MalScore
100/100
MalFamily
Msilperseus

file.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 40/64 Related 2060
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 392.50 KB (401920 bytes)
Compile time: 2017-09-17 20:49:02
MD5: f29f5352450cee9efa9e9f24d479cfa1
SHA1: 4cba3081f88302e9bb996a668f7830b300a06ed8
SHA256: d2d55fd445447b63de897c76e6e60708c536723545a7addca5dbf292d3e14a21
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-10-03 19:15:06
Last submission: 2017-10-03 19:21:04
Filename detected: - fada.exe (1)
- latest.exe (1)
- file.exe (1)
URL file hosting
hXXp://mailalerting.gdn/fada.exeVirusTotal
hXXp://mailalerting.gdn/latest.exeVirusTotal
hXXp://mailalerting.gdn/file.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-09-19 21:29:10 [40/64] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x617e4 399360 a84a6d826dcdbc16f3c1a91f103a2003 5e8f4a150d2f9295dd60a53e72e6909f6a701c45
.rsrc 0x64000 0x590 1536 03621e62970c78630ed8df57a3d9957f 30039784d4b4a2cfad253e69526f4c6439d6ba5f
.reloc 0x66000 0xc 512 5c83d4faca432c8e13af6c6da115f1f1 1f9c6facd7be0a1483bee3bc9723972877c611de
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x640a0 768 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x643a0 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
Assembly Version: 1.0.0.0
InternalName: chrome.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName:
ProductVersion: 1.0.0.0
FileDescription: Chrome
Translation: 0x0000 0x04b0
OriginalFilename: chrome.exe
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
USER32.dll
KERNEL32.dll
ntdll.dll
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
Chrome
VarFileInfo
)-L
Comments
-.V
)'@
-.b
j9M
-.f
-5u
-.Z
-5q
-.^
-5}
*)+)76
Copyright
-5y
).R
1.0.0.0
StringFileInfo
Translation
!yM
Assembly Version
FileVersion
chrome.exe
normal
VS_VERSION_INFO
-(D
InternalName
000004b0
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
CompanyName
LegalTrademarks
ProductName
2017
-.R
-#:
2Z 6[Z
o -h
`Fa8
St*e
@Cca8.
ReleaseMutex
&
60C
AhV%7
0Go
Aja8
5 )(
(0
%&8X
{8[V9b
HPk
!`%+
hnTrJ
?dLsqK
LPxOZ
hA{P
,7 )
EZ 3d Wa8
a.`%&8$
ts&.
lcx
[a8{
NV
{!;T
#Z
K-a8
$>`
DYZ
,!s'
ydzZ
7a8$
YZa8
XYYa8
Iuma,4
e"9a8
%Za8F
(~V
5<%&
2q%+
8]8y
O`i'
7a8R
%. %
?_b`
Mc i
aB
Z M
get_Height
Uj9G
>'.<
mC>
+ ">
`$3
P7v:g
CreatePart
Kda8
UP
wB35
+ zh
KEa8
7wg^
+a(/K
=<h
,7 A
P.
ia8
Process
,%&8
VqQ(
v #
dto
tY
*Z ".
Kill
,}l
! %+
8})9
XIH8_z
;Z d
otQi/l
Kc-%&83
dSvd
p%&84
Z o`
ToleF
Z ,ar
h&%+
FRi$O
0m%+
; pD
Z %$b
81lR
rVb
Encoding
+ 1Z
6Ky(
KKurWYV'~"_
a81
AZ 4
& <Z p
{z(r
3$ 9
J5Wc_
#^ /k7N
Da%&8
<Z =cG
|?<u
wHbR
rzg(
r 2v
E#O*~{r
Z v.
Z L
DebuggableAttribute
Z 54
Gza8
FuSb3[
<ssJ(
c~(So
S |a8
OoeK# o
IXb z
Marshal
Contains
&ea8Z
0N)a8U
%g5rr
C%&8u
MS a8
X9
!z
AsyncCallback
B1_6y
iDPE)>
VZ
<]\H
S%+
d S(
,".%+
user32.dll
%&8m
6T
y70,
{$
e9ca
lParam
RuntimeFieldHandle
za80
&%& 9
.Z y
l%&8n
%/-(
A R|
,@3(
e&ax
\7R&
/~a8
_bj/
X2{
xDmo
-6D Z
KM a8
| A(
)7Z
J{`7
>DPZ g
5bFt
<F,a8
]sZ
L{Z
paJ'
pa8Y
kU(]mF
Xnd-
<>9__14_0
w%&8j
vPm:W
PHa+
t %&8
UPY@
25!%
+V
9:Z 7
<>9__16_0
pa8e
%&8f
V.d
jI
oA63Z L9
W<Z
%C%+
3Ua8
Dza8[
PZ+Ua
>7%&8v
%&8c
6(y'
Random
K )g
hZa+
&N)[>
CS
RuntimeTypeHandle
29#Iw
p)A]
}DLR
P4[k
hdTZ
0-ytug
za8V
]a8$
N^Z
:xFSh
rxEX
V}PZ
VMz
4qZ
Z ]7
y7oo(
System.Text
\sU&Za8
|!FeAm~
+ .6
+ A kh(
bA*,Ct
9^Z
%&8{
K0 x
yZ S@-{a8m
IZ %
D R;
VIDa8
{zy Z O \
^C5UZa8=
1fx
{ k
t!'#1H
4}!U
\+u`04)
qN5(
M&;s
f9g
<Z K?
`,u
QzZ
wGa8
Z DKa
%%rm
cH A(e
},%+
fwLt,
MjPgZ
<p+
,%O
||m-%&8
o~X<
s_Z
2xs (
FU>:
SC,m%+
kaF
ResolveEventHandler
J]a8
*MZ !M
NtSetInformationProcess
Z CT
AppDomain
[)rl.
Z @;
# [+oe
&a8
QZ 1
(mQO%&8
>nC
g\,[
*qN^
>h9 n
~ P(
6Za8
% ,e
#3I
Z Y}-
WZ r,
dVa8
PY'l%+
sa8"
=r_$
\tR/
&x<
%&8E
1aNZ
G2/xQ
\a0>
+ U_
/SekNX
wBN
Ia8f
:qV-%&8
Z 'C
A+
%&8F
+ aL5;(
o,(
qu}/
p B|
=J<,
G7CsZ
>Q%y
TextWriter
H<<QR
[}4
decy
FromBase64String
S-X?
QTACA
v!TI
Z b-U
|uRk
T
.a8_
Q:5[U
%&8\
+AZ
FO_
R.Sa8
9,&((
+,=a8
l`%+
Ta8|
get_CurrentDomain
Ta8p
EI i
p`a+
lvO
W3h$
@(
(J2(
{uVT
{,tmZ #
gYuR
KZ {
izP6
17Lh
l^Z "+
qZS
jZa8
o[xS$
kj(h
Q#:G
P]Za8
Control
x:TA(
JBfv
dYE(
a%
+P@^9
[%&8`
} 7(
aXM]
xsa]
+ 9 f
D ta8
IEa8M
+ >b-M(
zQx%&8
hMX{Z
Ta81
[1hN%+
B%]b
%&8R
3w|Z
6%&8
Ta86
xOv
{u11
-ZZ
!(t
%&8,
8oZ
AssemblyFileVersionAttribute
>eE
mca!r5h
g=%&8d
`WSs
%'
<v"0
'a8
+ gi
lOpBZ 2}
a,+V
$bxm
,_y(
4dY
L hH
(S3v
hi:.
LEc9Gt?
V1,s!u
n(> Z XL
!:h
?n"e
%&8%
R;^*u
ht`=
2F>}6
%&8$
)tZ `R
OI%+
X=s(;
$9 d
>a89
>GK1
pL
kJLE
@8a8
~ g(
~8U
wUM
?!YEv
xsdjb
e%&8
GetFiles
lD 3
NJ~
r\kC
3>W;
LbFRU
DWt0
*x*
$Z daN
gkZa8
g:m>Z ?5
/<nQ
BZa8
5l|O
TFB
%&8<
+ a>G
>5WA
<Z
+ (^M
R#5
o,d~
;y79
0Z5(
^zVG/=Foho4#ZY[!Y?1:ALJx2
|1a8
V <r
0^E0
ProcessModule
Z ~#
(Owg(
ZmZa8c
-ela8
*^E*
+1%&8=
%&8;
uJSF
Z l>
;:
k%&8<
VcXSn
get_Name
GetValue
DirectorySeparatorChar
%&85
0NjF
z a+
Q_a8
E//(:qp3
4cek
Xu%+
#)t
+ i]&q(
d d(
iS+
%&86
String
,+\
o\a
N
set_CreateNoWindow
rgda8
^pn
%&83
v ZZ
o0 a8
,7 N
Pl]E;^
p}a8.
z6qn
w Z
La)W.
uN
v*%&8n
f~8
fDI
IIU
?M>_
-~Ga8
%&8
B*
GZa8
Za8`
a D
ca88
ZCy|
'V0t
T_a8
gL_d(
\2%&
By$Ko
q|v^
Z lnna8
;(](
-*W A/S
W #Y
wRc baX
V9l
) I4
' Z
/lg{d
xmA(
_4Z
G+T
QXL(
t\%&
2dG(
DialogResult
4E_(
/Za8*
get_Now
>#>%+
\'{u
`F~Z 2k
&E%&8\
OHvs
.text
c,fmf
+ P5c
e9#<
1&G(
GetString
{{Z r2>Fa8
m#
WindowsPrincipal
7ZZ V
z &
R,w0!D
7!a8
Za8e
q7|
r*=(
m=jm
/^E/
X(Luw`
+ <`L
WaitHandle
Convert
oK p9v
_Z j^
YPho
WAZ
jDqn!f
asyouare.Properties
MFZ n
$%&8
c>a%
y
System.Configuration
C'a (
%Sa8A
nC,
Z RZ
za%
_a8x
j%&8
^Ja8
p<W
[kZ l6X
?YkZ ,
90$0
E3;
y #
SRYq(
7"#w
Y B]
+ T
Z Ra
Y8%Z
Z @*
H*@n
b@$
p%& E1
6NT(
rW
g b4
p>Z N
qM%+
[j 6
Za8{
nQZ
CopyTo
S@a8?
X%&8U
+ ~@
,.%6|
v"g
ZA k
=a8{
!" H
#\7N*
'I%&8
System.Timers
2yZa8g
ANA(
*XI-%+
_Z Fn
StreamWriter
\#/R'
a\?
Net(
<!Y^
>B
=a8F
nCZ A
SB#ry
!Z W
,g'Z
wm4w
r#
GetElementType
a%&8
V%&8
GNZa8s
~GT
>>p\5
+J4Z
BbVa
!-Za8W
Z 6a
!Z 6
|~=_1
xx%+
+ r3eH(
2g>L
D y
GetModuleHandle
P\V-
KU@0
,D07
OpenSubKey
%(Z
Z Wg%
6>~F
M<V{
+ JT
`.rsrc
vw4
^jUZ
T'ACm
H Z
8AJ$
Z Hx6la8R
~ S*
%(va8Z
}8
Z< n%&8
chm$%+
Substring
r{%&
O-E7+
\H/7)[
|*>d
J+N9
]=jw
kernel32.dll
jl<.@
DYp%K
hD?\Pd
set_IsBackground
H$"(1G}
^S]M
]M%HZ dK
>k>\1f
_>
+ n@
-?Z Lh
a %&8S
3kTe
7%l)
tZ 6O
ContainsText
b%&8_
Pd'&
LYm~
| O5
gqxWIH
Z 8!W
6Z d
,rK(
]Za8
:2%)
!m ID
Z *$
zjWeX
-Z *
_!Ub
JwZ
GetTypeFromHandle
Z )J
~I)%+
IAsyncResult
[%&8
@o&V
&?{Ndl
CreatePartUri
It%+
9DZ r
7$48
U%T
,1r7%&
Vn*k
op_Explicit
+ xw
|r
%V H05
,7 {(g
)Xmb
'H!(
eF{+
4Et
~0 J
!$*J
La8Y
AVa(]^
p2%&8#
FileAttributes
a&Z d
Z mp
e8%&
x3x/=
Na8
w-~?
'^1#V
,UZa8
t-f
;a8E
3#S
XQaKF
t|m}
A9{
Z ?Vj-a8
}e_Q%+
S^Za8
mWI%K
]ec u*
v;rI
Te%&
k%S%
yo!(
MW_E
+"5=
+ 7V
oAn4(
Z1w+
e2+$%+
Z mE
]eR}
S8\
~0iI:
Va+
[7i
.;%&
Z f;X
cINJ
n#f't
d":Z
H2 (
aa8t
iJ}E
:NKK
p2*^;
(
g2Y2
2M%&8
W}.Za8
(*A7
b Q
i")~U
jVZQZ
Lo y!
TargetFrameworkAttribute
f\Z U
11.0.0.0
KU\{V
Show
Y4Mi(
YB OZ
,{rA
/\Z z
[Ra8x
i1K
R(z:e5
(UJp
:Z jCy
Wl%+
8G 5
?^a+
_i$C|
Z ,9i
_ ~X
`Ly%&8
P4[u/4Sn
qcXc
>rb*
%&8l
g].
D%&8
%&8i
%&8h
%&8k
&
%&8e
%&8d
%Z?Z
<>9__12_0
%&8`
X:%&
^=M@r
Write
%&8|
ea8
%&8~
%&8y
%&8x
kaH*
%&8z
;'Q%
%&8t
%&8w
%&8v
%&8q
oU7d
%&8s
%&8M
%&8L
%&8O
%&8N
/k!{g
<e/u
%&8K
39jq6U
s#%&8
%&8D
| w
%&8A
%&8@
%&8C
%&8B
1\+f
B@j]
(G+
%&8^
%&8Y
%&8X
^Cxk
%b1q
PC:{(
%&8T
%&8W
3X\
24 j
nq0:
%&8S
@1w1g
UNM^
X`|
%&8/
<aZ(
%&8)
%&8(
%&8+
%&8*
8[qt
;z2Z
%&8'
%&8!
%&8
%&8#
%&8"
%&8=
P05
%&8?
%&8>
%&89
%&88
)Z [
%&8:
$<
%&84
%&87
h[V
%&81
%&80
XAAT
)q{t
%&8
glx|
:5aF%
Z /`*La8x
% S
wbR }
%&8
%&8
@J`Tf
System.IO
#Blob
| 1
4,G/
$h}x
/VXo
@W>8l
GetLastWriteTime
:fH
Append
FLlP
rfZ '^0Wa8A
Z |;$Sa8)
5z%+
Q7V
Image
r@E
&y%&8
Console
!Y-a8
n3rq-
ProcessStartInfo
#/j%+
v9T ;|
act
P,TgZ
_b Y
QK
@Z xDtDa8
a]?h(
pJpuZa8
#Na
wqP!,
.N%+
%&8
=WMZ I
QZZ
Z EQ`
:T:
E*1C=
"eO}%+
ma8
)W%+
5-uGO9R
Tl3t
\&Bfq
9^U&
Rp Z
5my
STAThreadAttribute
_%&86
\/a8
EuU>
^7Z
System.Runtime.Versioning
+=Hi
Z j6^?a8
System.Globalization
mAa8
& ]h9
k{t4{
Bta8)
"n>QI
tv2
JL/f
6Za8
sTAY
Size
S3Z
6@?z
~9Uj
HZ 0$[
N!x)=k
Vu~(
R{Z
+ -y
UCJ:
|mS
IR]Q
'7 ~
W"5(
}L[0
?8c
>B{Z
^4l
8@i8
8cm^;
_a8J
3/C5
w.1g
1a8\
}\R(
}_T
& {v
{' Cb
;%&+
!cu*%+
r|.P
#'i(
RA|(
CallNextHookEx
Package
6Z
F{nE%+
tAI8%&8
;%&8
?a8t
`rrZ ~
r,H@
Z bQp
Dj.W<]:
z`<
N!Na82
.A!O
.xdD7
@+DN
|fZ
CreateInstance
lES#0
<Ba8
a@h (
y\%+
5'DR
1^E1
{]$
X4wy
=VKd
N.C},e
'bqE
5_Z TQ<@a8
#Strings
Z %Q}la8
)i.fZa8
IztuKs
b.>%&
Ukr`<
System.Collections
Q4^
pS2_
*BZ
Bj_(
zr@H
5b~.
u9.7o'
3H%&8e
18Z
]a8c
EditorBrowsableState
#Za8
~ %=5I~;#
X\L
q}a8
~.'%&
u2. S
( %&
:IwiZ
h{%+
sZa8
J%&8
APJ
Environment
n\a8
} @ Im
VSQ 1-P
yzf&
wZ
6w !M
F;
d|]f
b,N;Md
2 .Q
&1|/?
v;a8{
%^E
:OS0U:G
W`P%+
AD~7
{[%&
E G0B
Eo3I(
nZ ~[mVa8
:a8J
.YE
E4c_G
.0VV
Z |[
ValueType
(=wxt
CreateDirectory
EndInvoke
g,b"G
U%&8O
lZ M`
System
~VNb
+ (
1 O_
2Z ;z
kL|
gD2%+
<G](
Y"a+
cG%+
kL
System.Diagnostics
>7%+
8
i z'
jo%+
Z +H
7Xb
sh (
add_AssemblyResolve
\;%&8Y
3~
{9}
Su
result
/%&8
|7a8
~rZa8
Gr %+
Q`f4i
3$ rWo
?T|.z
/Za8
WB<n
,7 1|
mY]!Bd<O
_x%+
[U%&
#ba8t
a8z
7%&+
Bq%+
|a}"
7AsOU4
G!D(
6%&8
`E|U
vZ >
HwB
K0%+
2]xa
+I Za8
*60%+
h~X(
FrameworkDisplayName
XZa8F
?[a8
Z KUN
T9
As)
)7gX
'yp
hBQb(1
AEE?i
J%&81
+ c@
, 8
Z bt
% H
n]%+
k)Kp
=/eQ
N$#a8
/ e
UZ g
:yy
<ybR
)q
#a8k
$cxd%&
*k
Z b\
oZa8
m]Kn
3%NC
*#Y
T%+O
a?Aq%&
rOKa8E
IDTa8
Intern
`QZa8
get_ModifierKeys
pd9
System.Collections.Generic
8"rpn
/%&8[
Open
J%&8
3_Z
X>tS67
~pE%&
-6w
FhZ u
6%&8p
s2Ya8
6Z %5
AssemblyProductAttribute
zZa8b
get_UTF8
Z e*
)D
get_Width
zZa8q
Z F{
@a8O
c`^N
K2M9
W_l@
t2?%&
`Z ^(
$M^E8
:`AZ
.[Z
PuZ d
nX l|<
.^E.
ConfuserEx v1.0.0
Z 11
NWuD
8L
,A%+
R.Z
-8L
R"Z
w@Ja8
ZbuCQ
4EN;Nj
Vm'Yy+v
IP)C
T a8`
!;%&8u
SearchOption
J-7j
sU*
)Za8
~u`%+
:('7
ga8f
& %&
$TZ
vN ,
U|*Y
+ cyX
B#M
SEq<e
A33W
PI>
3m(%&8d
+ 4T
Z t
P5a8P
[M5J+2
]Q;A}
%&8
Jfzz
DXD
FTO
l%&8
i7%&8
] xR
f%&8
}G L5[
+ H_
GC a8=
jF,%& ;
aC[k
cX%&8:
Za83
JoW*
s3QOZ
+ BtOs(
pPZ
get_ProcessName
U%&8o
ecD
)ce,
PT
$6a8
uN(%+
Z,LI
Z 4
01O8o
uGSF6
(P \0
NEa8
nKG>)
og_a8
-%&8
m#v
P<7,{5
h$ve
<_%+
HZ q
W+O
+V~}
& tS
:[Za8
x+`L%+
[PoM
})m'NQ
W?x.b
@1'L
Timer
<o
3%&87
M(
enz%&8
!cZ u Woa8#
< !m&
9x#}~-
>Ph#
>U&f(
Zi
FromImage
;da8r
z%&8
Jzqx
4; *'L
l<~+
V$.e%+
.'M
6n4
T)idD
|sE@
U6NkZ
xu7H
Z IyN,a8
z%&+
\
tw[
_l]SQ
%- a8
&=Z
MD/T
KYb
\>yU
sE0%&
+ta8
7Z /l
Sfrk|
]!k9!
x*Va8
CKa8m
]%h/
AssemblyCompanyAttribute
dw"
Za87
<>9__8_3
,Za+
uF,cX
i}jN
+ *7"
t*`Z
Z @m
No
;Ha
uM9?I
WlxOf
8 a%
E%&8
k*K-%&8c
JX@
,^E,
.xpN
a8[
76:
PackUriHelper
Glp
_!a;
w8!P3
AssemblyCopyrightAttribute
Z wR)
Z (&
ruK
uZ J1
+ ~[
ox^4,
.2O%&8X
fX%E
fl%(
'VUmR^
\ )
6;qa%
Z :B
Oba8
L,&t(
P\:
`_Klt
N%>!
NnFa%
Hl (
!rZ
\9Z lS
o
aHV
e> %&8
Z Ib
OZ T
W-9h>R
U|U{
Yl>
9+Za8
]j%&8
I|a8}
^PmJ
.ctor
,I
]Y42
g)urZ
R3+
y7N
fUfh
C|%+
M.p@
Xa8
dov0
g-|2X
,F y
Z }/
.73~+~
?S=q
! 6(
/j8a8j
+ ~y8V(
77Za8
.Z $
[^|o
Vc+%+
s K;
p vm
Sleep
&v9
}%h%&8
.^Z M@/Da8
Ff2+
^>pv
Z z r
l+<~
&UE~
%5
r&ya%
GuidAttribute
MoveNext
oDgB
wQ$_
+x}p
SZa+
aZ Q
mr+__
Lwh
oyx
-^E-
ToLower
+ 0
$FO%+
iF%&8
System.Runtime.CompilerServices
88%+
j4<a8P
EY{
?]z
y+=
4Ex#Z
Yf^M
^KZ
}qH)
IsLogging
h;D
Y&-
Application
l&OwI
(Z q
<>9__8_4
0Bo
7G8o
l~w
5Z l}#
N$
~Za8
?5/!
_@WD
6b
)%&8d
R %&8@
Z QJmma8
NKZ
Mw%+
qGH
Zk[F&
/_|D
T op
& mi\
(7}]
~m/P
nY%&8
4=Z
&9%&
j6J,;
{l\W
C%+
O
}&Sm[
d 4
PLu:
Z <B
aQZ
FileSystemInfo
|%&8
}2XF
EditorBrowsableAttribute
W"s _
7Ox
r1]2
nYZ
Pa8F
ToString
4Md*]
&s!MS
<%&8
2g./
4Z C
LZ /
DateTime
3hZ W
RMZ
tN%&8
<%&89
d f(
}rA&g
+t:%+
h CI
F}Z7f
set_RedirectStandardInput
5@a8
k%s8%&8
jc{z
T}L>;{
c-Us
\8v/
<%&8.
5Q2M
LFP
5p
%.[i
Z G,
vllZ >
#Za8m
<>9__8_0
<>9__8_1
Split
0ACB
x`a8
I89-
Save
Z/%
Za8"
E?:Z
1%&8
6.sb
K!Pyz
~mB`
get_UserName
iD%+
b"

X J5
<xZ ~
+ Kqt
P]y@S
|rL
_90Za8
pg
(c%&
6"4Y
Z /Rq
Z `L
/l9C /Dz
Z 5>
}z}B
i*$K
d^2c
AssemblyTitleAttribute
>$a8
g&S
%%+
jea8.
O[+K
bY
oSZ r
XPl^(
U?K+B
2%^
U _D
ZF6Y
Za8l
6 c0y
nkjv?@ |I
Z .m'
0>%+
5pM
sct/
}ZE
FP}*s
7)l D
oN0B5F
Z zC[
+Za8
7_&q
CZ&h
0QZ
6jL
:;a8
Ay%&8Q
QZ
add_SessionEnded
?X5?
OTwk
3
v_ <
B:$
7S5T
5s%&
Ea%
Ii?z
|&U%+
=PS~j
NJ^2
"DoR
9Z k]
1Lv(
m8Z
b}0, g
?k%&8
)Z
Q~(u
R%&84
GetFileName
t%&8
YZ R
4.0.0.0
p|Qa8
hZ 4p
set_FileName
GetText
;dc%&
Ap(
Q<o
BEta8]
`2q&
+ O9
}Yz/
3~-
qXx
dyPa8M
V{b^
$HFq
&a81
3s;
GetFolderPath
Z ibh
kQ %&8*
9?7i
.WHT
^$*@Z |5
%?9Oh
Z D`
$i
BP%+
_lRa8
W_C
a8J
Q6!hdb
F%&8y
v6%+
!|#qkX0
HMa8
nD l4
m15i
kfa8`
](3
F%&8{
g%&8D
$] o
R%&8X
Q0R,O]
EI
diNz
Z dV
uQ,Za8
6n@.
*tx
=r@
neZ
+ Pnf
B.FLF
\6Fl
xdZ Pu
6Z k
.{UZ
[1R_
Lsa8
tFZ
R^fL
Ijiy
7Z G
, Za8
X d
Za8Q
7Z N
JA~e?
m?%&8h
@v&(
7Z r
ia8D
e vk
!Z o
n$`_
Invoke
Za8
,ctZ
Z r^:
epd&Z
set_Method
wO#(
^cZ
e)j/Za8
da
w[|-
g|.;Z J
Z -N@9a+
"N%&
SZ ?
v4.0.30319
m?%&84
X&m5
\o,|G"
System.Reflection
QQVHx^
<%&86
b4S$S
3C@b
*%&88
="Uk
7.B>
]dq(
'yc}
SF#Z
X @
BAvO
Za8
flZ
Z )3
ZK%+
v=Q
)FAa%
.NETFramework,Version=v4.0
Z wa
-lK
L?a8
]2%+
ndamZ -s
<Module>
7yH(
Mutex
WrapNonExceptionThrows
;&<%+
fH>4Yy
d|Q&
C)s,
9co"
{1%&
&Xy L
Z Xefta8m
L5Z S
ZZ_%
eTI%
_08rb
vFkZ
Pa8$
@.reloc
RJa8
QIf
_}Pp%+
Q%&8<
'!MO
ps(Q
eP
ZjHJ+
VbJ'
bTM
W%&8d
Z yX
n>V?
[&4^
tiH'H
4AZ ?
u(a8
7:>7.
B' .Ht:G
O/
[O`a8'
WriteAllText
+ !',
Byte
\Y 4p'{
(>XY,
DlP)
EIwsP
<u:a86
O GZ
1Z 9N Ga8
Dispose
E^t\
E z(
OT
#H%&8P
\LZ
+!3(
N {Z
AppendAllText
Zero
M%m^
m%&81
r%Rz
Ha%
h#?%+
SS":*
oj7
oQP
Z lhya8
&*-o%&8+
D}3K
Z `J
J 8O cv
sw^J
?a8d
W%&8
C|2?
;}a8
,a8]
nZ &8
Q O
$+9-<
|Z |
1 Lp
KZ #a
4:A
`I*Pa
_i*(
oAwZ R
6uc%P
3qD(
{BP
ZtI
`O{r
j:}
?Z c
+y:FO
;ba8.
|Z d
MessageBox
Ea8*
RwaE
18a8
get_Location
#p6%&8,
|Z L
cx
^!.{O
a=a8
q( (
Z DS
qNMu
K%&8
}^*}Za8
[Ia8
ikH*
Ta8h
Z VX
j%& @
?N%&8
_%&
va8Z
.*UmC
?Z *
x9S9=w
gCDb
7U%
k QZv
gZ [
da
6uz
^:{J
]"bS
atL~
#$VP
>@%&8
$8%&
VCs-
xa8{
get_FullName
j,b
1Z \
SystemInformation
0pr
loZ *
KW;
E #Z
g!'
+ NC
#\%+
Aw`2
D3~f(
U%&8
BUw+
Za8]
n|q:
Za8S
^$E
P5s'
}Z %6
Za8V
J&/_,"v
Za8K
Za8J
Za8I
Za8H
Za8O
Za8N
Za8M
Za8L
?_Y
*%&8
1'OFe5*
ZZ
Za8G
7s%+
iZ H
=Za8{
B[t]
E&Q(
Assembly
Za8~
tr9%+
:Z A
Za8s
X~4/
Za8q
Za8p
Za8w
M%&8
Za8u
CopyFromScreen
lqDFp
Za8j
Za8i
Za8o
Za8n
q7xa8=
uGQx
Za8c
z[=jZ
Za8g
Ag [d
?B{(
Za8d
_x
<N]YD
[h[V
NM;%+
Dp!<
*8
.0= Z $u
nC|:/
I FB
@^e(
P^Z
*#,%Za
ZlC
Path
#a2J(
Z J_D
LS`.
Za8;
Za8:
)a8o
S C%&8I
ZZ t
YZ 0;
R %+
Z J,
Yqa8F
Z >M\
=n7[
fTwg
Za86
Za85
JIu;
Za8)
=6$B
Za8/
`\ct
Za8-
} 3(
Za8#
Bnla+
Za8!
Za8
Za8'
Za8&
Za8%
VaZa8
mv:<
>DuZ
]8.E
]Py;|
WZa8g
n%&8o
Ua8#
J5-
iPa8`
4Z
QJ%&
kb ~
WindowsIdentity
JLc#
aH>
J X@\
Y`l2Z Q
Ta8
c_Za8N
?Da8
#i?
_S11
Format
+eS%+
uc1Q6
zQ%&
,S. (
h,SC
gFrtj
Z .Y
Z 8
Z I&{=a8X
oqRSe(8l^&s
r%&8=
+ rM
I3g%
c Fxh
2cb"%+
+5a8
Z 8V
{"6o
)a8p
Y a
lT+OR
nF!7#
>%&8
eZ*J
ParameterizedThreadStart
&Ztw
6
yJtDgO2
?DKZ%+
CN/
uNA4 Q'O>a%
GetProcesses
%F Z X
v8V{%&8
'/T"
^a86
4mw=Be]^
/D
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
D$'
j &%+
Pp4TXy
h'&t
^&a8
b2D(
?DKZ%&8
get_VirtualScreen
object
nCode
CxE
~X4y
P| 3
+ `@
,Z `k
A%&8F
)* (
^E
6UgXIk
[EZ $
5i S
1F(B(
~c" (
Za8^
=XZ
$qQ
8&XZa8
Z szJJa+
INa8
do%+
HE)Z *
'EY
U.V>X
W=6
+ a)x
9B<c
pAZa8
|P%+
vMQ
>tZ
Xs *%+
vVyW1R
FIJZ 9
atc
!h\
WZa8
hMK9
|-n`Z(
Z 4d[ca8<
[$+^
s%&8"
h)H%
X|
-J?^
um+g
'`,(
\%&8k
Graphics
Gr%+
Z sM
o{%
7Ec(
/%&8
A)}
vL(
63=
(Z Yv
-cYgC
9@@(
lZ q
2`GD S
GetResponse
M"/6COW
| b
'ZV<
\:S
3ga+
wn57d
BI
*Z Ff
k -(
get_Chars
ZPZ %
+]
{uy
6Cvx^
ON~}z]
uJ
. w(
?3k?f
qZ
g4a8
{O]D%&8
L2%+
1P)$b32
Z (lQAa8
VRZa8
Za8@
`!L$;
k Ai
&Z 3
h%+
Clipboard
6YH
GetCurrentProcess
VEC
4A'`
H.Za+
m+}Z
$dmZ
H,]~
Xm %&
?9t%&8
+ ;2
] s"P
@u%+
Ha8=
Z aA
)/ |Z
,%Im%&8
K;-
ntdll.dll
0'mV
& R`
#Z M
BZ l
?hAl
e??z
M\1P
(#"a8
Z AY
3PZ o
q $5
+ C$K)(
_a%+
Es[ehk
lIaI
!}a8
;J*p!
X$B
q]"8
HaeB +
_Q:
n&2%&8
FIN1
Z {:
n [
set_Credentials
0"Wj
Z PQ(
E#P
Z W
-Ga8
/#Ya8
Za8r
.Dm(
^<#.n
=/F
G4nI(
HCa+
ZT.f
cRN%&
":u
w@0Q($
`5% !K
G f-|
&
Equals
Fd}
<|,I
tUa8
N"a|
V{r[
;a%
&!Ef
Za8z
7ja8
2
Z hm
:x 5
yZ Q%m
CJZ
VoZa8
s4C(
Za8k
Z 'C+
2 |C
`qaW
Rr)EZ
2(3y(
gH~Em
uPf
I6b%+
|9My$
w'h
0%&8N
get_Current
,Za8e
2:La
N}U\6.
,:
~t(
System.Windows.Forms
_%&+
RuntimeHelpers
6 /IR
n<}p(
FI@|
&D q
ceO
+ 9:
+ mVI
'k%+
8RqJ
DeleteSubKey
8j,w(
_%&8
gnr
7-$(
&-, W
_ib
RVm8
zZ 4I
.|2a+
7+,$G'z
y;Za8
! W^
rPNs
x '
;T%&8^
lP1
m
N'a8
DownloadString
jH~
9J >
^{s
-XjT
U@La
9R^-:
[=M'
Close
Hya8
aS{n;R,
Bp:
yr0;%+
6hD
x%&8
v +y(
8F0Z 1
:t5s
>on%+
pkoU
|Fp:
_bY*
*aQ
75L
15ka8
V65OP6
BSJB
Aa8F
set_Enabled
8@F
`FZ
ppq 0
Z Ro[ma+
+ 5 9
[R[/J&
LNZ 45?Da8
~:ea8
"e?A
+ Q
Type
0\C
+ (
=v$%+
nIE
%&89
TEqe
X 5G(
`Pb5[a
Yu%+
%^K?
*D@} <[t
+cf(
xh%+
' w
8i#[
HnDdeloxWlbrDPIBTyBAdsxcBOGAA
!u%&
tgwE(
$)a8
9?@d3
$I
;s.
GaYc(
/Z -H
Z KK
&\KJ
!)\
set_Arguments
L0A"
Qy9?
k,u
]9}C
Z 9;<da8~
Z (
{mgA
upge
Z 9=
Aa8?
*@-c
whZ =J
g=)
G'?W
WebResponse
^E
gF%&8]
^1(%+
M %&8
*a8x
"Za8.
`*q~
{ 4t
$QZ
Z 9!
% [
Chrome
%,.\%+
L5yr
36n0C
N:>%&
Gn\a8
a Z c1
NXm!
W5'4
!|.
=`A
3tN sh
[11i
UfZ ~#
|5/q%+
:&s&
get_Left
.cctor
aa8k
Zva8K
-G >p
6fv Z - X
1%&
/(ua
>aa8
{-" K`Z8
MZ .
yx&Z
mscorlib
34.!x
%~]
-U
FileMode
xZ Y^`/a8
j_9U
Cntn+(%W
xYD4
:e`>2
bZ 9
!&,T0
WCA~
IEnumerator
aKZ
CTx(
=xlQz
W\Z 6
Qq)
Za89
!%&8'
MZ N
z%&8S
+ 1 c%(
+ oQI
B+a8
-m}a+
d KQ
Za8?
mL2'
!%&82
f<=]
}pZ RO
M%&8h
%~wFz
!%&8
Kl%&8
[=&%+
Za8<
8.rJ
MZ>0
ogAI
{yLI
=la&
^E
1Yj}R
L~}(
)6"}
KD%+
Bznr
8WTm%+
::l]8
B)R
;Nc"
chrome
D2;y
@9a%
zM\ /<x-
Zza8h
Za80
#^E#
_Km@
e9tl
Ss
b ]X3
Z1*Z
Dc4(
%NEg
O5Z
7 m(
54p
PdeX
E .,V
u3y
K* [
pa8
6N5
-Z ~
FBZ wb
mX8O
hUEQF
p?[!
)3LP
CB l5y
EG{mc
VTM
SessionEndedEventHandler
2dyd
set_WindowStyle
H~F(
>a8N
Za8(
$Za8
L#9I
m:a8r
m\7)
r;=ju
Za8.
O!4a8'
}Z p
3OM
ka8
{/I;
2`al
rZ @
1 fu
}!%&
r{xuZ j
.Q W%&8|
t4[=
l62y
2%mJ
c NAZ
<FE(
tZ ,
Yvfx3
bzon
h6VZS
=: (
,Q R^
?}a8
Y_Y
KKF
Eua8
9h%(
$X
H! T(
O&J(
UWs
2M%+
Z _Q
C%dS
3DZa8A
Za8$
Em_Q
}Z N
:FJ/.
^=FO(
%&8j
I.2\R
L+%&8
)_a+
)R%&8
qJT(
YRLC
J{[&g
*Z E
\|R
op_Equality
m%&8p
)oKZ
XHf%+
<Xa8
k S
j0+Q
#<P"(
Sgg(
qjU
+_8G=,
,G% >'nAa%
.Z
[e b
rS m
/-^X
jzEx
`RX
_NG9
Z ZX
OZ y
M25
sp9a8<
Ay%&8x
X%&8g
^Ia8
^zVG/=Foho4#ZY\[!Y?1:ALJx2.resources
Delete
/ .%+
Registry
J*
(?ln
AssemblyDescriptionAttribute
ZmZL>
@9=M-
chrome.exe
System.IO.Packaging
{`s
+ ^>
Z '-D
\H^5K
c& -Z h
qEta8D
>@"P(
cl'o
8_):%&
HC`A
_^z
J-=1
(!u
D )=p
K"Z
set_RedirectStandardOutput
3oDR
?6^\
sV=R
$.Z
bi|G2
JT (
p%&8
EZ Gz
;*%+
]QNd
+ ).
s{a85
Z Tf
THl-
I!5
LocalMachine
6a8X
|wH
.0@t*
q]GB
fK%+
guDO
1a8R
get_ExecutablePath
DGpe(
y?I(
:Z %
u%&8
4T%+
"Z >LK
'Za8e
N*M
M~d_
$2Wj5
ba8[
?['8I
orv
-,s6
I/%&8
J|a8
Char
5Y7|"5
0Rij
G %+
ea8!
^#r(
u1+8=
d%&
f6C
s!Z
o_\%z
a.`%+
Gt>
cr%+
System.Net
`BM"Z
3System.Resources.Tools.StronglyTypedResourceBuilder
\/s;
Za8D
Z Hy
A<n
%#{d
||h'
8tU8
A(.I
Mo8V%
_5a8W
z\%+
_m8:
+ rV
d&2
5mJ|0j6a
>j#
hzXa8
jZ m
%&8
UxA(
jZ s
7k|Wo
%Z /
yl*
!$w5g
>saZ n
]|a8S
=*sU(
Fh3
0!)`-6
7CAKU
=`w
&CNy
Next
!This program cannot be run in DOS mode. $
3s7
callback
V6Z !
UriKind
%&8b
Ya86
File
dq4*$6
ZUpKE
\-ce
g%^j_
]SxRq,
(Lay(
1A<
H2|
2Em|
d!Z E
VZa8
jt|j
^A>
$WV=
|H8w3
]L%&8
F6 wm
lMe(
D>a8
D@`P
R %+
Z ,l
@5zw
>,%+
Z P&c
fa8X
\%&8
Yk
}4k'
Z+n
:%&8
fa8m
IBZ%+
D';nh
PcUB<b
OK9U
RJ)"
}^c~
fa8t
~VH(
;(a8b
NJQnH
.'<pZ
<lfqH
S[a,
+3
/Z w2
da*US
itZ
+ !o|
||
}Ik
_IT(
mp
= ]
Lnz8Z R
Z Ph
JN&5#Z
%ANa84
ATa8
System.Drawing
VS j(
8R
%z6'&
[a
Kb>a8F
1I C(
_GI*g
I-hvw
rE<h
e6%+
O4Z ^_
4I5w
W$!,
Y CS
EW
qrrXZa+
;sb]
+1%&8+
jS%&8
v5*v
W"a8
+S~X
"_e(
EZ j'
JIa;%+
}%&8
UnhookWindowsHookEx
m ^x(
g}OR
DW}T
KnZ ea
/XK%Po
MPZ
v6)(
_ \x
Z ,[#
<GFt
( S=L
pr%&8
get_MainModule
rl\
!a8Z
;0hC
@ Z
B~qe
fia8
>Oa81
Qca8
~ sB
IEnumerator`1
!a8J
@Za8/
9%&8X
Uk%&8
O5>]
op_Inequality
3%&8
get_IsAlive
.K"g
+ f
vul8
QeXC
9&%&8B
z_%+
,HU :J
Ja8m
~0a+
`s,(
na8V
s$0K
g%&8z
}a%
(Z ;=4
IntPtr
!Za8
?(O=
A6a8
m (|
cv"! h
+q}w
l<"Z
+@8M
8@%&8
nZ
M %+
n= r
ResourceManager
%&8u
p/]
:*ra4*A@1
%&8U
+ /j
1bQ
t6Z ~
27Z
$Z Z
Microsoft.Win32
=Q-L
|wu)(
!_}G
nPm
YZ !
5!Za8
dW%&
>YJ(
nZ Cm
Z *Mr
woj:
#W:
ZIB?N
>>T?F
Sq
;%&8{
6 $:
M[8%+
DB!
q%&8
Rqr
T4kZa8u
oS)n
h5ga8
]20a8
%a8J
(?a8
sR y
+ /]
<rZ -
D#I
~=%&
j2;$&e
(Z
t]N(
#WR
Vao
IRm)
A!Pw
+M~X
U#J
+ 9_
Z gU
M=%&8X
get_FileName
FileInfo
Z 41
Z w
AssemblyConfigurationAttribute
f;?kr
nY%+
5%&8
\6a8
ma8u
YZ M
D]79
36(
Jp]
yIS^|O
sa(1
*(n6
gx%+
pdo*in
X\{(
D=QG<
!|K
<>9__15_0
Settings
yZ ]
BlockCopy
<%&8
.b= (
_cX*
Bpi5]i
xkDl
"+iRZ
W*RK
Ka8x
5z%&8
G aK
*mP&
/ty(
za8
BH%&8
}a8^
%& @^
^Za8
dN-
Z #+j
9z6(
y2%+
U@nZa8
K?Bk
TD*(
z-`et
")GZ /,rca8
Rlad
(%&8
0_W[
`ZZ
wxa8
'OZ
>0aL
eq,$
Jdyj(
~'eb p
(Z((
+ ba
'X%+
}u%&
iDZ}
get_StartInfo
+ +BW6(
nZ a
{7cZ ,
CultureInfo
(%& Z92
+ d-
get_NewLine
yTX:
+ o@N (
r=Ye
AyC)
yZ 1
Ba81
fU\Q
jmy+
;,of4l
Oaa8
x!i'
k%&8c
z#P[
.u(VA
X UK
yZ "
Z -Z#
+?r5(
'M
Oi>^
Z`[f
,7 &
aYd
/* R}fOL
1!PPZ
52z(
VNeZ C
=Z (
c^G!(
B,}(
cGa8h
qDPJ
Z*a8p
:j=:
CompilationRelaxationsAttribute
7^E7
da8)
TlDBn
Tue%+
CompressionOption
}^ J(
zF0?(
S)^
0A\<
bb
` mI
j] X
B#G4
/_^>=
{)?%&8
&la8
PzP
da8I
ResolveEventArgs
jJ}J+
& U0X
i-mp(
TZAE
=uX,~
^
: u4#i?
wUN
0'&S
y%&8&
Cr 7
gW a
B `
pZ @H
oZ
.F,5
.,%+
%&8I
8 %&
QdA
da8h
5jj(
!NCq
+ (v
( &,
a8M
pCoR
8%&8
9`9
jK07
3 05%&8*
Z ["#ta8u
Y%&+
Z -5
?v$[4g
v%^#
dc%&8
w >^
%&8H
s%&8
WaitOne
SGS
oU<(
|jSN
get_Top
M3o|K_
$a3cdb046-8113-4958-b995-7dfb4afc6e0b
k7N
s%&+
5ibX
D a8
AFfa
-a8h
[}(PZ SD
O]a8%
W<6\z{~.'tK X
|Z
lk4Q(
8DKI1%x
`SZ
NetworkCredential
no%+
Z:v
a9 x
.M0HF
jEQ
xla8
Dm%+
1`Z :
%&8J
ne-
c Na8A
[l|Z T
h/\f-
-Z qR
Di`b
6.I p
dn5VZ
m$l%+
Y%&8
P(wk
h#.Za8h
y %&8
5a8A
Z 9Ft(a8N
kJY(
SessionEndedEventArgs
Dj/1l
g5r_B
YMM>oJ
ThreadStart
+ j'|
Zd
^/2`
EnterDebugMode
P8hr
MIrK
fh~Z T
>b_(
Z *
AFxM
Z t|E
n]%&8
Z e][Ha8:
@ r
}5X<Z 3+
A3CK
SpecialFolder
@h%+
Z AR
sMhM)R
P U
M-I>
lk:
1Z 7
+$ ,
=Z v
oihN(
Ca8(
Kk7r
!9Db4>m
b>Z
AKq
U,a8C
Z dY
yF2WA
<>9__13_0
UgSI
QUra8
^ F(
Ou|
+ e>
t1Ta8J
]rQ}Z
TimeSpan
Z I a7a8
^\U
\Z k
v%&8T
>T9C
>0s5
bl
RZ e
Ca80
%Za8y
Concat
q,3
X &(
,%S>w4
b}5o
StringBuilder
!ra8
TeZa8
&*7
XwJn
.5J1
31%%+
2Olb
; %&8
ZQ%&8
s1Za8X
zHL
wP %+
!`JP
4Za8
A0rm6p
a(VC
\Z 2
#xZ =
Z 4Y
=%&83
~Y
+ 8'
WebClient
`K(
EZ pb
CompilerGeneratedAttribute
OrY{
dSms
5Fp=
VgH;
,=B(
Lg|L{+~o
Z j)
FZ =
1HB/
:nWlk
_a89
C.1)Fe
QJ%&8
>0nOw
+s("
RZ u
f DuH
<_(%+
? jZ R
Za8,
UploadFile
#Ggc&}
Z T*
wZa8
6~Tm
pnjZ
GjSb
DownloadFile
j(2z%+
'a8|
,:iT4
%&86
Q=
tT7
Oqe-
Copy
aSG}
'a8u
+ l!
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
`,^(
N)u=]
Z =.Oca8o
gvh
5=~J
Y'Ef
]<YD
2tZ
*/a8
j~&A
Z e.`
?N%&8!
jB/a81
$a8!
%&8]
{b%&8B
3c%+
*%&8k
Z 7y1Da88
Uua#
7V Z
System.Resources
'-"a8
;}%&
RZ
fP&
+a8i
V%7
%&8f
2a8I
Z US
+ _
%&8p
Bitmap
8Ph%&8Q
Fa8{
t6b
2\fP
n%&8
ReadInt32
%&8
G{a8
Q&4"
t_I(
{ a8
|<a8
([A0
a)f9,hU
%&8_
Q%&8
Po)ZD
GetEnumerator
ErZ al
h?
(E(%4
@qk
:#6(
Y(a8
?/~Z%+
ha8;
3 -q[J:
V9!vZ j
Keys
.Tia8Z
Uc<%&8
+ (f
Z Ny
ha8.
?G~
+5Z
Array
-~Da8
I'd%&8e
}:Hu
+ uL
5a8M
Z WabLa8
&7.
+z4Hu
{5}P
)un@
=;-(
z.`(
+lR6
#BXXq
UAE(
ha8O
SetValue
GetStream
$Ja+
5kZ
+I%+
Ma8c
8oa9
+ TZ
o9Za8
B;^>9D5vm#
wu>
P_x3
^e z
Z $64@a8r
gKA1n
xd%+
+a8q
7'z_
!._h4
hL+S
x7*
!%&8
WB9W
=.C~KU
Exit
5s0e
4Q<
3NCV
BAc%
iZa8
47=v
%&8[
i%&8
h ,1,
y:ba8
/3%&8
2AUv
vJ
+ @"
Zn<QZ
oa8b
set_WorkingDirectory
)Z }L
b*Ep
tm2~
PBo
Bou+
<>9__18_3
0ON\
S2hz
Y+??
PO Y%&8
.a8K
_CorExeMain
DebuggerNonUserCodeAttribute
+ T)
'Yp_>
{wy}
^^\
A13Z
C.%+
8c
+ nD
{)[a8
Ws0Z /?(
4gQJj9
y9:d
+ ({
8Z }3c4a+
$lL'
J)D3<
get_CurrentThread
2a%&
tJJR
^ tl(
N;E6
N[ r
9M>
Y]<-
"a8U
iFee
k-Z Y
InitializeArray
-):
P>{(
Q{_1
e4KF|
D>
2 a8
2gSle
g mb
Xg2&(
H>a8
"Za8<
Z Zo
"H^
/gh7
Y Ya8]
t D3w
+ Idj_(
.y1\Rr(
`+0 ^#
,oZ Ki
% ,e
4e$l9
3"rKC
#~%&
/Z >#1ba8
nF3
Lq>Za8R
]_+
+ T6
2 0=)Y
IDk(
w0)KUc
IEnumerable`1
A%&8
,u =1
4AzX
%&8V
b3q0
;Nnb
kIX&
Qc,nZ
+ o#t
L)DH
5!6F
j0 C
kBaTi
nqM0#
oD
]!7
l%&8
+ya+
set_UseShellExecute
{0w.
6Z U
%&8Q
vZ
}L19
Zi>&nI
H{a8e
'hG
>"F%+
@n3%+
tN1g
r;kP~
pT
4^ou
Z <X
n8C7
Msu@(
Da8h
y?J
#Za8&
4)a8
U2a@
vZ K
vZ D
/rQY
]0"?0
Start
N%&8
|(mp>U
Da8f
Load
s"HEn
En~(
CfZa8
)_SD%+
FaC'%&
Attribute
OY@:
}]=
B
<>9__8_2
>NI
|%+
]Z
)_%+
>lQI
FJA(
kV%+
vZ f
>Za8
{#WE(
H"a8
1&
i#,i
%(K
wqDH
Dtx}
o-${%+
U><4
q }
SetWindowsHookEx
-a8J
Rm(Q9
)#D!
BeginInvoke
Z kr
F?a8
iZ T
}Za8t
H>y9
'"yo
Z [G
[=W!)
]|vD
6A L
WM>\
ZZa8g
kZ :
+Oa8
KczwES
` x
%&8-
1Za8q
*Qv
m:*o
peH?
^Za8+
Nn8Z
GZa8Z
<C](
s'Z L
EfU
f4Z t
Z ;>N
* (
DirectoryInfo
wTZa8
f\.R+
$!Z YG
Z$M
@%&8
T.$(
J=Z
\
VDlc
Hswy
C!%&
87LU
.QQg
zPkS
9Z !
f|mZ G
J$%&8
o|^
S%&8
X:R#
ICredentials
Tm.#
rB)
7*xa83
^cq|
*666
WPGU
gN]x
Ha8A
8)Z
L[(E
YtD
&&Y
~Z G
bx<Za8
#k6
kedT
!97$
3WW
%&8.
rP9
ja8{
kUZ e
uU"d&
SystemEvents
WAZ :
OZ S
WldC
_KT[
D9N)
fO2T
get_Handle
\Za8
wK(U
M+S
LVU(
[Iun(
[a8M
:ZP
aq&h
Object
ReadByte
[Fr%+
KTSP
,b>(
mD|)
(W?
KNG
ER_(
Za8P
Z ',8
g%&8
6zY
%P$(
ComVisibleAttribute
7__S
Z 7R/a8Y
get_Length
%& _1}
,: F
7eD (
0bZa8(
CZ A
/2iBm
qa8-
tg&CC
m(nZa8
ShZ m
$nwO
N?pa8
5?^
Z I(qBa8k
ja8
Cy/~d`
+U&(
N/Z K%
6<Cg
na8E
:Va8
@soP?
Wa%
GYPv
Z YM
mZs
-%&8[
Jb2a
j y$G
i>aF(
6ma8o
zQ
`@%+
2 cB%+
P&B@
sVgw6
_cOo\
3*%&8
1XZa8
S|}!/
+ (X
,%Im%+
%&8Z
+ (\
sZ *
+ (^
MethodInfo
uC-%+
2Wa8
a87
+ (T
L%a8
#O\}u(
+n]+
r^per
)i6e
+ (j
Z !x[ a8
m"SeR
J7:
+ (n
+ (`
+ (b
39_t5
+ (d
#tA
]e/51
1.0.0.0
z<D#
+ (z
[r
Fq=IZ {
+ (~
-T x
>{Q$(
`^iOayn
+ (r
+ (s
-WNB
Ua?HZ
2B&
+ (w
OZa8
T:!
+ (
rXr
wma8
("?(
H%&8
i Z
p7t
o<%+
XaP
Y%&8
G%&83
S XhQ
n}1z!
Z 0-
iZ 5
1E[l&
= ,9 \s
wyd.%&
w Z
&,Iq
R*2Z
f2a8
get_Size
la8c
-Z cf^Ta8
Stream
.dJc
GetEntryAssembly
ROh
$ ,
Lvg(
c6%&8
61 ko!
+wAE
T[Za8
J9p?
FailFast
D7-
As#I
sZ E
^$J(
Z Ju
iZa8*
Pi(,
?Bna8S
p*Z
*T\t,]t
'Z%+
Z tr
r>-RO
ba
MK|8%
ES\M
BIn^
i&o;gH
O-3H
m:%+
Z x)
zPZ
7n
4#X4
z\!0
$a8M
60@E
pD`!
}H
F$ d
+ >K
xAa8
eZ TP
7[a8H
,-MK:t
qa8|
Q`a8
NZ !
5#,9,f\Y
D I)
N|m8
HaP
2%&8w
DF 3`
pY[;
MethodBase
vZ?B
?a|(
<&W
m#a%
Z W2
+k&E
` \(
{[&;+
Fm0o
27`@
;B +
nr9
~Z c
d{yj
b*Fy
jWfN
I,?T
$_YAzH
]%&8]
2, \Z
'u^Za8m
(x}%+
\w `p
z]`??}w!
dy aX
get_IsAttached
]%&8M
X?]bD:
\Kh(
GetCurrent
$EU6
jw a8
G%&80
vD%+
$Qa8
u}[ (
%&8o
)a8"
DZ '
/<r<<w=
Na8H
mjp(
Uy%+
=Z
b%&8
C.bN
?Q@Z
It
QYF4CW
'[Qa%
I%&8X
$^E$
Replace
WindowsBuiltInRole
MemoryStream
Na8o
Ja8
mJ_@<i
UInt32
Wp=a8
&FLF\
Na8f
%&8
f>G
/G<N
\P4A
I@oP
#Ya8L
UZa8
x9$
!K%&
C&~
L}f
V').
Z C@ ]a+
y[iT
sX^*Z
5 5^
ZZ _b
RX6q
9o
f/jD_
'k%&8)
G!Z
nOwh
ZSV
A%& B>c\Za8
}?jjMe!
System.Threading
o>R3 ~
DebuggingModes
Jg{f
Z JMdUa8/
G8t2rI
y"*7%+
TG l
y%+
VtpR
sNa8
;b{M(
w.a%
br#>
[ %+
5A:M
2da8u
[>E
0w@4
GetDirectories
zC]>"{1
*EB/
q5a8n
wk,J8
/tZ
Zf/x
cZa8O
Z W,
8B~ Z Q
Z 4:x
1JPo?
cE%&
GetForegroundWindow
OyZ
Iooa+
e^
U=n %&8
[qZ
Is[f
tn(<
C+Z
oZ 3
+uD%&8D
r4#X
System.CodeDom.Compiler
Z ^`
C%&8
)_O&7
vba8
Ga8s
I6 (
pr%+
' *5o,Sts
Buffer
F0a8
MOJU
c2a8
Ep)I7
[jH
ThM$
EsHHD
YLDA
e> %+
{Sh1
[AHP
\}%+
wParam
G2UA(
9^$dP]4
?A =
;*rh
RiZ Uz
E4z=X
*6a8v
bA
\fp(Za8h
=t?(
6#Xa8q
C ~%+
gZa8
Kl%&8
;xj %&8
pSD(
[KcWZ
F+Z S
^%&8'
{4Z `2& a8o
/%&81
GetCurrentDirectory
^ss P
Debugger
Ic]
ta88
Ktu2
"~DZ
GetMethod
M >F
YfWY
,3%+
U5mm
iG<n
Gj&f
2Vfn$
UZ C y
Jbp]Z N
E ya
<aD
>M<
Nj%+
Ya)
Z ,?I
ta8?
<Z 2
.2O%&8E
Qa8e
a+G(
@k*
yBmI
jWG(
]M7l
5a8v
J
cUy
{M%+
,c
M?O0VN
eZ q
s a86
FE)d
$r%&8
K08
Sa8$
.Z 3=
I`%&8
fIPS
?%&8
` Y 0]
a8
Qa8W
f:F
buZ "
GuE
q!HTP
4E.+
n6a8
#&
5-`/'
GsjJ
Copyright
(^E(
Qa8$
add_Elapsed
(;O
Gqa8
~JZ R
~%&8
L^]K
Sd(
Tojc<
+ ]:Z
m"~W
z^~(
2sza8
+ Qp2
nH^
8hZ
EuU^N$
ft6aO
i Z ig
S S%&8_
FLy]
6D&
,NK(
kC
rJX\
% 7(
tt$T2
l]V
+ Y
8w`Yt
u)@_
+;%Z
wZ h;
GetProcessesByName
KZ u
vEZa8
F_yHZ R
U=Z
!LTki
a8K
wa8V
fb%+
=~a8
\@[
EH&I
ToUpper
iV'3
Z b
EHm
!`a%
Z gAyua8a
Z 2
a8e
U8;jc
EZa8
6Te-J
qIK(
3DZj
~zZ
Z J_~Qa8
Jw}H~E
A*fc
)qY
yL,OZ :
a8p
a7Z_Z =
#ac
V a8
Create
S@#Z
l\rc`
KZ 4
jrD
&dR
>%&8X
DR^O
CreateSubKey
Z Tz
, S6jkl
U8eOo
>_ %&8M
cX%+
S8t/
E[K.
m?w
FPQZ
VD8h
=Ck
f+%&8?
%&82
I$>Z
JQZ 6
*a"
,~{A
>%&8~
? W8
K'Lr[
vR.T
QA;Ho,
M75zZa+
.%&8
[\.o
6QI
C 8T
(x
j~ \
c>Z
$Fa
2MJF<
2P/F_w
;a8@
9 F6
Oa8
+ jX
SMk(
Y|:%&
} )
3m ?T
2lE(
+ jO
^!3Q
_)_
y%&8
,O_
t=z`
/a8/
p2s3 Ul
"'a8}
sLoZa8
+ ~"
[.0V'
+\ /
l4*v
G!
)a8T
tBa|M
Z7Q1U7
[c"F \B
'/;-
~4]V
/a8
[Z :
VM/C*
=e)[
*`Ns
c! (
ConfusedByAttribute
da
$4p
[Z M
NL%&8
Yz%+
(%&8
dv
L 4X
9Z '
IZ (P"@a8Y
!00G
L$[-k
6NW&
.Ow
0n
v3Z
Z {N5ua8y
zWW
>kd0D&A
ga8Z
{a8:
Mb%+
J^
<Za8
+oI
|x%&8
k^u&q
gmU|
ZI!n
Z 0W-Va8
?n:
gk$BW
Exception
,%EJ
~07#p
=Za+
q"Z
75(];
S&.XD
2%&8
0I%D
System.Runtime.InteropServices
af%+
42t%&8
>8#>
Z%&8
+ =
X :
f C 8
Nqa8'
UjL%&81
{Z :
Math
'zg%+
/1g]
$aO]
nrXw
W94
JCZ fz
hbFz
+ =2
=\a8
Z iC
)Q~w
2%+
#NZ
sbAZa8
b` (*
\sN
+ Zz\}(
^E
Hoa8Z
e%&81
fBf
+ =4eu(
#G
C@Z g
+ Ydm
&e.
7W%+
Directory
{Z u
&:bI
PhhC(
Z 7?d
SuppressIldasmAttribute
TCW!
FRa8
w7%&8
3a8U
?Ih:
RKZ
&r Z e
+Z ?
{Z N
SVcA$c
vqa+
8xF
l )5_
u.6(`
L%&8
get_Assembly
$y h
Z+_#
a%
66iE
e=!
wNa8O
p"nV|
Y[X4
M&a8y
n2otS]
4B2
f%l
uN(%&8
\Za8\
P{a8>
S/a8
sK
DH:>
_!<F
7 ?+b
q3zE!X
pa8v
kf j`
Q%&8I
Ua8@
.YX@
zN=9
Za8Y
Ota8|
>.6(
ma8
QK
,2 ` 6
Wa8L
^E
!F8Z
]ua8v
SettingsBase
SZ "
|Z 5Q
hGHZ
#U.Z
6{M%+
~?(dG
Y(@Z
Za8X
,9 2?
rCi n
NIa8k
;#?
pYE
kuZ
VJF
ApplicationContext
r3q59B
D%&8Q
ZQ (
bZa8)
omZ
T )z
IDisposable
r ~CS
isZ
j%&81
Exists
System.Security.Principal
Y%%&8
+ !(
GZ 1
,[a8
Q%&8G
/heZ
et["
RuntimeCompatibilityAttribute
c%&8
n:s|F
=Z~{cA
iwwk'04T5a
>_%&8v
~K
J*gFe
d#O
5c
eZ%&8.
ZH 6@P
n@e8
SC%+
ItKkC
T%&8h
~Y
)|->
z#a8.
d-pJ
g\<I
s%&86
PpE
"<WS
hZ
8%&8z
#]Fk
`hZ
&.a8
*A0%
+ EQ
-8a8
)U')
Kb%+
oqZa8A
k[a8
GY~.(
a1p%&8{
0epyi
PSka8
+ YL
N_QHZ
h0c&4
WriteAllBytes
FO%&8J
-X})(
| \
}wKa8
g g
R]Z
Za8\
Kc-%+
_in&X]
tn a
*a8c
VtZ
ReadLines
vHY|
Hd~tC?
=_p%&8
9-a87
MulticastDelegate
osA&
ZT+%&
BBa
Q!&b
XZa8
]m4JQ
Xn:a8
M,d~%&8
OLZ H"
_!NH
oTd*(
%p7_
)s6(
w\+m
ETzM(
ElapsedEventHandler
+vm%+
rZ t(
$%&8X
{%&8
mscoree.dll
hNa8
zZ Y
2017
eZ%&8_
KqD
PackagePart
RhCr
d r
1fZ
fS@(
HMSzx
kn ,x
Fa8P
7Za8O
A@g[y
EZa8s
]m%&
_[M~aH"
A:9S<
ya8!
_b`
O$V
cV%&
c pVg
JzZ _]Ua
[prCt
0Z 8
e]%&8[
A{ka8n
IsInRole
+ aM
Z n
r%U!U%
r!%+
ProcessWindowStyle
8Z W
,7 t
M ~J
&~2
f4'n
\`Z
Z ^1
7I(8
zZ[(
3 D @
Yun
#GUID
PL7s
's~ 4
ya8~
|1Zw
IQ@f{
V[o$
%& %
'U
Xs *%&8t
1 ;
6HGapOF
i-3 U
+ X-
6-%+
uE0b
Z U
Fs<vvC
Synchronized
c{I[
Bea8
v5F(
ZZ
C!3B%+
ya8_
+^E+
P
- a%
yIL@8Rq@
"^h4
Read
z[bE V
6Dp1
"\7 v
988?
/.Ha8z
aJIN1
I`UU
ta]=JtO
k=
7N%+
|bZa8
B cn
WindowsBase
S0s
y"*7%&8
jim`\
CopyPixelOperation
ApplicationSettingsBase
~OD
jt]
BHZ Q
;aZ
pYVa8
!q%&
xZ {eTa86
[Tg
RZa8a
Z xq
rM%^g
%& 6
7CZ
S0T
2va8e
,:%+
#Z aceKa8
PrZ
a|Z
i6yy_
^2a8
\MpL
GZ GZj
,Z
r r]Pe&
hca8?
0eZN
Thread
ci`n
MIj(
w%&8
?rZ Z
=`q
V9%+
"HZ
pPg.
:K9G3
{M o
r=xq
5EBZ
z8I{\`
J_E
qm%&8>
qdJm
>S>n
iZ Z!N0a8
I'Z |
U`a%
>,s=
ReadAllBytes
~U7Z
1a8|
e'&%+
ER%&
GeneratedCodeAttribute
Z%&8U
<K1]V
tySZa8S
? W(
ElapsedEventArgs
+ ;h
SetAttributes
><Z
/cpk(
_Yu,
9~}%+
-/
vO[.a
h(c1
sa8l
xRa8
ReadAllText
Nn%+
Z x
`4Z
Z >8c a8
FK%+
/*&!
NBEn
Xd
CurrentUser
P"7!
4;Z
$v=6
xFPoZ
iB5?X
5a8-
CYyo
)%&8
sE2t%
.`.
Rectangle
n&2%+
*'5 Wf.J:
><%+
MZa8
U6
Default
!%&8
{M%&8
ue$GLP
Z nn
ef>"
i%&8j
xa8!
lZ
pj%+
%& J
i%&8q
AL1(
A,6
%&
wd~A3
rZ Q@V
+|-R
Y1UQ
W|O2
$zz
@4wa8
Tna8S
8&R(
k-a8!
o%&8
<ZoL
"-a(
Z 2=,ra8
Z (
MinL^_9
System.ComponentModel
=n#/
a 3
AssemblyTrademarkAttribute
frq'/
~RJ%+
0Za8v
7v![A'3/
RegistryKey
Z 8
+ T@
coa8$
pr)%&8
M\t
8Za8X
m)e
get_MachineName
i1b7Z n
}Za8
@lQ4
z~M/]
B%&8
GRt(7
Wx'a8
h Lm
o~=1
- f|;&
mIa8U
Rs*u
>%&8
w7%+
M;10}
y%a8u
Ma8r
set_Interval
mCMZ
Qa8
4>-a8\
WebRequest
0}F3
5Za8
|%@*
Ya8n
a4Z
*2_O
AppendText
=+.&
MFu,{k
6Y;;:gp
GetWindowText
QK=
d%&8
/Z >
<c (
`%&8
vn%&
Z 9?
MBq2r
qttH5
%&
+;%+
"1Z
0Ra8w
Gw@o
Za8
!&@xb3nAn`
-Za8
2#2c
Ri.<
p~%+
T%&8
UdM| i
d ?:M65
{f>\
"Z <o
<C?5_
V8x,c
LZa8
!na8
QZa8
w7=F%+
W?%&8
Z |1
wZ D
nAii
iwZ
x}EZ
S{a8x
S %&
m%&8
e> ( ;=a%
`%+
[ $;:/W
q #CH
"gZa8
z >
~4:Z
$@'
.`Z
Fevw
<>9__8_5
$OE
wC!1W/O
BgH
sY.^
V9a8
WriteLine
#&L=
2qe(
G%&8
get_ModuleName
&%C4
%& $
x U
}a8[
b R z
Qa84
J7,m
U=n %+
{)?%+
~ a2$W
X }8
S"{
%& 5
2Za8
bX
W=kt
DP3!!j
r6Z
%Sr(
+ dOt
!3qK(
=M {(
6#AD
+ q%]
SZI,
" RS&
$
Remove
Q%&8
jEFr
%& R
"]Z 1
YW$
?ZQq
$Z ^Q
AZ G
c9
$y7,@6
%& b
+`hM
+uD%+
}a8F
Z 0[
{t%&8d
%& t
ekx,
PZa8
?jHT
Z r-Gma+
cOHZ
s9a8
2l
}%&8F
wqe8#
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2017-10-03 19:10:14 2017-10-03 19:13:03 169

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2017-10-03 19:10:14 2017-10-03 19:13:03 169

9 Summary items with data

Files

C:\Windows\sysnative\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework64\*
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\fada.exe.config
C:\Users\Seven01\AppData\Local\Temp\fada.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\sysnative\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\sysnative\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_64\chrome\*
C:\Users\Seven01\AppData\Local\Temp\fada.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_64\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\VERSION.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\*
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_64
C:\Windows\assembly\GAC_64\mscorlib.resources
C:\Windows\assembly\GAC_32
C:\Windows\assembly\GAC_32\mscorlib.resources
C:\Windows\assembly\GAC_MSIL
C:\Windows\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\*
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC
C:\Windows\assembly\GAC\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_64
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\mscorlib.resources
C:\Windows\Microsoft.Net\assembly\GAC
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\iphlpapi.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\secur32.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\crypt32.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CRYPT32.dll
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\Seven01\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Windows\sysnative\p2pcollab.dll
C:\Windows\sysnative\QAGENTRT.DLL
C:\Windows\sysnative\dnsapi.dll
C:\Windows\sysnative\fveui.dll
C:\Users\Seven01\AppData\LocalLow
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabF53D.tmp
C:\Users\Seven01\AppData\Local\Temp\TarF53E.tmp
C:\Users\Seven01\AppData\Local\Temp\
C:\Windows\assembly\GAC_64\System.resources
C:\Windows\assembly\GAC_32\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources
C:\Windows\assembly\GAC_MSIL\System.resources\*
C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_it_b77a5c561934e089\System.resources.dll
C:\Windows\assembly\GAC\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_64\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_32\System.resources
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.resources
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
C:\Windows\symbols\dll\System.pdb
C:\Windows\dll\System.pdb
C:\Windows\System.pdb
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb
C:\Users\Seven01\AppData\Local\Temp\fada.PDB

Read Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\fada.exe.config
C:\Users\Seven01\AppData\Local\Temp\fada.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
C:\Windows\sysnative\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\dfbc7990c56e33311eb9af18aa0dedb4\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\System\f8a43d0a4b768edf2f7ec0d4712a1a6a\System.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SortDefault.nlp
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
C:\Windows\sysnative\tzres.dll
C:\Windows\sysnative\it-IT\tzres.dll.mui
C:\Windows\sysnative\QAGENTRT.DLL
C:\Windows\sysnative\fveui.dll
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabF53D.tmp
C:\Users\Seven01\AppData\Local\Temp\TarF53E.tmp
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb
C:\Windows\symbols\dll\System.pdb
C:\Windows\dll\System.pdb
C:\Windows\System.pdb
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb
C:\Windows\symbols\dll\mscorlib.pdb
C:\Windows\dll\mscorlib.pdb
C:\Windows\mscorlib.pdb

Write Files

C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Seven01\AppData\Local\Temp\CabF53D.tmp

Delete Files

C:\Users\Seven01\AppData\Local\Temp\CabF53D.tmp
C:\Users\Seven01\AppData\Local\Temp\TarF53E.tmp

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fada.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\fada_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\fada.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\41FE3658
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846EE342-7039-11DE-9D20-806E6F6E6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4b\7F06864B
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllConvertPublicKeyInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptDllConvertPublicKeyInfo
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\Escalation
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitTimeLogCsv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitFuncInfoLogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitELTHookEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\TailCallOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\JitVNMapSelBudget
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index23
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-us
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\41FE3658
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\PrimaryDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\AdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C2D43895-0262-4873-A789-C2F96D24B693}\DhcpDomain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85371CA6E550143DCE2803471BDE3A09E8F8770F\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97E2E99636A547554F838FBA38B82E74F89A830A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.67.1.2!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)

Write Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\fada_RASAPI32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fada_RASAPI32\FileDirectory
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\system32\qagentrt.dll,-10
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-843
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\4B\7F06864B\@%SystemRoot%\System32\fveui.dll,-844

Delete Keys

Nothing to display

Mutexes

N7tg26lnRosRmnVYtMuy

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
ntdll.dll.RtlVirtualUnwind
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
shell32.dll.SHGetFolderPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
kernel32.dll.ReleaseMutex
kernel32.dll.CreateMutexW
kernel32.dll.CloseHandle
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
kernel32.dll.CompareStringOrdinal
kernel32.dll.GetCurrentProcess
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
kernel32.dll.GetFileAttributesExW
kernel32.dll.SetThreadErrorMode
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
kernel32.dll.CreateEventW
kernel32.dll.QueryPerformanceFrequency
kernel32.dll.QueryPerformanceCounter
rasapi32.dll.RasEnumConnectionsW
rtutils.dll.TraceRegisterExA
rtutils.dll.TracePrintfExA
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.QueryServiceStatus
sechost.dll.CloseServiceHandle
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
ws2_32.dll.WSAIoctl
kernel32.dll.FormatMessageW
rasapi32.dll.RasConnectionNotificationW
advapi32.dll.RegOpenCurrentUser
sechost.dll.NotifyServiceStatusChangeA
advapi32.dll.RegNotifyChangeKeyValue
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpCloseHandle
winhttp.dll.WinHttpSetTimeouts
kernel32.dll.LocalFree
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
clr.dll.CreateAssemblyNameObject
ole32.dll.CoGetObjectContext
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
clr.dll.CreateAssemblyEnum
kernel32.dll.ResolveLocaleName
kernel32.dll.SetEvent
kernel32.dll.ResetEvent
ole32.dll.CoWaitForMultipleHandles
kernel32.dll.GetTimeZoneInformation
kernel32.dll.GetDynamicTimeZoneInformation
kernel32.dll.GetFileMUIPath
kernel32.dll.LoadLibraryExW
kernel32.dll.FreeLibrary
user32.dll.LoadStringW
iphlpapi.dll.GetNetworkParams
dnsapi.dll.DnsQueryConfig
iphlpapi.dll.GetAdaptersAddresses
iphlpapi.dll.GetIpInterfaceEntry
iphlpapi.dll.GetBestInterfaceEx
kernel32.dll.LocalAlloc
ws2_32.dll.GetAddrInfoW
ws2_32.dll.freeaddrinfo
ws2_32.dll.WSAConnect
secur32.dll.EnumerateSecurityPackagesW
secur32.dll.FreeContextBuffer
secur32.dll.FreeCredentialsHandle
secur32.dll.AcquireCredentialsHandleW
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
secur32.dll.DeleteSecurityContext
secur32.dll.InitializeSecurityContextW
ws2_32.dll.send
ws2_32.dll.recv
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
secur32.dll.QueryContextAttributesW
ncrypt.dll.SslLookupCipherSuiteInfo
crypt32.dll.CertFreeCertificateContext
crypt32.dll.CertDuplicateCertificateContext
crypt32.dll.CertGetCertificateContextProperty
crypt32.dll.CertCloseStore
crypt32.dll.CertDuplicateStore
crypt32.dll.CertEnumCertificatesInStore
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertOpenStore
crypt32.dll.CertAddCertificateLinkToStore
crypt32.dll.CertGetCertificateChain
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
sechost.dll.ConvertStringSidToSidW
userenv.dll.RegisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
sechost.dll.QueryServiceConfigW
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptDestroyHash
cryptnet.dll.CryptRetrieveObjectByUrlW
cryptnet.dll.I_CryptNetGetConnectivity
sensapi.dll.IsNetworkAlive
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.NdrClientCall3
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpSendRequest
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
winhttp.dll.WinHttpQueryDataAvailable
ws2_32.dll.#22
winhttp.dll.WinHttpReadData
ws2_32.dll.#3
cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo
setupapi.dll.SetupIterateCabinetW
cabinet.dll.#20
cabinet.dll.#22
cabinet.dll.#23
sechost.dll.QueryServiceConfigA
rpcrt4.dll.RpcStringBindingComposeA
rpcrt4.dll.RpcBindingFromStringBindingA
rpcrt4.dll.RpcEpResolveBinding
rpcrt4.dll.RpcStringFreeA
rpcrt4.dll.RpcBindingFree
ncrypt.dll.BCryptOpenAlgorithmProvider
ncrypt.dll.BCryptGetProperty
ncrypt.dll.BCryptCreateHash
ncrypt.dll.BCryptHashData
crypt32.dll.CertDuplicateCertificateChain
crypt32.dll.CertVerifyCertificateChainPolicy
kernel32.dll.SetLastError
ncrypt.dll.SslDecrementProviderReferenceCount
ncrypt.dll.SslFreeObject
ws2_32.dll.shutdown
diasymreader.dll.DllGetClassObject

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2017-10-03 19:10:14 2017-10-03 19:13:03 169

1 HTTP Request(s) detected

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • Hostname: www.download.windowsupdate.com
  • IP Address: 95.101.180.88
  • Port: 80
  • Count: 1

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

Detected family: #Msilperseus

TheSystem Itself @ 2017-10-03 19:20:02