| File details Download PDF Report | |
|---|---|
| File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File size: | 440.00 KB (450560 bytes) |
| Compile time: | 2018-01-04 09:03:40 |
| MD5: | cefd943367d9ebe51f30c18053812003 |
| SHA1: | 79a7f9f8a27201a7a9c154ec8a939a5e78bd3405 |
| SHA256: | 87feade22c18a0fc5ba3776af53704aa0c7bd2401151b05a76dc3fb99c8411ff |
| Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Sections 3 | .text��� .rsrc��� .reloc�� |
| Directories 3 | import resource relocation |
| First submission: | 2018-02-08 22:30:08 |
| Last submission: | 2018-02-08 22:30:08 |
| Filename detected: |
- poloport.exe (1) |
| URL file hosting |
|---|
hXXp://yt.wozyzy.com/poloport.exe |
| Antivirus Report | |||
|---|---|---|---|
| Report Date | Detection Ratio | Permalink | Update |
| 2018-02-08 18:50:01 | [46/67] | |
|
| PE Sections 3 suspicious | |||||
|---|---|---|---|---|---|
| Name | VAddress | VSize | Size | MD5 | SHA1 |
| .text��� | 0x2000 | 0x3d364 | 250880 | 65dc7f8145d9e9c81811b1037ebdc3d4 | be4ff8e9e663b7add67b5cbf87c1925381383680 |
| .rsrc��� | 0x40000 | 0x306a4 | 198656 | 19645de95e2abfd36e6a68b9a79f968c | c96d97447bdf940fdae4624a34fc28c5c528fa44 |
| .reloc�� | 0x72000 | 0xc | 512 | 950185ba2c133b1d1a5096dddfb7172c | 396950309fbda5213b298e873f4e7c96deb052e6 |
| PE Resources | |||||
|---|---|---|---|---|---|
| Name | Offset | Size | Language | Sublanguage | Data |
| RT_BITMAP | 0x401f0 | 180374 | LANG_ENGLISH | SUBLANG_ENGLISH_US | |
| RT_ICON | 0x6f8d8 | 1128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
| RT_GROUP_ICON | 0x6fd40 | 48 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
| RT_VERSION | 0x6fd70 | 1080 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
| RT_MANIFEST | 0x70394 | 784 | LANG_ENGLISH | SUBLANG_ENGLISH_US | |
- API Alert
- Anti Debug
| Meta Info | |
|---|---|
| LegalCopyright: | (c) Computer Associates International |
| Assembly Version: | 11.19.16.19 |
| InternalName: | poloport.exe |
| FileVersion: | 2.9.4.1 |
| CompanyName: | Computer Associates International Company |
| Comments: | Computer Associates International Arto |
| ProductName: | Computer Associates International Checker Arto |
| ProductVersion: | 2.9.4.1 |
| FileDescription: | Computer Associates International |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | poloport.exe |
| XOR | |
|---|---|
| No XOR informations found in this file. | |
| Signature | |
|---|---|
| This file isn't digitally signed | |
| Packer(s) | |
|---|---|
| Microsoft Visual C# / Basic .NET | |
| Microsoft Visual Studio .NET | |
| .NET executable | |
| Microsoft Visual C# v7.0 / Basic .NET | |
| File found | |
|---|---|
| FIle type: Library | |
| mscoree.dll | |
| IP Found | |
|---|---|
| 2.9.4.1 | |
| 11.19.16.19 | |
| URL(s) | |
|---|---|
| http://www.w3.org/2001/XMLSchema-instance | |
| String too long |
|---|
| <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> PA<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> </application> </compatibility> </asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD |
Computer Associates International
VarFileInfo
poloport.exe
(c) Computer Associates International
Comments
Computer Associates International Checker Arto
InternalName
2.9.4.1
StringFileInfo
Translation
Assembly Version
Computer Associates International Company
FileVersion
VS_VERSION_INFO
000004b0
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
CompanyName
11.19.16.19
Length
ProductName
Computer Associates International Arto
$C"aA
Wy`x
; *
mbI]
ow/
--wr
U_hU
C&Y@{
"d3N_
@<t=
dP}Q
U6gS]
wfjh
5Qft
)uq$
6x{
5Bzp;
b,Lz$
PNG
^.V ^h|
@GXG
cTO
3) =@
)oC8
f<OB
!Computer Associates International
zfo*G
CzA=
@:HXA
@),t
XQcu
[TO<
w&Y
[})fgq
Ob{;
[,Me
Ar,:
(Hn;
GetInstance
S4-Rf
pXq4
y5Xo3
c0KUu
3LfU'
H@,<
] .z
E+ n
uE#BE
iX[
DY%h
lK.nK
INYS
ZMK$
G)5I|
y"_ `Zw
E2z
^ _|
j@LI
R Bm
_uxu
HTzj
'Bpj0acOr
=+ Yb1
3aX=
)(Uy
in9n
04/C'
q~@l
#wG-
fXF|\!t
,! 1`
IV,k[
B Z7
%zWW
2^/(g
eU/8Yjw
em,;
:3{K
,M#z =
3<@v hk
DM6'4\
xk}4
c/ B
)@8rn+
8M3S
=?jh-"2
o\QL
eDNOU
c=7J26
_;>9
Ux7x
HAK|^
|N\O
v51/s&
C9]<
p;Vm]
S=jp
:*"iJ
CGtt
VZ0^
N Fv
+M6/
/./@uEP
SAy8D
tJuY
H:.h
l<UH
d? h
F{^],
System
]u/XO
< 2$
;,,v={
Int32
k4).
@ijS
IZNh
T$t<
zJH%
~k!?
L=la
.\3/
2Sy5
zC# Po
bGX"
'7lb
"S+V
kBNe
#1[D/
91ko
"tX1T
rY@'
sIw2V
hMCw
Qxv*
n*(q
UhjE5
YSykY
RVZT
q}<"3
v&!h
@2jH
nhS
$K8I
8jmxBC
<2)m_Vn
.Computer Associates International Checker Arto
[3o+
$l~Jwp
1&HD
h>`U
l P)
[S*,
n4Zo
s&re
+g> F
9vmz
'b |
FF\7
' L<
TpZi
= =oD
D4;
cQ6Ip
~Vxqn
\;Vga
a:Ql
mscorlib
vS%zVt
It`*
U 1T
J.a /
13a6
B7M(
+$EM
G0 B
WDH:
|<Fb
z~)2
Y 5 k
hzi|
l'@3]
#K_O
E~VI
7 ^P=
{c w
j)m&Z
?,0
zM"ixa
FunA#7
<dCP
#]Ta<I
,yX>
Psfb U_+=r23*
"R 5
-z.B
SXzI
pv}.
(;w-
C?8D
D__jD6f
=AI^<
Ij s(
1jjEL
J~>
v~)m
| Gi#
,3 1y
=S17
[M .Kl
o2#x
wP::
9c=$X
]d3P
9zt6
;CZ
=-F2
TVvs
b5 ~)0G g
.l _
XQXW
1\Rm
+Az
@n[6/p
yePjZXv^
S&BX
qKHF
bJM4
Y]~4
-)}w
;D1H
W}CqFw_
Mk+"
\ 9j~
W4B#
KL&U0f
vX 5
}NWk
|0?}3
zwX#
bNf[
get_Computer
Rz.;
MEXZ
8wZt
uN5>
c @|
Z<M&
pV%M
E@bcB
?1Z-XmR
~KIW
BMNy
9}1,
&..?j
#Fe0yV
B?T
;MSD
SVN5
(dplz
d(0C
lP|z
?`md;s,
f@ S
&xZ
CJDa
^}Ya/
=!VYc
M5B>j
K-p2
)q
S](0m
Y*.0
vbmN
\System.Object[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAOhY
4PHQ
mIx`
1!~/
|'Yp
Rt,J
z[c} Z
A5"^
Z~D5S_]
>fy_
7D~mZ
l -[
<R>p
^!#k u
1k7 e
2erT
'tJw
B'5o
O,++
[zOB
c+$M
:!/1
i3+g0.
C2NQv
>u,0d
H/gd7
PjX<
oAPg
V8vp
z]mX
z.saS
GIIR
N>m\
d+qI#
h5 E
(EK6
2.9.4.1
Vg;Xb
xr$+
f=?%
V[P<Q
get_Application
E^a&m
b! V
N! `
6i >0
pqB@&w
qk:o
#yyA
4q=5
dM ^
r}48
+)+Y
QX#E
iD~g
qLE~
f7c.
,"D{
()/a
?]>-
1{*.!
{FFT
YYRq
ojdH
e1tHB
P(8V
To8M,
Q{\k
P ?Y
EVr)
wx|^W {*
-r)u
>lkR2
hwJx)
;^B'
K?Y1`
{)
[N/@
io 8
."g_
AU3
'BVtT
.be
e&"8Z
/E'u]S5v
T;)0jj
^ia{#
SC_5
M&D5
45(R
pN)@:r
!1 .
QX57-
Lw;(
=u }
ja2OP
g ye
`_Q0
4&z
XEN
>=|N
0$X*
`(wu
UJFn
$nq
6*-Z
m_UserObjectProvider
? =c
|iywt
c^>3!Z
7AA::
#`v>e
)/Em
d c_
<ZY>
aD4Q
W;K9
~rhB
jPnq
$VWk
l am
Type
-Jrb
v,T
VG5sW
dLZM
ToByte
)?Vr[
dWOU
oNIX`
YO i
@#n~
` Nj
@^v1
gI=$IJ
%iMFXN
ZNp!
gR(|~
_Vs[:
9wDm&
"/L?Q
j}lt
n\4Z
Pwu$L3Q-
3QC
%Y02
\#*
!D}^
w'.7n
+t_hF;
E)]j7mO
zS<n
hvx?Wn
GxD/
=C@m
8c(JP
FNVP
zrN(c
G Lh
=Il^
I}|}$
GP>
u!Pe
7{ m
+"bJ
mt*>
)P_((X
`Q_F
) s
anB4<&
Q:Gg6
^Pf
1 }I\
KNVF/&h`&
V,xz
LseV
X3hjf:
y7J+
"ybO
PFN8
H'81
f K
8pwF
2, '
#T$g\
)6r~
Qp4 $
b&a,!
z^;O
e"=A
`%ke
P=,j
*;XK
H_/5F
?<Sc
HEo:j
G^Fh&+
C8j|qD
'`\L
\}=t
U{)H
7eu<0}A
f&0&&
zY[U
cO&_
7ByH
n\-b
s#&
[Qs0
(3-ls
c=^eeX<
66d<
:9* U?
++ILM
,[r}
sr%j
`bud
G`"H
v ,6
%0
_.P!
x8&F
z>_[
,E/
Edgs
3k9 D
q9`i
Dh=e3 4
32+
`#w3
p HA,
,_C\h
x^IR
p&RjMS3
mX/6~
3u`j@Q/
2Qv3
U-13
2 +j yp
q>]\T;W+m
RvM4*Y
StandardModuleAttribute
4 TV
JT~6
Gn55
~Q 3
)R?rAe\i
6!S=
-nYX
}J` P
\t|2oo
ApEJ`
-u/o
/beDWn
h[io
-|`Ut
%i1h
2Jm(
:x W
zDxz
hRUq^
q&PV1J
Opk=
i?@J@
prMU
HCZf
vn G
a7`nMy
''5Z
ha27
5'Qv
x?vA
}Awf
.text
^96xu
#;rh
|.R5
]8Oh*
GetString
\x<r:
M/4ma>~
=k"L
"g?vo
@8ik
jXQ@
2I'c+L
_GOh
'C[_
.PSb
Hgm8
.:!c
?.4!Qt,o
cniy
Fi=V+
EC6x[
)0H 5L
,eU9
8oB9
([00
5?vF
@4GT
oMUl
er.)
7TAz
.GQ/
*\cU
rc9f
a8q_
'kLT
K' ]/
V4 )hP
>5]s4
dUd{^
,hLF
1?
s.S{
l=b@
4System.Web.Services.Protocols.SoapHttpClientProtocol
Aucis
TXtrGMJS
U}bm <
TZ |
Nvt<7x*
'mF/v
p)8~:
<f'\
v5RS
o?0>&O3
jz-0H
S[Mp
Iw U
~o5-
--wf
d\BH
SWa>
SQsY
,~WE
w{YEc
" }
@n?R
3EGv
:U ^w
.m&,
Z w,
W(Y
K%w
.{LN
Od85
Yx4,}oK
\U~YM
wLJf
zlMyy6
+L8}
Sj2M
g)#K
e>r+"$
k 2T
H9hJ
g\dw)s
Tc%yg
zvep
CC_s
0Y^
Ui]m
'# P,
*p}T!55
:Cir
cR-.
V QZ
-k92
WFEC
_t^pk
TNtg
2\rT3
c;BP,a$
;yT0
+ dZ=
!Q1#
+=]\
<9=^
]_>#
|tMu
c/C}!0
h:e5
@^TO
rdeq
" /d
?[E(|
Conversions
*Ym1
<gw
ROyQ
]X{1N
8SK
w 2[
4v$Dr
9#%T
`.rsrc
gb0:/+
(F^F
U:9M8
A{ yG
I!3g
2E#9Xm$
o[Mny
^hxy
<XG5
+x3B!
hF9v
k(DE
]k&V
%qp".
J-% x
<H"%
~3oZ
b'J\
)K,q
get_Default
g+UHS<
9c5D
R~/
-j"a
zChC$
VkE2
"vzW
Dg;ZdRW f
fJ@s
]3=g
YJsnm
@i |x
bPpA7
s7[/
X;{&
rM4 s
i9WXY
=O<'
mH^=
(t0*.c
)p$i
SmOy
Fi/;
goU3
.ctor
/>aE
bo8
V%0e
x4^]
BM9/A&C}
7, B
\:|p
Htu-
u}Vh
C6&k
6$X<V
aEG}+N\
RYF.
#G<"
BSJB
]o3~ B
}#.z
koM=t
GetTypeFromHandle
~ ;?
-Xi~.
, xj
`z<B
/6Qv
!+4N
\#ZNx
/C_`y`[
H sD
7cvP
:Q'_+
W _K
G&EpX00t
6)HD
jGZs
bw'$":0Y
y>ksTX
.;Ic+
f&iP
#|S-
.|B3
\o3m
`S%@
jF*1R
)W8^
yI /
s;K}S
9:l%
=cu{
Sc'KW
)F<a
D^\l
Lgh&
c Lwg vQ4f
$O^(
x&=oq
p _4
WZhc<P
X3r]B -
_\W(
Nu#/
?<t"
z;:~C
1T/r
Z+vlq^+
os7
14g.Q
Z{%$pQ
;OwZGI
E.["k
rM*
`X*Ove
U%t
PPHp
fe__;
uC_mH
;r1F
H2q.
,,e?
d-8x3
'T#k
<) `
XcdX
oG ,
w, >
5Sn?^
2r=h .@
M!7c[
g~C^
n{TM
!^ Q3
$N{Y
ThreadSafeObjectProvider`1
C:)W
#" v
b9z=
LZOj
4:]q
2]V3)`7
5fmB
TZV=
]flZ9u
-f{z
ve,^C
RBj<
\>$Q
i up
g#7e:d
La"b
lQ,?s
Z >t
Tmk]
PB5KO
j?r9
ba[dEZ-
jzb|
L]gn(
NMNA
(K|
iwrp
VNVe
1LAh
T=Gw
+\V<fj
D(3Z
K"69
'_Dk
0k!$y
P7 ]
UwF3z
"uc\
|Fhx
FU;3h
m ~/
!c0[
[tEHw
:aYJ
g/ X
#(Vo
O~--
B{ ?
(IR^
C|aW2
359
uBq .
`5Q/1
dZiw[
Xj'Y
NqG?w
h-b0
`tKE
Ay[}
x9g_
]k>2
+QP8
b{^q7N[
Rz>a
\V!]
oy'lsD
1"r?>
s!v.
+yRX
no7uA
j)JJE
1,I&]
v@l-
/ iu
G~qr_
>S+?b
ow N
*ev2P
{F<
kx%o
L}%A)Z
`B{r
hIO^
j rx
MJG<
Z+Id
V_;c
M #0
L:w/O
)\ 4
_Y~~$
1X[^ju
1 SA
pKoN\&
System.Reflection
]}W2<
"[B8
U#/Q
*Ca!
t# `4
zWg>"
Jt=V
BHJH
WrapNonExceptionThrows
6n Vs
k+d>
%4-_-
P4Q!_
JLE:%^
n P
dd%1
yS.f-
]Tay
p@cWI
Vn*D
#Yh'
h8#!
q 3>
XEQ|
DI-0
Oa0k
~P.3U
h`>?
(v:2&)
DA|:
\?zU
lk w
4ziM
4/r
KL!T0
QMa-
?; s
5#$L
kLeU
U:g9
\XIl
9M N
6KTx
JDG/eX
_}WY
U>ra*
CZZ1 B
L 1
'gm
STAThreadAttribute
^t0|v
,|Bv
R]EF
]y`J
IHDR
QJ@V
*X?w
SE{/_
E E|Q
=0`F
s-@u
)?^b
bH!f
@Bux
f)0X [|Ca
[4`*x
lwcD
)X$;l
.'D<
TP*|
!4;RuR
\Qzrt
Y`#U
bl]5
Ck3O*<
n" ;
J&o{@7o
B+wm=%
Ra@
**#Y
:J'd
c:,x
Fw*O
v+S&GZt
G(XC
RB"2
0Iq'
Application
5Vv
D$~E
B? d!
[tX9
x2%\
?JLP
\2Rx
vVbc
8C_?
;qet
}nM\
rnv?
CQ_c
"!oO
zBoehwP
.oe
r6]<voq
gU*Q^u
kI;
7 L:
y')m5
ebCX
:y,g`
SW?2p
D<pW
<]=a
SgMq!
TRk]
]fH}6k
>IGT
7D`3
Z]BR/
L}Fp
.N$y
mBDc
==x>
Q4^,
bu6H;:,$2,
CreateInstance
&upg
=O`kn?K #`8
F"H61
j|+{
adKAy
3?_U
,g4 kEf1
}A@F
Obe{
h NK
#Strings
O(,
drS}
~ ys
+hFW
<(zk
,^??
9:]$
T0wR]9
(3f!u
}'l8i
~G ]
_b
?R w
8O1i
]9EB
pyPf<O
)$'
mR]T
TOFfw#
K=9y
cHGS
eeI<
^xn{R
if#K@
$=Ql< O!
$<Z|
/<+-
?[Vb
* "v
K0$Vp
#ZIY
SLDG'D
a .X)k]
2,?5y
HelpKeywordAttribute
FsE!
@ge[
obww
^_g9
?&lC
HPGx
e K
~)zF~
6|ku5
*W,0
-BWd
iHxH&Y
& N\
@*[@
u+ J
p11_
GOYq
(=:z
eXzIJ
bA79
9\P0
D)1
XE5 t
0lK'5
K &zLll
FPl
3?cu
v H 1j
OM 8
0{M/0?U
%6.m
fu;F
A"iL?
vUX8
+Wu,
3 [k
7iBy
7Tg(I
;"1M
#?H@L
kD _w
aiCw7oV(
8) r
`QPS
"G\
],;!
w?mH
System.Diagnostics
3J9]z
o''&
*aG=
<EK`
@kF?
V:g{:
rGY
D SGO
V:A\w5
{)az
d)2%K
XJ]n
TGE"I
l!]m
][E)qI
ThreadStaticAttribute
$YJnr
P6F=
YW By>7
[(GH
D9 g@
z/%C01M
`QYN;
v `I
d6"P
|Q~%
x;d@
I$C
T /T/}f| D
Activator
Wuu%G
X ~O
M>cy
}r%Z
mj4Wqu
AJ~f}
U{+U
td0P)CB
fn;fc
U7^J
D4; q
\9.9bF
t[KUE
7ah-h
M'K r
*QE/
7CGo
90jk
d3 s?
l l,
C*.>
5'j=
@dlF
5gSv
&x74Du
a%vI
X _}
Gs%K
0n-R\:
DNkNR
dNr 8
OpO1~
A/9!
T/6=
&2ta
xg8c
@j=W
\S3
F9BLT
}Z$r
BJQ{
;kzy
Z 2z
8b-~
]j8O
}5Ox
5/J"
&: o6B
)+}o7
8/Oy"TeV
Zq"t
Q@\e
\dDl
rq1y
5F%|
sw 5
W{{c=e
k :z
NI{
^- |
P&|~l}(
r4_
^U\mn
q +&
?kl
FEm>
_CorExeMain
Ty0fP
]7$D[
v]vd
o%A8
T<mU=
x6.OS7
ec~[b
"H h
JO cog{
.A:^
C 5^l
@99.Z(
#iXr?LaE
4 ~u)
Gn l
1U370?
_@n1
:+u/
fbow z
*G~Z
Hsk|
@]oJ
_Ni(
R9C N
urZTqFa
g3SPN
aupO
,-s;]
AndObject
)J+])
GjU
H V0
get_User
x}X
-*JWNa
`1HJ
L+QP)
j3 P
~UW
W ?}
O@O h +
E :
s,an
KNh9
h\_~
H#k_
NP g
oz5>x
x#3j
P\6
pOO/
Q'37
#\YRm*%
a lS(
xB5G
!R\J
o,W<
oS(t
?"/9
J^H`
vF6a
V ]
CKo 9
Pp<A
|<yU
"4nK|z[
!B6O
:-ya
_0_G^
"U4j
;" %
Wl86
Y L}u
9FR{
LateIndexGet
~ru-u
5c:8
>W(N
P5EFG
'^"&
zIPg
oOu/
T0uo
LmGB
R S3
8k,>
+mPh.
L>r1 Ury
JTcx3
wy D
852n
sKVE
=l=
d}Zxh
^(SM
qZO^
yPI*l_
yGe
~L'`
s$(HV
hkbe=9g
xM>5x
B@\&
K,MI
~u=A
?Z1A
Ti.7$F
QD!$F
- |p
{7;9
oQ s
I@R
nnd]
]|(=
:z:%c
9K9X9
.^'a
Y:D
"qjC
gMj
{.p.r
Alh%
.}W \
c/y&
)9u R w
6x*:
)@
3[^
E-a;z N8XAis
$~EK
p(B-
{{yi
KD,2-
\:?Az
g7?N
I9]
"'qt
$,uor
W_!Ds
I9-K
QN2U$
2]VQ)
!X[I
=?Gy[W
gZ;(,
R.L0
9ZJy/
4$QR
!!ub
f6$nG
v`l'%
_x:u
M|_3 ),2
I N'
~&6N
\dG
64L%
Cuc
F5GqI
Wr<@
R.>6
b]Oo
a"TS
AssemblyCompanyAttribute
?>~4
$+<'
?(5|'
R2)Ri
k4l@
$F6B
? u!
[T Z-
MR$_,
zv[X
(unx
Rp2U$<
OD>
Ex 8
; XG
Fo-%
]hM8o3
Su?d
(9^`
*U/#!fj
,3 !
o&m8
Gum-!N
:@ 6
/0/ 5
\l@`
,&ah0
y}uQG
, Ny
z{ 3<
yAw z
%R8D
6)@j
-X2m[8
oO2
uoj{
o&mR
zq``
SK+_
SubtractObject
]=Zr
)%U4
O>*X)CDo
ezsE
8@Va
^&g q
&-,M.|
QGi2
n3tPh,<
ruzcS
^U7o. z
]X3
,$M5
aGnSB
=SbZpr
.(6
[jE n(
+AX
c2F>|
S{PO
&`zj
MP=@
5 ?:
p,v
RvxU\
; W;
GZRW
/jIh
lOT8i
{t'g
bd@E\
wOC)
RRE!
6[J&+
X<v9{.
a%8-X
_2XPY_
\P r
M]jHe
Sku ^n
System.CodeDom.Compiler
VnsQ
r,w=
nau(*
\eMw6
Ho ?
l)db_N
' y2a}(Ha
)!8R
OeKvT
)A \j
RZ?5
~JN_
|cFH
#en\
p=#I
jv!g
vV"-9{
C`];
azPC/WA
wkFN
<$u]
tpL2X
,N!a
{CYM
[v n'
UI!P
C}3^]
LBuq
;.kOy
l~Ck
HH=Or
3z/J_
Ywo;
1ri5
*z]F
"*}s
=hp
X* ;:c
4\iC
u-*M
s-g`
b,At>
d;)S5S
5Xi&P
8?fd
EiYR
HgPN
4Z 83#
J.=.
`{[>n
(hU:K
a7]2X
H{RuEF
VH c
?w,
2Jho
whVZIP
' `l
~DW
)& 6
Hri)
wABI
c5]&
VS]Q%
}'K @
if :JM2FnbP
1*6l5Xyz
:5 J
My.WebServices
UInt32
o4t&
X|5>
Zq/v
5ugI
n<fi
%ulj
EditorBrowsableAttribute
anfjt
0S&A^B_
H$zh
4+HS[
v \|
UTrH+
%|?G
N~`Z
GFz^
ToString
A585b
54^ P
123w( (
c|d;Bk
<5"5]
.6mo
BaMrcWi
xxQ8
Gf2{I
D+,+
jr5^
kTBY
D0n&
(1|uIxM
BZH
.j|b
PBI*
-V yCq
(dw[
!GO7
#vE5
~\wY}] 3
O-M
D1)x
1DxU]
F4=*oX
' $
U{YIOE0~
fQ7z
B &E;t
=m|!!
bf9O!
.DXW
Hpv15
'zG4
?p!Y
?WQ X
@ }zX
F<$
@o1i
MxGW
;WN\#
Xa}5
* Rsz2
4.S.
, -c
DebuggerHiddenAttribute
4uU'
\ " J
ddMm`/
fhILb
Azcq
V+sF (
B@Ag/
+4[sJ
QCUdx
B1aJ
?fo"_{
MUjhL
y4\%L
WbcZ1
0\!Z
>O#>[
U?'p
DUO
F3
bOa<
)* {
P{GLx
#""A
(Qj}
AssemblyTitleAttribute
&KA
_2sDp
aps
B27}8;y
9 I
QBy%9+
u_5B #v
yh;87U
$[zN
kT7S
W" B%A
t8|+
X31$
\_@q\Y
OLFI
=l$?
x4>+
Q` g
G<y+
!cA-
u'}V
m\u|
%H?+
_G08@Q
@e|N
~cZMP4H>
LTSx
aY9$
}3qK
|>r$<l
Z|2(
Create__Instance__
dUd-
*uNL
N'1o
jL-<
ODT9S
1 96
8+<Sm
==+'
Gx_
.=Ayh
1{' f
sSg{
sO=l
CPq=
4Y\$
N9^Sq_Tpv0
MyComputer
s!qP
LvE=
, ]S(
&HL
d@Al
cext
>D^4
&Sb< z
,fV{
IDATx^
d#^RU
AiX<
B-Ko
B;lc
=yA
wgA!`
%~v1
#:
Data
0:4g
$-[2
gpG#
(^rP|b
w;&1
70l~
flmD
x4"2s
K9P
!lS6
A*%R
KOlN{a
=blt
-OQQ
(W I
T')=
:?W:
dJ<
V K2
aRDV
O.0w
&+ a
~gN\Z
emye
$L@9
u> `
^tYl
u(m&]
CWVf\
02Jid
[ ~KL <y
P22F#
(KbB"^
pI`s8
'S;1
pHYs
a`A?A
-saF
<`D
#@^R
BT(%
E+\I
'.kA/@o!
@b}U
aT[=
Pd?O)s
ET)
SMei
$'13
},rd
9|c;
`oY 5
'.u0
mWO"7+
~t~n
|55=k`+V
]~o`
b:Zj
98e
1tr
3 /LKZ
-AsQ0
'\P`
iqs$
F8a6p<
QZ0~!X
pQOm*~
3@&o
L T
G{X5Q
(>n +
s}=G
Q,+~
-aAri`
J`@\
|pq
pdpc/
<S]HU
M[Z.
v4.0.30319
)uRo
5X H
O,q
C"
46 U
?d).
&fiv
3Bk'
\`h<_jw];
t{O?
ModObject
G8(P
`Tk19S
~m .U
G ot
,4}y
nq-{~@
3$@?N6G
U>.?N
3[fa
a385
X|-0
:<|S
.WT#
$(S
u l|
(N,]
XneWy'l
>d6SD3
/wj
s~\E
:kD$S-
v$#o
=-++
d} .
OZ9U
n2;5
P.IZe
Fs~B>m
@.reloc
u&,}e^
iyR#J
_f#C8fw_
.N \9
nEV*/
$I,U
6R=P[
)sd-
21Q6
ULd9wbG
W9'|+
qCl
CR[9
9$w.
n38D%U
S,nQ
%6ei
vmQH<t
S`Q ;
G[[Y@*;
W;[
8nLq
1XSu Y
1w:O s
MEm w
#>t"
-k.U}
Byte
}*JjI
!e=5
pC:GQ
V+r50
m~+
.S1l"
xqh/
?kzse
|YiG7
aD,F
rh'=
bQ}@
N\sf
Dp +
1ul=
ToBoolean
p IF*C
`ag~
KID'
mCFC
Nqe"
pcMUZ{5
4w|l
i;q<
w0'D`k
:Rn
.5<d
XuNH
_2T'
aPeZ
n\K4
L(S
U8=Q
?E;='
;os<?
t L^i
1u3vh
~|~3
~mmGj7
N#`@
]*'B
%R]IG
0Xh+
_?T.
iK6w
GetType
Mb1:
P}j
TR~<Eo
J -5
^a;74
f&zix
F+=
GetHashCode
VDAjo
`H"\
Y g/
dc q
jP=N
Sc)
<Y,[V
W8x}
kCJ5Hh
3S<B
.eT@i
pf-J
k Zm
_uWlb-
rt&m
s2-k
'd@0
FiwE
Bn E
yMWo4
L6aOi
\k+u
'dM>y-.X
Y!.29
w/-PNf
kBVd
.n5nT
Ie@
v\ 9S
f/a%
W3dk
j] d
';8"~
4 yS
I@pj
$U VG/
nePe7Ip
KJ-Q
:<^n
qe4=
3,%!=
} 7r
WCuS-
v.#M
SC</
xEn9oihL
XZ)9
!9"Z
Wv>>
c 1x
S$FuY
1]/%
gyMZS
iWoT
%-D5
^q~@
yqW[O
_X 4
q= v!Uy
mpUV
?c3z
oZHe
?-F!
8W0!
bGVH
I8E
?]V$
RuntimeCompatibilityAttribute
%`at
decB
@7\6
zK*d
+)/w$+EJ'v4z
`,quE
:Gi7
] HADUfN+}
IOZp
,dRc
2hv'zw
|X4>
\ ?
ir`WZ
3q0r
:@iszu
yj .
g/M>
, n6
?*cUdr
tH$w
,_)P
#U$J
S` 1;
[y}Q{e
Em
si87
hy%/iun
_. =
b@ M
Z )f
vGp 7
~V7
j6J@>.:
Je'|*
&,B
x;Z${
_6" ?
*4g4
p87KV7
? i
>@-e
j8}~JZ&
KU; *
CcFny
C_t>~
R4 JH
:! t
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
qAia
joYx.
~'Lt
[(\`
&E6'&?Y
2Q:H
]*`*
C|bcR[
vJ 0da
~h4
/{:F
DMC
mjV 8
5h1cv
ZKMT
]j;
:r2l
zLH"UZ
IB+8
}X1.
GeT 7
VO/=
?a;+
D ([
j^K
NJ~
,{\@
)H!0
q}jN
"
A! j
z)n'i
%(kXJ
ZQps
B6%*
Q{I.
qUe0 hg
h K
{La3
7Hy/?
n XO
dT*Tpm
'?^[
izSQ[
V^:Xi
|A{s
9bNi
OB`G
we !|
4 D<
$Qf=
q|4$
#Uu0
v~)$,
Lx?}
9_y9
nUpi
8>40
(U[
!j,.
rKZy
_Jf3
v+i^;nr
"QLo
3{m(
2Nv2*
{pc@
1'2+
FKy{YO.8,
wEep_
`5N+
u>'/
S=tjo
/Zv
.22Hj
gci5
n{ '
3Jik!
M{&d
/|=7
yAN/
Vm9+xm
ATTF
CeF|
/"KAv&
]GmF
?Rz0
8RUv
yBEBk
ucTZ
H*/Uw
MI!:n:
Lp`ZL~
GMu9$
>{+p
<y Xo
v{h)G~
sH>L$/
|_ Px
`va^
x>:7}KQ
Tr43
hW9C,
3x~H
;>r~
3~~:
/^2Z~
Z@+7
bAUBj
/=V1
=PrT!H
f(H8Q
Na5T
k}Uz
x@c%
AssemblyDescriptionAttribute
&ftn
#vo}
tB ^
B_ wG
PrS
89u!
:ID
#Blob
0303
A=ed
1_Z
ciYp
j e f
q7y
%N"A
Nm;
8[AJ
3g, }<
>sfl
zb{%
~Z2FE
x_"'+
mbP4J
V0]s
Ayye
G fN
l=6Z}
zjac
? Q% x7
avOC
~qy>\
]L cF@
Gd;f
m_MyWebServicesObjectProvider
NQ79m
jV:8O
td`.
UG v|
[vmx
7Q_3
Tgq>)
g.Wm
hmnK
`cqY<
/L">Z
k5$)
r1M*
"ZR1
hs-(
{ <
omU$
LY M
Krha~
LopH9=
0*^D
I25?
{s*S
QqL_
CompareObjectEqual
6"D_
ThP[
e%d+V
0*1\
U^fk
@b6U
s)EOVeI
2J&VAc
f 3@f
s3*P
MyGroupCollectionAttribute
G%Ic
l3G
rW(*
X-+8
+<{LL
'pD{9
1Lm'
~;7LA
+!g R~
S#_@
/ uh
Xc6
[d[6
c QQoT hq
+#+Fg
_c1'
A16'
FoEV
A a P
}GG
^r
Z -GM
qjuy%
\$f`I
m;!0
Py3 ,g
` <b
E/ZQD
o4!*
@/ Q
O$kO
@tj>L
z"Z<I
sXo)Y|
uk"jq
(3;
Q)-
/g5M
Q`gua
B )b
E,Fe
1"o}OT
32T;e
AssemblyCopyrightAttribute
O At<
5JO:'bb4
>3n#
gF{cB5
&LN$
Nv cI^
xg5s
j6 2
H,?=,`4
$52y
\sz}2
Hk<<
N0bc
@fZr
G(8-(
m5%M
!dC|G K0
$@Qk
_HPDK
0<7(_< h
j\7l
N9P(
,K"sB
>0^Z
-C05
1:Mb
EKcm=p
fvwV
y PG
c\^@j
h)/Q'Y
hqBf
t8:IN
g^V*
Gi{ %
S!$n
_Lvd
9i U
=;I!?
n^>0
/KjV
@CZt
}b^nG^
:.AEm
;N%2C:
]p,y
y/#_<'
(`-0S
zu,E
`a83
7Ffa
W%s1
'sdE.v,I
z@w~
5 `K
8}xA
FBTy
,% /
2|?I
4c?@
n0\K
@q{}
X'\+
<Module>
_ -s
Y+k_
12oB
|vPux5
ne"P4
(& z
~3{C
>>z98
&&tq
$_1R
i*gO3
5d^;
r/I'~
h&\b
On_p
Jz,-
` Nc
NcAa\
e$6{
a*K
'n*8)P
O2y^Q
ypn"ZW
3v
N {-
Main
_3&H
:z_&
HFIq
DO9on
XzoS
Ko~2?
dS[y
aQ:9`
M;-#c~9
pZ=9
EW]2w
||B&&GDNz
g{bmC
kI @%
(NfPJ
"67
>x`k
v!x4
Computer
X^k!
}Nf~
T3/)
H1DU
'EKg
PAx4
@7v~j
Ia=
:'KAe
1l+2
J@6^
. >3
aauT
}w P/
T4
Q:vK
__HS
d|OG
yzF$
0YzG
&{#.
{1^/,
@}]=
v@_'
l NK_
x!RS*
My.User
\OUF
srBog
6,oZ
m2 i
dY. TB
's9Q
;%"I
(-1yp@;Kv,
Z%_=7
.0Ml
H~,|
vx4]~4
dBK!
.Yu1
~Jz5
cU=4
RerK
9.@D
gAMA
V--84
`I ~i6
%^Kw
%G e<K
~i9w
)$&TT
[Svc#
kw=>n
PLfw
Un8b
uAJK z
~%Pj
n#!1u
f)P*
02i~0
fI?7ag
b0:w
^~c?
{J~>
q.k6,7
Pqdeh
KTJa~5
I+V
PXe7
.cctor
*0 f
?](t
{ynz
;.B<
5{4'
%V)
K g)y
T_"
I#IW
W7'&
W0 @@o,
3cXR
H}NP
#_42
&ue}5*
$3@/
WebServices
<8x%
HQ!f]
vV/=
vtJ^
}b3c
kQL!8
SSY4
R6 4fj
71>#
?9G&Y
oh`#
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> PA<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> </application> </compatibility> </asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
6N;t
$g2r
w){
n?^V
mpSb
,3@H
B'}?i@
IVX
,Hp. )
ABN`K
AjU4
jDG0
fO K
)Vt?8:
4H9h
qn5f
HfCJ
{+>E
zUsj
F=J-
+dR1|
[E=U
uK
X|o-
qeOh'
5 ag
-M'9Dh
%b E
(xb<Jv
ah|{
c`=8U%
M#2&1j
6%"5bf3
,{#Ka
?`xt"
$%1=YU
;Oj~
F46p`
pP%9
7^,G
%A#X9
zN}&A
MrZs
PAP
d8XG
yD>a1
sdZAv
eo\MYM:K
&t }
6/0e
N, r `
1*yU
Am0B
=u^%
VN1a5
'K9&
)OSD
D4XR^
@ i$c
`tJo
+?Uk
c}ku
IVVh=<
RuntimeTypeHandle
!?P}
/w, {}iY
mC@d
YAWVR\
Nu^K
j[#A
o c,
.x[(
Zni"3#
;)hj
2bf
zx!?
D@X#
l 'kO
E $U
q. -
PSv1
X F?
Waz'
4|Bp)D.
xxB5
D-DZ
p?E1
%^=`
T"kx
Af*(
p T:
\G9v
FJ#G)
I[m5
?D/0
E?g 7
IgWW
6|zlg4
'J~'
wuQX
o $z
Xts
B-v%
+@"pu
7|,;
<<BR2uY
h;CS/
GtoHl
NrM S
HM1^
\V*R
=#U,
wsNNo
3Va?
znOa'6`
4,r}
3Y^?
f.fY
!>JU
Ts%bR<y
<,\M>
<A6EZO
xoI7F
## /{
!p=He
9EV=
xGSDq
px w
yr\0
d97R(
6tYhIM
vzV:0n j2)
#*w+X
[+[b
i+@:A
NJEt
.] t
<V
o5T /
|'q
q:JR
i 77
G_<C
r,;q
i0Z=aE
Y`wD
UG^U
XeZ -GM
%K"|T
@2*$
y@S%
kRA4
cFNFP
7AJL
9mcI
"~*A
y&Y^M
2L99nM
J7:
2+}C:
Ap`F
Te&$
F}&k
~H4E
Q)/i\(
8d1H
FVN5
\/2Sz"
5m
D.:%)
LQYF
P6?}
O6}?
u / sM
}K$v
EPK's9
, LS
+0mx
Bbe_f2$
(SE)"
JT(-
Y!jt
LOBh
W6=zO
`vb6
N\\m
`&nf
qH&6
cfgb5
d|1W;
Gv:;l
CU`N/
P|q%
h Fd
^@`>
+ghi
,3EL
~\o:
bIw9j
|86^
uR,z:
%D-Z
]#% vv
Y=z4A*
ppI
QBi]
g&hZF
K"Lr
,[3r
9VFuJ
_}^`+
VAEZr
]ph-
xrq!U
~A0B
Bg3r
4xb&
{s?9`H
,G+"
b1eaK
"+\e
H15qE
vs&
fg?'
G tE
xrR
iw\0
`iS&
|Z&^
| U3xJ
8\^ ?S/!~(WjG6ue
h vS=
_wnP
KMuq
-LFX
PJ#
mscoree.dll
!This program cannot be run in DOS mode. $
[Hh?
oBR>"
G+K-
\+6U
uz|:`
+Ta%
3r*q
m|25
TT$i
'bcw
Lj"s
A[A5
0=)1
xp?!
\2Y4AN]1<
'W]8
/b^s
.:5s
W\i!
)fR
hpY]
Microsoft.VisualBasic.ApplicationServices
s6u4
L2YBf
S<3k
H|NC
o|!2
yQ HB
ToInteger
ZVY M
ER<>?
BYFd
3Hmu
A{&-<
n~Xz
Bi9v
PfY:
YdMi
'HH
PM5q
tDH3
8$ joi
<1Hh
-2xK
f222
"#-^
,U8o
cBNQ%6
_17Y
m?=v
q*;2
M\10y s)
8:/3
@Z6`
{4YlE
FqZV
H3xi
3e#,Z
,:(!
|;/S
3E_7
$SLB,8
{d`
O,\N
System.ComponentModel
LateGet
GetObjectValue
o'xxZ
Q9 F
'512
sX/f
get_GetInstance
n5IdE
#T\l
6JF!V
*V7N
[oo;e
;^P~l
'&i{
R?#Ft0
o."~
rrKn%
Eb)}
x#n\
nh"_
5U/>
8&%x
/hb_
3xXH
{ZFo
#4 ^
<Dxy
ZF2k<
PyCD
Na`N
"Mn~ ?&
W)Wp
qn}T
'/szs
i m|
v`5Xy1
>Ja
|]10C
Xtz5
qdO'
NLM^Lw
t-WVT
h9c;"m{
}K':* J
@5? a
k.Resources.resources
nChu
dsO`cL
IIW0!
{bEME
3T{|
C| 4
7~bX4
4}|-
;xRj
`(TV
E;F2
g3kU
)8H|
@dn<R.5
z7@7cX
b5D_/g^
zTYc
HA68
\|B.
Yf^kd~/$
2onG
7)]
2bd~
WCrVD
9IJ-j
Sx:9
z\:$
Op:^
1OJ
n@DU
BFW!
.I.a
VkMD
zv+&ICMli
F_c 8
f@*#)
,3<#
&Oa(
zEr2
)B0[+
P%i.
T7f+ W
`Z$.
`IHT&~),
z^5"6
mDe@
tT{!]
+<#9
RydTl
\ 48_jW
AIebz
m2?%
hv w"H
T0ii
?NkF~
e!=M
Ml WE
CoRW
fn9P
IDAT4$;
|j`pOapq
LV_a$D
System.ComponentModel.Design
w2#}
!3e
VP[.\
,?5>L3!p<
GED<
?D\H
zvM
&Pb&
( ZK
9\}}
Aj^+=
CLRf
L. f@'
90^^
*UX6
>vP"
\V^w
6ZLU
*lEP[
\ 2
Kh?(
BvaV
_Y_6
lTW3mJAu4
UR %
e/b8DIy
%(c) Computer Associates International
1/ZD
v 0Tl
wEi&>
m[/5N}g
Pt
X[ K
Y<7 h
;z9[
WC8!
vz1nV
c[w]
9y0fx5
\IH7I%
UKO07K
%|p
U=4Q s
$w[y[
1)b2
85BT
q4
kUWfA
.=9c
FWFN
^jRw
q@;t
0'N,
J}!f
0_U(c
gF=V
mUUm
K2xFF6
@~Z
C4XL
#4/%
UID~[1
}J'#
|%O
poloport
p`T/b
UXg.\
hi%(
{f3q
_TvZ
2)7p+J
d^W/]
/!bG@
w2UP
W*Rx
a_M
bY~.eS
SI013n
,F+9 ?
n=dZ
#XD\I
M1^-1Mb
_H!1
PGya
I<ha
4AC!iH
%|AZ&
U)r#
L]i:
pi)y
9cF"
_8h\vw
.z k
L2aV
;RL*
`7cu
L&WD&
4O~5-
"$h,
,T*r?
>?z
5.Ue1
6DZh
m_ComputerObjectProvider
";4Qu
ahK&
;;i?
\Fe"
!NgD
b/OY
a ?~_
Y*)!
ilq?
Z [_
<>/>
9B^<ZH
FsDs$I
?t'y^
M&,t
2A6o
Nyga'
{erZ
[ FE
dvE w
zP{}
+[,t;
Efj
Hs 4
a4$g
*Z'$
dA59
5+,r^
C '
*gJ
q;} L
9id0
CiT9i
hC]
fA e
(en6
kU>K~
XlEz
1[g"&
JEHn
HYR42
69IW
ZPCjbp
fy&`|
xtL##
y:.&pG
aw!:
9*h/
CompilationRelaxationsAttribute
get_WebServices
! Z6I>
String
4A|1
XPdv
&rDA
5JM+
d b
SMX4
Kih l
Q4DI
t ,%_
^tVCD
s
Dnf ii
^}k7K
< ox
o!\G
FT3k
<[R=h
Q[B$
o1U(
&.xx
PPYo[
T7D?
r8SVKZx
1Fob
yO0+o
{i^b
@Wg-
~AED
ygc
ec&\
#t
/|YIvY>R
"MOO
nfr]
W+rH
=e r1w
M3esE
uR[@%
~( 2[N
Og>H
p#]|z
I;Q?1
0_:s
'/ +z
HpF3*a
QIXP
1< ~
!Gv5
aNFR
^"ZR
'..9
\s%`gYP
Wj;`
x>-C
JLIG:8
9?=
6HATq
gik;
%4ky
SEzE
. >R@H
t8*K}8
)l!9e
m6(tk
e tP&
tP^M
h5W*5?
M]h?
>gr[tT
:~}[
HideModuleNameAttribute
;3up
q>i!
PQW]Z<
.dOd.N
~eKm
~'/X
WLk"
DEHm
WoZ'P
]r#?
IEND
"87~
E/xr
l7!m
w2T3B
&#[y
ttr]
]tEjG
eMJRV6
3MF(%
}D}_
e}H3
wJRi d
\y1d<
>~;{
OBoy
(CMl
^z|d
WR;Q.Wr
C; Ej
s+K7u
WftrH
&fe,
WCY
#GUID
VsjOTbcY
n]G%
qTD_
[U3TW
%b\}CY
?KTA
H<;m
L-<_
uZ c
[ZO0Y
?4,
@+_nP
Kj$J
U~25N
]^.}X
e,cD
1GslS
? 7;
lo-Xv9dMz
^|[o=
SgY L
i9h"|
Yyhv
v'O@Q8
H@Ck
GXO3
Sj"M
(}W8u
H&3
c:2a;b
<y3a
9<D=
QQWh?0
JHr
]%D
\9KJm
9C~
}d?2
-QINE;
7|N-
^&-yt
5e6f
\}W
IO99
(lF7
Ju"
v,~Nb
W0u
l. *0>
s=\!
vi!,UP'
1C/!
U nB
E~Z1 Y
}M G2
Concat
5~R(
kV90
ABvY
f& [
4L5O
c9#
WxU-
7it$
TWy}
Jg?9X
^*TDFO
B.)#
#Q+U
CGMk
TsvN
pf+p~
_^#d
_/%1Y
Z?A=BL
~Sm:I
HV$H
CKMg
gJ` h0b
zZ m8
&OKW
>/GD
"kWz
em/w
&Q7/
$E_*e
Jv9t
"[/x
N/E>
}+C?R
-37g04j
R\I"l
9/V
-"K&(z5@
CompilerGeneratedAttribute
n/]
;?cDDK
VZb>M
dn~EPJ
OZ"<-S
FiWu
]#41
` +N
&HU-
hoe.{
;d$i;
dh[
`n:l
%+2ok
l&x]
ys00
:Nmh5
}>d8
m [
%"Px
wu19m
BT _
r(OZm
dg Vx+T
R}{
YPq
b ~P
rAcDU
F;;c_
EXJ_
hc{3
5s |,
>n7pky
BlR[P_
P{H
5.5P~
%?AT
tENO
sP w
s]6-
W> x
System.Text
U06jCg
e/l"
,,pS
/,op
{ QW
`1<{
5~#Q
e:e[
\WS?w
K1wDl
3@w?
OmUg
4bx_
W-*l
+9y+ /
NO&?
GGHh#
xQO
/Igjg
x 0Z
u`u ~b
a;C
9UOp
C$`\
<HJP
2y+
482+p^
y%h6
m}3&
eT .l
6S1+v
^?B|
]"h
=nfj|J
NGr
\H(O
-)c?
n .7
?US&v
H< |
i=$m
Wv}e
ym2m=
ohS!
f`-G
PrikK;
6tBc4
?l%h8
np_6(O
>d7S(6'|
-_`%p
]{]HC;
-z:h1
I^4908
BBeX
3@ED
UR'%$
5 bz
z-hVPZ
O$ s$,
fs`P
P_lL6
V]48]E
_jmUb
C@a[
!8^A#x
J`E:
^K B
!i7s
3 9b]m!&
a)mj
3 G-
c)1Z
)nm=
z7s|
a&Q&
_r+;f
eq7&
- %u
HEU^
\TIe
Rs^
/ -X
6'.YI
G*@H
U4"1
,hgwu
-RT"
G;,1q
]VYX
^Q (
5QP?
Z$Jr\
2SZN
Rojy=
\~u]
+"F`
eaJ^
#<`&
t p^
^'=)J
gO7$J
y[2!
C^rd
>"B[
IxQ&
FQBf[
8Dz2
k(NR/
_w'^
!EY
hkPl
\7eu
=DD
dxJ?
AW 8@
LRC|
$k%H
Dc,N5N
cOVI
f~n8
<Cb
J%k-j
*<F"
PC)}
G%"9
R@ y
wkFLp
=T8Pwjx
^7[I"
o{5
*k$d`L
L(,[8
6 TQ
4n"fm4
C1(pi
4;`q
aGk$
}!Vx
m}Cc
Ly|
VD~*
0R>(
J&Qc[
`]..
B6F
UC|<%
liFH WH
Jgm5
j! Q
eJ{*
14.0.0.0
8 Mqy
gN,w
NCCe
I8bGk
6nx
E * p
[sIg
uN+Qo
e, K
}9}t5
D+yrc
~B@2
9*]y
dncC
?bk!
+FPh @
pcRk0q
b%'?
Microsoft.VisualBasic.CompilerServices
mMGJs
`K(0m
W4ZmN
4!OT
jq))zm
4>eml}
b9w[
OrObject
MyApplication
.v!8
%V2
Gn,%zZX
aY9Q~
kDub
rKISI
RRob_
:O%[
:uj.H
P?1A
`k7jh
[FY [
Y D'=\
67'#
^ H +
gk k
Mk9;b
x]f9V
U6<V
oes}9
n;>6
zngZz
ro3
X6 D}-
yJ|*
User
^ ,
cM %A,
y@DTKq
TF\[X
%+Qo
ghj
Rk=~E
2%7.
{ytM
M)Pa
B]g8
&p=2
^&~yy
96p{
@bzg
p># n%
!#Ui
C_TU
K} d
DN[p
-Sia
9C-f
N@|bw
mTj]
c/uV
+lv609
X">-
qo5m
*5Pp
iwzr
gkel5!Js9
L51m
.o[u
[I3B
#D ?
!jNvg
8+{J.
I5#Xw
\@;n
7Kd
D(w
F/}X
$2bo
vf ^I{
$%O~
WZYO
3Pu
6d@9
B.*<
V-]Y
/tF.f
$l I
8!.5o
6mE)
!cc;
n9]v@
)Computer Associates International Company
8/U"
yLXd&t
Dispose__Instance__
F\VV
xD+n
;7=!
W S@Q
[`$
g ek
hVDi"
C.19
Eo1O
u) O^
szE;
ULK3
W` *
:Y=i
SUX 6g2
%IhD^<HHR
E0%K
%}=
-"<t
bK:S$
1qs5
6hCh
mY>8
C!^QRf
T,?jS
QE{\
f/.S.c5
6s|5
bG&\
mGM:
ItuA
M}{@
SM24
@ !
RuntimeHelpers
5TEO
w|'%
eva\
&42C
x|EM 9T<
\] a
td~hVR
=%6*
MDIdl
FlWNn
UFk5
q,k4
LsHP
tTyC`
_f m7S
LV,YY
Vta6
*Uk/
4dHq
KwVp
kH{;
r5ucj
Encoding
dN~7
92yD}
K:^g
_BqS
q59>
hz!_
>}F
y_z!"
o)$|
O^v?1
A\va
0$ ^
bQT7:5
+vc>
, G6.
Object
>5CvC
K>>$?
2caM
32F e
70Fiu
^eU|~
W0F{
,;d5
hcH3
z!=
^^@u
%:Tz
ComVisibleAttribute
VHY.w
Qh T
; ?vO
v]j .
4EVT
j t
r_Te
u I/
& 7W
kw?WJ)C
elX'
7~h~
U~!6
_C_D
eLh>
IA)>
*Hmu
!{^<
(] a8
\\ wf
0u4Y{
C)S:
eaP1:
<hC
BP/pL
W6LV
4wgY
'_!i
cMlu
('`t;"
|"2K
M,vq0
J|z
tDW`
G;_G
c)'<H
zO =
Oe Mw
Z`k#
DkC42
at?N-
Z"O.
iRyq-
EditorBrowsableState
, N"
cVfO
ZaT
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
m_u%
&bu<F
l+<M^e
'l}:
m?!A
K_4N
2C`x
TOT"(
6JT^m
-SWt
$6"X -
A>H>
=~y.Uqo
|IIy
i9h"
p;j.:
QBSU
pWh3YI
Rl[J
x +c
C)@a5
9le #
^F^e4l
6}$V
vG<7
0x@R
M=sn{
Xuq)mY
)P R
d!3=
2/g8
b2dG
}rev
b!E+6
lF-
*rx_
3A51G
drw\Hu
G`~ g8G
Y.S2C
]TyL
}n>B
v]F.
!55|
75<>
LvOO
C`X.2
oUZ<8
8hYj
|fo)
1Yub
YHGF
1vtu:n
g2jR
`/f9&W=[
PAc{
Y-Cf
{V>v
sRGB
n2hF`
VJ\C^
86?rj
%|5y(
:vMt
8SVsk
wfBX
))79
4P`D
]jg6
!&X'zIB4
z\+w
_Ec`
z48
?6k]
S f
J(,
5-|t
WQdg(
k/s=
vS6x
%B5N
H7V@
ApplicationBase
9MuN
.6NJ
LH/d
u)g/
F)S)m
*+"5
}\X~
M\"U
)_}c)P,_X
DgT|
_b,FA0
|fk<3
u{IE
$!- 0*
M9[u
:]dlg
Hm#E
h>V~
5(`<
(A<u
T5^T
d +9w} UCL
e{Cg5
?q*Tc8
dMst
v- u
VF#L
bE5W
}vkt
v%?v
<u)0
sy+(
FRg|
2z+Y
m_AppObjectProvider
+zT~
.3ye
pouD
'1qj
A |Qg
(/7=X
&ay>
s:Dc
DnqZH
gQ!A
b=Ri
$N`|
-,2;
T%vE{
F/Bv
2/MH*YV
raT'
G/Nat
Co &
r/U,r
}n$NakH
p(jk
RJS
pnTZ
M0E?
W@=8
U:<VV
(o@D+g
|ep mA
S"p8
8~ { 7
+; u
c"]v
,vep
T;*=M
v~nk;
J@V+
d #0
:vc@
Owr
= @
lVA=
Yp>8>
.bs:
W82G
z9&v
Rd)=
&^#J~
lk[`
Jj= 1I
USNhO
_0bB
c83C
s q4K
\F6i
,j
(34f
}@ y)Xc
:#`"
sLZ_
+*64^
PTU&
YvBc
f^d<#Y
J]A
.}f;,
_J" q
1nK6B
'M ,Md
cB8k
@ddY
4 :cX
msv=
MWXJ
b<@g
;J_D
.< t
EQOA?
}</X
~=`J
r?U%
B :G
-O=}
FW Z
-H$F
)B};f
%DbNNj
GNu
'Sdd
)t(L
0dKHK
mq;WBvv
MWi0:
'nda
X"M,
tz>
X8(m[}Ln-S
'aPQ*IS
3`8J
7CO
CQ0T
r3A>
k@1l
#)=q
265<
"DTr!
DrV9"p
*UO$
d@r 6(
Ii /o
7~P*
T<ryd%
Vn*E .>
?_zG
iY|8cA
W(&<
) /
S&~n
PX"(
"Zip
,aP'/
!4])
@Y R]o
#h{\
W:
"Oz7
~F#0
|N:fI|N
XQ w
UhoTN
L8qa}"D
,%!I!
/ mT
'B]X
j?Q
FIN
?I^(z
PglI
h!ArG
w.A#
NFe=W
Az#U
y@eb
mW["Nx
Dw7oL:
Lre~
`>k;
)$;(-~
biE4
XmRS$
19,e
xxaN+
D~R,
Rx)B
oRDa
0{k#
8czn1
a6qA
MyWebServices
d#_.
>Q--T
0r!GX
IqUh
)l%M
- 'g
GTF`{
|L:D
"vN
Uf{l
8Mth@}
bHUe
Y8{'S
l<>F
}s!H*
;P(f
K`<]kc
PS@z
~n,2
.ZE7
>ejk
@G`W
!:0&](Y
-tA*1
Tlqz^e
}YW_{|1e9 J
&|X?d
?J)0#
eGM+
b,<@
>v`
r5[2/
4_gi
?gf`
n^rD
G8'c
Hd ]
1ps0
u ?
TXen
Y( 5
.`1w
*<#
2eCC
D4w!
U,Yx9
V~q&E
'`n
yt{h
`5 5jEl
J|9|d
_4<Z
}K <
r#>b
K)ai
+] K
L^]V
Y/T!
$CW
"{Z[
{ii.
6Wh [
0;b{
u=w
GlWxY+@
2v&O
f$%+
=4u+
m_!c
s(iP
"S f
AddObject
UF?{
$FEli
CompareObjectNotEqual
r!U=
My.Computer
/CE
["5'@
Z62'
_ 5eO
!bxCvo
F]&
3|d V~
f_b GH
7-y$
63)M%
Ww ;DP
,AQ{0D
Operators
M}l4
Dnsq*y
zN?k'
eEKwZ
B !R
2PNS
b\s2;S*9
bGm(
tnjx
wIlfs
hf|=
j{q]=
r=#]t[
VpgT
3,$`
%2 TfCi
#PP/
Y=gJV
,*QH
[f :<
Asp~@
,g1-
sg|
oic
dUcz
+;(g
XPiM
9.z
hL!:
1zsm
<7V-
~`r
CW*
<Uq
f &
F3g2
5V_3
?yE!v7
aU?P
G%J.!
h`p)
.n3_
+T 9
6't=
Chu3
0C9O
@>&cm
R(6O
DQ4}
#-fk
ToW\
vW7o
XS-mX
& _w
.((1
;L@:
qAX/
*V&mA
l*a5
%w kR
![9S
T._Y
c@|x
\$Sg
!WTq
?_fj
AGPm
>p9c7
fn>o)`
^sze D
d7b#
d`]<)
Io%s
2tah
i-8d
,oN$
]H]:
Q2[L
35ysgG
{mZl
/Y.vF
E<&aFt
)pE-
` g )IpZ
_3J
Ek9p
u4|}
V') y
:/w8x
J2d&
&"[P5
9 'e
Q_H0;-ET
(Y]f%/Bv
4" r
?hK95
xrJ(
^`SR
s91,
WZ/T
v%'"h
)94;
~D`M
(J`J
%Y?|
M6lt]
instance
4FFpO
_#m2
(<e-l8
5~2A
p-]j
u>JE
t?.[
9M.e
^PK:
5jUHD
P>K08
t1)K
^=pL
u9Lv
d|Fl
+LYI
Sj/@N
#EQ5
|}V.
]REE ]t)
BSd4y
%8#"
os+TJl/8
v(g
y[VA
ai<<
9%<Y
J<9n|
`W;?
Se[K
x :5~_W
_z7SR
E v}`!|
/T~t
]eJb
lnd[)
vhpd6
?:afu!
67Y04
!%V ?
l?P3
b Kw
qhA
2:fWM
M1r2
huFd
IDAT
$o& V
; Jk
qIZr
%*^
rs*G
System.Runtime.InteropServices
Emu{
EHc5R
04v.n<Ny
XWl
os\W=
J{tM
H3 0"o
a6T6O
R^g
YaUOfC
/IQ\@
jjOx
NdR]
%&vU
x-F5
1V3[
[{ ~
;Z9^
x,7 xI
}=2/
E^u!M
Z)2e
?KL{
6 *H
dX(c
V95B
2w)aF
h5m/
AlNEB
.Qsp
n],|
lb
(u?E
Q?zmj
x+Fe
System.Runtime.CompilerServices
S]!-
kB6U
\hPC5>
GE{I)
hj^*
ZVRW-|
$ ?B
T6$6
92rU
b>"e
oC!G
Dg8L
e^8o
zUK[JR
L9Ll^
*~T;
vNt nO
s\@]
F Y
#,\
DPN#
J! J
]\Yi;U
(
dR5 M
;`Sf
B;#Ki`h
DbzP
|i{Quj hD
#m"{:
iDxbQJ
=({&v
H40H
=MX]i
Wo%eZ
u8PbDP8
-'L.
j8g%?m
er W
$>uQ
Ii9
.*Fh
Microsoft.VisualBasic
!LS>
EGPx5b
%t7$c
u?FS
vwnP
'[HV/s%
%}8\Pz
P-F[
Jt]3>$
; vvq%7W
yosV
_/GE
i-v+
4_\[?;u
H9G]
Yg&U
"k%,.f
FU<F
-W#KZ
%5wp
|Y^hQ
BLIT}2q
4jFR )
vyt
8YtB$
iJ0(
r3,6~]}
j e
(~ahb_
)l6+]
r]NW
)]Ie
>{d#
4Ss6"
p9p2
%`tPL
c^|+<
eRx3
c$rA
ZHkuC(
/)8Y
(I#_ ]
dVQG
WdWrg
QXr=Z
}XR7
Z3$R
hjl;
Y=6$ {
dyQ8
Yp_y
Jl"`
}-iL
<zo4
]Z%AP
^97av
v(Vfz-
${6L~
[=E@
)R31
}LVdt_
5%u s
DK;K
YOi3
v(
Y8T
7:eOd
My.Application
J1{b
?x#UQ{
>Yw@
=zHh
&Y1{.VEN1]
AssemblyProductAttribute
V[ a
c$Q*
(qKEE
Equals
9ol
?{m
yclGW z
BW4F
wZe>IV9H
L+QJ
PFp=Qm
io>>
jC Fx
5^R F?
"C +
H8cI
i?3p
\N'u
^DdV *^
{P{/
gHeg
}E8=
)-eZR
u8$.
jsq\
5 7W
;DH]
<Ec4
G3<0j
eSvy
`F+k
h'q%
>9x>
i9d
r8Et~
$^iK
\K @9
E-Tf
@n>MC
%ej}F^
.q X|
ZonO
W; =?}<
$ j$
6/YfZ
l[oR
bB89
%&ot?
_+m
5;f" 5
$<mR
mL@"V1
Y4|s\
Y& 2Dy
f=>0
G`@e7
T@qz
w;In
i B/<
iNO=tj
MBTm
_OkJ
%E/#+M
cE$1-
Z&-.k
H1F[i.+'
Nq`7
KL#&z
System.Drawing.Bitmap
Q8ux3dj
V|$o
4RbQ6
vt3>
v9Dea
qz
"2SEbD
ZJ|9
$ =-5
=Rw=
98Z~[U
l^+X
Olc,z)
ed X
d`ge
eYtB}
^+1c3
0e1D
e/FW
F< D
]LvS3
/ Jl,
&],-
^)hm
XUM&q
F\S<b>
UNYx'
^b'&5
+H5cm
U[n1(5
0o-*
LC{~n
MOdJ
t2s
HJ .
5.QF=
2a{A
u`QW?4
!)$K
)5+%
U$}#
)[lV<
iHj;
M:iX
^6WT
*#K|,Pe
9[3C
%BX`
LXp9
hAr1
_=gg
{FJU$
)3N$o) R
i+A.
)J3
H;v
[:Ng%
|=w W
9ojn:
s|F;
e h!
zYy26
s 3q@
u8w7ia
k%?7
k. O
5l"7
GEIa
6:#
|f$.]
$ej?f8
vb9>(
gW_|
)7j{
zUG!R=
+\-3
w83s
dQ$a
UgWy
7l3qO
XA z
nMN5N
O?&JB
r0^k
jU"}U
V~fJ\
P`&h
39M3
*@rm
Uf 6
`}+cTk
m6nE
2* nD
@_^7
1}r3
,_^:w1N.)
)'r=SI
;FBO
c% A
U `
$0ra
I>&D_
Xy*
H>nZ
Azh:
%y2Y
JWd7
Ye3
J" 7`/[z
Microsoft.VisualBasic.Devices
d?8z->l
MyTemplate
|kbO4I\
ZG:p
&Computer Associates International Arto
}W 6^}
>CZ!s
Mw{H#Jf/U
H y(
4QI*
8=7:
{OA-J}njNP
CFacl
7 {}X
^3"\Y9
;EV
iJb^
]1kW#
4, RByn
.\>D
0GNV
Lo+#
?yB,h
5&AP
}Wf(
J0 n
-OJ2
PwRS
aEH-"
E '-
.2!T
6']>
GtlS
o1sB
<P-L8T
Q(POj
2J6s
Dpl
Zc
7sX^
^WO6
1ee:P
Q\@:
wJ6n
!uW'
njF
/ +n
>UB
!D^ni
s)K6l/
q4/n
/YSH/
"I^
~ T<v
^y~B:
[}{Fs
H.5o
J*caR$
FC"&gsb@
yTE7Y{>
B0Awl
WW 5
q>Pu`
zDmJLO
}BC'
mD6 `
A] +
U(Y-
|#Ia
YwbE
EubR#
w23c
bxzsz
uL4$
yEJ:
K$\0
Azv+
,LE@
]'@CI
=,g|
>a]|
ft^$T1Z
Ful,.
Trk"
ToUInteger
`XQ
LIU
r7%)H
?ax+W.
K3>{
[zh%Xe
_g^Zw
^+H)@
%}"?
-\$4
)6t
(v"bsc
h4L^d
m_ThreadStaticValue
X%X+]
1(u3
&0C [9
W[ts
<oQy
2E7%nM
#gh)
a#AC
/!@vm
IyPYu
3 OI"
_akS
H4#z
qm!Z
=m4z
~gD K
Kc/m
#U)P
oclMUkh
>B+T
A6BTa(/
b )G
=ga-
'b\b
i:Sh
e~Pw
=F 7
)f^,
h],
M++@
F_(.
#=S
/-3R
cDzC
Aph&
KfUw
0=Glt
kg7c[m
IK^7
[2t)
_h\p
M}p:_%
ZKiv
ucT%
t5UJ
% ,Y
?:1$Q
M}0_
>A~b
K<t*Bh
MyProject
+w[<*:$s
qgYXR
9v:~gC!
vE3C
iB9z
v5+*
`+KiZ
CS+]\
dwFY
Y hW
Wxc%
8WG5
g~A6g
,$w{
AP=Q0
TNx-
a`OY X
4+Bl(
)~gP\M
#/ p
-#h/
K2p
0,aU
A=a
AssemblyFileVersionAttribute
tL&/s
.v |K
U5G<
qHKN
AK;pSy
SSr
I*+z
Qr6v
{MpNV
]T ` 7
>~PFE
H&5 3
W<7T
z >
zQB4gt
pX:e
Nj l
LA)m2
(UxRE
{&F=
\!S0
b( f
s*?I
JR>_
jjv
J! N
(R0r
ks+
aoi;D(
]B:`
bI~<
,lal
cmoI
: q6R0
PR"a
Fati
c.G_
BOi7
ZD@1;
@3y4
o>IG
& {b
z&?Nj
yt9;$\/
C 9a
_^aG
P`BpK
0vcU
GeneratedCodeAttribute
(,5{P#
`~ Oup
Dl5z
U:q|
!KGq7
\Wh!
W1AT
wVqt
`|>1
LFD/
W'G)
"dA^
}(s6
1X T
Z?9n
C OX
poloport.exe
\z6(
_QZ'
p%\/-
]PTA_
JW1g
L>dd
j{{}
Olr`|
>Ow^
'{=K0
(s{
F[ `
t}/q]
ExNl
x+%3`~s
!\q
0cmrrp'
r_7Gx
{ {l
l[1q
6[3?
B6CKm
p(\o
:7F[
YC*|o
( l
7j>B
di]xf
2Law
NewLateBinding
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven05b_64 | Seven05b_64 | VirtualBox | 2018-02-08 22:29:19 | 2018-02-08 22:32:13 | 174 |
14 Behaviors detected by system signatures
Collects information to fingerprint the system
Severity: High
Confidence: High
Checks the CPU name from registry, possibly for anti-virtualization
Severity: High
Confidence: Very High
Retrieves Windows ProductID, probably to fingerprint the sandbox
Severity: High
Confidence: Very High
Creates a hidden or system file
Severity: High
Confidence: Medium
- file: C:\Users\Seven01\AppData\Roaming\jit\jit.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit
- data: C:\Users\Seven01\AppData\Roaming\jit\jit.exe
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: poloport.exe(2476) -> None(2692)
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 7.99, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0003d400, virtual_size: 0x0003d364
- section: name: .rsrc, entropy: 7.92, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00030800, virtual_size: 0x000306a4
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://checkip.dyndns.org/
- url: http://yt.wozyzy.com/WebPanel/api.php
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- post_no_referer: HTTP traffic contains a POST request with no referer header
- get_no_useragent: HTTP traffic contains a GET request with no user-agent header
- suspicious_request: http://checkip.dyndns.org/
- suspicious_request: http://yt.wozyzy.com/WebPanel/api.php
Network activity detected but not expressed in API logs
Severity: Medium
Confidence: Very High
A process attempted to delay the analysis task.
Severity: Medium
Confidence: Very High
- Process: WmiPrvSE.exe tried to sleep 301 seconds, actually delayed analysis time by 0 seconds
Creates RWX memory
Severity: Medium
Confidence: Medium
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven05b_64 | Seven05b_64 | VirtualBox | 2018-02-08 22:29:19 | 2018-02-08 22:32:13 | 174 |
9 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\poloport.exe.config C:\Users\Seven01\AppData\Local\Temp\poloport.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\* C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll \Device\KsecDD C:\Windows\assembly\NativeImages_v4.0.30319_32\poloport\* C:\Users\Seven01\AppData\Local\Temp\poloport.INI C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\assembly\pubpol23.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\* C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources\poloport.resources.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources\poloport.resources.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux C:\Users\Seven01\AppData\Local\Temp\poloport.exe.Local\ C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll C:\Users\Seven01\AppData\Roaming\jit\ C:\Users\Seven01\AppData\Roaming\jit C:\Users\Seven01\AppData\Roaming C:\Users\Seven01\AppData\Roaming\jit\jit.exe C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll C:\Windows\sysnative\wbem\WmiPrvSE.exe C:\Windows\inf\hdaudio.inf C:\Windows\sysnative\DriverStore\it-IT\hdaudio.inf_loc C:\Windows\inf\hdaudio.PNF \??\PIPE\samr C:\Windows\sysnative\wbem\repository C:\Windows\sysnative\wbem\Logs C:\Windows\sysnative\wbem\AutoRecover C:\Windows\sysnative\wbem\MOF C:\Windows\sysnative\wbem\repository\INDEX.BTR C:\Windows\sysnative\wbem\repository\WRITABLE.TST C:\Windows\sysnative\wbem\repository\MAPPING1.MAP C:\Windows\sysnative\wbem\repository\MAPPING2.MAP C:\Windows\sysnative\wbem\repository\MAPPING3.MAP C:\Windows\sysnative\wbem\repository\OBJECTS.DATA C:\Windows\sysnative\wbem\repository\WBEM9xUpgd.dat \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM \??\WMIDataDevice C:\Windows\sysnative\Branding\basebrd\basebrd.dll C:\Windows\Branding\Basebrd\basebrd.dll C: C:\Windows\sysnative\tzres.dll \??\PIPE\wkssvc C:\DosDevices\pipe\ \??\PIPE\srvsvc C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Users\Seven01\AppData\Local\Temp\D6v.exe.config C:\Users\Seven01\AppData\Local\Temp\D6v.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\ConsoleApp1\* C:\Users\Seven01\AppData\Local\Temp\D6v.INI C:\Windows\Microsoft.Net\assembly\GAC_32\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\poloport.exe.config C:\Users\Seven01\AppData\Local\Temp\poloport.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\assembly\pubpol23.dat C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\sysnative\wbem\WmiPrvSE.exe C:\Windows\inf\hdaudio.PNF \??\PIPE\samr C:\Windows\sysnative\wbem\repository\MAPPING1.MAP C:\Windows\sysnative\wbem\repository\MAPPING2.MAP C:\Windows\sysnative\wbem\repository\MAPPING3.MAP C:\Windows\sysnative\wbem\repository\OBJECTS.DATA C:\Windows\sysnative\wbem\repository\INDEX.BTR \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM \??\WMIDataDevice C:\Windows\Branding\Basebrd\basebrd.dll C: C:\Windows\sysnative\tzres.dll \??\PIPE\wkssvc \??\PIPE\srvsvc C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Users\Seven01\AppData\Local\Temp\D6v.exe.config C:\Users\Seven01\AppData\Local\Temp\D6v.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
Write Files
C:\Users\Seven01\AppData\Roaming\jit\jit.exe \??\PIPE\samr C:\Windows\sysnative\wbem\repository\WRITABLE.TST C:\Windows\sysnative\wbem\repository\MAPPING1.MAP C:\Windows\sysnative\wbem\repository\MAPPING2.MAP C:\Windows\sysnative\wbem\repository\MAPPING3.MAP C:\Windows\sysnative\wbem\repository\OBJECTS.DATA C:\Windows\sysnative\wbem\repository\INDEX.BTR \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM \??\WMIDataDevice \??\PIPE\wkssvc \??\PIPE\srvsvc
Delete Files
Nothing to display
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poloport.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|poloport.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|poloport.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|poloport.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\poloport.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\986264BB
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_USERS\S-1-5-20_Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Elevation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LoadUserSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_CAFE&SUBSYS_00000000&REV_00\3&267A616A&0&20
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_CAFE&SUBSYS_00000000&REV_00\3&267A616A&0&20\Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CDROMVBOX_CD-ROM_____________________________1.0_____\5&106AF171&0&1.0.0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CDROMVBOX_CD-ROM_____________________________1.0_____\5&106AF171&0&1.0.0\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267A616A&0&09
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267A616A&0&09\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2617AEAE&0&0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2617AEAE&0&0\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&0\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&1\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_2829&SUBSYS_00000000&REV_02\3&267A616A&0&68
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_2829&SUBSYS_00000000&REV_02\3&267A616A&0&68\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eCDInTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eCDInWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eMicInTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eMicInWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eSpeakerTopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eSpeakerWave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ClassGUID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{C2D43895-0262-4873-A789-C2F96D24B693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{684BB8B6-2793-49A5-8012-E0A941B4B4DF}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{5F6D61D9-D207-449A-BD48-652A5D1F25BE}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{E43D242B-9EAB-4626-A952-46649FBB939A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#NDISWANBH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#NDISWANIP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#NDISWANIPV6
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{8E301A52-AFFA-4F49-B9CA-C79096A1A056}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{DF4A9D2C-8742-4EB1-8703-D395C4183F33}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{83da6326-97a6-4088-9453-a1923f573b29}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000006
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Pnp\{71d10298-bdb9-4dcd-a87a-eec6137ab254}\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ClassGUID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ContainerID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Legacy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\#
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CompatibleIDs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\#\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\#\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\LastUpdateTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyCacheDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyHwIdKey
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\SYSTEM\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM\0000\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\BTH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_AGILEVPNMINIPORT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_L2TPMINIPORT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_NDISWANBH\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_NDISWANIP\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_NDISWANIPV6\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPPOEMINIPORT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\FriendlyName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\#
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\DeviceDesc
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eheadphonewave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eHeadphoneWave\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eHeadphoneWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_8384&dev_7680&subsys_83847680&rev_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eheadphonetopo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_8384&dev_7680&subsys_83847680&rev_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eheadphonewave
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneWave\Properties
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009
HKEY_PERFORMANCE_TEXT\Counter
HKEY_PERFORMANCE_DATA\238
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo\FilePrint
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\D6v.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\986264BB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LoadUserSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_CAFE&SUBSYS_00000000&REV_00\3&267A616A&0&20\Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CDROMVBOX_CD-ROM_____________________________1.0_____\5&106AF171&0&1.0.0\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267A616A&0&09\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2617AEAE&0&0\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&0\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&1\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_2829&SUBSYS_00000000&REV_02\3&267A616A&0&68\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ClassGUID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ClassGUID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ContainerID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Legacy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\HardwareID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CompatibleIDs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\#\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\LastUpdateTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyCacheDate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM\0000\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\FriendlyName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Phantom
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Driver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\DeviceDesc
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eHeadphoneWave\Control\Linked
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ConfigFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier
HKEY_PERFORMANCE_TEXT\Counter
HKEY_PERFORMANCE_DATA\238
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
Write Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Delete Keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyHwIdKey
Mutexes
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW clr.dll.SetRuntimeInfo clr.dll._CorExeMain mscoree.dll.CreateConfigStream mscoreei.dll.CreateConfigStream kernel32.dll.GetNumaHighestNodeNumber kernel32.dll.GetSystemWindowsDirectoryW advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddSIDToBoundaryDescriptor kernel32.dll.CreateBoundaryDescriptorW kernel32.dll.CreatePrivateNamespaceW kernel32.dll.OpenPrivateNamespaceW kernel32.dll.DeleteBoundaryDescriptor kernel32.dll.WerRegisterRuntimeExceptionModule kernel32.dll.RaiseException mscoree.dll.#24 mscoreei.dll.#24 ntdll.dll.NtSetSystemInformation kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.GetNativeSystemInfo ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware ole32.dll.CoGetContextToken clrjit.dll.sxsJitStartup clrjit.dll.getJit kernel32.dll.GetACP kernel32.dll.LocaleNameToLCID kernel32.dll.LCIDToLocaleName kernel32.dll.GetUserPreferredUILanguages kernel32.dll.UnmapViewOfFile kernel32.dll.CloseHandle nlssorting.dll.SortGetHandle nlssorting.dll.SortCloseHandle cryptsp.dll.CryptAcquireContextA cryptsp.dll.CryptCreateHash cryptsp.dll.CryptGetHashParam cryptsp.dll.CryptHashData cryptsp.dll.CryptDestroyHash cryptsp.dll.CryptReleaseContext cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptImportKey cryptsp.dll.CryptExportKey cryptsp.dll.CryptDestroyKey mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap kernel32.dll.CompareStringOrdinal kernel32.dll.GetFullPathNameW kernel32.dll.SetThreadErrorMode kernel32.dll.GetFileAttributesExW kernel32.dll.ResolveLocaleName gdiplus.dll.GdiplusStartup kernel32.dll.IsProcessorFeaturePresent user32.dll.GetWindowInfo user32.dll.GetAncestor user32.dll.GetMonitorInfoA user32.dll.EnumDisplayMonitors user32.dll.EnumDisplayDevicesA gdi32.dll.ExtTextOutW gdi32.dll.GdiIsMetaPrintDC gdiplus.dll.GdipLoadImageFromStream windowscodecs.dll.DllGetClassObject kernel32.dll.WerRegisterMemoryBlock gdiplus.dll.GdipImageForceValidation gdiplus.dll.GdipGetImageType gdiplus.dll.GdipGetImageRawFormat kernel32.dll.GetEnvironmentVariableW kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges ntdll.dll.NtQuerySystemInformation kernel32.dll.CreateDirectoryW kernel32.dll.CopyFileW kernel32.dll.SetFileAttributesW advapi32.dll.RegSetValueExW gdiplus.dll.GdipGetImageWidth gdiplus.dll.GdipGetImageHeight gdiplus.dll.GdipCreateBitmapFromScan0 gdiplus.dll.GdipGetImagePixelFormat gdiplus.dll.GdipGetImageGraphicsContext user32.dll.GetProcessWindowStation user32.dll.GetUserObjectInformationA kernel32.dll.SetConsoleCtrlHandler kernel32.dll.GetModuleHandleW user32.dll.GetClassInfoW user32.dll.RegisterClassW ole32.dll.CoTaskMemAlloc ole32.dll.CoTaskMemFree user32.dll.CreateWindowExW user32.dll.DefWindowProcW user32.dll.GetSysColor gdiplus.dll.GdipGraphicsClear gdiplus.dll.GdipDrawImageRectI gdiplus.dll.GdipDeleteGraphics gdiplus.dll.GdipBitmapGetPixel gdiplus.dll.GdipDisposeImage kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW ole32.dll.CoCreateGuid kernel32.dll.GetProcAddress kernel32.dll.WideCharToMultiByte kernel32.dll.LoadLibraryA advapi32.dll.SetKernelObjectSecurity advapi32.dll.GetKernelObjectSecurity kernel32.dll.CreateProcessA kernel32.dll.GetThreadContext kernel32.dll.SetThreadContext kernel32.dll.ReadProcessMemory kernel32.dll.WriteProcessMemory ntdll.dll.NtUnmapViewOfSection kernel32.dll.VirtualAllocEx kernel32.dll.ResumeThread psapi.dll.EnumProcesses kernel32.dll.TerminateProcess ole32.dll.CoWaitForMultipleHandles advapi32.dll.EventUnregister user32.dll.IsWindow user32.dll.SetWindowLongW user32.dll.SetClassLongW user32.dll.DestroyWindow user32.dll.PostMessageW sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW sechost.dll.LookupAccountSidLocalW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx kernel32.dll.QueryActCtxW vssapi.dll.CreateWriter oleaut32.dll.#6 oleaut32.dll.#2 advapi32.dll.LookupAccountNameW samcli.dll.NetLocalGroupGetMembers samlib.dll.SamConnect rpcrt4.dll.NdrClientCall3 rpcrt4.dll.RpcStringBindingComposeW rpcrt4.dll.RpcBindingFromStringBindingW rpcrt4.dll.RpcStringFreeW rpcrt4.dll.RpcBindingFree samlib.dll.SamOpenDomain samlib.dll.SamLookupNamesInDomain samlib.dll.SamOpenAlias samlib.dll.SamFreeMemory samlib.dll.SamCloseHandle samlib.dll.SamGetMembersInAlias netutils.dll.NetApiBufferFree samlib.dll.SamEnumerateDomainsInSamServer samlib.dll.SamLookupDomainInSamServer ole32.dll.StringFromCLSID oleaut32.dll.#4 oleaut32.dll.#7 propsys.dll.VariantToPropVariant wbemcore.dll.Reinitialize wbemsvc.dll.DllGetClassObject wbemsvc.dll.DllCanUnloadNow authz.dll.AuthzInitializeContextFromToken authz.dll.AuthzInitializeObjectAccessAuditEvent2 authz.dll.AuthzAccessCheck authz.dll.AuthzFreeAuditEvent authz.dll.AuthzFreeContext authz.dll.AuthzInitializeResourceManager authz.dll.AuthzFreeResourceManager rpcrt4.dll.RpcBindingCreateW rpcrt4.dll.RpcBindingBind rpcrt4.dll.I_RpcMapWin32Status advapi32.dll.EventWrite kernel32.dll.RegCloseKey kernel32.dll.RegSetValueExW kernel32.dll.RegOpenKeyExW kernel32.dll.RegQueryValueExW wmisvc.dll.IsImproperShutdownDetected wevtapi.dll.EvtRender wevtapi.dll.EvtNext wevtapi.dll.EvtClose wevtapi.dll.EvtQuery wevtapi.dll.EvtCreateRenderContext rpcrt4.dll.RpcBindingSetAuthInfoExW rpcrt4.dll.RpcBindingSetOption ole32.dll.CoCreateFreeThreadedMarshaler ole32.dll.CreateStreamOnHGlobal advapi32.dll.RegCreateKeyExW kernelbase.dll.InitializeAcl kernelbase.dll.AddAce sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW kernel32.dll.IsThreadAFiber kernel32.dll.OpenProcessToken kernelbase.dll.GetTokenInformation kernelbase.dll.DuplicateTokenEx kernelbase.dll.AdjustTokenPrivileges kernelbase.dll.AllocateAndInitializeSid kernelbase.dll.CheckTokenMembership kernel32.dll.SetThreadToken oleaut32.dll.#285 advapi32.dll.RegOpenKeyW oleaut32.dll.#12 oleaut32.dll.#286 ole32.dll.CLSIDFromString oleaut32.dll.#17 oleaut32.dll.#20 oleaut32.dll.#19 oleaut32.dll.#25 ole32.dll.CoRevertToSelf advapi32.dll.LogonUserExExW sspicli.dll.LogonUserExExW authz.dll.AuthzInitializeContextFromSid ole32.dll.CoGetCallContext ole32.dll.CoImpersonateClient advapi32.dll.OpenThreadToken oleaut32.dll.#8 oleaut32.dll.#9 ole32.dll.CoSwitchCallContext oleaut32.dll.#287 oleaut32.dll.#288 oleaut32.dll.#289 oleaut32.dll.#283 oleaut32.dll.#284 oleaut32.dll.#500 ole32.dll.CoUninitialize ntmarta.dll.GetMartaExtensionInterface kernel32.dll.GetThreadPreferredUILanguages kernel32.dll.SetThreadPreferredUILanguages kernel32.dll.GetSystemDefaultLocaleName fastprox.dll.DllGetClassObject fastprox.dll.DllCanUnloadNow oleaut32.dll.#290 wmi.dll.WmiQueryAllDataW wmi.dll.WmiQuerySingleInstanceW wmi.dll.WmiSetSingleItemW wmi.dll.WmiSetSingleInstanceW wmi.dll.WmiExecuteMethodW wmi.dll.WmiNotificationRegistrationW wmi.dll.WmiMofEnumerateResourcesW wmi.dll.WmiFileHandleToInstanceNameW wmi.dll.WmiDevInstToInstanceNameW wmi.dll.WmiQueryGuidInformation wmi.dll.WmiOpenBlock wmi.dll.WmiCloseBlock wmi.dll.WmiFreeBuffer wmi.dll.WmiEnumerateGuids winbrand.dll.BrandingLoadString security.dll.InitSecurityInterfaceW cryptsp.dll.SystemFunction035 schannel.dll.SpUserModeInitialize user32.dll.GetSystemMetrics ntdll.dll.RtlInitUnicodeString ntdll.dll.RtlFreeUnicodeString ntdll.dll.NtSetSystemEnvironmentValue ntdll.dll.NtQuerySystemEnvironmentValue ntdll.dll.NtCreateFile ntdll.dll.NtQueryDirectoryObject ntdll.dll.NtQueryObject ntdll.dll.NtOpenDirectoryObject ntdll.dll.NtQueryInformationProcess ntdll.dll.NtQueryInformationToken ntdll.dll.NtOpenFile ntdll.dll.NtClose ntdll.dll.NtFsControlFile ntdll.dll.NtQueryVolumeInformationFile netapi32.dll.NetGroupEnum netapi32.dll.NetGroupGetInfo netapi32.dll.NetGroupSetInfo netapi32.dll.NetLocalGroupGetInfo netapi32.dll.NetLocalGroupSetInfo netapi32.dll.NetGroupGetUsers netapi32.dll.NetLocalGroupGetMembers netapi32.dll.NetLocalGroupEnum netapi32.dll.NetShareEnum netapi32.dll.NetShareGetInfo netapi32.dll.NetShareAdd netapi32.dll.NetShareEnumSticky netapi32.dll.NetShareSetInfo netapi32.dll.NetShareDel netapi32.dll.NetShareDelSticky netapi32.dll.NetShareCheck netapi32.dll.NetUserEnum netapi32.dll.NetUserGetInfo netapi32.dll.NetUserSetInfo netapi32.dll.NetApiBufferFree netapi32.dll.NetQueryDisplayInformation netapi32.dll.NetServerSetInfo netapi32.dll.NetServerGetInfo netapi32.dll.NetGetDCName netapi32.dll.NetWkstaGetInfo netapi32.dll.NetGetAnyDCName netapi32.dll.NetServerEnum netapi32.dll.NetUserModalsGet netapi32.dll.NetScheduleJobAdd netapi32.dll.NetScheduleJobDel netapi32.dll.NetScheduleJobEnum netapi32.dll.NetScheduleJobGetInfo netapi32.dll.NetUseGetInfo netapi32.dll.NetEnumerateTrustedDomains netapi32.dll.DsGetDcNameW netapi32.dll.DsRoleGetPrimaryDomainInformation netapi32.dll.DsRoleFreeMemory netapi32.dll.NetRenameMachineInDomain netapi32.dll.NetJoinDomain netapi32.dll.NetUnjoinDomain wkscli.dll.NetWkstaGetInfo cscapi.dll.CscNetApiGetInterface kernel32.dll.GetDiskFreeSpaceExW kernel32.dll.GetVolumePathNameW kernel32.dll.CreateToolhelp32Snapshot kernel32.dll.Thread32First kernel32.dll.Thread32Next kernel32.dll.Process32First kernel32.dll.Process32Next kernel32.dll.Module32First kernel32.dll.Module32Next kernel32.dll.Heap32ListFirst kernel32.dll.GlobalMemoryStatusEx kernel32.dll.GetSystemDefaultUILanguage oleaut32.dll.#15 oleaut32.dll.#26 kernel32.dll.GetCurrentThread kernel32.dll.DuplicateHandle kernel32.dll.GetCurrentThreadId user32.dll.RegisterWindowMessageW kernel32.dll.LoadLibraryW gdi32.dll.GetStockObject user32.dll.GetWindowLongW user32.dll.CallWindowProcW user32.dll.GetClientRect user32.dll.GetWindowRect user32.dll.GetParent ole32.dll.OleInitialize ole32.dll.CoRegisterMessageFilter user32.dll.PeekMessageW user32.dll.WaitMessage
Execute Commands
"C:\Users\Seven01\AppData\Local\Temp\poloport.exe" C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Started Services
Nothing to display
Created Services
Nothing to display
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven05b_64 | Seven05b_64 | VirtualBox | 2018-02-08 22:29:19 | 2018-02-08 22:32:13 | 174 |
34 HTTP Request(s) detected
http://checkip.dyndns.org/
- Hostname: checkip.dyndns.org
- IP Address: 216.146.43.71
- Port: 80
- Count: 1
GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 11
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 242 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 314
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 294 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 292 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 601
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 242 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 171
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 296 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 1020 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41432 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 264 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 21
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41478 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41478 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 9
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41480 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 4
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41482 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 3
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42530 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 2
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42528 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42532 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41774 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 2
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41778 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41776 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41484 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 32
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41460 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 36
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 298 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41460 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 294 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 3
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41428 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 12
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41462 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 55516 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42048 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41430 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 4
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 300 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41464 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 2
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41740 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 296 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 298 Expect: 100-continue Connection: Keep-Alive
Detected family: #Razy
TheSystem Itself @ 2018-02-08 22:56:07
#infosec #automation
TheSystem Itself @ 2018-02-08 22:30:25