MalScore
100/100
MicrosoftOffice.exe
File details Download PDF Report | |
---|---|
File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
File size: | 1047.25 KB (1072384 bytes) |
Compile time: | 2105-08-13 22:35:14 |
MD5: | c3ab046844a32b5df201cd7d5929f36a |
SHA1: | 5bbf5359e2ccf634ed75e55ae562578400f6c87d |
SHA256: | 988dcda0d1d03f0b6b09606d4726e344be3a30e9fae3ec732b1a7c1b5ccf2a96 |
Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Sections 3 | .text .rsrc .reloc |
Directories 5 | import resource debug relocation security |
First submission: | 2019-01-06 18:42:06 |
Last submission: | 2019-01-06 18:42:06 |
Filename detected: |
- MicrosoftOffice.exe (1) |
URL file hosting |
---|
hXXp://cloudme.com/v1/ws2/:dr404/:MicrosoftOffice/MicrosoftOffice.exe![]() |
Antivirus Report | |||
---|---|---|---|
Report Date | Detection Ratio | Permalink | Update |
2018-12-21 20:23:26 | [46/70] | ![]() |
PE Sections 2 suspicious | |||||
---|---|---|---|---|---|
Name | VAddress | VSize | Size | MD5 | SHA1 |
.text | 0x2000 | 0xff83c | 1047040 | fca57cdf7356b66f9ab343b38679e43b | 3a9ebbe75e823e5e73f7a4f4ca7ac9d2199359aa |
.rsrc | 0x102000 | 0x1d1e | 7680 | 384d5aac857cb5c6cd348c9bc267169b | 9dced1dc3239546326952d22fa19f9f929d2e720 |
.reloc | 0x104000 | 0xc | 512 | 9e12a5fce33c5a1a5c3ffaba04523f9c | 73aa191acb17fdadc39c9d53219898776db0863c |
Meta Info | |
---|---|
No Meta found in this file |
XOR | |
---|---|
No XOR informations found in this file. |
Signature | |
---|---|
MD5: | 8753823efe02e145762c9e5d6da31213 |
SHA1: | e7359eae78b249fa2505dcfa207adf9c077645ac |
Block Size: | 16640 |
Virtual Address: | 1055744 |
Packer(s) | |
---|---|
Microsoft Visual C# / Basic .NET | |
Microsoft Visual Studio .NET | |
.NET executable | |
Microsoft Visual C# v7.0 / Basic .NET |
File found | |
---|---|
FIle type: Library | |
mscoree.dll |
IP Found | |
---|---|
No IP detected |
URL(s) | |
---|---|
http://s.symcb.com/universal-root.crl0 | |
http://ocsp.verisign.com0 | |
http://sw.symcd.com0 | |
https://www.verisign.com/rpa | |
http://sw.symcb.com/sw.crl0 | |
https://www.verisign.com/rpa0 | |
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 | |
http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 | |
https://d.symcb.com/cps0% | |
http://s.symcd.com06 | |
http://sw1.symcb.com/sw.crt0 | |
http://crl.verisign.com/pca3-g5.crl04 | |
http://logo.verisign.com/vslogo.gif04 | |
https://d.symcb.com/rpa0@ | |
https://d.symcb.com/rpa0 | |
https://www.verisign.com/cps0 | |
http://s.symcd.com0_ | |
http://crl.thawte.com/ThawteTimestampingCA.crl0 | |
http://sf.symcb.com/sf.crl0a | |
http://ocsp.thawte.com0 | |
http://s.symcb.com/pca3-g5.crl0 | |
https://d.symcb.com/rpa0. | |
https://d.symcb.com/rpa0) | |
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( | |
http://sf.symcb.com/sf.crt0 | |
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( | |
http://ts-ocsp.ws.symantec.com0; | |
http://sf.symcd.com0& | |
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0< | |
http://ts-ocsp.ws.symantec.com07 |
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02_64 | Seven02_64 | VirtualBox | 2019-01-06 18:37:26 | 2019-01-06 18:40:23 | 177 |
16 Behaviors detected by system signatures
Anomalous binary characteristics
Severity: High
Confidence: High
- anomaly: Actual checksum does not match that reported in PE header
Creates a copy of itself
Severity: High
Confidence: Very High
- copy: C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f
- data: "C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe" ..
- key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f
- data: "C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe" ..
Uses Windows utilities for basic functionality
Severity: Medium
Confidence: High
- command: netsh firewall add allowedprogram "C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe" "Microsoft\xd8\xa2\xc2\xa9 Office.exe" ENABLE
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- url: http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
- url: http://ocsp.verisign.com/
- url: http://crl.verisign.com/pca3-g5.crl
- url: http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEB3hDe1UHVHnO8SG9JJJiDY%3D
- url: http://sf.symcd.com/
- url: http://sf.symcb.com/sf.crl
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- post_no_referer: HTTP traffic contains a POST request with no referer header
- suspicious_request: http://ocsp.verisign.com/
- suspicious_request: http://crl.verisign.com/pca3-g5.crl
- suspicious_request: http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEB3hDe1UHVHnO8SG9JJJiDY%3D
- suspicious_request: http://sf.symcd.com/
- suspicious_request: http://sf.symcb.com/sf.crl
Reads data out of its own binary image
Severity: Medium
Confidence: Low
- self_read: process: MicrosoftOffice.exe, pid: 2124, offset: 0x00000000, length: 0x00105d00
At least one IP Address, Domain, or File Name was found in a crypto call
Severity: Medium
Confidence: Very High
- ioc: r.o.1
- ioc: r.o.0
- ioc: http://sf.symcb.com/sf.crl0a
- ioc: https://d.symcb.com/cps0
- ioc: https://d.symcb.com/rpa0
- ioc: http://sf.symcd.com0
- ioc: http://sf.symcb.com/sf.crt0
Dynamic (imported) function loading detected
Severity: Medium
Confidence: Very High
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ADVAPI32.dll/RegEnumValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: mscoreei.dll/RegisterShimImplCallback
- DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
- DynamicLoader: mscoreei.dll/SetShellShimInstance
- DynamicLoader: mscoreei.dll/OnShimDllMainCalled
- DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorExeMain
- DynamicLoader: SHLWAPI.dll/UrlIsW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionAndSpinCount
- DynamicLoader: msvcrt.dll/_set_error_mode
- DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
- DynamicLoader: msvcrt.dll/_get_terminate
- DynamicLoader: KERNEL32.dll/FindActCtxSectionStringW
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
- DynamicLoader: mscorwks.dll/SetLoadedByMscoree
- DynamicLoader: mscorwks.dll/_CorExeMain
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
- DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
- DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
- DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
- DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
- DynamicLoader: ADVAPI32.dll/TraceEvent
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: mscoreei.dll/IEE_RetAddr
- DynamicLoader: mscoreei.dll/IEE
- DynamicLoader: mscorwks.dll/IEE
- DynamicLoader: MSCOREE.DLL/GetStartupFlags
- DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
- DynamicLoader: mscoreei.dll/GetStartupFlags
- DynamicLoader: MSCOREE.DLL/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
- DynamicLoader: mscoreei.dll/GetCORVersion
- DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
- DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream
- DynamicLoader: ntdll.dll/RtlVirtualUnwind
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/AddVectoredContinueHandler
- DynamicLoader: KERNEL32.dll/RemoveVectoredContinueHandler
- DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
- DynamicLoader: shell32.dll/SHGetFolderPathW
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/GetWriteWatch
- DynamicLoader: KERNEL32.dll/ResetWriteWatch
- DynamicLoader: KERNEL32.dll/CreateMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/QueryMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/GlobalMemoryStatusEx
- DynamicLoader: KERNEL32.dll/ProcessIdToSessionId
- DynamicLoader: IMM32.DLL/ImmCreateContext
- DynamicLoader: IMM32.DLL/ImmDestroyContext
- DynamicLoader: IMM32.DLL/ImmNotifyIME
- DynamicLoader: IMM32.DLL/ImmAssociateContext
- DynamicLoader: IMM32.DLL/ImmReleaseContext
- DynamicLoader: IMM32.DLL/ImmGetContext
- DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
- DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
- DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
- DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
- DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: mscorsec.dll/GetPublisher
- DynamicLoader: MSCOREE.DLL/CoInitializeEE
- DynamicLoader: mscoreei.dll/CoInitializeEE_RetAddr
- DynamicLoader: mscoreei.dll/CoInitializeEE
- DynamicLoader: mscorwks.dll/CoInitializeEE
- DynamicLoader: WINTRUST.dll/WintrustCertificateTrust
- DynamicLoader: mscorsec.dll/CORPolicyEE
- DynamicLoader: WINTRUST.dll/SoftpubInitialize
- DynamicLoader: WINTRUST.dll/SoftpubLoadMessage
- DynamicLoader: WINTRUST.dll/SoftpubLoadSignature
- DynamicLoader: WINTRUST.dll/SoftpubCheckCert
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
- DynamicLoader: WINTRUST.dll/DllCanUnloadNow
- DynamicLoader: WINTRUST.dll/CryptSIPPutSignedDataMsg
- DynamicLoader: WINTRUST.dll/CryptSIPGetSignedDataMsg
- DynamicLoader: imagehlp.dll/ImageGetCertificateData
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
- DynamicLoader: USER32.dll/LoadStringW
- DynamicLoader: ncrypt.dll/BCryptOpenAlgorithmProvider
- DynamicLoader: bcryptprimitives.dll/GetHashInterface
- DynamicLoader: ncrypt.dll/BCryptGetProperty
- DynamicLoader: ncrypt.dll/BCryptCreateHash
- DynamicLoader: ncrypt.dll/BCryptHashData
- DynamicLoader: WINTRUST.dll/CryptSIPVerifyIndirectData
- DynamicLoader: bcrypt.dll/BCryptOpenAlgorithmProvider
- DynamicLoader: bcryptprimitives.dll/GetHashInterface
- DynamicLoader: bcrypt.dll/BCryptGetProperty
- DynamicLoader: bcrypt.dll/BCryptCreateHash
- DynamicLoader: bcrypt.dll/BCryptHashData
- DynamicLoader: bcrypt.dll/BCryptFinishHash
- DynamicLoader: bcrypt.dll/BCryptDestroyHash
- DynamicLoader: bcrypt.dll/BCryptCloseAlgorithmProvider
- DynamicLoader: ncrypt.dll/BCryptFinishHash
- DynamicLoader: CRYPTSP.dll/CryptCreateHash
- DynamicLoader: CRYPTSP.dll/CryptSetHashParam
- DynamicLoader: CRYPTSP.dll/CryptImportKey
- DynamicLoader: CRYPTSP.dll/CryptVerifySignatureA
- DynamicLoader: CRYPTSP.dll/CryptDestroyKey
- DynamicLoader: CRYPTSP.dll/CryptDestroyHash
- DynamicLoader: ncrypt.dll/BCryptDestroyHash
- DynamicLoader: USERENV.dll/GetUserProfileDirectoryW
- DynamicLoader: sechost.dll/ConvertSidToStringSidW
- DynamicLoader: sechost.dll/ConvertStringSidToSidW
- DynamicLoader: USERENV.dll/RegisterGPNotification
- DynamicLoader: GPAPI.dll/RegisterGPNotificationInternal
- DynamicLoader: sechost.dll/OpenSCManagerW
- DynamicLoader: sechost.dll/OpenServiceW
- DynamicLoader: sechost.dll/CloseServiceHandle
- DynamicLoader: sechost.dll/QueryServiceConfigW
- DynamicLoader: sechost.dll/ConvertSidToStringSidW
- DynamicLoader: CRYPTSP.dll/CryptHashData
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/I_CryptNetGetConnectivity
- DynamicLoader: SensApi.dll/IsNetworkAlive
- DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
- DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
- DynamicLoader: RPCRT4.dll/NdrClientCall3
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: sechost.dll/OpenSCManagerW
- DynamicLoader: sechost.dll/OpenServiceW
- DynamicLoader: sechost.dll/QueryServiceConfigA
- DynamicLoader: sechost.dll/QueryServiceStatus
- DynamicLoader: sechost.dll/CloseServiceHandle
- DynamicLoader: RPCRT4.dll/RpcStringBindingComposeA
- DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingA
- DynamicLoader: RPCRT4.dll/RpcEpResolveBinding
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: RPCRT4.dll/RpcStringFreeA
- DynamicLoader: RPCRT4.dll/NdrClientCall3
- DynamicLoader: RPCRT4.dll/RpcBindingFree
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: WINHTTP.dll/WinHttpOpen
- DynamicLoader: WINHTTP.dll/WinHttpSetTimeouts
- DynamicLoader: WINHTTP.dll/WinHttpSetOption
- DynamicLoader: WINHTTP.dll/WinHttpCrackUrl
- DynamicLoader: SHLWAPI.dll/StrCmpNW
- DynamicLoader: WINHTTP.dll/WinHttpConnect
- DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
- DynamicLoader: WINHTTP.dll/WinHttpGetDefaultProxyConfiguration
- DynamicLoader: WINHTTP.dll/WinHttpGetIEProxyConfigForCurrentUser
- DynamicLoader: WINHTTP.dll/WinHttpSendRequest
- DynamicLoader: WS2_32.dll/GetAddrInfoW
- DynamicLoader: WS2_32.dll/WSASocketW
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/WSAIoctl
- DynamicLoader: WS2_32.dll/FreeAddrInfoW
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/WSARecv
- DynamicLoader: WS2_32.dll/WSASend
- DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
- DynamicLoader: WINHTTP.dll/WinHttpQueryHeaders
- DynamicLoader: WINHTTP.dll/WinHttpQueryDataAvailable
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WINHTTP.dll/WinHttpReadData
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
- DynamicLoader: RPCRT4.dll/RpcBindingFree
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCacheFlushInfo
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: cryptnet.dll/DllCanUnloadNow
- DynamicLoader: cryptnet.dll/CertDllVerifyRevocation
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCachePreFetchInfo
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCacheFlushInfo
- DynamicLoader: WINTRUST.dll/WintrustCertificateTrust
- DynamicLoader: WINTRUST.dll/SoftpubAuthenticode
- DynamicLoader: WINTRUST.dll/SoftpubInitialize
- DynamicLoader: WINTRUST.dll/SoftpubLoadMessage
- DynamicLoader: WINTRUST.dll/SoftpubLoadSignature
- DynamicLoader: WINTRUST.dll/SoftpubCheckCert
- DynamicLoader: WINTRUST.dll/SoftpubCleanup
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: MSCOREE.DLL/CoUninitializeEE
- DynamicLoader: mscoreei.dll/CoUninitializeEE_RetAddr
- DynamicLoader: mscoreei.dll/CoUninitializeEE
- DynamicLoader: mscorwks.dll/CoUninitializeEE
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: uxtheme.dll/ThemeInitApiHook
- DynamicLoader: USER32.dll/IsProcessDPIAware
- DynamicLoader: ole32.dll/CoGetContextToken
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetFullPathName
- DynamicLoader: KERNEL32.dll/GetFullPathNameW
- DynamicLoader: bcryptprimitives.dll/GetHashInterface
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/I_CryptNetGetConnectivity
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCacheFlushInfo
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
- DynamicLoader: ADVAPI32.dll/CryptReleaseContext
- DynamicLoader: ADVAPI32.dll/CryptCreateHash
- DynamicLoader: ADVAPI32.dll/CryptDestroyHash
- DynamicLoader: ADVAPI32.dll/CryptHashData
- DynamicLoader: ADVAPI32.dll/CryptGetHashParam
- DynamicLoader: ADVAPI32.dll/CryptImportKey
- DynamicLoader: ADVAPI32.dll/CryptExportKey
- DynamicLoader: ADVAPI32.dll/CryptGenKey
- DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
- DynamicLoader: ADVAPI32.dll/CryptDestroyKey
- DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
- DynamicLoader: ADVAPI32.dll/CryptSignHashA
- DynamicLoader: ADVAPI32.dll/CryptGetProvParam
- DynamicLoader: ADVAPI32.dll/CryptGetUserKey
- DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
- DynamicLoader: MSCOREE.DLL/GetMetaDataInternalInterface
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface_RetAddr
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorwks.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorjit.dll/getJit
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: KERNEL32.dll/GetUserDefaultUILanguage
- DynamicLoader: KERNEL32.dll/lstrlen
- DynamicLoader: KERNEL32.dll/lstrlenW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegSetValueEx
- DynamicLoader: ADVAPI32.dll/RegSetValueExW
- DynamicLoader: KERNEL32.dll/ReleaseMutex
- DynamicLoader: KERNEL32.dll/CreateMutex
- DynamicLoader: KERNEL32.dll/CreateMutexW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: KERNEL32.dll/SetErrorMode
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: KERNEL32.dll/SetErrorMode
- DynamicLoader: KERNEL32.dll/CreateFile
- DynamicLoader: KERNEL32.dll/CreateFileW
- DynamicLoader: KERNEL32.dll/GetFileType
- DynamicLoader: KERNEL32.dll/GetFileSize
- DynamicLoader: KERNEL32.dll/ReadFile
- DynamicLoader: KERNEL32.dll/WriteFile
- DynamicLoader: KERNEL32.dll/LocalAlloc
- DynamicLoader: KERNEL32.dll/RtlMoveMemory
- DynamicLoader: KERNEL32.dll/RtlMoveMemoryW
- DynamicLoader: shell32.dll/ShellExecuteEx
- DynamicLoader: shell32.dll/ShellExecuteExW
- DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
- DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
- DynamicLoader: comctl32.dll/
- DynamicLoader: KERNEL32.dll/LocalFree
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: ole32.dll/CoWaitForMultipleHandles
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
- DynamicLoader: CRYPTSP.dll/CryptGenRandom
- DynamicLoader: ole32.dll/NdrOleInitializeExtension
- DynamicLoader: ole32.dll/CoGetClassObject
- DynamicLoader: ole32.dll/CoGetMarshalSizeMax
- DynamicLoader: ole32.dll/CoMarshalInterface
- DynamicLoader: ole32.dll/CoUnmarshalInterface
- DynamicLoader: ole32.dll/StringFromIID
- DynamicLoader: ole32.dll/CoGetPSClsid
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: ole32.dll/CoCreateInstance
- DynamicLoader: ole32.dll/CoReleaseMarshalData
- DynamicLoader: ole32.dll/DcomChannelSetHResult
- DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
- DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
- DynamicLoader: RPCRT4.dll/RpcBindingFree
- DynamicLoader: comctl32.dll/
- DynamicLoader: KERNEL32.dll/CreateActCtxW
- DynamicLoader: KERNEL32.dll/AddRefActCtx
- DynamicLoader: KERNEL32.dll/ReleaseActCtx
- DynamicLoader: KERNEL32.dll/ActivateActCtx
- DynamicLoader: KERNEL32.dll/DeactivateActCtx
- DynamicLoader: KERNEL32.dll/GetCurrentActCtx
- DynamicLoader: KERNEL32.dll/QueryActCtxW
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: ADVAPI32.dll/EventUnregister
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ADVAPI32.dll/RegEnumValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: mscoreei.dll/RegisterShimImplCallback
- DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
- DynamicLoader: mscoreei.dll/SetShellShimInstance
- DynamicLoader: mscoreei.dll/OnShimDllMainCalled
- DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorExeMain
- DynamicLoader: SHLWAPI.dll/UrlIsW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionAndSpinCount
- DynamicLoader: msvcrt.dll/_set_error_mode
- DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
- DynamicLoader: msvcrt.dll/_get_terminate
- DynamicLoader: KERNEL32.dll/FindActCtxSectionStringW
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
- DynamicLoader: mscorwks.dll/SetLoadedByMscoree
- DynamicLoader: mscorwks.dll/_CorExeMain
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
- DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
- DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
- DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
- DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
- DynamicLoader: ADVAPI32.dll/TraceEvent
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: mscoreei.dll/IEE_RetAddr
- DynamicLoader: mscoreei.dll/IEE
- DynamicLoader: mscorwks.dll/IEE
- DynamicLoader: MSCOREE.DLL/GetStartupFlags
- DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
- DynamicLoader: mscoreei.dll/GetStartupFlags
- DynamicLoader: MSCOREE.DLL/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
- DynamicLoader: mscoreei.dll/GetCORVersion
- DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
- DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream
- DynamicLoader: ntdll.dll/RtlVirtualUnwind
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/AddVectoredContinueHandler
- DynamicLoader: KERNEL32.dll/RemoveVectoredContinueHandler
- DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
- DynamicLoader: shell32.dll/SHGetFolderPathW
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/GetWriteWatch
- DynamicLoader: KERNEL32.dll/ResetWriteWatch
- DynamicLoader: KERNEL32.dll/CreateMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/QueryMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/GlobalMemoryStatusEx
- DynamicLoader: KERNEL32.dll/ProcessIdToSessionId
- DynamicLoader: IMM32.DLL/ImmCreateContext
- DynamicLoader: IMM32.DLL/ImmDestroyContext
- DynamicLoader: IMM32.DLL/ImmNotifyIME
- DynamicLoader: IMM32.DLL/ImmAssociateContext
- DynamicLoader: IMM32.DLL/ImmReleaseContext
- DynamicLoader: IMM32.DLL/ImmGetContext
- DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
- DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
- DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
- DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
- DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: mscorsec.dll/GetPublisher
- DynamicLoader: MSCOREE.DLL/CoInitializeEE
- DynamicLoader: mscoreei.dll/CoInitializeEE_RetAddr
- DynamicLoader: mscoreei.dll/CoInitializeEE
- DynamicLoader: mscorwks.dll/CoInitializeEE
- DynamicLoader: WINTRUST.dll/WintrustCertificateTrust
- DynamicLoader: mscorsec.dll/CORPolicyEE
- DynamicLoader: WINTRUST.dll/SoftpubInitialize
- DynamicLoader: WINTRUST.dll/SoftpubLoadMessage
- DynamicLoader: WINTRUST.dll/SoftpubLoadSignature
- DynamicLoader: WINTRUST.dll/SoftpubCheckCert
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
- DynamicLoader: WINTRUST.dll/DllCanUnloadNow
- DynamicLoader: WINTRUST.dll/CryptSIPPutSignedDataMsg
- DynamicLoader: WINTRUST.dll/CryptSIPGetSignedDataMsg
- DynamicLoader: imagehlp.dll/ImageGetCertificateData
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
- DynamicLoader: USER32.dll/LoadStringW
- DynamicLoader: ncrypt.dll/BCryptOpenAlgorithmProvider
- DynamicLoader: bcryptprimitives.dll/GetHashInterface
- DynamicLoader: ncrypt.dll/BCryptGetProperty
- DynamicLoader: ncrypt.dll/BCryptCreateHash
- DynamicLoader: ncrypt.dll/BCryptHashData
- DynamicLoader: WINTRUST.dll/CryptSIPVerifyIndirectData
- DynamicLoader: bcrypt.dll/BCryptOpenAlgorithmProvider
- DynamicLoader: bcryptprimitives.dll/GetHashInterface
- DynamicLoader: bcrypt.dll/BCryptGetProperty
- DynamicLoader: bcrypt.dll/BCryptCreateHash
- DynamicLoader: bcrypt.dll/BCryptHashData
- DynamicLoader: bcrypt.dll/BCryptFinishHash
- DynamicLoader: bcrypt.dll/BCryptDestroyHash
- DynamicLoader: bcrypt.dll/BCryptCloseAlgorithmProvider
- DynamicLoader: ncrypt.dll/BCryptFinishHash
- DynamicLoader: CRYPTSP.dll/CryptCreateHash
- DynamicLoader: CRYPTSP.dll/CryptSetHashParam
- DynamicLoader: CRYPTSP.dll/CryptImportKey
- DynamicLoader: CRYPTSP.dll/CryptVerifySignatureA
- DynamicLoader: CRYPTSP.dll/CryptDestroyKey
- DynamicLoader: CRYPTSP.dll/CryptDestroyHash
- DynamicLoader: ncrypt.dll/BCryptDestroyHash
- DynamicLoader: USERENV.dll/GetUserProfileDirectoryW
- DynamicLoader: sechost.dll/ConvertSidToStringSidW
- DynamicLoader: sechost.dll/ConvertStringSidToSidW
- DynamicLoader: USERENV.dll/RegisterGPNotification
- DynamicLoader: GPAPI.dll/RegisterGPNotificationInternal
- DynamicLoader: sechost.dll/OpenSCManagerW
- DynamicLoader: sechost.dll/OpenServiceW
- DynamicLoader: sechost.dll/CloseServiceHandle
- DynamicLoader: sechost.dll/QueryServiceConfigW
- DynamicLoader: sechost.dll/ConvertSidToStringSidW
- DynamicLoader: CRYPTSP.dll/CryptHashData
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/I_CryptNetGetConnectivity
- DynamicLoader: SensApi.dll/IsNetworkAlive
- DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
- DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
- DynamicLoader: RPCRT4.dll/NdrClientCall3
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: sechost.dll/OpenSCManagerW
- DynamicLoader: sechost.dll/OpenServiceW
- DynamicLoader: sechost.dll/QueryServiceConfigA
- DynamicLoader: sechost.dll/QueryServiceStatus
- DynamicLoader: sechost.dll/CloseServiceHandle
- DynamicLoader: RPCRT4.dll/RpcStringBindingComposeA
- DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingA
- DynamicLoader: RPCRT4.dll/RpcEpResolveBinding
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: RPCRT4.dll/RpcStringFreeA
- DynamicLoader: RPCRT4.dll/NdrClientCall3
- DynamicLoader: RPCRT4.dll/RpcBindingFree
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: WINHTTP.dll/WinHttpOpen
- DynamicLoader: WINHTTP.dll/WinHttpSetTimeouts
- DynamicLoader: WINHTTP.dll/WinHttpSetOption
- DynamicLoader: WINHTTP.dll/WinHttpCrackUrl
- DynamicLoader: SHLWAPI.dll/StrCmpNW
- DynamicLoader: WINHTTP.dll/WinHttpConnect
- DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
- DynamicLoader: WINHTTP.dll/WinHttpGetDefaultProxyConfiguration
- DynamicLoader: WINHTTP.dll/WinHttpGetIEProxyConfigForCurrentUser
- DynamicLoader: WINHTTP.dll/WinHttpSendRequest
- DynamicLoader: WS2_32.dll/GetAddrInfoW
- DynamicLoader: WS2_32.dll/WSASocketW
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/WSAIoctl
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/WSARecv
- DynamicLoader: WS2_32.dll/WSASend
- DynamicLoader: WS2_32.dll/FreeAddrInfoW
- DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
- DynamicLoader: WINHTTP.dll/WinHttpQueryHeaders
- DynamicLoader: WINHTTP.dll/WinHttpQueryDataAvailable
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WINHTTP.dll/WinHttpReadData
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
- DynamicLoader: RPCRT4.dll/RpcBindingFree
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCacheFlushInfo
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: cryptnet.dll/DllCanUnloadNow
- DynamicLoader: cryptnet.dll/CertDllVerifyRevocation
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCachePreFetchInfo
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCacheFlushInfo
- DynamicLoader: WINTRUST.dll/WintrustCertificateTrust
- DynamicLoader: WINTRUST.dll/SoftpubAuthenticode
- DynamicLoader: WINTRUST.dll/SoftpubInitialize
- DynamicLoader: WINTRUST.dll/SoftpubLoadMessage
- DynamicLoader: WINTRUST.dll/SoftpubLoadSignature
- DynamicLoader: WINTRUST.dll/SoftpubCheckCert
- DynamicLoader: WINTRUST.dll/SoftpubCleanup
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: MSCOREE.DLL/CoUninitializeEE
- DynamicLoader: mscoreei.dll/CoUninitializeEE_RetAddr
- DynamicLoader: mscoreei.dll/CoUninitializeEE
- DynamicLoader: mscorwks.dll/CoUninitializeEE
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: uxtheme.dll/ThemeInitApiHook
- DynamicLoader: USER32.dll/IsProcessDPIAware
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetFullPathName
- DynamicLoader: KERNEL32.dll/GetFullPathNameW
- DynamicLoader: ole32.dll/CoGetContextToken
- DynamicLoader: bcryptprimitives.dll/GetHashInterface
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/I_CryptNetGetConnectivity
- DynamicLoader: cryptnet.dll/CryptGetObjectUrl
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
- DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCacheFlushInfo
- DynamicLoader: setupapi.dll/SetupIterateCabinetW
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: Cabinet.dll/
- DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
- DynamicLoader: ADVAPI32.dll/CryptReleaseContext
- DynamicLoader: ADVAPI32.dll/CryptCreateHash
- DynamicLoader: ADVAPI32.dll/CryptDestroyHash
- DynamicLoader: ADVAPI32.dll/CryptHashData
- DynamicLoader: ADVAPI32.dll/CryptGetHashParam
- DynamicLoader: ADVAPI32.dll/CryptImportKey
- DynamicLoader: ADVAPI32.dll/CryptExportKey
- DynamicLoader: ADVAPI32.dll/CryptGenKey
- DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
- DynamicLoader: ADVAPI32.dll/CryptDestroyKey
- DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
- DynamicLoader: ADVAPI32.dll/CryptSignHashA
- DynamicLoader: ADVAPI32.dll/CryptGetProvParam
- DynamicLoader: ADVAPI32.dll/CryptGetUserKey
- DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
- DynamicLoader: MSCOREE.DLL/GetMetaDataInternalInterface
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface_RetAddr
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorwks.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorjit.dll/getJit
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: KERNEL32.dll/GetUserDefaultUILanguage
- DynamicLoader: KERNEL32.dll/lstrlen
- DynamicLoader: KERNEL32.dll/lstrlenW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegSetValueEx
- DynamicLoader: ADVAPI32.dll/RegSetValueExW
- DynamicLoader: KERNEL32.dll/ReleaseMutex
- DynamicLoader: KERNEL32.dll/CreateMutex
- DynamicLoader: KERNEL32.dll/CreateMutexW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: USER32.dll/SendMessageTimeout
- DynamicLoader: USER32.dll/SendMessageTimeoutA
- DynamicLoader: KERNEL32.dll/GetACP
- DynamicLoader: KERNEL32.dll/UnmapViewOfFile
- DynamicLoader: KERNEL32.dll/GetStartupInfo
- DynamicLoader: KERNEL32.dll/GetStartupInfoW
- DynamicLoader: KERNEL32.dll/CreateProcess
- DynamicLoader: KERNEL32.dll/CreateProcessW
- DynamicLoader: KERNEL32.dll/WaitForSingleObject
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/SetErrorMode
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: KERNEL32.dll/SetErrorMode
- DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
- DynamicLoader: mscoreei.dll/LoadLibraryShim
- DynamicLoader: culture.dll/ConvertLangIdToCultureName
- DynamicLoader: USER32.dll/GetAsyncKeyState
- DynamicLoader: USER32.dll/RegisterWindowMessage
- DynamicLoader: USER32.dll/RegisterWindowMessageW
- DynamicLoader: USER32.dll/GetKeyState
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: KERNEL32.dll/GetCurrentThread
- DynamicLoader: KERNEL32.dll/DuplicateHandle
- DynamicLoader: KERNEL32.dll/GetCurrentThreadId
- DynamicLoader: USER32.dll/GetSystemMetrics
- DynamicLoader: KERNEL32.dll/GetModuleHandle
- DynamicLoader: KERNEL32.dll/GetModuleHandleW
- DynamicLoader: KERNEL32.dll/GetProcAddress
- DynamicLoader: USER32.dll/DefWindowProcW
- DynamicLoader: GDI32.dll/GetStockObject
- DynamicLoader: USER32.dll/RegisterClass
- DynamicLoader: USER32.dll/RegisterClassW
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: USER32.dll/CreateWindowEx
- DynamicLoader: USER32.dll/CreateWindowExW
- DynamicLoader: USER32.dll/SetWindowLongPtr
- DynamicLoader: USER32.dll/SetWindowLongPtrW
- DynamicLoader: USER32.dll/GetWindowLongPtr
- DynamicLoader: USER32.dll/GetWindowLongPtrW
- DynamicLoader: USER32.dll/SetWindowLongPtr
- DynamicLoader: USER32.dll/SetWindowLongPtrW
- DynamicLoader: USER32.dll/CallWindowProc
- DynamicLoader: USER32.dll/CallWindowProcW
- DynamicLoader: USER32.dll/GetClientRect
- DynamicLoader: USER32.dll/GetWindowRect
- DynamicLoader: USER32.dll/GetParent
- DynamicLoader: ole32.dll/OleInitialize
- DynamicLoader: ole32.dll/CoRegisterMessageFilter
- DynamicLoader: USER32.dll/PeekMessage
- DynamicLoader: USER32.dll/PeekMessageW
- DynamicLoader: USER32.dll/GetKeyState
- DynamicLoader: USER32.dll/GetKeyboardState
- DynamicLoader: USER32.dll/MapVirtualKey
- DynamicLoader: USER32.dll/MapVirtualKeyA
- DynamicLoader: USER32.dll/GetForegroundWindow
- DynamicLoader: USER32.dll/GetWindowThreadProcessId
- DynamicLoader: USER32.dll/GetKeyboardLayout
- DynamicLoader: USER32.dll/ToUnicodeEx
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: KERNEL32.dll/GetCurrentProcessW
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: KERNEL32.dll/CreateFile
- DynamicLoader: KERNEL32.dll/CreateFileW
- DynamicLoader: KERNEL32.dll/GetFileType
- DynamicLoader: KERNEL32.dll/GetFileSize
- DynamicLoader: KERNEL32.dll/ReadFile
- DynamicLoader: MSCOREE.DLL/ND_RI2
- DynamicLoader: mscoreei.dll/ND_RI2_RetAddr
- DynamicLoader: mscoreei.dll/ND_RI2
- DynamicLoader: WS2_32.dll/WSAStartup
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: WS2_32.dll/WSASocket
- DynamicLoader: WS2_32.dll/WSASocketW
- DynamicLoader: WS2_32.dll/setsockopt
- DynamicLoader: WS2_32.dll/WSAEventSelect
- DynamicLoader: WS2_32.dll/ioctlsocket
- DynamicLoader: WS2_32.dll/closesocket
- DynamicLoader: KERNEL32.dll/GetCurrentProcessId
- DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
- DynamicLoader: KERNEL32.dll/GetComputerName
- DynamicLoader: KERNEL32.dll/GetComputerNameW
- DynamicLoader: ADVAPI32.dll/RegQueryValueEx
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptor
- DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
- DynamicLoader: KERNEL32.dll/LocalFree
- DynamicLoader: KERNEL32.dll/CreateFileMapping
- DynamicLoader: KERNEL32.dll/CreateFileMappingW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/MapViewOfFile
- DynamicLoader: KERNEL32.dll/UnmapViewOfFile
- DynamicLoader: KERNEL32.dll/VirtualQuery
- DynamicLoader: ADVAPI32.dll/CreateWellKnownSid
- DynamicLoader: ADVAPI32.dll/CreateWellKnownSidW
- DynamicLoader: KERNEL32.dll/WaitForSingleObject
- DynamicLoader: KERNEL32.dll/OpenMutex
- DynamicLoader: KERNEL32.dll/OpenMutexW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/OpenProcess
- DynamicLoader: KERNEL32.dll/OpenProcessW
- DynamicLoader: KERNEL32.dll/GetProcessTimes
- DynamicLoader: KERNEL32.dll/GetProcessTimesW
- DynamicLoader: WS2_32.dll/setsockopt
- DynamicLoader: WS2_32.dll/inet_addr
- DynamicLoader: WS2_32.dll/WSAConnect
- DynamicLoader: KERNEL32.dll/FormatMessage
- DynamicLoader: KERNEL32.dll/FormatMessageW
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/OpenProcess
- DynamicLoader: KERNEL32.dll/OpenProcessW
- DynamicLoader: KERNEL32.dll/GetExitCodeProcess
- DynamicLoader: KERNEL32.dll/GetExitCodeProcessW
- DynamicLoader: KERNEL32.dll/GetProcessWorkingSetSize
- DynamicLoader: KERNEL32.dll/GetProcessWorkingSetSizeW
- DynamicLoader: KERNEL32.dll/SetProcessWorkingSetSize
- DynamicLoader: KERNEL32.dll/SetProcessWorkingSetSizeW
- DynamicLoader: WS2_32.dll/shutdown
- DynamicLoader: USER32.dll/GetWindowTextLengthA
- DynamicLoader: USER32.dll/GetWindowTextA
- DynamicLoader: WS2_32.dll/
- DynamicLoader: WS2_32.dll/
- DynamicLoader: ADVAPI32.dll/RegCreateKeyEx
- DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
- DynamicLoader: RASMONTR.DLL/InitHelperDll
- DynamicLoader: NSHWFP.DLL/InitHelperDll
- DynamicLoader: DHCPCMONITOR.DLL/InitHelperDll
- DynamicLoader: WSHELPER.DLL/InitHelperDll
- DynamicLoader: NSHHTTP.DLL/InitHelperDll
- DynamicLoader: FWCFG.DLL/InitHelperDll
- DynamicLoader: AUTHFWCFG.DLL/InitHelperDll
- DynamicLoader: IFMON.DLL/InitHelperDll
- DynamicLoader: NETIOHLP.DLL/InitHelperDll
- DynamicLoader: WHHELPER.DLL/InitHelperDll
- DynamicLoader: HNETMON.DLL/InitHelperDll
- DynamicLoader: RPCNSH.DLL/InitHelperDll
- DynamicLoader: DOT3CFG.DLL/InitHelperDll
- DynamicLoader: NAPMONTR.DLL/InitHelperDll
- DynamicLoader: NSHIPSEC.DLL/InitHelperDll
- DynamicLoader: NETTRACE.DLL/InitHelperDll
- DynamicLoader: WCNNETSH.DLL/InitHelperDll
- DynamicLoader: P2PNETSH.DLL/InitHelperDll
- DynamicLoader: WWANCFG.DLL/InitHelperDll
- DynamicLoader: WLANCFG.DLL/InitHelperDll
- DynamicLoader: PEERDISTSH.DLL/InitHelperDll
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: uxtheme.dll/ThemeInitApiHook
- DynamicLoader: USER32.dll/IsProcessDPIAware
- DynamicLoader: USER32.dll/LoadStringW
- DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: sechost.dll/OpenSCManagerW
- DynamicLoader: sechost.dll/OpenServiceW
- DynamicLoader: sechost.dll/QueryServiceConfigW
- DynamicLoader: sechost.dll/CloseServiceHandle
- DynamicLoader: sechost.dll/QueryServiceStatus
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
- DynamicLoader: CRYPTSP.dll/CryptGenRandom
- DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
- DynamicLoader: HTTPAPI.dll/HttpInitialize
- DynamicLoader: USERENV.dll/RegisterGPNotification
- DynamicLoader: USERENV.dll/UnregisterGPNotification
- DynamicLoader: GPAPI.dll/RegisterGPNotificationInternal
- DynamicLoader: sechost.dll/OpenSCManagerW
- DynamicLoader: sechost.dll/OpenServiceW
- DynamicLoader: sechost.dll/CloseServiceHandle
- DynamicLoader: sechost.dll/QueryServiceConfigW
- DynamicLoader: bcryptprimitives.dll/GetHashInterface
- DynamicLoader: bcryptprimitives.dll/GetCipherInterface
- DynamicLoader: kernel32.dll/SetThreadUILanguage
- DynamicLoader: MPRMSG.dll/MprmsgGetErrorString
- DynamicLoader: ole32.dll/CoUninitialize
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: HTTPAPI.dll/HttpTerminate
- DynamicLoader: GPAPI.dll/UnregisterGPNotificationInternal
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: comctl32.dll/
Guard pages use detected - possible anti-debugging.
Severity: Medium
Confidence: Very High
Anomalous file deletion behavior detected (10+)
Severity: Medium
Confidence: Very High
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab5039.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar503A.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab51E1.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar51E2.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab5454.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar5464.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab55CD.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar55CE.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab564C.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar564D.tmp
- DeletedFile: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2124.24150500
- DeletedFile: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2124.24150500
- DeletedFile: C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2124.24150546
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab1493.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar1494.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab1560.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar1561.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab17B3.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar17B4.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab1861.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar1862.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Cab191F.tmp
- DeletedFile: C:\Users\Seven01\AppData\Local\Temp\Tar1920.tmp
Creates RWX memory
Severity: Medium
Confidence: Medium
Presents an Authenticode digital signature
Severity: Low
Confidence: Low
- md5_fingerprint: e0c22c51dfc277f24116a4b4fdd530a8
- sha1_fingerprint: f83099622b4a9f72cb5081f742164ad1b8d048c9
- cn: ESET, spol. s r.o.
- sn: 39716161145364446333944806422161754166
Attempts to connect to a dead IP:Port (2 unique times)
Severity: Low
Confidence: Very High
- IP: 82.102.229.134:1090 (Palestinian Territory)
- IP: 192.168.56.1:80
SetUnhandledExceptionFilter detected (possible anti-debug)
Severity: Low
Confidence: Very High
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02_64 | Seven02_64 | VirtualBox | 2019-01-06 18:37:26 | 2019-01-06 18:40:23 | 177 |
10 Summary items with data
Files
C:\Windows\sysnative\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework64\* C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\MicrosoftOffice.exe.config C:\Users\Seven01\AppData\Local\Temp\MicrosoftOffice.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\sysnative\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\sysnative\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Local\Temp\MicrosoftOffice.exe.Local\ C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll C:\Windows C:\Windows\winsxs C:\Windows\Microsoft.NET\Framework64\v4.0.30319 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework64\v2.0.50727\fusion.localgac C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll C:\Windows\sysnative\p2pcollab.dll C:\Windows\sysnative\QAGENTRT.DLL C:\Windows\sysnative\dnsapi.dll C:\Windows\sysnative\fveui.dll C:\Windows\sysnative\it-IT\CRYPT32.dll.mui C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\* C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\* C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\* C:\Users\Seven01\AppData\Local\Temp\Cab5039.tmp C:\Users\Seven01\AppData\Local\Temp\Tar503A.tmp C:\Users\Seven01\AppData\Local\Temp\ C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui C:\Users\Seven01\AppData\LocalLow C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Users\Seven01\AppData\Local\Temp\Cab51E1.tmp C:\Users\Seven01\AppData\Local\Temp\Tar51E2.tmp C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_* C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_E9915110418DBDEA47BB3BFCDB24CFF1 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_E9915110418DBDEA47BB3BFCDB24CFF1 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_* C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_EB45958463869A839B2E6A0ABE8A149F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_EB45958463869A839B2E6A0ABE8A149F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_02977A0D64EBA9865C07472AE488F9FA C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_02977A0D64EBA9865C07472AE488F9FA C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D C:\Users\Seven01\AppData\Local\Temp\Cab5454.tmp C:\Users\Seven01\AppData\Local\Temp\Tar5464.tmp C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ole32.dll C:\Windows\sysnative\l_intl.nls C:\Users\Seven01\AppData\Local\Temp\Cab55CD.tmp C:\Users\Seven01\AppData\Local\Temp\Tar55CE.tmp C:\Users\Seven01\AppData\Local\Temp\Cab564C.tmp C:\Users\Seven01\AppData\Local\Temp\Tar564D.tmp C:\Users\Seven01\AppData\Local\Temp\MicrosoftOffice.INI C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol26.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI C:\Windows\Globalization\it-it.nlp C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll \??\MountPointManager C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2124.24150500 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2124.24150500 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2124.24150546 C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe.config C:\Users\Seven01\AppData\Roaming\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe.Local\ C:\Users\Seven01\AppData\Roaming C:\Users\Seven01\AppData\Local\Temp\Cab1493.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1494.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1560.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1561.tmp C:\Users\Seven01\AppData\Local\Temp\Cab17B3.tmp C:\Users\Seven01\AppData\Local\Temp\Tar17B4.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1861.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1862.tmp C:\Users\Seven01\AppData\Local\Temp\Cab191F.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1920.tmp C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.INI C:\Windows\Globalization\en-us.nlp C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources.dll C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources.exe C:\Users\Seven01\AppData\Roaming\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll C:\Windows\Globalization\it.nlp C:\Windows\assembly\GAC_64\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll C:\Windows\Globalization\en.nlp C:\Windows\sysnative\tzres.dll C:\Windows\sysnative\it-IT\tzres.dll.mui \Device\KsecDD \Device\Http\Communication C:\Windows\sysnative\it-IT\FWCFG.DLL.mui C:\Windows\sysnative\DHCPQEC.DLL C:\Windows\sysnative\it-IT\DhcpQEC.dll.mui C:\Windows\sysnative\napipsec.dll C:\Windows\sysnative\it-IT\napipsec.dll.mui C:\Windows\sysnative\tsgqec.dll C:\Windows\sysnative\it-IT\tsgqec.dll.mui C:\Windows\sysnative\EAPQEC.DLL C:\Windows\sysnative\it-IT\eapqec.dll.mui C:\Windows\sysnative\it-IT\P2PNETSH.DLL.mui
Read Files
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\MicrosoftOffice.exe.config C:\Users\Seven01\AppData\Local\Temp\MicrosoftOffice.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcr80.dll C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_64\index148.dat C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9469491f37d9c35b596968b206615309\mscorlib.ni.dll C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll C:\Windows\sysnative\it-IT\CRYPT32.dll.mui C:\Users\Seven01\AppData\Local\Temp\Cab5039.tmp C:\Users\Seven01\AppData\Local\Temp\Tar503A.tmp C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Users\Seven01\AppData\Local\Temp\Cab51E1.tmp C:\Users\Seven01\AppData\Local\Temp\Tar51E2.tmp C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_E9915110418DBDEA47BB3BFCDB24CFF1 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_E9915110418DBDEA47BB3BFCDB24CFF1 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_EB45958463869A839B2E6A0ABE8A149F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_EB45958463869A839B2E6A0ABE8A149F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_02977A0D64EBA9865C07472AE488F9FA C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_02977A0D64EBA9865C07472AE488F9FA C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D C:\Users\Seven01\AppData\Local\Temp\Cab5454.tmp C:\Users\Seven01\AppData\Local\Temp\Tar5464.tmp C:\Windows\sysnative\l_intl.nls C:\Users\Seven01\AppData\Local\Temp\Cab55CD.tmp C:\Users\Seven01\AppData\Local\Temp\Tar55CE.tmp C:\Users\Seven01\AppData\Local\Temp\Cab564C.tmp C:\Users\Seven01\AppData\Local\Temp\Tar564D.tmp C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol26.dat C:\Windows\assembly\NativeImages_v2.0.50727_64\System\adff7dd9fe8e541775c46b6363401b22\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\684eae3bcd28cb6d1e6997e6497056e2\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\5910828a337dbe848dc90c7ae0a7dee2\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\6c352ff9e3603b0e69d969ff7e7632f5\System.Windows.Forms.ni.dll C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe.config C:\Users\Seven01\AppData\Local\Temp\Cab1493.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1494.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1560.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1561.tmp C:\Users\Seven01\AppData\Local\Temp\Cab17B3.tmp C:\Users\Seven01\AppData\Local\Temp\Tar17B4.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1861.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1862.tmp C:\Users\Seven01\AppData\Local\Temp\Cab191F.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1920.tmp C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework64\v2.0.50727\it\mscorrc.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\091b931d0f6408001747dbbbb05dbe66\System.Configuration.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\ee795155543768ea67eecddc686a1e9e\System.Xml.ni.dll C:\Windows\sysnative\tzres.dll C:\Windows\sysnative\it-IT\tzres.dll.mui \Device\KsecDD \Device\Http\Communication C:\Windows\sysnative\it-IT\FWCFG.DLL.mui C:\Windows\sysnative\it-IT\DhcpQEC.dll.mui C:\Windows\sysnative\napipsec.dll C:\Windows\sysnative\it-IT\napipsec.dll.mui C:\Windows\sysnative\tsgqec.dll C:\Windows\sysnative\it-IT\tsgqec.dll.mui C:\Windows\sysnative\EAPQEC.DLL C:\Windows\sysnative\it-IT\eapqec.dll.mui C:\Windows\sysnative\it-IT\P2PNETSH.DLL.mui
Write Files
C:\Users\Seven01\AppData\Local\Temp\Cab5039.tmp C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Users\Seven01\AppData\Local\Temp\Cab51E1.tmp C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_E9915110418DBDEA47BB3BFCDB24CFF1 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_E9915110418DBDEA47BB3BFCDB24CFF1 C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_EB45958463869A839B2E6A0ABE8A149F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_EB45958463869A839B2E6A0ABE8A149F C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_02977A0D64EBA9865C07472AE488F9FA C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_02977A0D64EBA9865C07472AE488F9FA C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D C:\Users\Seven01\AppData\Local\Temp\Cab5454.tmp C:\Users\Seven01\AppData\Local\Temp\Cab55CD.tmp C:\Users\Seven01\AppData\Local\Temp\Cab564C.tmp C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe C:\Users\Seven01\AppData\Local\Temp\Cab1493.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1560.tmp C:\Users\Seven01\AppData\Local\Temp\Cab17B3.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1861.tmp C:\Users\Seven01\AppData\Local\Temp\Cab191F.tmp \Device\Http\Communication
Delete Files
C:\Users\Seven01\AppData\Local\Temp\Cab5039.tmp C:\Users\Seven01\AppData\Local\Temp\Tar503A.tmp C:\Users\Seven01\AppData\Local\Temp\Cab51E1.tmp C:\Users\Seven01\AppData\Local\Temp\Tar51E2.tmp C:\Users\Seven01\AppData\Local\Temp\Cab5454.tmp C:\Users\Seven01\AppData\Local\Temp\Tar5464.tmp C:\Users\Seven01\AppData\Local\Temp\Cab55CD.tmp C:\Users\Seven01\AppData\Local\Temp\Tar55CE.tmp C:\Users\Seven01\AppData\Local\Temp\Cab564C.tmp C:\Users\Seven01\AppData\Local\Temp\Tar564D.tmp C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\security.config.cch.2124.24150500 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\enterprisesec.config.cch.2124.24150500 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\64bit\security.config.cch.2124.24150546 C:\Users\Seven01\AppData\Local\Temp\Cab1493.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1494.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1560.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1561.tmp C:\Users\Seven01\AppData\Local\Temp\Cab17B3.tmp C:\Users\Seven01\AppData\Local\Temp\Tar17B4.tmp C:\Users\Seven01\AppData\Local\Temp\Cab1861.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1862.tmp C:\Users\Seven01\AppData\Local\Temp\Cab191F.tmp C:\Users\Seven01\AppData\Local\Temp\Tar1920.tmp
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir HKEY_CURRENT_USER\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v2.0.50727 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftOffice.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_CURRENT_USER\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1 HKEY_CURRENT_USER HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{31D1ADC1-D329-11D1-8ED8-0080C76516C6} HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllPutSignedDataMsg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{000C10F1-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{AB13F5B1-F718-11D0-82AA-00AA00C065E1} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{BA08A66F-113B-4D58-9329-A1B37AF30F0E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllGetSignedDataMsg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7 HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\LanguageList HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7 HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7 HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7 HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\System32\fveui.dll,-843 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7 HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\System32\fveui.dll,-844 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{000C10F1-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{06C9E010-38CE-11D4-A2A3-00104BD35090} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{1A610570-38CE-11D4-A2A3-00104BD35090} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{603BCC1F-4B59-4E08-B724-D2C6297EF351} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{AB13F5B1-F718-11D0-82AA-00AA00C065E1} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{BA08A66F-113B-4D58-9329-A1B37AF30F0E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllVerifyIndirectData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObjectEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObjectEx\1.2.840.113549.1.9.16.2.4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllEncodeObject HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2009 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.11 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.25 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllConvertPublicKeyInfo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllConvertPublicKeyInfo HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs HKEY_CURRENT_USER\ HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\ HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel HKEY_LOCAL_MACHINE\System\Setup HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\UrlDllGetObjectUrl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\UrlDllGetObjectUrl HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Escalation HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\WMR HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\8677CB12 HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyRevocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyRevocation\DEFAULT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\TimeValidDllGetObject HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\TimeValidDllGetObject HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetCachedOcspSwitchToCrlCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetMaxCachedOcspPerCrlCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\43859221\3dd4fcd0 HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\internal\jit\Perf HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index26 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_CURRENT_USER\di HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Classes HKEY_CURRENT_USER\Software\Classes\AppID\MicrosoftOffice.exe HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Microsoft\xd8\xa2\xc2\xa9 Office.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\B099D613 HKEY_CURRENT_USER\Environment HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_CURRENT_USER\Software\6e81135290a3cbb3f16e9591f0e8666f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\40dcb014 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft\xd8\xa2\xc2\xa9 Office.exe HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft\xd8\xa2\xc2\xa9 Office.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Roaming|Microsoft\xd8\xa2\xc2\xa9 Office.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\5e8c75c\1ffc8ca7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names HKEY_CURRENT_USER\Software\6e81135290a3cbb3f16e9591f0e8666f\[kl] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\DisabledComponents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iphlpsvc\Config HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\config\Connectivity_Platform_Enabled HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups\ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enable Tracing HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Tracing Level HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-100 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-101 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-103 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-102 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-4 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-3 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-100 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-101 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-102 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-103 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-100 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-101 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-102 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-103 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79617 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\PlumbIpsecPolicy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79619 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79621 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79623 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\UI HKEY_CURRENT_USER\Software\Classes\AppID\netsh.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F6C4EC9A HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetTrace HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetTrace\Scenarios HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\NetTrace HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\NetTrace\Session HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetTrace\DebugFlags HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\PeerDist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\PolicyProvider HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PeerDist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\Enable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\PolicyRefreshInProgress HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\TransportDllPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\CryptoAlgo HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Protocol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Protocol HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Download HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Download HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Discovery HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Discovery HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Upload HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Upload HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\UtilityIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\UtilityIndex HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Peers\Connection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Peers\Connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\SecurityManager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\BlockSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\NumBlocksPerSegment HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\SecurityManager\Restricted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted\Seed HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CacheMgr\Republication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Publication HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CacheMgr\Publication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HandleMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HandleMgr HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\Connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ServerRole HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ClientAuth HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\TransportDllPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousDownloads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousUploads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingOffers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingDownloads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\DoNotUseSSL HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CooperativeCaching HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DiscoveryManager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\RepubQuorumSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\MinBackoffWindow HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\DiscoveryProviderDllPath HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Publisher HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Publisher HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Roaming HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\ForceRoamingDetect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshDllName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshProcName
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\index148\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\181938c6\7950e2c5\82\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\7950e2c5\19b8f67f\82\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\$Function HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\Safety Warning Level HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\System32\fveui.dll,-843 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\System32\fveui.dll,-844 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\8677CB12 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetCachedOcspSwitchToCrlCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetMaxCachedOcspPerCrlCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CseOn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeInline HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\PInvokeCalliOpt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NewGCCalc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TURNOFFDEBUGINFO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableHotCold HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index26 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\30bc7c4f\3f50fe4f\90\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\424bd4d8\1c83327b\8e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\19ab8d57\1bd7b0d8\8f\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3f50fe4f\6f1da7aa\90\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\1c22df2f\4f99a7c9\35\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\c991064\2bd33e1c\81\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\6dc7d4c0\a5cd4db\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\3ced59c5\1b2590b1\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\f6e8397\46ad0879\77\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2b1a4e4\38a3212c\4c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\24bf93f6\3d7304a5\76\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\4f99a7c9\53bea2b0\35\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,AMD64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\61e7e666\c991064\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\475dce40\2d382ce6\8d\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\2dd6ac50\163e1f5e\8a\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\41c04c7e\7f3b6ac4\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\3cca06a0\6dc7d4c0\84\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_CURRENT_USER\di HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3512230a-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122306-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Data HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{35122307-fb0b-11e5-b945-806e6f6e6963}\Generation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\B099D613 HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\159a66b8\424bd4d8\8f\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\NI\6faf58\19ab8d57\8e\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_64\IL\75638fee\7566cac\8c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names HKEY_CURRENT_USER\Software\6e81135290a3cbb3f16e9591f0e8666f\[kl] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\DisabledComponents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\config\Connectivity_Platform_Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enable Tracing HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Tracing Level HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-100 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-101 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-103 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-102 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-4 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-3 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-100 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-101 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-102 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-103 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Friendly Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-100 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Description HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-101 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Version HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-102 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Vendor Name HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-103 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Info Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Config Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Validator Clsid HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Registration Date HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Component Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\PlumbIpsecPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F6C4EC9A HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetTrace\DebugFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\Enable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\PolicyRefreshInProgress HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\TransportDllPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\CryptoAlgo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\BlockSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\NumBlocksPerSegment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted\Seed HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ServerRole HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ClientAuth HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\TransportDllPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousDownloads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousUploads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingOffers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingDownloads HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\DoNotUseSSL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\RepubQuorumSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\MinBackoffWindow HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\DiscoveryProviderDllPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\ForceRoamingDetect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshDllName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshProcName
Write Keys
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\LanguageList HKEY_CURRENT_USER\di HKEY_CURRENT_USER\Environment\SEE_MASK_NOZONECHECKS HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6e81135290a3cbb3f16e9591f0e8666f HKEY_CURRENT_USER\Software\6e81135290a3cbb3f16e9591f0e8666f HKEY_CURRENT_USER\Software\6e81135290a3cbb3f16e9591f0e8666f\[kl] HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-100 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-101 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-103 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\dhcpqec.dll,-102 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-1 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-2 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-4 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\napipsec.dll,-3 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-100 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-101 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-102 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\tsgqec.dll,-103 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-100 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-101 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-102 HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\37\7F06864B\@%SystemRoot%\system32\eapqec.dll,-103
Delete Keys
Nothing to display
Mutexes
Global\CLR_CASOFF_MUTEX 6e81135290a3cbb3f16e9591f0e8666f Global\.net clr networking
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW kernel32.dll.InitializeCriticalSectionAndSpinCount msvcrt.dll._set_error_mode msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z kernel32.dll.FindActCtxSectionStringW kernel32.dll.GetSystemWindowsDirectoryW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap mscorwks.dll._CorExeMain mscorwks.dll.GetCLRFunction advapi32.dll.RegisterTraceGuidsW advapi32.dll.UnregisterTraceGuids advapi32.dll.GetTraceLoggerHandle advapi32.dll.GetTraceEnableLevel advapi32.dll.GetTraceEnableFlags advapi32.dll.TraceEvent mscoree.dll.IEE mscoreei.dll.IEE mscorwks.dll.IEE mscoree.dll.GetStartupFlags mscoreei.dll.GetStartupFlags mscoree.dll.GetHostConfigurationFile mscoreei.dll.GetHostConfigurationFile mscoreei.dll.GetCORVersion mscoree.dll.GetCORSystemDirectory mscoreei.dll.GetCORSystemDirectory_RetAddr mscoreei.dll.CreateConfigStream ntdll.dll.RtlVirtualUnwind kernel32.dll.IsWow64Process advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddVectoredContinueHandler kernel32.dll.RemoveVectoredContinueHandler advapi32.dll.ConvertSidToStringSidW shell32.dll.SHGetFolderPathW kernel32.dll.GetWriteWatch kernel32.dll.ResetWriteWatch kernel32.dll.CreateMemoryResourceNotification kernel32.dll.QueryMemoryResourceNotification kernel32.dll.GlobalMemoryStatusEx kernel32.dll.ProcessIdToSessionId imm32.dll.ImmCreateContext imm32.dll.ImmDestroyContext imm32.dll.ImmNotifyIME imm32.dll.ImmAssociateContext imm32.dll.ImmReleaseContext imm32.dll.ImmGetContext imm32.dll.ImmGetCompositionStringA imm32.dll.ImmSetCompositionStringA imm32.dll.ImmGetCompositionStringW imm32.dll.ImmSetCompositionStringW imm32.dll.ImmSetCandidateWindow mscorsec.dll.GetPublisher mscoree.dll.CoInitializeEE mscoreei.dll.CoInitializeEE mscorwks.dll.CoInitializeEE wintrust.dll.WintrustCertificateTrust mscorsec.dll.CORPolicyEE wintrust.dll.SoftpubInitialize wintrust.dll.SoftpubLoadMessage wintrust.dll.SoftpubLoadSignature wintrust.dll.SoftpubCheckCert cryptsp.dll.CryptAcquireContextA wintrust.dll.CryptSIPPutSignedDataMsg wintrust.dll.CryptSIPGetSignedDataMsg imagehlp.dll.ImageGetCertificateData user32.dll.LoadStringW ncrypt.dll.BCryptOpenAlgorithmProvider bcryptprimitives.dll.GetHashInterface ncrypt.dll.BCryptGetProperty ncrypt.dll.BCryptCreateHash ncrypt.dll.BCryptHashData wintrust.dll.CryptSIPVerifyIndirectData bcrypt.dll.BCryptOpenAlgorithmProvider bcrypt.dll.BCryptGetProperty bcrypt.dll.BCryptCreateHash bcrypt.dll.BCryptHashData bcrypt.dll.BCryptFinishHash bcrypt.dll.BCryptDestroyHash bcrypt.dll.BCryptCloseAlgorithmProvider ncrypt.dll.BCryptFinishHash cryptsp.dll.CryptCreateHash cryptsp.dll.CryptSetHashParam cryptsp.dll.CryptImportKey cryptsp.dll.CryptVerifySignatureA cryptsp.dll.CryptDestroyKey cryptsp.dll.CryptDestroyHash ncrypt.dll.BCryptDestroyHash userenv.dll.GetUserProfileDirectoryW sechost.dll.ConvertSidToStringSidW sechost.dll.ConvertStringSidToSidW userenv.dll.RegisterGPNotification gpapi.dll.RegisterGPNotificationInternal sechost.dll.OpenSCManagerW sechost.dll.OpenServiceW sechost.dll.CloseServiceHandle sechost.dll.QueryServiceConfigW cryptsp.dll.CryptHashData cryptnet.dll.CryptGetObjectUrl cryptnet.dll.I_CryptNetGetConnectivity sensapi.dll.IsNetworkAlive rpcrt4.dll.RpcBindingFromStringBindingW rpcrt4.dll.RpcBindingSetAuthInfoExW rpcrt4.dll.NdrClientCall3 cryptnet.dll.CryptRetrieveObjectByUrlW setupapi.dll.SetupIterateCabinetW cabinet.dll.#20 cabinet.dll.#22 cabinet.dll.#23 sechost.dll.QueryServiceConfigA sechost.dll.QueryServiceStatus rpcrt4.dll.RpcStringBindingComposeA rpcrt4.dll.RpcBindingFromStringBindingA rpcrt4.dll.RpcEpResolveBinding sechost.dll.LookupAccountSidLocalW sechost.dll.LookupAccountNameLocalW rpcrt4.dll.RpcStringFreeA rpcrt4.dll.RpcBindingFree winhttp.dll.WinHttpOpen winhttp.dll.WinHttpSetTimeouts winhttp.dll.WinHttpSetOption winhttp.dll.WinHttpCrackUrl shlwapi.dll.StrCmpNW winhttp.dll.WinHttpConnect winhttp.dll.WinHttpOpenRequest winhttp.dll.WinHttpGetDefaultProxyConfiguration winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser winhttp.dll.WinHttpSendRequest ws2_32.dll.GetAddrInfoW ws2_32.dll.WSASocketW ws2_32.dll.#2 ws2_32.dll.#21 ws2_32.dll.#9 ws2_32.dll.WSAIoctl ws2_32.dll.FreeAddrInfoW ws2_32.dll.#6 ws2_32.dll.#5 ws2_32.dll.WSARecv ws2_32.dll.WSASend winhttp.dll.WinHttpReceiveResponse winhttp.dll.WinHttpQueryHeaders winhttp.dll.WinHttpQueryDataAvailable ws2_32.dll.#22 winhttp.dll.WinHttpReadData ws2_32.dll.#3 winhttp.dll.WinHttpCloseHandle cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo cryptnet.dll.CertDllVerifyRevocation cryptnet.dll.I_CryptNetSetUrlCachePreFetchInfo wintrust.dll.SoftpubAuthenticode wintrust.dll.SoftpubCleanup ole32.dll.CoTaskMemAlloc cryptsp.dll.CryptReleaseContext mscoree.dll.CoUninitializeEE mscoreei.dll.CoUninitializeEE mscorwks.dll.CoUninitializeEE ole32.dll.CoTaskMemFree ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware ole32.dll.CoGetContextToken kernel32.dll.GetVersionExW kernel32.dll.GetFullPathNameW advapi32.dll.CryptAcquireContextA advapi32.dll.CryptReleaseContext advapi32.dll.CryptCreateHash advapi32.dll.CryptDestroyHash advapi32.dll.CryptHashData advapi32.dll.CryptGetHashParam advapi32.dll.CryptImportKey advapi32.dll.CryptExportKey advapi32.dll.CryptGenKey advapi32.dll.CryptGetKeyParam advapi32.dll.CryptDestroyKey advapi32.dll.CryptVerifySignatureA advapi32.dll.CryptSignHashA advapi32.dll.CryptGetProvParam advapi32.dll.CryptGetUserKey advapi32.dll.CryptEnumProvidersA mscoree.dll.GetMetaDataInternalInterface mscoreei.dll.GetMetaDataInternalInterface mscorwks.dll.GetMetaDataInternalInterface mscorjit.dll.getJit kernel32.dll.GetUserDefaultUILanguage kernel32.dll.lstrlen kernel32.dll.lstrlenW advapi32.dll.RegSetValueExW kernel32.dll.ReleaseMutex kernel32.dll.CreateMutexW kernel32.dll.CloseHandle kernel32.dll.GetEnvironmentVariableW kernel32.dll.SetErrorMode kernel32.dll.GetFileAttributesExW kernel32.dll.CreateFileW kernel32.dll.GetFileType kernel32.dll.GetFileSize kernel32.dll.ReadFile kernel32.dll.WriteFile kernel32.dll.LocalAlloc kernel32.dll.RtlMoveMemory shell32.dll.ShellExecuteEx shell32.dll.ShellExecuteExW setupapi.dll.CM_Get_Device_Interface_List_Size_ExW setupapi.dll.CM_Get_Device_Interface_List_ExW comctl32.dll.#386 kernel32.dll.LocalFree ole32.dll.CoWaitForMultipleHandles advapi32.dll.LookupAccountSidW cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint comctl32.dll.#321 kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx kernel32.dll.QueryActCtxW advapi32.dll.EventUnregister user32.dll.SendMessageTimeoutA kernel32.dll.GetACP kernel32.dll.UnmapViewOfFile kernel32.dll.GetStartupInfoW kernel32.dll.CreateProcessW kernel32.dll.WaitForSingleObject mscoreei.dll.LoadLibraryShim culture.dll.ConvertLangIdToCultureName user32.dll.GetAsyncKeyState user32.dll.RegisterWindowMessageW user32.dll.GetKeyState kernel32.dll.GetCurrentProcess kernel32.dll.GetCurrentThread kernel32.dll.DuplicateHandle kernel32.dll.GetCurrentThreadId user32.dll.GetSystemMetrics kernel32.dll.GetModuleHandleW kernel32.dll.GetProcAddress user32.dll.DefWindowProcW gdi32.dll.GetStockObject user32.dll.RegisterClassW user32.dll.CreateWindowExW user32.dll.SetWindowLongPtrW user32.dll.GetWindowLongPtrW user32.dll.CallWindowProcW user32.dll.GetClientRect user32.dll.GetWindowRect user32.dll.GetParent ole32.dll.OleInitialize ole32.dll.CoRegisterMessageFilter user32.dll.PeekMessageW user32.dll.GetKeyboardState user32.dll.MapVirtualKeyA user32.dll.GetForegroundWindow user32.dll.GetWindowThreadProcessId user32.dll.GetKeyboardLayout user32.dll.ToUnicodeEx mscoree.dll.ND_RI2 mscoreei.dll.ND_RI2 ws2_32.dll.WSAStartup ws2_32.dll.setsockopt ws2_32.dll.WSAEventSelect ws2_32.dll.ioctlsocket ws2_32.dll.closesocket kernel32.dll.GetCurrentProcessId kernel32.dll.GetComputerNameW advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW kernel32.dll.CreateFileMappingW kernel32.dll.MapViewOfFile kernel32.dll.VirtualQuery advapi32.dll.CreateWellKnownSid kernel32.dll.OpenMutexW kernel32.dll.OpenProcess kernel32.dll.GetProcessTimes ws2_32.dll.inet_addr ws2_32.dll.WSAConnect kernel32.dll.FormatMessageW advapi32.dll.LookupPrivilegeValueW advapi32.dll.AdjustTokenPrivileges kernel32.dll.GetExitCodeProcess kernel32.dll.GetProcessWorkingSetSize kernel32.dll.SetProcessWorkingSetSize ws2_32.dll.shutdown user32.dll.GetWindowTextLengthA user32.dll.GetWindowTextA ws2_32.dll.#116 advapi32.dll.RegCreateKeyExW rasmontr.dll.InitHelperDll nshwfp.dll.InitHelperDll dhcpcmonitor.dll.InitHelperDll wshelper.dll.InitHelperDll nshhttp.dll.InitHelperDll fwcfg.dll.InitHelperDll authfwcfg.dll.InitHelperDll ifmon.dll.InitHelperDll netiohlp.dll.InitHelperDll whhelper.dll.InitHelperDll hnetmon.dll.InitHelperDll rpcnsh.dll.InitHelperDll dot3cfg.dll.InitHelperDll napmontr.dll.InitHelperDll nshipsec.dll.InitHelperDll nettrace.dll.InitHelperDll wcnnetsh.dll.InitHelperDll p2pnetsh.dll.InitHelperDll wwancfg.dll.InitHelperDll wlancfg.dll.InitHelperDll peerdistsh.dll.InitHelperDll httpapi.dll.HttpInitialize userenv.dll.UnregisterGPNotification bcryptprimitives.dll.GetCipherInterface kernel32.dll.SetThreadUILanguage mprmsg.dll.MprmsgGetErrorString ole32.dll.CoUninitialize oleaut32.dll.#500 httpapi.dll.HttpTerminate gpapi.dll.UnregisterGPNotificationInternal oleaut32.dll.#9 comctl32.dll.#388
Execute Commands
C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe netsh firewall add allowedprogram "C:\Users\Seven01\AppData\Roaming\Microsoft\xd8\xa2\xc2\xa9 Office.exe" "Microsoft\xd8\xa2\xc2\xa9 Office.exe" ENABLE
Started Services
Nothing to display
Created Services
Nothing to display
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02_64 | Seven02_64 | VirtualBox | 2019-01-06 18:37:26 | 2019-01-06 18:40:23 | 177 |
8 HTTP Request(s) detected
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- Hostname: www.download.windowsupdate.com
- IP Address: 13.107.4.50
- Port: 80
- Count: 3
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 86400 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
- Hostname: www.download.windowsupdate.com
- IP Address: 13.107.4.50
- Port: 80
- Count: 2
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1 Cache-Control: max-age = 86401 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: www.download.windowsupdate.com
http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D
- Hostname: ocsp.verisign.com
- IP Address: 23.50.155.27
- Port: 80
- Count: 3
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com
http://ocsp.verisign.com/
- Hostname: ocsp.verisign.com
- IP Address: 23.50.155.27
- Port: 80
- Count: 3
POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/ocsp-request Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Content-Length: 83 Host: ocsp.verisign.com
http://crl.verisign.com/pca3-g5.crl
- Hostname: crl.verisign.com
- IP Address: 93.184.220.29
- Port: 80
- Count: 3
GET /pca3-g5.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.verisign.com
http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEB3hDe1UHVHnO8SG9JJJiDY%3D
- Hostname: sf.symcd.com
- IP Address: 23.50.155.27
- Port: 80
- Count: 3
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEB3hDe1UHVHnO8SG9JJJiDY%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: sf.symcd.com
http://sf.symcd.com/
- Hostname: sf.symcd.com
- IP Address: 23.50.155.27
- Port: 80
- Count: 3
POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/ocsp-request Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Content-Length: 83 Host: sf.symcd.com
http://sf.symcb.com/sf.crl
- Hostname: sf.symcb.com
- IP Address: 93.184.220.29
- Port: 80
- Count: 3
GET /sf.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: sf.symcb.com
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02_64 | Seven02_64 | VirtualBox | 2019-01-06 18:37:26 | 2019-01-06 18:40:23 | 177 |
1 Host(s) detected
IP Address | Hostname | Reverse DNS |
---|---|---|
82.102.229.134 ![]() |
Host(s) by Country
Hosts | Country 1 |
---|---|
1 | ![]() |
#infosec #automation
TheSystem Itself @ 2019-01-06 18:42:08