MalScore
100/100
MalFamily
Msilperseus

payment.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 40/64 Related 2134
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 393.50 KB (402944 bytes)
Compile time: 2017-07-07 00:48:34
MD5: e8e1c00a586bf69bb7bd967ebbfb162e
SHA1: 3ce8e8ac89212ef148ddbfadf27a068c64b96756
SHA256: bb4ec7a85901b98dbb70a45764b8244e3589ff3c81fa47e5bc8ebcc9759183cc
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-09-20 18:54:09
Last submission: 2017-09-20 18:54:09
Filename detected: - payment.exe (1)
URL file hosting
hXXp://[www].fntcr.com/payment.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-08-25 06:31:10 [40/64] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x61b24 400384 56b8366f3ec29d10663df3d4016278cc ce14e7d0027c09c95c961dc7df542fe3281fb31c
.rsrc 0x64000 0x5b0 1536 c77ba6e02d06fe880b7cc4422dac86dc de282577bdc71b1d62718c1c4fd16827d2507da9
.reloc 0x66000 0xc 512 7ee311dcfbc5b951abf84ebab33fba76 32ea84cb8bb3d064601accc1e08ff2eb72672c9b
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x640a0 804 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x643c4 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
Assembly Version: 1.0.0.0
InternalName: stockworking.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName:
ProductVersion: 1.0.0.0
FileDescription: stockworking
Translation: 0x0000 0x04b0
OriginalFilename: stockworking.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
KERNEL32.dll
ntdll.dll
USER32.dll
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
j9S
VarFileInfo
)-L
Comments
-.V
)'@
OriginalFilename
stockworking.exe
-.b
-.f
-5u
-.Z
-5q
-.^
-5}
*)+)76
stockworking
-5y
).R
1.0.0.0
Copyright
StringFileInfo
Translation
Assembly Version
FileVersion
normal
VS_VERSION_INFO
-(D
InternalName
000004b0
ProductVersion
FileDescription
!yS
LegalCopyright
!qS
CompanyName
LegalTrademarks
ProductName
2017
-.R
-#:
E!EZ
,7 .
zxa+
hZ @r
ReleaseMutex
pP:#
YZa8
ZQ%&8
X$%+
a)Z
]LpH%&8
DateTime
5a%
Clipboard
oUbZ 5
ha8M
>|WQ
mZ|^
;|dP
pA a8*
)q'^Uy
;6P(
<>9__16_0
s}{f
0cU
H:a8k
Rl j1g/D
aBl
`qM"_n
=(Za8
Za8{
ConfusedByAttribute
Z r
,% a8
CZa8
n /
R^JpZ k9
TargetFrameworkAttribute
6*a8@
+ s
%& SB*
=FFf
~oZ
8IB
+ l$V
+ "oE(
ResolveEventHandler
NtSetInformationProcess
-<`4 KZW@
get_Height
,7 ~
> q"
WnsA
f-h
/(r
:t(/
,7 ~nV
idc"
&=zZ ,
,7 q
iZ %L
$Za87
3a9$Gb
Z &c
*m8
7a8~
p CQ
D58v
x q,
KaAI>-N
1=p[pd
Substring
,%&8
kV(
7 !
]wg&
get_Left
|#$4:
X~Vd
+ 9+
B`dBz
xZ |
Z {\
7G(`Um
VpNa8
+I{!/$
'U
7|Z
Z Ga
57s*
x8%+
2t9
y(!(
Z c;f@a8
;amE
|I:4
>!{ x
_<+P
BO|/P
-.)h
j`"$>
Z y>
go:p(
ba8$
e"a%
Copyright
;Z K
ReadAllBytes
,Ny[R
; Z
c2u%+
(^E(
}rR
g[`?{
C%&8
System
g%&
l8N\
%&8m
JtZ
^b65?
'<:^pD
(QR1
&Q</
7#vH<
T eg9!
Jm|w
.a8
\ c
:v\(
\~dZ q
c 6N;
w&,(v
; w(
%sr^
)\Z
7*c
@G%+
ZF.k&v;L
bF%&
AsyncCallback
O%&8N
p%&8O
w#
- $A
#wa8w
+]#Y
GHg
AZ ~
g,Mk
+Ka8V
r2]
|N(H%&
Za8|
M%&8p
z @
2o]j
VpSF
F>)a8
FaZ .
L<>
ada8
[gNV
agq$
-Ea8
9'P:
%&8k
{m >
mscorlib
}KuA"Wq
l%&8L
<>9__14_0
1VD
%2_+Z
.a8g
_bj2
#o)RX
`M7!
EndInvoke
%&8d
74mNvmFU:ZN^#z"x4#zmx)h$$
#Ja%
2|Y%&8
i2B
|Ca8
E'Z
V Uvx
OM%&8
j=L
8?hJ
FileMode
Dj a8y
;!=vd
)0%+
Bgu&<
(~oe
V:Xb(
)Z 0
ea8=
LRA5M
B$[n
_fa8B
%&8}
:{Z D
EmXjRF
DZ 'u5
pxxZ
+ '#
dgf}
|Za8
^;
~/P`
Z fC)
o`f%+
2
'%&8
+ '7
&LZ$
<WSa8{
zE%+
x~a8K
ResourceManager
Registry
fZa8V
,^E,
%;H"t
Z780
F[+*d
OZ Y
0{d|5p
KrvYZ
Za8w
gY9
1ulj
oVU
?5Z
Gr /l+
1s,
(Z q
sq
D Z mpt
Z *{f
04s(
%&8s
<Z N
**xa8
%&8r
U0~@
Zj=
( %&8
J2W0
[yPZ
+ -fe
-ea8#
m?%+
AppDomain
$Ruf
! o3
Y_=
f %+
+ iZ
%&8I
=K!!
7vTysA
f>eY
R]C]
Up4ZM3f_
18ZPh#
G.LPU
/iIz
| &B
|Ja8
/Y6EgV
%b
%&8D
H+E
%Z N1G
L]Ja8
rV
#avn(
n"Z
.1~
&u-i
bZ )
?-W^"
V%&8
1Za8
12
%&8C
FromBase64String
" 6Z
(FZ
eFr[Z
mZa8d
r'Dcj
~^b1
W;CO
&^E&
f\%+
Q6xGF
/ %&8
~ 3VZ N
u0<b%&8
vw%&
#^6L
};a8
a`2JZ =
Z s
hWV#j
32O&egQ
RV
Qnu^
6w;Z ]
Z W
&e *
US>/
Y2LX(
8x;.#
_mf(
7.Zz
,VtGV
%&8U
^Z v
A/a8
;^<
q$s^%&8D
^Z x
.YE
ZmVa
vB>>hU
set_Arguments
.H%&8
+ y(
JZa8
?J
2Z%&8f
.a8S
yZa8
ba
),1C5
zr!u
%&8P
LJX{Z
"%&8
%&8S
,g[%+
+Dn]
,7 E
r_1E
P]>/
(^b5
(b)
cZ ,G4
7(`(
*$m:^^K
f4lp
O5o\
d+
B8m(
UO'
ZT!JE
_='N
4WW|
$Y ^(
%&8(
|w!*vf
\Ts|
Z ~z
Za8n
^E
k6f\%&8
0I7"%&8
dK6%+
X=W
ig% #
Z ~v
U x
j9y3
_u^ss
Cn0=
System.Text
|P,;
Kill
5-[(
S6%&8
3m DOP
^<a8
vHa8
b)H`
CU%&8
7G`Y
zNe_f
*GV+
aZ%&8
#fHWw
O Z p
w5Za8
Z +d@
BZa8
lV Za8/
CU9%
? d~
!e+D
gcZ
piSy]#
Char
&_,Z
Z ~-
470Z ,|`xa8
0^E0
ProcessModule
kp(
*x
+ w
'$ya8
*^E*
f`Ne
j a8
ca8(
+ 3M~9(
mZa8.
=7Z M
Xa8^
+M 8{f
DirectorySeparatorChar
%&85
}sC{
ZJ;
,jZ
7KY(
%&84
R0q4
pvf4/f
qyLJs
ZZ %
F%&8'
y)|B
t~a8^
Wjti;,
7`T!c/
o*5%+
d=Za8
D%& [;JZa8
set_RedirectStandardInput
<ga8
>mO%+
'|04!
5Na8
oZ
%&8
Z lt
nOU_2
sua8F
%&8
gxea8
VvRg
+ gud
J&%&8{
OwSrd
XZ C
+ >:W
m"!v
%&8
WT:Z -
,hZ1(
qWHa8
KI
/i5*
Z lW
hZ
+ O;
W2yt
~a8V
*%&8b
:%w(
T|jU
/n^<~
<d`G
Z lB
M3R5N
L7rcZ y.
I[Z
R\%+
,7 4U
rZ ^N
w0~3W
J`n^O9
sH7
RegistryKey
lba8
C/Fa8
+*P<
{\a(
Exception
)Z `
yza8u
=X)
.4kA%+
)Z q8
;/SeQP
aHW\G
Ic%+
<bp%&8g
Zr%+
Z oq
.text
`{~i
CR'{#_
aZa8
Z 5
Z R)
GetString
a8d
$t%+
/?b2
WindowsPrincipal
g%z
N%d0
s',Ip(V
?<o%&8
]T
vZ k
$E%&8
/^E/
WaitHandle
_a8a
6&%+
DP
u2Wp
Xf2)
P'c1
DialogResult
[ JR%&
v a8:
+{z
System.Configuration
Z c
0raSe0
S!ca8@
n9(
%*%+
j%&8
set_CreateNoWindow
t~Y%
C' $
System.Reflection
'6.<~
} ESh
AM7(
Z O9@
s{q(
tu};
HP@9Qo
(yM^
oB uYy
'%E}gq
m pa8R
#_Q$E
htp`i
fA
Z 46Wya8+
;x%+
mS2o4
E&2
iKg(
%3a8{
` KU
IsLogging
V}
cr[
]2a8
2Z%+
CreateDirectory
Il%+
EJ2n
`d*(
StreamWriter
vbZ rL
7jB
&f%&
"hZ y
wZa8,
Z \JQUa8,
zO_Z
f&_]
%pW+
TG~]
?cZa8
1l%&8
;Z 5?
5Z 2B
nD+|
lchl
kjE(
V%&8
e/nM4c
Z (?
H8}Y#
iY
UZ k
Z 2N
E2\
:Eu
gBB`
K*%+
XQ y:
^i^D
"<o>M,w
Control
C%&8
Z x|
p%&8+
GetModuleHandle
$\j5
8s)52
Z 'bi"a8
ul?
n$=^S
DZ TB
3{k(Z [
`.rsrc
E!a8
M+BF
4.0.0.0
sXa8
xWwZ:
g+
4h1~
%:fbP}
_%&8f
rON
;e]`
*</%&8
&#?+
~V%+
g))9b
RZ e
qa%
kernel32.dll
+GYN(
Yhj<:}
uJ;%+
set_IsBackground
zerJE
\ M%+
{=n
# [|@
8AX3
AZ @
Z ,Cv
fE%&
V~
XE u
a~Z uO
cU! /<
ContainsText
[?}O
Z M{Q&a+
Y!~u
Z YGM
*<2EZ
%j x
VfG!S
bxdI
,\ G
>1a8
_\_%+
#$ %+
G,n-']b
f%&8
+ 19
V&%&8n
d rB
Gc+X
awOkbS
Z W7n
FileAttributes
YW-XY
9QtKZ
[%&8
$(%+
o1p%+
aU$m
9%&8
Z \J+
"~* (
k8Nv
p"z")
c?C
op_Explicit
NLT
92H
rwo
F5Z
nPl%+
j4^(
Z $nv*a8%
Z %n{ a8
zpk<%+
rNl%+
"L\RLGg
\P ;
HXZ
KYj|
!/)c
Load
e8%&
.AeK
XZa8
EnterDebugMode
>1-uZ
Z #&
H"+M/q
yuj!m~
qU
4#CzV
}pd
X
$[jZ 3*
"8a+
,C*f
1mZ I?
mlZ.~*
o%&8
;Vx%+
O Z
OZ >
#eQa8
">"W
z?-p
|#7}
gee VP
M(dm
7}2Y
Ga8r
o%&+
vIS
]dZ Yi
>mZa8V
z.{
cs ae
jRX%+
2uF`|
iiR
H c
?RX+:
hd@$(
(.a+
p%&8]
PMYF
aa8u
IsInRole
(
6.ua8
,N8Y%&8
r[Za8\
Synchronized
F<7h
fW<b
lI4
s'`i
^7
jX: K
d+55
Process
l1m9
`;a8
,: Qm
^=
<L7(
\k+
iG'O
zA/=m
)\D-
_ ~X
%&8
Split
OVA*
.a8o
%&8l
%&8o
%&8n
%&8i
%&8h
E|&m3
VCP7X
%&8e
\v^e
K b4@{
Uwm{e
%&8`
ea8<
%&8b
~@:(
%&8|
8
%&8~
%&8y
%&8x
%&8{
%&8z
%&8u
%&8t
%&8w
%&8v
%&8q
%&8p
Z- A
gK4%&8
%&8M
%&8L
%&8O
%&8N
Qt1a
%&8H
%&8K
@ 0_/
.a8F
%&8G
8v^c
%&8A
!9AwqV
:?Wk0TX
%&8B
)%&8
%&8\
%&8_
%&8^
%&8Y
%&8X
TQf (
%&8Z
.a8W
%&8T
%&8W
%&8V
%&8Q
;,Q\
K_a+
%&8R
%&8-
%&8,
&T5S
%&8.
%&8)
?<w_%&8
x;w(
+ []8M(
%&8%
%&8$
%&8'
%&8&
%&8!
TnrDP
%&8#
%&8"
0#ylj?^;
%&8<
%&8?
%&8>
%&89
%&88
|[4x
% o
63|p(
%&87
h08Z w
Bl\
%&80
%&83
2 ^(
0kl q
<;[l%+
3<rck
Xgc
(*^0{
%&8
%&8
%5Za8
X X
b :
AV7r
{N)W
|3shy
i/lcI
]
-VB(
+2 Q3o
WfZa8
6H-^(
u%&8d
4YPZ
Ry
w;.%&
Gy4\&
<^E<
_b @
)Z h
>zg>h
:1Z
Z =_
6d%
YJUa8
AHZ
:Ga+
(9{v
System.Security.Principal
0xZa8c
Ra8
Z ".#
BZ ^
i.a8
#Z A
%&8
w?qS
Z 7X
H`f@
fK%&8t
m0a8
RuntimeFieldHandle
h#kaZ
,a8w
'O@9
g }a81
,[e(
RX%&8
9eI[.
NFZ
w4KG7
92y
>Z @
u%&8
Z Ac
_%&84
dMO
[np)
bRa8
~5Z k&
fSZ
Z4%+
za86
rG'(
Z <
=BsR
_%&8
System.Runtime.Versioning
3W#P@7z.W+\|KL
Z 7%
d\8k
q9C
System.Globalization
Mz%&8^
ntdll.dll
Fw
`(O:Tm!
74mNvmFU:ZN^#z"x4#zmx)h$$.resources
`E6(
p._C
2t-q
2-%&8
j>4v
[-u %+
!t7:
9SZ
/@t
dpS
,a8:
7l%&87
. a88
y/xjR(
s77G
d4qj
=}a8L
get_Top
19|J
k9p3
w6jZ
v4.0.30319
c{y1
ProcessWindowStyle
rtW
(a8U
Ies94
!/
*3dZ
+^{n(
<sZYG
/Y2s(
CQg s
&vF|
?a8g
C-A
set_WindowStyle
T|A(
#0Wa8{
|wR!
Z %~
>.ky
EDZae9i
vl.(
fJ5eP
"CZ
_05U
*0mZ
'"]E
1yPD
;e1(
GnZ k
!d
t,^}
DebuggableAttribute
zLZ Tv5
@+DR
BF
lx%+
\Za8
8UP/
#Strings
o3oY
<`!>Z
C[4
A|%+
?'??
'^y7Wq
'M%+
P+qC
Ksd_
!tD(
N@ m
[X,Z c
A 6j
_Zlu+
_%&8
9rg6
?a87
8oG,v
0-C O [
4Z {
HvsJf
](Za8
x!z
0r'A(
RurvY
pI2e
.u%&8Q
vmK
fhDT
>Xa8
1h3R
W](
+ |S
A^OZ
W> R#
gJ6qvx,
jL0o
d =*
+ ^p
D
-Za8
7{N&
ce>z8
21Ev
&16JE
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
ElapsedEventHandler
3*
E%&8{
J{$O
S7-z
4%&84
wZ >
w0%&8
D<%+
Ua8i
Z )<]Da8b
2=)9~e
5+@k
Va8
)\%+
C Tr<iB
gFj
q '/8
o&?
rZ aXT%a8:
L()~(
~@Na8Y
Z fB|ma8
vi->D
System.Timers
{o%+
us}
,F
:R%b
:G\i

Z |:
t a%
Y]j
qMJ
UFca%
THo
IEnumerator
Xy=(
:pK%+
U%&8j
A#3M
D)z
emi{
]?c&
Xe q
add_AssemblyResolve
ZZ
j+4^
xV%&8A
result
1bH~
u3&@q
j1Z
y/zn
6D.Y
UZ ?*
OOdR5
7lv
#i=j\
"Za8A
7;M6_F
a8S
y<8j
(iF@
WZ n
<C9N
mx
TQ*[C
{$>w
c(Q%&8
J%&8T
nuUU
()1(
(5DA
vG
~?$w
J*0
cca
>KUa8V
O>xg]
j<zT(
=B2.
J'Z
7>a8G
5[a8
.@r<
u/.%&
<gS%+
CU5g
\Vl7OqWY
%=S(
#' x(s
3Gc(
PxMZ
M])_
Z ~ u
]:Z%+
*f
8=>bE
]C%&8o
J%&8'
a~%
[8`%+
OQfS2
Z be
L]0LZ
V8Y}
/NZ
+ cZ
5 -(
YNgg|
[M %&
,;%+
kRa8y
=.c&r
K2<Jd
Z x-\La8
I Z a
Intern
H/:j
JZ Xd
T%+
AH|%+
3y{%+
@=[Z
\Y)R
Zj\)
Tih
Z kL
$)a8S
a;
"Za8
ga8
8L? J
ROId
:U]
~fn`Hi
I)vdU
get_UTF8
\%&8F
Application
)a8
Oe%+
A?m3t
7:j2Z
zZa8s
5t!8-u
/GZa8
)q%+
6Z RtbUa8
!.s
@GA@R
+h~.
Z bQ2*a8
x]u]
pvJ+
'iDY
b$Z
Z P8
H>G(
I)E
Z i~5
/.<
fhCa`
TFb[
1t.(
[gCY
7feZ
.^E.
ConfuserEx v1.0.0
4Bb(
%TdZ
ONa+
5 Z
Z $J+
CopyTo
%~CZ
\fQ]D
cm9P6
}$9 z
'R%&8I
}?ya8
zZa8
AJ6&
i} a8^
XIa87
_a/;rH
X%+
9}4
0a8+
RNgY
A0O=M$
IEnumerator`1
5-wo}y
gig%
H/&6
%%&8I
0N~U
Z N8&
G
>&\nc
<>9__8_2
%&8
&b(
u a8V
Zt%+
3_[
cOH:
@o%a8
u0<b%+
%&+
+ \]p
!0M
dZ/Z
#a8K
nU\a8A
Z @gOa8
l 5-
h~g~
17Xa8#
9 dP
%$#j
l-uZ |
no<V
EI|#
0ux.
IE}1%+
( )3OU
Math
?%&8%
3 ]r
,jwJ
3%&8U
D#CU
-%&8
?%&8-
Cv%&8
x%&8k
}4Ta%
++j
59a80
TP%o
a8?
Y%%I%+
#~.(
NkZ VP
&6+0^
59Ml
Bitmap
^QI
[Kx|
E*|z(
]*y
!%&
8{f
Z }Y
^Oa8
_~+
\HBSQ
qj X
Wm@d/J
.E[Vv
N{Q
a[Z
QI_$
nw&
'Za8
Nta8d
Z 4E
IvdZ
mLEq/
get_ModifierKeys
7"%&8-
_b
R~7%&8"
tk^q
GU(
a19!
k4GB
ba8A
fg
kK S
AssemblyCompanyAttribute
;<]%+
Contains
o fZa8
GetProcessesByName
`x?Z FN\-a8
InitializeArray
8%9u)
Z`%+
#ua8
agZ
Er((
@`D,Z
ProcessStartInfo
HzVw
#Blob
MethodBase
@Z z
L@U
EI'!
wB%+
1.0.0.0
{8jH9~
2::KU
0+/(
3j9%+
W~
Gh8& jq
('a{
)a3?
E!$l
;3Z Gv^\a8
i0?a%
&yZa8/
Za89
GQ'=an
<>9__8_3
w0wZ m
CaWR
Byte
DeleteSubKey
7|vOXI
osp|C
get_Length
|0*T
get_Chars
fZ (C
get_FullName
>Q"
ApplicationSettingsBase
Xj
eS#o
;$t
K i%(
)E%+
st[c
o(]Pa
GetEntryAssembly
UInt32
-#lT(
-NZ l
x7g(
q}-
gM0J
!0?spveW
(HdP
Bk/5
uH,t
?7!6
Z co
h!%Vc2
P0Z MA
<>9__8_1
"9MW@jrm0v

t7F
KZ\(
\I$
Za8d
,h5LG
Xa8-
Xa8,
!mm
TTXA
`4,<ZZ
[)afZ
~ d&
|Ya8
h%&
/&Z d
VZ F=
T a8^
kH21%&
<>9__8_0
Y)XRI
Y>e3g
%[Z
Za8M
IZ Bp
NY)
SetAttributes
Z dM
%&
'u`/j
-^E-
Sm`
# V [
Ea8s
tZ Z
cArV
OfyB
System.Runtime.CompilerServices
<>IQk
X S
Z c+
>a%
u%&8
a&)a+
Fh!5T
IeH
Z c#
?`*
{%&8B
oea8|
mdh&
k%&8
DqZ
!u\Z
+ b!
U6LaN
+ &Z2 (
Z d<
9ee~R
i8On^
S&^%&
Z c
:g .WbB
oSQ\
^Z 2~] a8
<{#>%&
%QSa8
@N d
l+<(
,>t
nwXJ
M/
YO1y
uD~
i1x
5#J/
Z#%&
[#0%
icuZ
*r+|
}LH
1-k(
6a8w
^^S8
PackUriHelper
buP\
Wf
Z 3
te3x|?P
2lZ
stockworking
Z GQH
`k_L
O (
vZa+
Equals
Z J/
t9r
Z >|IW3V)p
?7/+
c! E
mv=q(
V^iS
pkZ
|%&8
/mrv
Jea8
ti%&
4Va8P
]&
y~I
mTwVb
n@hD#
U%&8
HM)P
a(4o%%
m97>
3UZ
Environment
+>7y
PsQ)
_]
iVie
-Z #
x5eb
LZa8
;Xf'
dZa8
3Z 2w
L8$m
K[?%+
q.a8
<s_%
56 U
/uWZa8
Copy
p\
Z 5~
SP
!Wa,(
r2a(
Z +]=
C*iT
^!a%
aja8
. w
wZa8H
<>9__8_4
mf.
FZ q
Save
{Za8
a=hL
"dv$
`O[rs
get_UserName
rm{h
Urj
`h35
yxS
~%U ?t
S=So
Z p6
aV)a8
w=Z
ElapsedEventArgs
8W!l
9@kG
yrvX&9
GCY
2a8S
fK2N
]^XQ(
<)CZa8
&?r(
Z 52
AssemblyTitleAttribute
NCvn
{JX/
2a8B
CopyFromScreen
~ a8
zhZ
N~z4`
{,a?
3tRyX
tzZ
*@ )-
(U%&8p
KZ =ga
GEdY
QPYw
W r](
/6NQ
R>kMP
qLX
$0~T
J7aa'
\Og{<
add_SessionEnded
5I^Z m
& e
+>]1 I#
+ 9}
CJ^czd
.Dqj
L[<z
T\|/
I$Q+
R%&8/
|GI.%&8
R%&8"
9SLJ%+
hhX
Start
hZ I
Z X3
@GZa8Y
8W34
4%&8
R%&85
Di+)
Mzfw:aL
%^E%
<Mf
SS y
'Bb8
-xYD
sa8F
@0Za8
aq)6
>oMZ
l%&8
.%+
&Za8
sE9z
LB/ 5z
"|a9{
CreatePart
xa%
JI78M
C+m&
CopyPixelOperation
r&2d
GetFolderPath
AssemblyConfigurationAttribute
V&rPo_
&D`T
g%&8f
#pE|
')"5
2 w
6U'@p6
Z zhu
/]a8
Z Uh
c*3
OAz^Z
kC%&8
butF
ValueType
yClL;/
z)a8
GGq$2!j
RZ MH
E8%+
Z 7`
.ctor
@R>!xqA1
bv wblg
2/2[
$K
c%+
L!>+,pM
/R')/
w/*mM5K
5+B]
7pj~
/oF%
fC&{a
A<>
Z )'
X t
Z bzO
Un_M
y1x(
A Z H-
$%&8N
Soj-
:ZLa8u
B#r
X@%&8
p8q~Za8k
1.rZ
%&8
GuZ r
g/*H
System.IO
ja8(
\Ps0n>
M vr
!&5L
* LX
+E$T
2Z Zn
Za8^
U]Z Yn
itKZ
lY 8
rqIZ
bZ D
set_Method
yZ ,\gea8
,@ U
5?
5>a8
` tDn|?
{oC
h=5(
qL%&85
XS\
Package
M~8U
!2)
P=a+
r8\1
EZ ;
r[,h
fU%&
va84
Z E1=}a8
<KT)
Y {a8a
jX:%+
Il%&8
N;vQ +
a%&8
e7&Z SO
0_wi
f[rZ
hSmkOk
JZ 2
-1U
V?~P(
FrameworkDisplayName
Za8
<Module>
*q0%+
B~J}Z Q
WrapNonExceptionThrows
,%&8s
_pCw
k!7A
J7_k
OpenSubKey
1"g#Za8
"KsD%+
` p"
POrd
@.reloc
z w8
~Edp$
LZ [
^8
%%&8
4v[nS
wsa8I
hsOV
1|%&
AssemblyProductAttribute
t4Yy
"?fF
NPa8
$ :P7
NXKv
fbTN
+f31
: LP
[7a8j
auY%+
8fa8
{b]i;
(<>`
(o`XZ
s.32
u9[
QW&\b\
YAGF
SpecialFolder
v-ka8&
EN3/
NZa+
@(%O0
QA
T[YgSW
j'Z
?'A%&8*
Mp%+
'6D)+
iaK
MoveNext
Dispose
LuQ(
^f_
lParam
w8hh
P.%+
P.%*
set_FileName
mZ w
AppendAllText
fs7@
D|+Z
0%&8&
2L2k
+ cqF.(
h0=Z $
8CZa8
"UDq
va8,
%8q<
mF,/
Ob
cL
J!%+
%C[u
LZ '
IYcE
nA}?
R/Za8Z
Attribute
Z (
]TI~
x@g
x?'BT
GJ(e
Y 0
w!UO
UtSZ
EXNf
Z Df
a<?(
la8!
d6}=Z
ODT$
#6HL%&8
RZa8#
^]o~
[%&
U%& O6^aZa8=
Z S
fja8b
N#
Z/%+
^|\Kd
?Z X
>#%+
Assembly
l6%&8!
get_Location
U`U
t5O(
r~XV
oi
Xd><Ef
;KZ L
MemoryStream
qc<5
* M
G
l|pH
1{a8
AssemblyTrademarkAttribute
6!lUYx`'G
Z Rl`
+ u[LY(
T n(CU
8 a8z
@[7
C;3V^I
J (&
%fa8
GetCurrentProcess
<(k-
>v@IEo
8a8u
t:J
Xj"U
|%%&
S%^x
P}%&
*0a8
b(
5~r_
EZ p
_QoN
rU9e4
+7 a+
> %&8
iB}
UZ i:
Z Vf
|Z
(yqZa8Z
=wZuM
SystemInformation
{S%&8
gZ }
Mgq(
Za8Z
Za8Y
Dcq4
_%%&
Za8]
lJRm
c%&8S
C9 @
'q<_
Za8W
Za8V
Za8U
zx:%&8
yA1g(
RuntimeCompatibilityAttribute
3a8I
m KH2
Za8M
w2bf
Za8C
*%&8
p# (
h(
cP (
1}a%
Za8z
Za8y
d%&8
Za8~
dr@,
m|0`
Za8s
Za8r
<4Z
(={(
+ 1,'
AL7e[N*
Lm%+
elZ
0>(
afpZ8
?HAkd
Za8h
Za8o
*U)|Za8o
Za8m
4O%h
(Da8i
Za8a
v(q7P
Za8g
v$oM
ya%
_]_
_bY*
x~Z wh
`e/
5y (%+
/y1
Z 9af
TZ >
11.0.0.0
Sc
?fV^
Za8
Za8
6#6IT
XZa8|
Za8
@.
</-
loZ 2
tJ%+
f71&mAb
+
Z ,p
bPXH
`Z p(
Za8?
Za8>
Za8=
=Ma8
=$a8|
Path
Za87
Za86
WindowsIdentity
jpZ{
Za8+
)nUR
Za8/
Za8-
Za8,
Za8#
Za8"
RkGgz
Za8
FHgC
Za8&
Za8%
Za8$
8N~`
thugger.Properties
N=%&
[mHt
gkd.Yn
p:Z
Z 2Vv
^,L
QZa8k
get_ExecutablePath
8=
+ ~
+ rf
+ 'Lw(
91hu
QZa8s
m]%+
|KA)
get_NewLine
SD%&
$E%&8x
PvE^
; |l
tU)p
`q
M|Q
Format
:Tm
{E
.Gj
Ba8j
k_
/%&8=
MessageBox
1l
-a8E
84%4%+
Z &m+aa8
A#%+
zK%^
I
[$<
0c-)Z
!Z k
]bJSJ
:^`xq
HD}
Z &?5
Q&a8l
Z Vh
+ r#
6+%+
xMa8
Y z
PLI
8Z
Z .4
c%&8
$4Z X
F9Z
,2 (
R^KJ)io
FQ rH
Z1a8
;.aY
Gn2%+
QZ (C
*@I:B
C~a8
+ U{?
=Y\
-3"a8
,W)
+ *a
h%&8
%& DzU
.V%+
z}o;
H]^&jG
ieod(
Z >ydaa8X
h(5H
$M6pl
get_VirtualScreen
X\]
"Z ;
Z v
D.k.
! 7
+ `\
^E
v0F
(kG
EZ zJuBa8M
Za8_
XKo#l
ToString
"b+ p
=Za8^
CultureInfo
)(k|qbh
X&`a8J
W.kzo
N%&8i
pA
Ca8.
5Za88
87UcX
zt4)1G
CPW4
S%&8
#Vx
=!J
A%&8s
|=
KZa8
Za8Q
StringBuilder
!ua8
\ZX]
Za8P
6%+
ZG8
%Fv+
Za8
)>r
Fza8
8#
>r@C|T@
:%8a+
Z '
Ra8V
()[f
uZ F
`~mi]A'
+L N
[|_*C
/Ca8h
/%&8
Show
0-o
ka8\
b%}(
`)%+
\%&8@
?{n*%+
Wi%&8
Za8H
Z sY
% )&%&8L
GetResponse
System.CodeDom.Compiler
umZ
{0 a8
Z WQ
D %&
j-U
@1a+7m
^uu.
T :1
vsr1Za8
yAf(u
Zxqn
^N6
WaitOne
Za8B
#ZZ m#=
xx>
!Z p
~Z X3
QNF
VH~D
e`Ku
`W
pK^
D@%
D3[
b]Jo%+
1 ^y%+
"%&86
b{hT
8%&8Z
Za8F
!mS8d:0
dP)
&>a8
MYXV
"%&8/
S$%+
dEW:
+*
lZ a$
Ha8w
C>>k
TZa8F
9la8
es13R
:a8?
<Rv
hZ QJ
\'ra8>
jeeQ
H /w
aFa8
+ B;wv(
}^4f
VSO
ZRa8
1j7&G
IPMKiD
Z z(d@a8B
DQ2a8
;coEv
k :l.
;z( "JE
|]$5!
'dw2
s\vI}
DirectoryInfo
<a96(
@XO
@CJ)
Za8}
Z W5
bvh@b9
HpZa8
Qz%&8
RV
4PR!'
48[_(
kZ E
Ra8Y
brtH
q%&8h
)^E)
F%&8
T836Z
eVZ
_a%
Za8q
^3-
2@/F
3^E3
Z P2h7a8!
>}Z
@uVT
xx%&8
9\H/?
"p?a8'
Yvc(
8KbY?
&3<_p
Q} y
8NE4
u~'y:IXn
+S~X
6G"8
s;:+e
)b5arp
Z E
FpYU%+
&Z [
drV<\&
f u%+
)!7in
h' Y
6%&8
HKZ o
%&8J
Q%&8
!a8w
[-Z0
a+o^
k
& Xn
System.Windows.Forms
1_KM
SLa8
Q%&8~
8%O
o7%+
9<N(
CLkhD
op_Equality
Za8c
% *C
_%&8
9eHK8
( \V
PZ(
GR|da?x
+ DC
Type
Za8`
X
1pK%+
nAa8
9cq~&
user32.dll
O'=o<#
T;]JB
Q%&8K
P=& qpJa%
_
Za8e
B (
8Z T3
Q
P
R4ua8
#Z /
O2hR
Aa8V
ro<U?Bh.
<w+1(
.NETFramework,Version=v4.0
AZa8
%*h6C
OmgYY
6DMW
lxL{
set_Enabled
{3xa8
)?9G
:T<m
LQ "
Z 9}
DownloadFile
38be
r2m#
A81J>
+^E+
Read
Jp4Z 2 6
111+
+ (
Console
;Za8"
+ 2:o
oZ ju
Hi#a%
mL;'(
5 l
T0 p
1pJV
Delete
fb.^
@fKHm
#Z `&
+ MM
nLkZ aj
odZa8:
,7N
fZa8
get_MainModule
+ M^
xNkXm
;Za8_
!t-i
~]I(
" ;5
#BjywA
|]
set_Interval
XT%+
Wy]
E6WP
DR8C
p'-C6
3&%/
Pj@H
2{cT
F'](
=.Rc
o$k%(
>c.Z T
;|[*
;Za8|
+ M (
N%H
Z GlNda8
<6u9:e% :7
n8jG
.bZ
Aa8"
$XWa8
/Ow
CO O
}u|F<
T0a8"
JZ +
[ %+
+r:
cq|a8
Za8
H$o](
6+$7
"QD(
\s~u
Z R|(
wz8|
p-<J\
na8+
BF8 <
cdGQ(
$y1k
gLa8
k(hZa8
;4 a8
O%&8
>LZa8
>Za8S
/kVc
hZa8
Z A :
R7sy
% |%+
/Zu%+
%&8m
X5bc;8
D5"k
N$G!M
bIG9F
d[l(
$} a8s
k&[u
xx"'(
5Us=
w 97
mB%+
4eRqJ
+F[a8D
~oWZ
pple
_^~
5)9Z F=
Z /f
9 W(
H%&8
T!j,%+
jP-I
ReadByte
y,n]a0
Q!nk
#N$Z
_LNUB5
JjO\
#AAa8
T%& b
Y"e8
'xk
op_Inequality
Z H'
Y]Z
<>9__15_0
xZ I
v0z9b
4GoL
xZ R
#a%
U&
+& C
SystemEvents
~g" gr
B?Z
WuK
W++e
EIa8
4.r-
Eem;
ka8F
ka8G
"Z E"
Z fN
%8$(
&+;_!r
get_Width
LkU>
"tbZ \j
>a8k
| (
'%&8(
!89e
[D([
Za84
kT|Z
rc
6N5
ynr,
3%&8
nLF
`'qJ
rZ -
vv<"
Za8*
o$l 4
(=J
Z qr
SessionEndedEventHandler
.4kA%&8
|i6><
8 ks
8%&8
S+pg
E1%+
VZ mI
RuntimeTypeHandle
_b{~x
qCx'B
$o"9
7!P%+
*'YU,
r%&8
{e/]
Fsm(
HZ d{eqa8
W2
TJZ
=X N
Xfia%
sSAK
mb
x^A8
OaJY
9 {Z
%d
Za8!
Y_Y
Gu?[
aG
A?Ql*
l= a8
Open
+ gb
OPXb
+ :#
"~Sz
Ua8<
%hDd
_iZ
A0vw5`
rABEZ
Concat
y^{ K
9a8+
L? %&
q?%&
UZ *
%&8j
P4ZZa8
V$7rG)*
$Z e
lY_V
g;]!
-kb
z0K9
7 t9
T,%+
tZa8<
_1\
;JdxG
oCR4
d v
-s[
.OB=
o_Z
<H
#k[1
NP
4,^I
GZ n%T
U]($#t
@?O*]
Bpa8w
BZ v
<a8`
0RvRq
YAI
yyKX8-
` Z
(Z
K|w\
Z Y
@a8/
tsG%+
7"%&8
WindowsBuiltInRole
nL=XD
lZ _
Z T_
p6V_!l
+ [s4
System.IO.Packaging
\NjJ0
<>9__13_0
Z )R
j)R
6Js\Za8
=iI3
e$}Z
Z tk&
:%/
Z Z'
?ibJ
A(<f
Z Z"
*:%&
KzeB
Iua
#a8x
X%a+
f) U(
set_RedirectStandardOutput
/_{E
"ehk:
ToLower
ta8
,uc9
me3.p`
V/R
a$
o_#(
R@2$L
qJVv}*
Z l?[ra8
Nra8(
5>k Za8
t/=C3
%&8f
!I4GZ ZPi
kkDk
%Z {
Wd<5 Y
j5`Z(
y%&8X
1@Z
@UA )|
~Ok
a}f(
l6
jZ 3
^a8E
Yy c
ba8c
+ f;
Ey8(
ZPe
0;+WZ
;oZ
7N%&8\
Y,Z +
s 04@
`'>(
@cg@
X2zI
l?7[,
n W%+
?! ZrF
)J7OEz
fQ2
y8%+
Z F*
8!|v=*e
MQZ \
,b p
C)PP
get_Assembly
lcDQ
%&8a
o2F>
@vZ
Object
M;Z H
}h=q
%&8c
#pZ
"3\o%&
[Pa8
?(
27PNwBxY
s ~>
p}EE*
I
Z H%
STAThreadAttribute
9A->Z _k
mscoree.dll
!This program cannot be run in DOS mode. $
G+a8
callback
g62kbE;kr
UriKind
jZ T
+ L<
Xy=x
,8nfJ
nX
Za8
O&m?Tu
+ $D
eG%&8G
3>Bd
tKq^
c%&8w
37t7
7k:8
{}mR
4mo~
W~ -^
52=}%&
n=a8N
X$-&
[
?'faR
+a
Z ,i
@=b(Xq
ZmJ
E!/
(X%(
=AYZ
(%&8
pd0'
:%&8
7Eb%+
8+
&~4
Random
c%&8K
WBG
Srs
ia%
9F'
F+UE
?a%+
cH%+
:Z N
xU <%+
O1Rek
n%&8i
80G!
9~H(
zI3\
>%&8
w%9QR#
z%&8
+ #'
Fe% [hA
get_Name
r5rB
kvZa8
VZa8V
2b@_
.F h4
=Gj
L?jZ
\4.j`
#0[s*
8 v(
uZ >
5Z e
[t&
#GUID
D..m
Z2eE
~sX>
d p(G; z
+ BP
Z UM
|'Ja8
~=%+
KT2>
>d>%+
iUa8{
/z
of)~
'LZa8
IWZ O
?,
&-l
+ Pt
^b%+
hS,J
}%&8
k^R
,~&L
J-RZ
?[CZ &
WhYI%+
BSJB
9
lF'VUG
YGa+
R%&8
&K3DC
.Iyr
)Za+
K~-
PZ g[[Ha8
+ i4
*0o{
%ssp{
ni(,:
T+Za8V
?%&8
4Z o
K+[3
)Za8
!a8B
<S60
~_Z%
2q%&8
Z |-Pza8w
icn
Marshal
fX=
%Z WZ
=Z P`
.S=(
|[:%&
n>Gp?
^q
Z .'
ga8
.6_kEM
oWU
r^Za8>
C#Q)
pN2]
!Za8
/C5
FxZ
sVvkN
tbZ
Bj2A
5%"
Dlys
q#"x
"W7(
[- r!
aL%vE;
d_>Z
p%&8
] ga8
Z qL
n$ LR
>|]]X"
*jP=
ParameterizedThreadStart
?+Z@Z
$a8k
} a+
>
?KO<u\\
_ !A
oyd%
YZ 7
L|d
RFjd
E%Zg
%%&
?s"
8hpK@
% o,
zZ N
F0a(
Z -Z*ja8
NZ n
8|F
lrM)
O0pP
+%&8
MKWY
_Za8O
,^a8
LRa%
Q,+ pA
&]Z
C3#N
O@:]
"})fu -
Ba8S
N3'%&8
~JVd
ma8/
hV[
J a8
_\%+
QSI%&8
0$M
:98d?
Z p(
ma8_
(7 %&8
_+@ (
vR-Y 4
_)$!
+ //
LqJR2
GetProcesses
\1Rf
-pFz
get_FileName
ma8C
FileInfo
kg}
+ (^
QI<-
lBUq
"GGI
k\ 6
qOiT
\Z 2'
UGZ
! >
(Za8
li)$
8a%
ma8w
k[%+
r X/
WebResponse
IC q
HN-O4
^kN
Z gx
LD8
ma8g
Settings
POoM
l pS
BlockCopy
xZa8O
I"r
M_@y
#E%&8e
TimeSpan
_cX*
Z !)
mDa]`
Z F^
81X1
bX2a82
Q}=1jXf
E7Q>
qyg]
+(%&81
4g%+
Ka8{
9k!>
wza+
"o"
&Y0
+ B=
+ (T
UnhookWindowsHookEx
eCrI
;bm
0`G0
3:bV
M;a8G
jc>
Stream
&<lIl
e_ y
Td<Tl`
ZDC
Rh"P
Z pN#0a+
z-Iz
-{]@
}m!Z
#oa8"
X O7
]$a%
mKy
+l R
z(_2
u3,.
bo-r
X[Va8
}*x?(
Y^Z 1
W1|o2
vU|F(
i*J
5+d([
:zw5\
Z [W
[b \F~
/3\`+s
jZ *823a8
k0=(
x_}!8h
r\Z
rPi
=b9Z E
=_3I
SetWindowsHookEx
wFY{
Z jxG
x. (
"8
t$
' Z
#<(!c$$
ma8{
1p$qc$
I8N
Dh
"}K
Y^}%+
+ (d
0%&8
]y>
:<Za8
)p\
t<>%+
+ (f
a%
:-,Za8
Microsoft.Win32
q;RU
?_b` h
hZ VL
sID(
,: n
:15Y
xW%+
uZa8{
&:3)T
3 `{
pya8
8;
nb.(
nCode
+ S&
:;trZ @
CompressionOption
Zkqh
Ttn_
Si
`qZ
AF?(
LZl;
7^E'
,:
"]T
Ga8j
K|2~yE`
ksVA
m&o&
8Pc"
~}O(
System.Diagnostics
Z IF
da
a8{
qM;W
'd;a8
get_IsAlive
ResolveEventArgs
m+ c
&Va8
ug\mA
da8@
BR?TH
VKI 6t{A7
j,%&8
ve!H
[ s/Z
dZ y
%v3
;H7x
[Za8
6+Z
OOsQ!
Q| @_
Prr(
$O%(P
A=dFc
}tJf}
?ca8h
add_Elapsed
<#Z
&#xNs
;yva8
5JRa8%
vG%&8
:Z ;h
4Rn
uZ b?S
GZ f
SQ;(
>brA@
Create
+ (
B_{Z
v6a8G
4Za8w
yH`L
+P:%+
QVv~
IR%&
vp,7
ZW sI
4u)%&
[mK&
3pm"
{kc&
nH` ,w
:*Z
xq%&
+ L}
`%&8"
Close
Z =)
zJ%+
#6HL%+
fZ w
| "G
6R%&
:{+
`%&8L
Z yg_
R^Z
V '2(
Z ;
=O%+
U ?%&8
+ X &
:Z L`
YPoa8s
YZ D
Ty5
%fsL(
+Z j;
%&8
~IL2{
SessionEndedEventArgs
|FZ;
u3.NI
WriteAllBytes
ThreadStart
eb{0
Z ^H(
0CZ }
n`%+
Li
IS&
u4 7
}vt(
u
Z -E
wh&2
Z 8
tQZa8
"kYB
%& yI
Z -N
Z dO
J a8
ieC>_
=Z w
h/m=(
P%&8p
Z E8N,a8
G}%+
<%&8
0}l+
1Z #
Q8_)
Fa8~
|]p>
3 ;(
VUG%&8
Rectangle
<5A](
]01
+ <i
GZ g #
4V8_Ox
O&Ld
Fa8O
WebRequest
`Z @
1z"a8?
Fa8K
]K%&
sZa87
J6<;
@e[o
$8j|
9_
+ 8i
K%&8]
Fa8Y
Y Za8
@eR.J
lz a8
X( C
?x?X
"Z t
9f!
Z |Hv
vJ,(
C~
Size
pA:I&
2rE(
"Z `
T9T
4~Y
: @(
\Z :
z>|B
/C]B
\Z >
9'5(
J 4
<bQ5F
[ ^
rbD
1R<qr
MZ 9f
Z %$/na8
H@&#1W*
CnD
%&8@
TJ*Z *4
,^
CompilerGeneratedAttribute
` {&
{>
0j
XBa8
l>29(
2[#
]*w)
N mK
%(%G
$a87
'a8Q
d|E((
9j%+
05S#^
[G&7
+a8,
IMa8F
U= T
QvZ
^Gw@
=o (
G7:7
Yq%&8
P8 0Z z
Image
qKa8
}Vo^3}
~V%&8
RuntimeHelpers
"B%+
1>Z
qPH2
^Z 'f
+.>F/
Z XJ
C$`
p<
Directory
`0orm[
:C
+ Qg
^brE&
t'9
03
?a8
Y&%+
@-eh
Oa8g
>zau{
!$8v
.Z +z
%&8]
w%&8
iJ9W%+
,I e
+a8V
PPj
&)6,
System.Resources
t
z&!O
1*m5
;bZa8
;A
^!
&K Z
CurrentUser
H HX
xTL$Z
LVA4Z c
~5Za8
OZ Ie
R7Za8'
'a8<
'a83
+ .^
A /&
,Z *
ReadInt32
%&8
Ma8<
|1j
Kb
GetElementType
u<_*V
G^u\i
%& ,
DHi+Yw
Q%&8
Z NY
8j}(
` k
*Z t
,Z ?
#Na8P
#i
Append
xV%&8
Z B]
G(
@7 a8s
]WTg
/]w0
1 ^y%&8r
FZ #b
+&dP
mZ wjz
kSa8
02:Q&
Z W!W
vy%+
3CXy%N
>o(
K{7Y
x:V]
r2O}{O2
I w(
f4NP
G[`
+<W
6yZ
?Za8Z
\|_{e
o MG,;a%
,Za8
vWN'
:a8
Z W6
*c
GetStream
pB
4a%
Z g ;
cZ%-
Ma8e
+ R5
.a%
xtZ
+ R2
zR#K2h
sl)'
*Z
{d%&
ha8s
5t1'
|Z)5'
C+V 0]
%& Aw
c3YXoulB
Sb
Be{
Xp.(
T0(x 'k
gT
i%&8
f<W:
{HQ(
0z0!
'%&8{
set_WorkingDirectory
j)0)s
.6Z
^h[z
t AK
LK%&
1 %+
+ vf
9Z pa
<>9__18_3
yXl:
v*"Sag
String
+ (z
Oc-9
oa8Z
Z Ib
DebuggerNonUserCodeAttribute
\!K=k
#EFXO
<r=:
[$Yb
+ 2S
P.%&8
$|A
BZ
o %+
EmeM
"C{y(
x *c
!\,:Z
.%&8[
I}sJ'u
)Za8s
jD=%+
get_CurrentThread
^QZ
G%&8i
Timer
wu9k.3
(S%*G
oa8!
h ck
2#q EML
>>5;
7a87
DebuggingModes
&[
P%&8-
aZ x
Z <x
u@36T
v*>1N2
+ QW
+ @N
;gLK
zZ m(
b_ha
m8o&Z
xCOl
Z <T
cz$
jL$e(
8 ^ $
1^E1
([s}
$q]#
edP-
oa8
System.Net
#BAE
{S%&8[
PLa8
CreateInstance
sa8s
:9Za8
a8ea8
EditorBrowsableAttribute
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
0E(wA
(mM
nS$^
get_Now
g\7F9
sa8o
Ha#Y
FailFast
UQ%+
S-{
::KD'`
Keys
pq.
nx{Y
D 6
ix"(
4s,
)cA/
@iP +j
xp#7
2%&8y
&a83
e1{R
EpG\
S9~
KyZa8
[NEXZ
\a|W
YbVQ<
lIA
u%n@%&8>
k0d
v!b%+
GetDirectories
MheOBW
6 >
b Z
F_
NPjRD>
$e9cb598a-6c12-48a6-854d-493f56ca4af3
q)&S
fyD_Z B
m_Z
2X#L
"bZ #
c<FC3
hKMZ
'[Z i
N%&8
Da8g
%A%&8r
dN[S
p|
_,
5C'y
-0%+
0K%0
=a8
tN0}
2z$H
\\
Y%&8
\!'J(
$Z ,
~ >{fN(Y
]LpH%+
, 4%&8d
&a8~
Ex<
~M@T
V"dY;
Z .yy
%(K
c\a8
5 8(
N=Z
jx%+
i%&86
?@a+
"gSWZ
_,nhI
hz])?
cmBu(
BeginInvoke
AdT2
System.ComponentModel
Qqfa(
iZ W
e"_w
+ kp!
~G
cw!
5Zt] K
Si&
kY!f%
{{zU(
?;rM
Jgjl
v1JZ
4P>a8
8[a W
^{AmW
Ha8
*UZ
::'z'C
WebClient
gZ Zk
q`B%&8>
L%&8^
X*U(
m9fSP
!,Z
"%xfU
GetText
+ ?T
kZ R
q\H!
V
bPZa8"
To#(
_ca8.
sOdN
>BEZ
xa8N
p 8f3*a<
@%&8
4LZ
p>
A55mvj[
Ha8`
_f.9
NetworkCredential
$ 0Y
kZ r
GetLastWriteTime
Z *O/
QM,n
S%&8
P0m(
ICredentials
System.Drawing
,EZ
%&8/
/ot@
#]aRY
"As!
O)a{
'2r%&8
\j
&&a8
Yh2Z
" Z
WIZ
2i](
g@a8
q%&84
G=
^E
.oa8'
`5|
*gZ
H6>
>B-;90
o6rP
PZ -:.Fa8
|%& p
na8
ZWv(
Mutex
Remove
TextWriter
+ (~
k..
=7a
jpa8
~Z t
V#V/yL
lY %+
d-
>[]
UploadFile
w6%&
/E|%&8
rya8
-Z hV
A;O (
Z (=
U_=x4
Z 9dO
g%&8
GetFileName
ComVisibleAttribute
'eLFlkK
ak8
hcZ
$a8b
3System.Resources.Tools.StronglyTypedResourceBuilder
ja8
+e?`Z 3
6=/\
a8
JPl4f
`mru
Sc'l
hQS(
1iR~
sLw
P>%+
ZQ%&8,
_Z ]L
W yX
+ *Tw
C`kT
jW<r
vHM9
&+%+
)ts
Z YU
M#L(
ElFgJt
nmsZ
<!4U
a.Ga8
Ixir
+ G]{%(
D%&8
u45"
@%Z
haP
TU@^w
%&8M
sZ >
\i?j
tt`l%&8}
5S]+
dZ D
a8%
w )I
6@3E
,:w(
qBZ
EditorBrowsableState
+ (X
KVZ /
O>N
+ (\
pmkF
MethodInfo
IRUv
*m I
EGKa
+ Gu
art,0
Z =A
9Za8.
+ (j
la8"
!^K6
+ (n
Gs R
+ (`
D0p!
+ (b
%&8a
)$]hP
9Z 3
yhZ
3,loW
=xa8
+ ({
x JE(
(7 %+
)z
Oa8'
P$Jg%+
+ (r
+ (s
a" b
+ (v
+ (w
%&8
FileSystemInfo
*t%&
AGG&
G[
u%&
)p^~
[xT2G`
N[B;
Z =/
EZ a
Z OZ
a8l
+ QG
[Ccm
Oa8I
XZ KQ
n`.h(
la8\
M/cj
c>@
ZVQo
,/Z 1
ex5<(
Iy%+
7Za8
*AH'
`F;2
93[
l%2Tng
$a8(
koqI_
?'e^(
[I y
/Z U
!ka8K
;F-
m:%&
K#X
4#<|
qMg|%+
Z Ay
(n
Q
WaZ
D%Z
SQ
Ch4
x1+a8
/ tz
R)t
ba
4L%+
%Mha8^
Exit
CompilationRelaxationsAttribute
SINb;
k2 eZ
Z #'
yI c
Z tb
YM+5
Vm%+
BH}1y
T5-<~
6OZ _J
nla&
i z 8
E}i\
c :d%+
7(3Za8
JYa8E
5(pZa8T
b%&8
Z aNo;a8
-H/1Mpl
+ ;R
Bg^
Z cv
IwX
bua8
+ u|
+ 9aUT(
C2jU
zbafu
V~ja8Y
1XA4(
ryb(
pFS<b
9 J @
.{~pn
S3i%+
/Z {
X pg
5DX
b[oso
e 0%(-O
W*%&8=
.Z k
Qt
z7L
-h%X
o,\%&
sE
get_IsAttached
Za8k
Bk%&8
Q)a8
; }(
j;%&8
bZ %8
GetCurrent
n+az
dj"
f/FM
?s'xd
c ]e
q/RH
2^a8)
_vx>CKRE
+\{sOz
,~%&
N_a8
Ce%&
mmZ
set_Credentials
:,c`
Z zX
]r#IZ B
pJZ
SetValue
%&8=
U|0z
1 j
Okb|Y
y/%&
ua8z
ua8]
'm&iZa8)
C^;
+D+
_3`$.
93G9H
}2Za8d
KkS
Z J7g
Z 5
69 |f
YBZa83
WriteAllText
AssemblyCopyrightAttribute
Na8{
3 \zb$
e[3SEz
d=%+
Gzl?
LocalMachine
Na8r
Na8p
#fI
D{3
y\*UE
?t{/
)a8j
System.Threading
H%&8k
AqY9
F a%
[{EZ 7
sB@9
9NxJ?
mda8
Z (pwVa8C
&YC +
w`Za8O
e\_^(
)a8D
bZbDs
WUIwyKYBnVISFHtXsNOxCLwhzxli
Z x1E
object
KJA,
sJ//
:nG5(
ua82
Na8>
GN%&
U0%+
C+27]
R-A &L
:MZ
KcbE%&
kqu*
tJ%&8n
'Z G
[)%&
e]qw
Gh"G*
Hwha8
`YUsS
! ,L
L%&8
=>cx
Xna(
!e X
$`/x(
9^Lg
_tB
#Z
=Z*#v
GuidAttribute
H{f
Buffer
A5t N.G+
ua8V
<T{~
VQl
Y,<
48 O
P#a<
\0h<
r8
y'..
k+kA
f9|a8
Fa85
+ >f
wParam
UlN@+
s ^~
V%&8
wa?a+
W-,p
X
_j'.'Q
Hx%+
5%%&8
u39U^3F
ZepF
.F$I
&Ea8M
x7<(
HP%+
""{:
Z h~
+ ,w
GetCurrentDirectory
z?\Z
kZ QzP
FL+s@
%&8:
58MNZ
Ga8O
]%&8
lm!'
t8a^QgS~
`
dY<
4f~E
Wq
`a8f
1%&8,
L!a8
= ,9 B
I%+
3R>_y
Z &o
NZ z:
R045
rR@
~=`w/
;yu
O=%N
?DG
"8
Next
c@kl
~BB(
kK%&
*NDm
?mbd
(\Qi
a8a
%~]
Sa84
~]$N
WUb%&8
r,%
0;TQ
pa8.
U? dDx
T %+
0^pd(
Xa8E
pQh6
hxH(
(a8d
*[Z
+ Pa
pa88
^FU8
X(%+
ILd
/%v(
=>JmX
Ih x
K!2 |M
kz
%MZ
Rs,?
/<Za8
;Q Q.
Z c1
tya8
6UyyZ
gbco
w~l(
<pn>
Dn`I
Ae
]jZ
<OEa8
P`2
cza+
}M%&8
N +(
?}XAr
Z Ip
.a8-
I]Z .e
Z L$
\
Kvl%+
hSZ
+ q3
\y%&8
pa8{
m2,a8
MK (
vEZa8
i3YC
{L1 (
-:d4
7;%r
` 4ok
[0Z )
K N(
File
kE3)
>*"Za8
ToUpper
*IZ
R^Z @(
xh'(
u8%+
NJ%+
dVJ (
T.
F[Za8
4SZ
p0Ck%
IDisposable
{A%+
t :z
Uym
kP0y
de7a8v
m ] d }$
%^FMj
f1-a8
|y+(
gBpZ
CD7
nRn6
/j~d
VwQ,
(yR@Z S
nh!p
"%+
Zua8
kn]lZ O
EF4 (
c@Za8s
DJ/ %+
Z 2x
bk'
~tC(
= y
jU<*(
kTs;
C>M"
USZa+
k'9a%
wa8<
=s+.Z
+ R3B
wa83
= L
a8(
PZa8B
r=lZ
"rt(
`JaZa8U
GetTypeFromHandle
IAsyncResult
Convert
8~B*Uy
:zf5
+ZT
<]H_
46)D
WriteLine
GetEnumerator
)Ji{C:
PPZ
i?..
?"X%+
H^d
y%&8
RV]
#c%+
]G5]<9
y{5(
Z5Q@
uCZ(
[Z !
65I
Z m(\fa8
zV6p
(%&8v
_VQ6(
$MKW<
w>T>
!WX
?,%&8p
Z qj
Ykq
!3;%
Invoke
H~5T
da
Z Gz
=%&8
I`1J
OYkco
>xI<
BAZ
S`%&8
L\Za8
$KR(
/a8j
bPs)P
GetValue
;COKd
Debugger
tZ i
GetWindowText
U%&8
f;Z
+ >/
<Za8
NPf
QK
AcP$
B; O)
}}$]A@l
#w%+
,F
uZa8
/a8G
get_ProcessName
&%&
i`P}
b/%+
8B%J+
uL
Ct9(
/d"1 +
Pa8-
0Na8
System.Runtime.InteropServices
sN%+
"i|Su
40q
Z #"?\a8
W%&8
8Za8
_CorExeMain
GetForegroundWindow
Aq3p
n5u
+ cSmr(
t?2t
Z LDFa8
"&
Z iD
H _"Q)a%
Pa8
>a8q
v
0k-%&
zxGz
V 6Z 7
ReadAllText
i#%&8
kq(Z
o
u?Z
+ 3J
Z {W
^E
y}Mm
D8^?I%
nMli&
!D9(
m:}Q
AssemblyDescriptionAttribute
Z i
$Yy(
@0aZ
R*F
;J=_&
$OZN
b<*}
jYF
SuppressIldasmAttribute
%iIC(
EZa8
FIb}
A~WG
d v.(
.tf>
j>Z h
% V}
(`a8&
[6k5
HqM
_'i>
[1}#
tEC.
5fa8
>J&a8
CreatePartUri
&POS(
get_Handle
K]D
TrvoN
-m,M
UPnZ
;'ozO
lP\1
NY,%+
^1%+
Lbj3\
]
dzf>},
$I~9
4O RA
8~d&
IZa8
V(
S@=(
/B\A
stockworking.exe
fzf x<
g.(
L|%&8
O]
Z ,V
+ !a
Qa"Z%+
ra8u
v*a5>gA
@~*
j%&8{
Z Jp
N:8
n8v4p V
fV~\
`Wn
_gz
_Za+
c6mDJ
@Z x
ma/
j%&8h
% a|
nCa8^
WC,;qq/;
!_^a8\
Z _~
Eza8
W_Eb(
3oAj%+
MJ%+
0%&8
h<
Yg4[
pYE
V<2|E^
ApplicationContext
P9t!u
%& X,
Wa8p
n:(,1m
1Z S~
X%&8
ta(
7%&8
x@*T
Exists
I%&8
H SV
ra8<
F+Bt
SZ n
9Ua8
)~gfj.+pu
P=N(
get_Current
r$$(
x%&8
X {
lB=4
A)%+
9dH
#1/
Za8^
O<7 G9Q
&@(
1f1
tt`l%+
=Bu
@t} n
+ Eg
g( I
Hs%+
K}Z I
SearchOption
Y*`T
$nu%+
ERZa8
K-,tH<
V4ba%
&g%+
T%&8Z
!A%&+
D1C}
hZ 0
v1
3Z U
)t%&8
J/eK
Z 3A
a%&8t
.[7;
faPJ
HxsD
9T7 (
\l5h
YZ )
DownloadString
5w M5
gq#
hA
R=%&8
o-W(
ReadLines
%&
Z MA
MulticastDelegate
Ba%
T%&8!
:X\
+ @2 ((
Qd%&8%
$G;
8eQ
8M',8
Z -
IntPtr
/>%U
_qF
=%2
NE#l(
wl6(
Zero
8xvR+
3xK~`-
QPu
gZ N
+K$^
2017
PackagePart
>=%+
FP7(
^krpx
IiX+
Ql 5
Z oBZ a8
Z gq
+(%&8
:4!
ya89
*{- 3|w
A2d
M&y#t
LVZ ^
_b`
zC$S(
3jmj(
R&
$a
HZ U
Z qE|
6Z -
!P(
((qm
*"
"z,\
Dm|k
;)/F__T
&~3
Z !s
8Z ^
+hFR>
flVKt
U $
e_%+
$0\c
.#U2 XF
$BGZ f
-Da8
8Z /
i)@ 7
M<rm6< j
2mk(
m!eO
rZ_z
ca%
x&y(
HZ .
O Z :
11Bw
& )c
8H!
Z !"
set_UseShellExecute
Z llu
f{Z
>%](
7Za8/
93#Z
`T%.Z f
ED;?
9%&8f
get_StartInfo
${Z
k@O <,
^u
#j 0
+ {2
`)'E)
RZa8@
*g6> l
qLs
Wnb(
WindowsBase
f6C;$$
Write
F<ka8
$%&8
UZa8
<Yx`E
2Z Q
zUf.
*?BcZt
um F
GetFiles
%J-*%&
-})a8L
Pka8
}vMD
>a8`
DF-s
CallNextHookEx
)c)mv )B
$(JOo<yIUn
o\^0
+ <o
'n:>
lu4M
Jpa8
T7f%+
.?81
Qb
{_^4(
Thread
]wfQ
Z Pkn
mt
bX
a'Z A
wZ j]v
q WKZ
N5-
Rd%&
FromImage
qZa8Y
Ap3%
7\m
q|9qa
Encoding
,s
&[`m\
0[<.j+
5 v
W+XB
+ yY&c(
+ $|m
s6lS
stockworking
pZ $
Dx.%+
D<Z
-` p,u
wWWg|H
%Za8V
2c%+
0>q=#
IEnumerable`1
JZa8|
CK;
V&Z
"5#M
bI7"
FIa8Q
2 m"wH
[a8p
&a8.
3fZ
M8H)
p*Y
,Die(
~%&
S\+R
([ST0
Vs"J
oMa8
+ +,
JZa8Z
ScFZ
w>z.m
hv$y7D
HZ c_
\a8v
_MZ
[a8N
4g%&8
{R>w
Lh$=
Y:8Z
AZ cBBa+
Default
|`!R
xa8)
G 5i*9
36)
Q^Tt
<%&8'
>A4
+ _pV!(
5a8R
LO~(
>yl"q
)$wn
$bZ
<yU
ZZ uzT
<h}$
S"
!g+&9X
Wg3+l
&b%+
Z #
xa8V
7ga8D
<>9__12_0
;T,%+
,tX
V?7)
>% (
Replace
00 a8
5_o,<j
Pnk%&8
{\ Z
WwV(
eG%+
x|}?K
^Z >
\Fx
(B
Aq%+
b^T0
IU4_(
L
c OiT
drx)
get_MachineName
Ia8A
b(Z )\Z7a8
CreateSubKey
S%&8^
bH\sD
8Za8A
NN%
aA+4
Graphics
Z BE
/ %&8v
Ya8v
7Ti`(
Pb P
4N gM
!_C(
F%~VZ
ZZ k
eX7a%+
e"{2X
[em'
P`\
!%&+
5Za8
&;H
,Z 302
get_CurrentDomain
zW$R/
|Z :
tm }
aI[
dl m
y \1|F
5KXc
WSJS%&8
|U9jdrD)
SV3%+
el]i
%&
c%+
V%&8R
System.Collections.Generic
[ Z
_#@ u
n%&8
Z \Z
#*{(
a\6{
yb$&
- hF
\7J}
p~%+
\t'
Ya82
kCZ yO
]syj
d4{5*
= |^
Aa8e
lY 8P
AssemblyFileVersionAttribute
Z <hH
|71
Iq%+
h(%&8
i^<
8Za8*
F@a8
ta8S
m%&8
$(%&8
Ya8(
jC+/

GVo
Z 0A
[JZ
.cctor
Z ?[H
q\wFT
wo:"
<>9__8_5
H e\
D {[s
H`u+sB
p!1T_<TkDjc
J;a8
v^Wt
System.Collections
i0Z
[9I
G%&8
e(%&8
get_ModuleName
85,#e
R=%+
3Uyv
Z 9,
~W6?
@(a86
8@d;
GetMethod
Ra8^
teTV
Array
0 ]
x-hB
'
Ra8K
*,
(u
/o&x
GeneratedCodeAttribute
<TaG
fZa8<
3W
Aa8(
SettingsBase
%dWp_:
)%&8
get_Size
sz%+
\.%+
rz<|
]9(p
Ra8%
HZa8{
1(TmY
,da8/
VV
eR\y'=*
:5+
AppendText
s0d\"j<
Z Q
*Sa88
g4^:g
%3:(
0'1`Z
}Z 1edRa8v
-/ >
QBa8
gt19
%& j
XZ |!&
$@R
^Wa%
Sleep
hFZa8
S\C
m<<!`
}a8R
mOHTS
#H%+
qCog
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2017-09-20 18:49:29 2017-09-20 18:52:21 172

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2017-09-20 18:49:29 2017-09-20 18:52:21 172

9 Summary items with data

Files

C:\Windows\sysnative\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\payment.exe.config
C:\Users\Seven01\AppData\Local\Temp\payment.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\sysnative\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_64\stockworking\*
C:\Users\Seven01\AppData\Local\Temp\payment.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_64\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\VERSION.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\iphlpapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\secur32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\crypt32.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CRYPT32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Windows\sysnative\p2pcollab.dll
C:\Windows\sysnative\QAGENTRT.DLL
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\fveui.dll
C:\Users\Seven01\AppData\LocalLow
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabEE57.tmp
C:\Users\Seven01\AppData\Local\Temp\TarEE58.tmp
C:\Users\Seven01\AppData\Local\Temp\
C:\Windows\assembly\GAC_64\System.resources
C:\Windows\assembly\GAC_32\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources\*
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
C:\Windows\assembly\GAC\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
C:\Windows\symbols\dll\System.pdb
C:\Windows\dll\System.pdb
C:\Windows\System.pdb
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Users\Seven01\AppData\Local\Temp\payment.PDB

Read Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\payment.exe.config
C:\Users\Seven01\AppData\Local\Temp\payment.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Windows\sysnative\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabEE57.tmp
C:\Users\Seven01\AppData\Local\Temp\TarEE58.tmp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
C:\Windows\symbols\dll\System.pdb
C:\Windows\dll\System.pdb
C:\Windows\System.pdb
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb

Write Files

C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabEE57.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\CabEE57.tmp
C:\Users\Seven01\AppData\Local\Temp\TarEE58.tmp

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\payment.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\payment_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\payment.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\A1BC803C
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllConvertPublicKeyInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllConvertPublicKeyInfo
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Escalation
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\A1BC803C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)

Write Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\payment_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\payment_RASAPI32\FileDirectory
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList

Delete Keys

Nothing to display

Mutexes

RWHpQSVpZvkm7ZFQmHGv

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
ntdll.dll.RtlVirtualUnwind
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
shell32.dll.SHGetFolderPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
kernel32.dll.CloseHandle
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CompareStringOrdinal
kernel32.dll.GetCurrentProcess
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.GetFileAttributesExW
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.CreateEventW
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
rasapi32.dll.RasEnumConnectionsW
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
ws2_32.dll.WSAIoctl
kernel32.dll.FormatMessageW
rasapi32.dll.RasConnectionNotificationW
advapi32.dll.RegOpenCurrentUser
sechost.dll.NotifyServiceStatusChangeA
advapi32.dll.RegNotifyChangeKeyValue
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpCloseHandle
winhttp.dll.WinHttpSetTimeouts
kernel32.dll.LocalFree
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.SetEvent
kernel32.dll.ResetEvent
ole32.dll.CoWaitForMultipleHandles
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetDynamicTimeZoneInformation
kernel32.dll.GetFileMUIPath
kernel32.dll.LoadLibraryExW
kernel32.dll.FreeLibrary
user32.dll.LoadStringW
iphlpapi.dll.GetNetworkParams
dnsapi.dll.DnsQueryConfig
iphlpapi.dll.GetAdaptersAddresses
iphlpapi.dll.GetIpInterfaceEntry
iphlpapi.dll.GetBestInterfaceEx
kernel32.dll.LocalAlloc
ws2_32.dll.GetAddrInfoW
ws2_32.dll.freeaddrinfo
ws2_32.dll.WSAConnect
secur32.dll.EnumerateSecurityPackagesW
secur32.dll.FreeContextBuffer
secur32.dll.FreeCredentialsHandle
secur32.dll.AcquireCredentialsHandleW
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
secur32.dll.DeleteSecurityContext
secur32.dll.InitializeSecurityContextW
ws2_32.dll.send
ws2_32.dll.recv
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
secur32.dll.QueryContextAttributesW
ncrypt.dll.SslLookupCipherSuiteInfo
crypt32.dll.CertFreeCertificateContext
crypt32.dll.CertDuplicateCertificateContext
crypt32.dll.CertGetCertificateContextProperty
crypt32.dll.CertCloseStore
crypt32.dll.CertDuplicateStore
crypt32.dll.CertEnumCertificatesInStore
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertOpenStore
crypt32.dll.CertAddCertificateLinkToStore
crypt32.dll.CertGetCertificateChain
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
sechost.dll.ConvertStringSidToSidW
userenv.dll.RegisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
sechost.dll.QueryServiceConfigW
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptDestroyHash
cryptnet.dll.CryptRetrieveObjectByUrlW
cryptnet.dll.I_CryptNetGetConnectivity
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall3
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpSendRequest
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
winhttp.dll.WinHttpQueryDataAvailable
ws2_32.dll.#22
winhttp.dll.WinHttpReadData
ws2_32.dll.#3
cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo
setupapi.dll.SetupIterateCabinetW
cabinet.dll.#20
cabinet.dll.#22
cabinet.dll.#23
sechost.dll.QueryServiceConfigA
rpcrt4.dll.RpcStringBindingComposeA
rpcrt4.dll.RpcBindingFromStringBindingA
rpcrt4.dll.RpcEpResolveBinding
rpcrt4.dll.RpcStringFreeA
rpcrt4.dll.RpcBindingFree
ncrypt.dll.BCryptOpenAlgorithmProvider
ncrypt.dll.BCryptGetProperty
ncrypt.dll.BCryptCreateHash
ncrypt.dll.BCryptHashData
crypt32.dll.CertDuplicateCertificateChain
crypt32.dll.CertVerifyCertificateChainPolicy
kernel32.dll.SetLastError
ncrypt.dll.SslDecrementProviderReferenceCount
ncrypt.dll.SslFreeObject
ws2_32.dll.shutdown
diasymreader.dll.DllGetClassObject

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven03_64 Seven03_64 VirtualBox 2017-09-20 18:49:29 2017-09-20 18:52:21 172

1 HTTP Request(s) detected

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • Hostname: www.download.windowsupdate.com
  • IP Address: 95.101.180.128
  • Port: 80
  • Count: 1

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86401
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

Detected family: #Msilperseus

TheSystem Itself @ 2017-09-20 19:00:02