jde0
9C8iw5p6
zne4
EMGrk
DiskId
<Password>j__TPar
y5haTR5nD4pi
(C vv[
mh889N
GttD
UploadFile
@BN2sk
~ OK
Q~tr
Yp9
Ggo9
VxAp
MB3NR
get_expirationDate
<h1v
dN4m
pnxy
OJ9321nT364
wD9c
ReadAllBytes
m!!H
z1w5S
F9dxz
lParam
#NQBT
kernel32
4cb3D
znBxj4
a6vuDCr
uHD8Cd56wPqJwq
8eP1
Kvntct4HQ
zMz2tj
ImageFormat
44Ov
38mwqSQG
startIndex
FJw23
H2D8PLTz
Folder
<Trm
<MP7
dyMu
DeN1
System.Xml
53amq
get_BigEndianUnicode
9GxNOz
cbData
GetJpegScreen
get_WParam
DOja9
Ggp1K
9vk8
1HKG
lEe8
Mepp
DotfuscatorAttribute
M34F
1BRx1bJQM
H1kh
LCiM
v4BSr9
RootNum
Ijk8sendz7
8vp9Ffj
CqNCAng
gIXdj/$G
-,p{
WrapNonExceptionThrows
get_Now
PDK2
A$\E[QZm
TableEntry
ProtectedWithCryptoObfuscatorAttribute
xvCxK7I7v
H9yL
oeAwd8JyI4b2B
9OwNRz
4woRIH7A5rN
cEosM
NrS4
Qxp1
Jzpt
Rb9D
bk1j
npcJ1
josp
get_Protocol
<MeT
3KxP
1uKSNp
4QEqP25t
fz54
sb2wr
B/IB
p5tz7u
System.Runtime.Versioning
pqhr
5kva
Q94cN
qH4k4N
RZ
xpKv
N38x
hwnd
hsnG
CDmCC1G4G
ixb1
get_Jpeg
8D8LD
DzGuS27eBJMKR
KD7v
7lafcoEla
gJd517QM
FT54G
<MkA
DCwM
FI6nns
l25l7
SR4P
tableName
System
<'TL
xLTIwsdb3
DgfcyGv
O14obE
2wF3
A369g8972
pgQ8
y4c8b
1rFH
wCC6Q9c3H
<<>h__TransparentIdentifier0>j__TPar
<Mgjk1eSJ
pHq4vBv
gu1n
FJhMy
<<>h__TransparentIdentifier0>i__Field
iNNO5z
Ii11
jwir
66zKD
_6+5
44u9
#Strings
4ym5lNdi
System.Collections
O5pE
bTc1
999B
6OJN
d84c8tyg
rOIzE
JCBo5v
e- %
l3586
hGTx7uqN6f
14ft
C6n1Q
mgQ1n
rJk5S
NHM47
Environment
e5xfQ
VirtualProtect
69dMw
Acrq
JU\m
7NtM6
QA>
WndProc
JFz4
N6q499
qj63F
jrs7
Nh1aO7
g8kb9x39Ma
%}@s\
73SCn
1lKEDj
1hPm5xvo
hSL8cv6x
2MP9m3Mf
JKQN4CJ
mN8f
423PnA9B
3de7upw95
<huEmyJ
System.Diagnostics
hmgP1
GetType
q2kLH
7OA6sc
c4HH883C9S
6v81
MCEiN
O6gf
G7K3
FHN7n6A
6Kciiar
4hId
75415JJ3l
zenz
<MR9
FA3M
Bvka1
Hrh\
wLx2
my#P
6ieT5tojGc
qe658uS9
y3uJaa
AcCgKC
y36s4z
PTIiQ5o
hWndNewViewer
zQfay
yT7Tv
5EOi
DavJ
ProcessorId
8y5Mo2
_dbEncoding
rApr4
N(4i
J3jea
6dKL
Kyk)
RlN8vKr
JF1h
yq4b
vHcjc3
S4wiT6ARo8zh
c7SO
RTF7
386e294
8CdtbG
9g8ikt1Ss
TuSexbe
httpOnly
o1epo
bh22O
8B3ByMO
' 0 [ z &
2byF
989a3Sn6qPmxv3Nn
6wQHAc
z6N2R
< ;<
JEB1
izDPS36kgtQ
7R2A
NCgr27c
<MvQ
Oh29fNlnD
MjIt4Mt
9ggGpO
set_httpOnly
5@H6
fAzBR7CRTH
h*?A[
uwMmN2Dg
get_UTF8
get_Width
HjrhP
x5t7
Q3u8
crypt32.dll
qSfyM2
AP8u
vqB7b
text
get_Revision
svvO
.) "W`::
3k3lfO15a8Dy2
BtzhHGm
)0|U
CreateHandle
Nyv9
|Fih
CopyTo
<568d
Func`2
PropertyDataCollection
BeCKC
D4Mp
Ki8lO91
7F
Protocol
@gy
29zmlnf3
l2wGA
LJuHk7
GetDataPresent
BitConverter
BO3a2
nMM3
BN593NQC
EMwqa
zy9St
g1q6c6415
<Efgf
1zuc
Dn87f6
9SxSE43u
IMur5J
s3A1A
Form
r&?
{ytFi
iQkNCozD7
KKtu
GpD3c
816hDy
Math
Mx3v
9qg5467
KmgR
;S!,
3kcEzkb27TPjN42e
HFlxH
9CaMhl
jwpBLh5
34Fis
n3r8
9LvA
XUk`
^k{D
NgGaa4
Delegate
<MDp
rCgo1f99
FromImage
c9Agq
r9BPA
ProjectEvrial.Hardware
get_Unicode
_sqlDataTypeSize
2SN19
O323RHMzfx
B1eKf
DebuggingModes
MGY&
ERui
GTSSaS
sokP
BTDB
@cZ[PODYxd
jkf5h
7IKqsj
InitializeArray
1xOqbQ4f1
<MCLy
w2Rb
I8ax
<MSL3pj
Enum
uGA1
XmlElement
GetRowCount
Jx3p
HzM5a
2A5Ne
75fDT
adKxPu
BxbS9vBsqCp7GD
remove_OnClipboardChange
<MwEa
OPxO4h
<<>h__TransparentIdentifier1>j__TPar
OfT1R
6jhK
CryptUnprotectData
get_Length
I9G5O9e7t
Fyulv
GetDrives
<ncJg7
Q6Pp
EqualityComparer`1
<MPA6wkJG
Image
R6vcbfEi
6j3Myz
SetVisibleCore
pEntropy
22d5os
get_Msg
1tBhafEQ
(w,ZZ
<session>k__BackingField
3vn1
r9i5
get_hostOnly
8nyc
xtS4A
ValueType
<MQA
Mol5
Ns53n
qp2Gt
1GjfS91
LM8v
Qz4MD
37RJs4CL
gTtFSq1
ToLower
D69RDM
piak153
7eS1nzfH
E8Fa
LC2v4Fe
w3rF
yCBqL
p4Ja
jHd63
ICgR
data
jsx5gyQd1S5
IsOdd
qxBh
O7G5
CreateFile
ReadTable
N4Tw6bq
72uc
<ILod
6fpCs9So
C5R1
SpADw
cIP236s63O
LqKkcL13NvKi4m8l
dEq3S
A&+
usMeBt
hcC3169
get_Program
I4dr2gy93w
dro2
38P1on
Pdj2
6A6a
5IGqAKz6bM6icpB
GKoj3hoeyH
<value>k__BackingField
StartsWith
FileSystemInfo
pMlHOi
bAySf
eJmFB
get_Version
1KdcEkPDAeNws57LD1f
fileName
@W@_ lP
J%8
ToString
jTRl8FO
3hhKu
set_value
1x9o5R
name
pcNf
ulIO
Parse
TryParse
KwhC
k2Di
>hU,5
domain
t.-3
Hzut
Bf7J
i3NK
cTC1R
blHvGO
1R1A
f#pB
sfvlnoL6IB
<hFk
Save
Beds-Protector
w3D2
NP8vCF1
7w9A
T9LGtu
get_UserName
3PS2
38nL
i62J
1emDNFJ8
n8JN
n"L`
MRHx
kwAiy
QuT6
<Initialise>b__0_4
<Initialise>b__0_2
<Initialise>b__0_3
<Initialise>b__0_0
<Initialise>b__0_1
ioO4Cr7
AssemblyTitleAttribute
<fN8ou2
AyTy6O
uct2cM
MTrS
g4f4Ab3JI
tPoy
Bi6Tsqw
zT4CNnPe
n9vk
|S?zx#X!
AEQ5E2
HsFK3
ksSCEL4N
HD84o39L
8S2e
B6RKP
<>9__4_0
9fzG
ddz5
2BinIT
mInstance
RawSettings
get_LParam
Start
2z32
Combine
wz9IeBJ
SE4g4
kK319
size
91Fw5N
r8bhh258
1H5K
pcb7ECvyP
yGv9y
Tj3jfT1ikTw
RBT8AN
2ACENI
R8Au
1Po8i
3D8z
vF78K
2qRn67b8Gu1
Ql61pw1o
xoiTj5G
<Username>j__TPar
<M583KcgO65
GetFolderPath
6nRD
l6Kv4
Int64
"$&cq;
<vgq
8iCzs
oO9o54
DNwi7vR7be
92x1
vGeq8
.ctor
O1zv
N6ps
P3zc
rGLAN
L3brj8
a14IT{
8mjH8
!This program cannot be run in DOS mode. $
H g}
Lfhnb
iwQypN
iii4
O13a
h8Pf
k7o7
ha882c
cuu2a
Main
O2sC9O9
8SQHzb
3TBm
Invoke
FjPK
e wDs
GetCurrentProcessId
BeLtudQx
j\ns
uBvJ4RqF1z
8Mn6s1sw
m1wq
zw89p5ozTD
u97J
v4.0.30319
xnDST5
mQg679
GetId
K8s4
uCtxy1
1D5O
6mDn4bh
hF1jL
9PyC8
Module
FrameworkDisplayName
2PaH
8:(+
Array
bkvL
@V
|8xo
bCcy
9obe
y22d5js3
umGBNfB
ibxaf
@.reloc
iaG2q
p2yI
S`b
xrH,)
g4fQsJcvnd
u3K2
55COp
<M21Lw1
MQA8EPHR27zqti
PIxzn
hckyd
d7dmt
ReadTableFromOffset
nextClipboardViewer
jqHD
I5KtEj
znLs8
Byte
get_Chars
57oBCKSsDTg
u3zupomh54
TJT'
lswC5m
MoveNext
~3 OOS
w8hr
53rj
j49f
24NDh
xOME5qi
Lq5yjsQ
kzLl
h$!
94hJsD
hxlg
zmkls
9hN8
QAREs
System.Drawing.Imaging
R8k6
8s9zJP
aKu7JFK
<MBR4R27a2
JSL2
<MD2aKc
11f8
38jgL
sb4tu
00(-cp
1vLOt
nrsQ
f2Dp4
fb3KJ
vloozyBGl4we
MI3n65neBqFK
@?\v
7e7eu7IO
<secure>k__BackingField
pp7
i512t
h5q7KJ5w
ozKmDMJoQ
1dQ9
5nvtw
mRe95MT
v3uq
get_Location
qHzHg29
cj8Fa2
s8hke5
8z7L
rfQrS
xRANJ
nzAy98Gb
{^ O
OKsJ
endIdx
InnerList
FreeHGlobal
set_Url
Directory
T8n8
User32.dll
3vEx
FzP28R
xCvF
d3po
Google Update Software
tkwC
fi 5R
<xI3IIN9
<MFu
Ns44sI
Ht8H
KsHf74j
get_Item
dwPromptFlags
<M3wS
6dciS7
xphc
``a)
RuntimeCompatibilityAttribute
vLFr
u4jkx
o7c7Kfrx
RuG5
Assembly
,_)D
eOakMk
Stop Trying To Unpack the tool!
CvzNg
g1sH2Of
<M2f7
9ls2
fsiQN
R62G1
uDeQ
D47co
3wg9n
get_id
T5m2
Graphics
gG5jS
8hpp
ze9n
9EK1y
yod824FC
<M2256l
zHlvH8Fu4
=PO~
Srbw
5s4zBn5
Size
KT4A
<storeId>k__BackingField
5n56Hk9
ZipFile
Content
Srdo1
mMi3eS
ps7F
4H8Q
umTjSj5Iu68Oz
<r97
<MBy7
Mr4KL
pbData
vohk8vGh
z56O
H4v2
set_storeId
oKD2II
4m6b
9PhNG
SEotJf
ParameterizedThreadStart
u5oD9
kykis2i
yR36
qD6C
wd9ETTf
zFc3
YCE;
77E4
basePath
HjeyR
b845
pLsd
nm5Lc
DebuggableAttribute
BcE8QpJG
ywAl
21Pf
QP'a
uAnlT63w1
CreateSubKey
5u 2b1
Aonc
338Eb
k8p1
jzjy
4M51
37jL
:KGU
t92y
1Po2PIJl
nIwlNM
e7n5
AUp
J<;,
Control
<6ujPN7R
8e2M
1xa#
DZJW
Tg84Lw
LhHby
GetInstances
KBLG1NPn
Ko9lz
3e8E
6O3v
O38R
gP4Bea
qa2qJd
2z77x
sbn
yRhw
I16c
SiteUrl
FsAvq
&pxt
GetDirectories
qjj7oQR
5h2O
5Aek
s6C51mA5
2H98
m54568Ps7RsIrP
sps2
.+3lY
j8wu
<M25
9J2H
949j
9QedI
S885oRRN6G
24EAcLlMIRa
BuhT1DbA
Hkh49
oGrfo
dwFlags
<4wq
JOSNw
SaOB
MoT9K
GetNames
3(i5
Bn7K
<M2l
lgjh
Cast
AllocHGlobal
set_Program
JAnu5g3n
xL3nxlG
bMk4qx
SH648SK
U&D_
8O7k
4O68C
Message
%o!
496q
8pw9
EL32S
4d6Ik1Gv
dr6494
NNcirq
set_expirationDate
AJmK
H4STGy3M
b86ML
7Fq8ARp
9vR4H6y6yIT
x6DTv
Ap5g1Cl1
75xEM
2Qg3wn
kF134Rt3R4
get_Build
yCtg7t
Cookie
1QrK
OvhP
4G9k28CS
elRSBL
h89z8l
feT6G
us7S
Lr5n
<MKt
65NPG
58jcF
34CurDzjOqv
AI8o
d1ozi
ohoAg
copied
6g7kCAq9vK3
BtQ4A
IndexOf
<MKM
bD1rEJ
DownloadString
}pY`x
zO2wz
bPxSf
yOwBLr7
pgxTr
MuPtE715oR
z@e
Jpt3wE
B8D7
p5OI2
cEQ4
xEpp
6lDJ
fPbT
7ejabeo
L75kuiE
zq6g
SqmzFI2
9yOQB
Jol7mwiPI
5JO9
field
3RME5
v6hte
Password
HEn2m3x
Delete
Q1PF
b72E
27l9l2
pxzI
CompareExchange
4Aa6w
SqlStatement
Gmwq1K
y2taB
wTJEw
iRNB
get_storeId
v9zKp
5yAj2
AddRange
iTrgDk
@vUV
pIR6
d1Gir
j1w4
LBol
jP14
ci1uu
IEHw
sGjR
oaRA
get_Url
8cRG
Odzj
<7E2
f69N
GAh8JAbo3RTdLQEz4
Autorun
<MCwTyGeTt
p82Q6
.cctor
AsyncCallback
HWID
lA2F8
5NSK
dz7RN91
mscorlib
<6IaR
RecordHeaderField
GetRandomFileName
SetText
JF63z87lv7t5n7x5a
s63A
<wA3Kc2F
J6WK
f16z
get_Username
G4kkBL8DC
yMQa5x6q
k9or49qyGAGuF
LImxJS
zRQ3jlqL2bPb61a
A7BE8
6aOO8
op_Inequality
hBAKa
AIbB
<586v3Sl
B1tG7s
i6yf
gkMr
get_Login
96oPsEm
q5Fa5
6737nK
6B
3p7ulP
8gGK9x
l1vr
al3wg3i7
ye8qB
ManagementBaseObject
RS5PK
GmA2G
Py4Q9fuKm4r3
gNa7O
kwmH
<Mv9k
a9yT3
8T8uQG
chtt2Nr4e6
dNJq
5R6du
RuntimeTypeHandle
QLQz
g9RetL2k7
method
6Mzf2
NSLG6qA
1u4_L`S6y
8kko
vwIv
wbEpBpw
8lxK
pas1
3v6o
<Password>i__Field
<>f__AnonymousType1`2
hry7b
ToInt64
43I99F7
mozcE
DqQbF
yegw9oAvmmtqJM
oYHg
4h8h
vNmDv
op_Equality
jimR
Kzwo
Nf3ld
<MJz
yP8o
\DD=
NAp6c6MTN
A4XX
33aTI5
<MPTuo
5xzNB
jzEp
yr88DB
1sxw
lo_9P
LJPK
wcISuT
ao)^A9V
hkv6Q
yT5P
ZYXDNGuarder
<MAyB
O8uA1CSI
1P4g
; xs
VtbS
maGrd3Rrx3
e;dEXU<$[Zv)
u42Rk1aQJCc
za3z
852BFq
8p8H6I
LPP37
317am43
Cu1q
xCGdqf8sb
Normalize
e8hB
dAIoI
Pl8F
4rDdx
Nqkg
5Ep1
31TT
iBH8Qpj3F
pMd21N
23i66
T98pDS
hb7G3
7lJM
o2O2
MzSQbv86
ngC2OS
ozkQ8
m8c56D9w
^o&
<>f__AnonymousType2`2
ReadMasterTable
WM_DRAWCLIPBOARD
9F@8X
Contains
ManagementObject
Sqlite
*FB'dGsfM&
mscoree.dll
68stp8R
P1O2j
bBhiD
callback
System.IO.Compression
Concat
set_id
File
5Kbd
8lDmtAE
5r2Sv4
2mmo1
d6dq
Dispose
leRB9
MqK4
Ctck1EE7
GetHashCode
xNCN
yit6
x3m6
d7wRr
OyuQhqld1
aJeKvG4g
J1tdcA
bRh6
; je
SGz5
k4S8m
3938
bBP6D65Sq
QhOe
gQ4C
jF6K
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
ItwRblt
P9DhTigm
Ic2S
88sl
OJGKg76
get_Key
tp11
x53x1fK4yBG
nP1L
vk43vb3
<Mns
bh7aN9N
9KamuD
P[9i
BitcoinStealer
SrcuP
e7Q73
dtwT
59hEA6
u3hodzMrp1q
5Ltu
=`hMC
BSJB
P5PGrqhLDtg2
ItemName
s3Np7e8
8mF7cMB61
&4[x
DesktopCopy
pn6nLvRyBjM
DebuggerBrowsableAttribute
B9N4u
<CbycuIo
m2ei
nT7w
5ncPRG
5gz7K
Odyl
CwyJMG
%b +
i1JNJq
yppwq4
<MIKR33uRH7
ProjectEvrial.Cookies
f157P
1oTy
EMRg
IntPtr
l5blf4
Jf3rAkTur1x
Helper
HandleProcessCorruptedStateExceptionsAttribute
yj65
ztM4
4D53392A6A24D5E801ADA14E79B43F9BEBB79150
Screen
ShwczJ5
4age
T974S6vrug
uo9y
5c7D
WM_CHANGECBCHAIN
8pb6
275H
sv0M;
hwndApp
aL7bdw2c5Ex
Microsoft.Win32
6ekh
w3GC8
System.Management
dCKu
5lsN11mADtvel6u
System.Linq
ggxg4ef3a
hTLwm
STAThreadAttribute
3nK7A
C4h2A
q29jQ
8Ftb1
wMsg
iGcix4
23IFCQ
B8A5q
dxvH
A4967
cqaNM
FileInfo
qL5B4
RqFlIR4
sgTj
zATh
CHxfk2G
BsgF
CR3L
8FwF9
6GTpAirSCS
iABxM
1eJGF
kFma516
wKEj
J9BEjFM
3C2c8CTOdf
jA8S
0'4$
I54P
*J hk[
SizeOf
<M8q4
SecurityCriticalAttribute
<hostOnly>k__BackingField
w1JOo
aqs19a
y9dnx
dJw6
ARBIK
BvEy
Qiwi
D7NPy7g
lsQP
rxPO9k25
AhlLC9s1t
k23K3T9
G8M44
yz2OPb1b9lSPr
Ps8F
9drK
M52jd
RemoveTempFiles
1lp3Id8
892Q
p7MvH
KLA2n4
{9a6f81eb-8553-4026-9b69-e57d9aa81e38}
4TaO
59gK2q5b
5yKdmo
kpymze
4xq8
4k3w6
5N8AHP
zLsPso
5Hmb
jmnM4
CA4j
GetFiles
ZCb[
F25wK
HOsFy
session
1Og8r
sxAF2H3D
=O}%|
Kp478
m5PCj
<M7gtHu
388wKN
w5SJ
8sD2Kj
piECA99pe8
6t7q
|;XVe ?
8bnc2
pszDescription
JL5z
y738ANH
<zwxqO
yi9I8j
114758nl
pr9ylO
49gk
ClipChanged
set_session
System.Runtime.ExceptionServices
o2LFEK
System.Core
D633
d3414C
set_domain
Random
f593rkp2tF
d8MAN
EnjM2
oLm8
g971d
ProjectEvrial.Clipper
RROBJA61
EBlG6
d6s1tv
mxG8666T
aDpavSMDP9sR8
s2vi
d6eK
yuFwt
FwO7
ivwHx
3xS2g
NbamuSFGw
mL4g
S6Jn8utEO9lP
CreateNamedPipe
2xc9T96
v@*-1
P1l8
|KH`L
Qsl6
SqliteMasterEntry
9B51
6EdI
L4qDgP
yh2E9
jo a
G6Fyx
f7Tn8OR7
5Gas
<id>k__BackingField
kc{?
Hc2w5C2k
ThreadStart
<MicF
set_path
SpecialFolder
l16eb
mdRvT
Ixde
s2h7

NIb_g
85Sh2m9
96rfxs
NQmM
SetClipboardViewer
3QE1R9
OnnP
x6D6
j9Mg
T3AhGwPF
MApp
OMbwN51TI
QxvjB4x
get_Handle
get_IsInvalid
jnPSf
<M1Pc
pqdSi
9P8pfx
FilezillaFTP
7r84
SPR5d
LgbT7
N6JKwvg
4cC1
giTP
z7L1DuF7
B3qk
OnClipboardChange
<K7E
<M78
set_hostOnly
m4ogFo
e9pF4RCuG
z4vR
8vC9
formats
78lEa
<Mb55A7e8v6
5G12s
SendFile
ECFa
NULL-SHIELD_Stop-unpacking-this-tool||You_can_not_unpack_this_program
mIQ4
ApartmentState
DsaJDeq
u2wNr
3xojPy
CgH1TA
TibOzPhp6T3S
qv4L
9597
get_Extension
gCiu87DEqHE
[]h;
dsbI
<Tyw
4598
aUX_m
<InnerList>j__TPar
ezSpNkI7FH
AssemblyFileVersionAttribute
oftKQnGd2t9HA
GetTempPath
System.Text
<M64g
QJb8RE4wi
oL5t
za3K
G69OPT43q4
6iD1
5rdv
8d77Lh
S59lN
System.Resources
zEO17xSo1
yRKxo
hbKo
jfTy
7m124zH8yl
_pageSize
<MT2zn
Bitmap
6Gl3iAG
trA :
bAo32
z*;
Ne74eHtg
<name>k__BackingField
91xm
<Username>i__Field
`YkJ
2B9gNk
ManagementObjectSearcher
3CgEj
vgNoG79hhc13ebhQJ
In3K2
OqA
o46O
i9ks
u5J42mdmKp
sBJ6RG
v6ue
dG8hw
f1Skj
_tableEntries
format
gpmNrR
XmlDocument
TDpA
q65Af4
b6Kdt
ym9a
pPlainText
Gchz
l84q5
wKNEz
OAtrIm
17nvFm
__StaticArrayInitTypeSize=10
CreateFromDirectory
7J6eKdft7
<Login>k__BackingField
kFn932
2Hwx
q4x1LP
iGPCusS3
G3Fg
yRpmq
8Sfid7dkAB
tePq
FyfJaBgFMR4AF
c2vAK
[b0G"
Messenger
get_name
fczA41
GetEntryAssembly
BT7ka

TryGetValue
String
yoDfc
<MHqj
lLGp
<M6P815ANf
_CorExeMain
74Nd
pm9B91
4zdMrJ4
EiLG
/E76bmA
WebClient
p1olTh
obaNRxm
x6aw
9 Y p
KeyValuePair`2
ySejtfsko
25KnMt1wkF9
9LSfftf
GCF69
cphxtNt1
E4LEj
XmlTextReader
NPfD2
NETGuard-v4.5
Dc4RG
3unQ
<MdP2Gj2
GetRandomString
rExte5OJ
RU."
s33Kht
A1bni
TzoO
pEn711
puz
<MeQq
tBs9
[Spa
]pjP
3uJb
53Ki2
u4zxiLOul9Cc9
SInGF
n5vsj
7HvRnm3b3sitMFQo
Login
2h1b7zena3
q2p5ogv
4zKGtL2
get_PrimaryScreen
u6gJ3J1
Eh6Ib
2IKn
p1Ihl
aI6Bg
TRfEw4
uct5
x6Eo
J9s7dJ1
5Kaxp
heoxL
sMx2
.'Rq
add_OnClipboardChange
wJvF7Kf19jH
2I29S
qxHQ
QKIu
3ib3d
<path>k__BackingField
tBgmNc
<k6e
4AS1I
T5Ez
y1Mw6D
IJFuuO
Attribute
IEaNyw6q
Jw8F16bj
System.Drawing
52y81
{?1f
q4tr
13y8
q7r84qk
CurrentUser
6j9g
<N6GhJoyC
bFcwn8
1^:zK!
jx%+
OB4d
J6re6
Dictionary`2
BeginInvoke
I O T g z
ITSoa
A5z8HI
x2Sc
Boolean
B7Kxb
loodt
L8ri2iz
fhM3
n971
<<>h__TransparentIdentifier1>i__Field
GetText
5w8r2
pF2nt
diskLetter
FileZilla
DirectoryInfo
JHB69F
Pu4f
o66v8m
4KINwaRTok9e5cj
RuntimeHelpers
set_name
f2644bb
21unh
6PhK4Dx
upR11
8Quo
f95lkG6
RlxqHouG
HPSxu8w
EbS82rf
9fbEa
7tk2
vC6x
yjEF3
76B8
7Eo1
42wtsz
6Iv7
OTGIMo
iiA9
FFf8qPf
t1Kn6bT
3E76
GDybQ8e
8qvkx
Object
eCIsK1Q64
5Trjt1A
Registry
Kill Yourself
fxa862
XmlNode
6zbPHRD
E7qeo
ComVisibleAttribute
65n8
r3I1
`~$u
vujpdi0f2gg.exe
GA5x2
gBarMI8Ia
tugao7
aQR+
mx5p
<k9C-
kzWX
74d2R
ALySpb
t$dT
kIs0
kTjtS
Select
O7ucL
GetWindowsVersion
17R+{5
M2cW
iCdh
7JHB
6GDD975
t38T
get_Password
mK n
H37BuPPJ
SdwE2
CreateDirectory
i5F9S
3lyP
<MTGx5
OnygI
nIpc7
zv4b9ug
get_httpOnly
2maD
Lk7bNIw
NtEv3
15N5sn
RP4m
7DhELQQsj
N1JdexMEL
n1B6v5
mIdm
Mm9Bv9
StreamWriter
H9wp
7t8Otv
storeId
8P2roj
9841
TRmR
NULL-SHIELD v1.0
5J937tF
<M6Qbg
get_Size
f9mkK
`ELVWQ
i5qasD
tCB4
LEyz
StringComparison
ASLE
tkSlp2
89TN
2S8wby
ClipboardMonitor_OnClipboardChange
Rkj5
SgRP
K89D6Nu
Dfji
AMLb
CompilationRelaxationsAttribute
y6Gutm
ToUpperInvariant
uTwzN
qj5t1m
<45s
<Start>b__9_0
7O4NeQHScGOB
l28TI45xCxbgv3EmNj
<Mzwyi
jf72MrH
6i5hC
M5os36MI8sxrD84
lFreP
wYf
px5a
8P36g7j
3MLE1gCuF
s5,d> 9F
IMj1kCv
89jE
96Qwg
SafeFileHandle
ObfuscatedByAgileDotNetAttribute
8Q6wq18
46NTPbgdQ
5BCNH
SQGe
O5l7
ProjectEvrial.Stealer
=e(8
n4T8FM9T6913d
PassData
ilpg
deQ6O
cbSize
P73qAi
DTvT7
hK7md
1.0.1.2
ManagementClass
<Url>k__BackingField
FailFast
6zO2r
hP7h
RTJDB
5+JJ
p"*~
G8lze
9o5NpH
-0 K.y
rBEkC7b
nyB7
BDm37
filepath
9J8He
<M5p
NineRays.Obfuscator
k^6I+k]_
1{j
<M5c
yoih7jP8
DebuggerBrowsableState
vH7Ht
iF6nI
6AyO9F
System.Threading
Rswb
^3o"R
E8<^(
dnLI
sLLH
t1Tq9n9
4EukL
<j5uI
bHtd7NEh6L
9g9cR24me
2FA9Q
yBtLtb2CMaj
get_path
iJRjQ
K8PAE9xf
qxg4dg9
83313JP23dto
IQ6J
F9oO6
8di2uox4
Kf8A
911R
9j84L
1ex76
6zFg
H1pi
p2PT7
TuBOKjk
vK76
<httpOnly>k__BackingField
gEO34c
qC71
JNwM4J
C7cj
9_\c
get_Current
rxvwf
RLtl61
aplL
<tG1cJ1y
Microsoft.Win32.SafeHandles
wParam
pJls8
bhdj
3c97
1iLrN
<9scim5qPcwl
mkGAf2
u7cE
ht8vr
jt42r
83OG
[_?U<qm
hhFTBHpL
IBj8I
<ItH5iEG
cv
pqMFG
uLbD
7oT7
dibL3HQ8
<Start>b__4_0
Identification
3C?Ps
Qexk
rNIE
Network
5pNK
M71M
7727fN
Next
gGAH
BabelObfuscatorAttribute
N82ll1
rmJmHG
NS6D
Interlocked
1j1xG
fkJd
zD6x
<8B5u
nEj9g
DriveInfo
rd2A
jnFPiP
E93F
ztr41
Empty
sTH3
TBiKo
1kmK
KSlk
<Mv7r4N2bGwo
54gD28
get_Major
<expirationDate>k__BackingField
t/yxgw>
GetSiteUrl
vKdpocmfp
QPq6
6L4a
z6MRBc3
5b55x
682AFQNcJ
63hJ261
QHQK
1p5Rf
EkaQ
l7N4
xvPA1jz
foEPO
yQ5xG
91r3vsGO7wO
8myGQ
a@MU
ObfuscatedByGoliath
5lg6
GdG6P
set_Item
bGu11m
ToUpper
Phf5Cnl
<Program>k__BackingField
P4sd
svdBp
QRpb
y162uTM
32Pk
c2CocS
EyIsOc
9eFAr5p
LPuK
y9Eklsg
dGw9n
7hi6g5K7
<M2az
Exception
Sr4p
+$ 4Y
zNgvd
h1uB
get_Properties
GetModuleHandle
6536H4k
c418A
SetApartmentState
bM$30
<91a
iAiy
IRDe
ioya8ik8
49fl
CDTi
GetTypeFromHandle
IAsyncResult
3b9jj
FileAttributes
63j33rl
pAQg
OEhr
GetEnumerator
<>9__0_2
<>9__0_3
<>9__0_0
<>9__0_1
P86hyE
8f84N
<>9__0_4
k4ejsk
nElL4Rg6G
fvZT
cAO8yDR3
S7cnmD
P9MKQPMM8
RvHIl
P3xKOlbf
7SPcr1Ih
TQry
aGw1
5t2h
get_value
GTKs
Im45
lOvI
GC7uN
cLbNku6i8
RJ1r
al77
h16v
<fknn
SLa5
XmlNodeList
ziHDGaP
get_DocumentElement
X N
S6O26
iyRQ16
vujpdi0f2gg
<Protocol>j__TPar
ia3h
N =1
f6Jum
71cdp
z3zbL
Q1fSF6k
Nva4
ykMH9
Macrobject
mPbTP985
hEuon8L7G
kLCT
279J
QrH14
L66DGr6
135mxH1gwp
<>9__9_0
cBOSNd
System.Runtime.InteropServices
5kfGeTb
5Fko9
<MJ52RR
A!w.
t7dpSu
cliptext
jN3nmTn
f4dPFh
tW)C
Pt5D
huKIO
<M47
SetValue
<MD6xm
4vcb
<xoq7e
ci77D
vRyE
g2CF
e4CGxF
cLQ7
System.Runtime.CompilerServices
SuppressIldasmAttribute
<>f__AnonymousType0`2
3iGkKwEk
<b14
<MLPM
AtpT45
<M18cuK
QRRB2r
kMK2
iqd8z
~x[PT
btCuDpp3
h2q8bx1Sf9KG
qNDq
5yce
44KI
<9SIlO
8G6g3
GL9L
ProjectEvrial
JOy8
2k2h
lE9Hi1BG245H
GA1rh2
df8DN38QEhM9
!#-o
kSwj
I5hQ
aB2g2la
cEmF
EirLt1eBAE
uuch8
KRM9
StnJy
GetHINSTANCE
7ijpMzl5y
TF5M^
9KMJiaz
CopyFromScreen
aySM
IDisposable
QNILF
nbhaG3331
Exists
NL6dsRN68
<H4c
B5Oj
TwoC
p1GbA
ih2s
GuidAttribute
7A3K3
{60fac4f0-f7e4-42a3-9db5-b6c6f67d70ff}
2CBK
+a-Y
fua1Q77L
pNSe5h
gk&
J7zB
QORp
tk7u
<H0[
c74G1guIg3j
sgI3Bz6
*"2h
<MaE
MiSO
HoTu
l8uS8OC2
tDA21l8
Cc1B
Equals
P C#$
gPIoc
1LFwC
<Ms9
A1In
IJ1z7Ro
<Module>
9NHE2KJ
9PJJ
<MLe3TMG
<InnerList>i__Field
tz2h8
RM89k4x
_sB$vG
FvhC
M3wi
MulticastDelegate
eG1nF
5AP9n
At1cP8F
2jG8
,l;*
<G6z9yi
12gb
1s9yx
value
UInt32
bvIGp
2rn7
eG83
1q8e
sG57
LsiA
PSE8MMug
GiRr
ConvertToULong
fk9AiCL
B5JIu
9ROik
aareL
86QNLa
cG3J
<IgkrDh
52ovE
wG5P5z197fKG
ManagementObjectEnumerator
DR297K5Hg5
l2u4
Sw:B
O44A
Hvaq
D89Q
#GUID
nTM738B
Iw2_<Vo'c
<M3COD
SdJn1osJj
YanoAttribute
Wallet
fB516T
fF1K6
O71hc
<MRo842J
HB45
zwHm
S54O
dwcv
Nmg7Cj261
IDBCm
T394N
yy62
set_Login
N9Sfr
7971y1cptm
JuB3
s~)?D
yl7iPt
M49K1924
System.IO.Compression.FileSystem
98Qo29G
zDC3Q
<uO88vJ
Nullable`1
pQ9tT
J6ao
sRlav
p3Hlmc
TbLw
IGA191t
nSpsn
<MN6
K8p2u
get_HasValue
S7Lw
Thread
qCg1R
q7Oa
Collect
NEtmE
7BCEf
Ma2C5
GDSx
S6T2
5f7uqjLdOQD
M29LTaAJbvM
6tp1
Encoding
m4OOR3
w9q4uM
pMKewD
4yen
_077I
SetAttributes
kDng
r95pri
cOgehcv
IEnumerable`1
b7rA
b24tI
6IrhAz
value__
get_Module
diGGzkO
Clipboard
pReserved
2ddNl3P8
<MT31
ONayF
<MQ8pr
Lm4t65
KIR7y
KPzR
6T84pnt
\FB(
5mAqKw
Rectangle
mg1rrl
s1m8Ja
vzkMe8w8ruFg
1BD3Di
aCm3Ez4
get_Value
9v819
4RQes
I5K6x
get_<>h__TransparentIdentifier1
get_<>h__TransparentIdentifier0
c3z64H
_fieldNames
Remove
offset
ebbacp
AutorunMethods
3PBi84mb
nJ A
<Mmihxvg
f6wpe
rxyh7N5rM
TSm c
52Nt
B7JTl7d5eS8
Replace
<Password>k__BackingField
Zero
yyqGa9
tGRq
ManagementObjectCollection
1hoj73
RDhwe89
<MGoC
3ds7jBs9u
RzFI6FRwN9N9
9fGwdj
kp8gGI
dD4oK22
get_RootDirectory
5Hlc
QC8O6b
G4Bb
l"=M
yCS7Ai
<J3KiRf
(4NI
Avt1
d4uloD
dc3b
MGqtu
IEnumerable
x31PPg
H6Fi
n6wMB
694iJ85
System.Collections.Generic
get_Minor
ezET7
f3rvAv
Compare
Pauc5i9K
]vi=
get_InnerText
EndsWith
OqlQ
521u1
163d
System.Windows.Forms
3AbPv
nwS1m
Chromium
zb28
Split
sio3o
EF46835
fvux
faup5
I6RcCweaLiF
Eq[VSs
MJq6ws
!HM
WriteLine
ucFRIS
dg73h
upnq
9xjlADqOeD9A94
directorypath
GFzNff32ej
<Mdm2y
naR5m78P
c8mi1
Pn8L3Rv
<domain>k__BackingField
kNqDCi
K1we
GetClipboardText
set_Password
Q5QM
1Ehz4m
<DkmQHyk7m
tPotq
3iD5
hbSb1fyq
6sx21
ovP7
556N7T
I978dcbo
qO8y
<M1jFlx9
OH44
aOOG
eL>b
hvfq9q
y5i7
3p={
rd3NLCB
DebuggerHiddenAttribute
3Qdw3Rws
Sleep
rmGS
<1ouhu
2vtQ
NULL-SHIELD_Stop-unpacking-this-tool-<Module>You_can_not_unpack_this_program||NULL-SHIELD_Stop-unpacking-this-tool
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-01-24 19:11:37 2018-01-24 19:14:25 168

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-01-24 19:11:37 2018-01-24 19:14:25 168

8 Summary items with data

Files

C:\Windows\sysnative\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\svhost.exe.config
C:\Users\Seven01\AppData\Local\Temp\svhost.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\sysnative\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_64\vujpdi0f2gg\*
C:\Users\Seven01\AppData\Local\Temp\svhost.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
\??\pipe\CPFATP_2476_v4.0.30319
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_64\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\VERSION.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\iphlpapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\secur32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\crypt32.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CRYPT32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Windows\sysnative\p2pcollab.dll
C:\Windows\sysnative\QAGENTRT.DLL
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\fveui.dll
C:\Users\Seven01\AppData\LocalLow
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabAA88.tmp
C:\Users\Seven01\AppData\Local\Temp\TarAA89.tmp
C:\Users\Seven01\AppData\Local\Temp\
C:\Windows\assembly\GAC_64\System.resources
C:\Windows\assembly\GAC_32\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources\*
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
C:\Windows\assembly\GAC\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
C:\Windows\symbols\dll\System.pdb
C:\Windows\dll\System.pdb
C:\Windows\System.pdb
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Users\Seven01\AppData\Local\Temp\svhost.PDB

Read Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\svhost.exe.config
C:\Users\Seven01\AppData\Local\Temp\svhost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Windows\sysnative\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
\??\pipe\CPFATP_2476_v4.0.30319
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\sysnative\QAGENTRT.DLL
C:\Windows\sysnative\fveui.dll
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabAA88.tmp
C:\Users\Seven01\AppData\Local\Temp\TarAA89.tmp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
C:\Windows\symbols\dll\System.pdb
C:\Windows\dll\System.pdb
C:\Windows\System.pdb
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb

Write Files

\??\pipe\CPFATP_2476_v4.0.30319
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabAA88.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\CabAA88.tmp
C:\Users\Seven01\AppData\Local\Temp\TarAA89.tmp

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\svhost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\89C030EB
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\svhost_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllConvertPublicKeyInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllConvertPublicKeyInfo
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Escalation
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\89C030EB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)

Write Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\svhost_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svhost_RASAPI32\FileDirectory
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844

Delete Keys

Nothing to display

Mutexes

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
ntdll.dll.RtlVirtualUnwind
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
kernel32.dll.GetFullPathNameW
kernel32.dll.VirtualProtect
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetModuleHandleW
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.CompareStringOrdinal
kernel32.dll.SetThreadErrorMode
kernel32.dll.GetFileAttributesExW
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.SetEvent
kernel32.dll.CreateNamedPipeA
kernel32.dll.WideCharToMultiByte
kernel32.dll.CloseHandle
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.CreateFileW
kernel32.dll.Sleep
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.GetCurrentProcess
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.CreateEventW
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
rasapi32.dll.RasEnumConnectionsW
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
ws2_32.dll.WSAIoctl
kernel32.dll.FormatMessageW
rasapi32.dll.RasConnectionNotificationW
sechost.dll.OpenSCManagerA
sechost.dll.OpenServiceA
advapi32.dll.RegOpenCurrentUser
sechost.dll.NotifyServiceStatusChangeA
advapi32.dll.RegNotifyChangeKeyValue
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpCloseHandle
winhttp.dll.WinHttpSetTimeouts
kernel32.dll.LocalFree
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.ResetEvent
ole32.dll.CoWaitForMultipleHandles
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetDynamicTimeZoneInformation
shell32.dll.SHGetFolderPathW
kernel32.dll.GetFileMUIPath
kernel32.dll.LoadLibraryExW
kernel32.dll.FreeLibrary
user32.dll.LoadStringW
iphlpapi.dll.GetNetworkParams
dnsapi.dll.DnsQueryConfig
iphlpapi.dll.GetAdaptersAddresses
iphlpapi.dll.GetIpInterfaceEntry
iphlpapi.dll.GetBestInterfaceEx
kernel32.dll.LocalAlloc
ws2_32.dll.GetAddrInfoW
ws2_32.dll.freeaddrinfo
ws2_32.dll.WSAConnect
secur32.dll.EnumerateSecurityPackagesW
secur32.dll.FreeContextBuffer
secur32.dll.FreeCredentialsHandle
secur32.dll.AcquireCredentialsHandleW
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
secur32.dll.DeleteSecurityContext
secur32.dll.InitializeSecurityContextW
ws2_32.dll.send
ws2_32.dll.recv
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
secur32.dll.QueryContextAttributesW
ncrypt.dll.SslLookupCipherSuiteInfo
crypt32.dll.CertFreeCertificateContext
crypt32.dll.CertDuplicateCertificateContext
crypt32.dll.CertGetCertificateContextProperty
crypt32.dll.CertCloseStore
crypt32.dll.CertDuplicateStore
crypt32.dll.CertEnumCertificatesInStore
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertOpenStore
crypt32.dll.CertAddCertificateLinkToStore
crypt32.dll.CertGetCertificateChain
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
sechost.dll.ConvertStringSidToSidW
userenv.dll.RegisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
sechost.dll.QueryServiceConfigW
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptDestroyHash
cryptnet.dll.CryptRetrieveObjectByUrlW
cryptnet.dll.I_CryptNetGetConnectivity
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall3
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpSendRequest
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
winhttp.dll.WinHttpQueryDataAvailable
ws2_32.dll.#22
winhttp.dll.WinHttpReadData
ws2_32.dll.#3
cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo
setupapi.dll.SetupIterateCabinetW
cabinet.dll.#20
cabinet.dll.#22
cabinet.dll.#23
sechost.dll.QueryServiceConfigA
rpcrt4.dll.RpcStringBindingComposeA
rpcrt4.dll.RpcBindingFromStringBindingA
rpcrt4.dll.RpcEpResolveBinding
rpcrt4.dll.RpcStringFreeA
rpcrt4.dll.RpcBindingFree
ncrypt.dll.BCryptOpenAlgorithmProvider
ncrypt.dll.BCryptGetProperty
ncrypt.dll.BCryptCreateHash
ncrypt.dll.BCryptHashData
crypt32.dll.CertDuplicateCertificateChain
crypt32.dll.CertVerifyCertificateChainPolicy
kernel32.dll.SetLastError
ncrypt.dll.SslDecrementProviderReferenceCount
ncrypt.dll.SslFreeObject
ws2_32.dll.shutdown
diasymreader.dll.DllGetClassObject

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03b_64 Seven03b_64 VirtualBox 2018-01-24 19:11:37 2018-01-24 19:14:25 168

1 HTTP Request(s) detected

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • Hostname: www.download.windowsupdate.com
  • IP Address: 2.228.46.112
  • Port: 80
  • Count: 1

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

#infosec #automation

TheSystem Itself @ 2018-01-24 19:12:19