MalScore
100/100
MalFamily
Lokibot

RU55534544444434.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 50/68 Related 2799
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 254.00 KB (260096 bytes)
Compile time: 2018-08-13 02:54:44
MD5: f79d45b9f8c03f01e7f80fdbd3dfa7d1
SHA1: 6916f182ee42eed37129cbb0f6dcfd53820c93bf
SHA256: ecad7f4c69a91c110fb69b573a9a6e819b95d10ffbd7045652fe8996657cb196
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-09-09 19:30:04
Last submission: 2018-09-09 19:30:04
Filename detected: - RU55534544444434.exe (1)
URL file hosting
hXXp://garduherbal.com/RU55534544444434.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-09-08 10:06:13 [50/68] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x3e214 254976 fdb860acf3a0c7731b272595b2e52556 468d05d246f8ab3f30f309c708643f425e27e28e
.rsrc 0x42000 0x1000 4096 5281b2eee99cb99255e48b40f7159e22 bc4e5245eb3093253e248545dd3d15c8dcf0c4b7
.reloc 0x44000 0xc 512 cb0598bfa43fe3a12a92e01645a6b02f f97108665a84821f4c02af9374fad33610cc45f6
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x42058 844 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: ZnyQjfEtCEt
Assembly Version: 5.65.28.23
InternalName: RU55534544444434.exe
FileVersion: 62.87.72.97
CompanyName: Vb8SW6sOZek
Comments: n2TnIRAvCZU
ProductName: IMF66wotZeV
ProductVersion: 62.87.72.97
FileDescription: cdi2PMXu3nI
Translation: 0x0000 0x04b0
OriginalFilename: RU55534544444434.exe
XOR
8 188762
1 188762
2 188762
4 188762
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
5.65.28.23
62.87.72.97
URL(s)
No URL found 
BzxMrfUKHI7Bzhy1h3hYc
fUeFf1JnDLNHgLcouuVLnzEzoqnnHQZZJGW
yEBICG6eK1ssbLEI3uuHxNjXG
yificrTv5s7wihR0nWXld07XsMfSnYZ
LHSHPOLATanP2jxiCvUtLpAHH
mcqBEiyM7Gtte4XjiPrtPFJ7R36C
Comments
tduESGhsu9uU7gyjaCxSZF0
gA9qadBcWjQlUEr7Rb70GGplNcnGmE4GwDvF
KwXAMZUB9efyqdIP99bQWlc
R0R8fxdZyfxndLmGhDm9Av30Bjl3o
nYTzS9Iku7JSq7XjlKpL4EvLYmv4GxyM58eE63
IP1rQrrytcE5XomjvtrTBblBmwUDrN0DV
InternalName
icV0nleB4VoIrbZ4mAlZNb
N8t2lNSbJTOh4qJK8ikW
W>aHW>aH?
lViSf1m6JZXDZ2UmPKieBf2hIe
NnPJhkxqAgWIii6LJD26yzg2IIn84xdgSE
1lPmgflZUqZEV6XiwOo7zS5xA
4kIHdNWzsSozwCQtCUnEytPRbwCnygbpM
62.87.72.97
Leo2mKysK5KV8hSm1DWdNmnvZdXaO7Dw
dmWsFA9ohzB2J92IKAmor6ZdEkYsfy8PjQ5KGS
1l1uwCYy2hBqNlTDWo7l9rBLJKQOberkX7flPPy
4eFaB0XEDKIk1rkp48A4RdAIQ
Translation
LZLX1L1MVUaHiWZezAo9
Ihe7NEZ4x0h79ZPeQMavnmC9l3gqN
ZBKwinTg9r6FF9Fj6t4s67ePX
F6YAixXQy1yXBIjzW0NLA
5BxQL5T7IHrzOsVgXd0iufrPqe
Assembly Version
Pl7X94eph2P9NUW36gOYCDrgCtqlZMyhbvJqji
QJYH0kzNdo2STCEGvZYMEYOafHBB0hzPb
2S7SdZnQUpZwb93eoBmFEllWVMDi6othBG5zj
8S0raU9cml1d8Y9tLXGNSJQUEgFmwLC
IMF66wotZeV
HPHzLdgEAF2pOL1rkbfbCxeuDi4
1fDd1YB5llUxJUnmApSnLaKpK3vuj
CnV1XIBUWmK8DQkngUqeOcaDdr
LegalCopyright
zepowQ2bNPbL8qCDodyo8PwpoPjS4p5DfpJ
GetExecutingAssembly
7Fp5AKAo43rBOYsYZovnKaRTvg
RU55534544444434.exe
veJ8hgytC8ERDcaxcajuUiwTK0EmjbmLzuyBu
BMzDATuRntPf9GxKZALw8x9lDrUt1dj
iGMeRYtaiWoidi8szR9JMBlGCbf7pFXlHV0SCbn
FVG0Jw5kymOZ62HIJnS6s6e89n6uzaI7
OHiDHm0kcMfl12NhRn8dy7Z3gid
DSkQP42msHL3nK8BTpQyxa6MdU
5.65.28.23
aBojJyk7Zdr3C5Wy6qEyI65bg8Gp
AagnIdUjuCARFOgvMgvJ
VarFileInfo
BD86oEeY2QeHzff6dG8ZKlNSGceqdjbgMRQ
amwasHVTWn2CxApj0z7A
aaX5dm6eW4s2kIf6KeSTlP8layS52AxKIo
cdi2PMXu3nI
GVeBNwcBmYKlxMUw5bCvsD
GbXaCqrMjOgsXRHRrIQiojkiHtKcBPihSe10GU
0NtqryolAnhy8mjggt0lzEG
0zde2NGJbVvpCMwbLya2e9mBQ
ModYVRW8mhl0q3lXEC75zd1JhcLjKi
8TlUz42rsKSVgYWkestOH6gI
kCvWGUeNS7ETZR5o2jQoOq3vRRK02El5W75b
t9rYJURZ8vKHjzAHqW2capn2OgiiTa4P
wqH5Syh2VGmYzGFw9kNEGRGZlnhlKMhgLw
Bco1h9cHijj5EQ35RMlXJSM0quSxUORS
zD4kqiA1dIOczCWErZeBJrepitVc1pp3
xtVhm2uUKvTKPK5e9BuCdNRrfWIufzy7DKZGVY
fg1kDHdQyziw9HOYYUeRuOQjSsoXdJJuyg6n
D0jRLgULrye76770zEznOnfhfhlzJ0WSikzT
9bvtDTPVGN6p7rxBbzFZKlKeJQ
VSW1aljlg1bg9lp2MhHiekCiSV
dEX2Nqa0PTcoZm8FalJJdkBDrJ4s2vA
B37jVDx3EA1hqjMwvpNTFPCX6CnhkF
Qo5S6n8S4wMMTHRQIKqFPW5Asa
TUyS8YreG52qw6DB8uBuqh6hdfzcpz4
/EH
E0QDM0gVDLr8ZgmJi9QscsYCIiTQdTRW
KkCeRJhZxlgbg3sa7yWsffFG
Wk5eRCCXQMd3n9RhTdoeoRBJRXu1PEIx
dMBp69vVk3uQ7xCNhqYyP9Vgo36cSqQBd
whvoQJfYnD5cNa5QdQ9YFyx4VL6NbR8Ae9h
6K1u6Fa7eybgAbGDSz3NlOH0PcPKMEtQ
nfWHeOCJa2zVRIJIo8uu
8XEMx2ncM5MVdoGYPRG7Stb9cFwU2U9n
Idvsuc3vw0CDdo3KBJR2rs8sRzAlUU
I7dKJmPhhBNw5SI90Ps3mWdSOyPpvUej
dsJkQdg22oBvxTeUKGjErpf1M5
TaoKJPQ5eq923Yu0Fvctc
ProductName
mUrosaajJxDUhSukbhqsjmV4Bn
aUcjpcINJgXx1ak5EIMkVePds4I
ProductVersion
k57Spqu4ZMpubqjPhjj198sMd
DPgArnXFK3PqMwTNAR3QDVbrAy0q6lbM7
oDoAG40YMOpZZZOrqdPQ
hhVr9txtDQCwHOykacFtHlcmFkZTWCaklWeS
8IowxtJsyFsc5vfprCh6
E5HV9g9Z9X4ivQBE0DXxVJDc
pxBSFpYRUavjZHZ5bwTSB9bRaE5Z027sJ71VE2f
EYewgKSxq1xY0fu1mYNUwqqEajRGFXZMx6pm
vspSRZ8BYmHGQGb3qMnG7RxWnKCznZuHBxN6
MxHGQOvit7puXEXrhXf9PEV9
AyZz212Rj7ld9SNKJfiLE
v73WjH5IDXDxzxYcElcUtMss9XO
pv6Oph6Qq3wbs0q9fLbU0U4GFuCaGjE
jt95IL2qgXn9cz6C2D2rEizm3bAyXDMgtY2
KQDUy9TBWUiqdumSLtNNSXn4G
mDB4zGhZUl3ijr0u2XQ51aktFnIQhj
YYkTxbKJhhqp0NKDRAgXfJiPWs
wd2W0G2RSg9pVxb9vuaizDOR96q1
slWwU7gabBbW06FwtVJ9G1K
Vb8SW6sOZek
ufrPRdwLy7IKiDOFJG4vH0jNvhuHPgrTL
k3k7JojgUXKrrdRcaNELA08
NSES8bdEEvuLcwgVv9iK3ROv80ROHifgR
VS_VERSION_INFO
0yJoKcTxssi5rI5teo74vmKP
nmrvb1JQc5SBPgiB0B5O9qlCZzbQBIz
pbqpOBHD2CHQE5YbTGNXLsj4m5HBpDEYdpXsv
alFiRuJvhGCbR4GDIyZczasrhkO
oGUeOIO0AxEUm9BW7FIYTWevsJGZlyXomd2WnE
jRntjgLrBC9Hr0D39m95M9mzJY2hcVXxXEUvq
YnZwvfwXYrb60yWpiVXiBSBYtV5rqXo
Load
4O7HcTlwU86FhiPIONvrFdzCSpb0Q2LXIjq
Suc7fx3O61mHv4BPj2ojNYfX9Di
u0WQMpgtnJ093MdskAYvaW5tX82mKpPsQGCLR
CompanyName
DOIQ5iL0jtIwIkEEJDa022eOk
s7nawrc2DdQt416dzAQF2mQqLL8CmgaGJSDPrh
7KjvZm4rJKoMUOc1XfGZCAAI
84WSvrJPGkiiWjBCVaGQd4HKbbTgVGXygTqqoEj
0E6Sfqg2uza9tk7DakgFqjR5
wp2y5mmDN1jRd8zmKnimfX
99EHWgeHey9D0tXwAwo9GTl
Fi1Rhy5flaOqWjSyepLoLXBKbp5eHwVtjy
f1XeLHoGBUWgdvLYE0tYHHSjEDozPPz69Jx0M
AHgTq4Pbs6qul4xQiFBNp7dZk
RjFBMgDtSRIt2d1srh7eQnRYz
Tv3sc3Yi4R04f6VbylHtBSM3BU
NoWewTFiMluLLSMLO89H6Sx78BruqSfVXz
sHpAOBRWZ2P4i5vlF221LdVY2nflq
FileDescription
NPgesKSeFqwXYDzyWZWLGR8TgOYH3s8
wgtDNgyA2FpDZ1RGQj31iZ41lQ
CPsYxCrKEtBJyuMWrjtlbUcE
Niz98f3uWtBEyaN2hJaBQ6
zPsVhMR1KICwktgzNn8w2xauub2OknRXoZU
StringFileInfo
5xgqebGtA8YQ6uIPK9uURzo
n2TnIRAvCZU
ALKDqKEBtVhhVQNmZB5FerdbGv
UccXfskFBpjpp3hU1eGBbMKtkaerC7g8huhzYq
ZnyQjfEtCEt
k86rlgpeYv2avoVRyprN8zgVZcDie
ELWfRNHIppc9JXS6fOjTPzUezgQZg
FileVersion
qajRyfFn8TMlNNSWisrc
dcQC6Ph3gbKaMUVRF8YMsNwiu2CGrxPaO1CyGlu
ALDNMIsQYVsHDzkrI0QadkhRCwqGJJyndZ9tw9i
CDAqsQwQmhpsjhByEprBUIYrEBEuzdwI
BaEVyxEKW13C2ZsJ5r0cXg4
000004b0
Pg7XObD3SKCP5YHRqbJkqg
qI7wSdNy7VvmAxKo4ws7GXYfB1dddPS0tya
pfGdtFC6tAWJczc5pJb5KLHkawvq
N46ugSjts3uUSeYiW85AtFjU3y6OJBn2Y6km3
1vRlh2zaSiF8Q57Hlk2CmtJ174Pyrq3VOT
WzYxlTmG3zV7YQ478zxWVXbtroRrG4fTzD
Obhg6zfLXCQH2RVjsX14VNY54elZC5b6KkW
OriginalFilename
x7p49hh0SSnM3rea7hY943XGQOx
aZDGjV5YKN7rBRH96rElIzPbil0
d5HHzZtmqdUp5PwdLWU4
wqeLqnihvMqbP72QNgYMCybwwIArR
EntryPoint
jfl5is3Pi7peF1xlkq9trKSE0
sPIBYEZNj3Ufc9RdmaIGA7BV
paiDBpGOvU2ualfkw6dJk
0t5hU85FhWaafP0AbRUbQxgnx2xN1zV4Kwb
w13qbckEsBA4E8YP2cxrEVAx2vdnoh
KnZXrRHU4odfTtaFWjfZjSMzRWlUCLEUis
u09E
e=)\
CnXuuvzxm|OpkmlxuT|tvk`
"cb`9
r6
v
9999%JmviP
HON*
4$q_
h~}Xk
[/6t
NTFZUVJ\
@NNq
\ix2
\9@d`3 &
[kvnj|k
mSVY
5^]C
mb"Xmjo
%pbqpOBHD2CHQE5YbTGNXLsj4m5HBpDEYdpXsv
0[@K
=5}X
RkTK'V
Zvi`
(Po9
LZLX1L1MVUaHiWZezAo9
(2o@8;
IIqb,
}P8Q#
64/F
lts(A
J`jm|t7Klwmpt|7Zvtipu|kJ|kopz|j
NOqMuX
}n]|{l~\o|wmZv}|
HUCFO\KJPVWFTPWVK
Txzqpw|^lp}
oE#c
u|zmpvwPwovr|'{FFz
q%JX
2^5X
]epp9e
NNs
T<
o$I
6B/>Z
<)!A
HONN
HHJONq
QYc/
1IX
~pwj
DSkQP42msHL3nK8BTpQyxa6MdU
%Ikvz|jjI|kjpjm|wz|'{FF-
p|}Wxt|
Vb8SW6sOZek
}nU|w~mq
NNqv
999999%KlwU|o|u'U|xjmIkpopu|~|%6KlwU|o|u'
/]5U
JONs<Asj
q
rX
;R
N
ET
8
925S
Xwmp]lti
\az|impvw_ux~j
OpkmlxuHl|k`\a
W|o|k
As9GsTCsp@su
"^
k
M>*f
+~(y
I7dKJmPhhBNw5SI90Ps3mWdSOyPpvUej
CA

9
AssemblyTitleAttribute
e@(
kA#!
\\9*
NqAtX
Q|x}|kU|w~mq
cQ(P
uiPtx~|Wxt|
AskBs|GsECsN
XI*+lJ
:!B;=:
^|mOxul|
DkVLB
%C9Y
IKVZ\JJFPW_VKTXMPVW
lNJON*
Txwx~|t|wmV{s|zm\wlt|kxmvk
J|mOxul|
JNq)HX
%8j
m
Nq
~,-@
9NNNN
System.Security
Uvx}
9999%K|~pjmkxmpvwMkp~~|k'
v;C9cVW
;RP8
LWPHL\
@sJAsv
mscorlib
ng0
k)T.
j|mFLj|Jq|uu\a|zlm|
KmuJ|mUxjmNpw*+\kkvk
TMRs
5ONs3As7
s]|9?1
_xpu_xjm
&s7nawrc2DdQt416dzAQF2mQqLL8CmgaGJSDPrh
As|BskFsx
!IP1rQrrytcE5XomjvtrTBblBmwUDrN0DV
^|mTv}lu|Qxw}u|
HNJJ
pvl
+p,f
OsIAsv
%'3'
Suc7fx3O61mHv4BPj2ojNYfX9Di
c9lT
:mFA
DOIQ5iL0jtIwIkEEJDa022eOk
|Uvx}
slB=
Hn;`
Zk|xm|
v
g-
6FX.
Ixmq
As~@s<
As*Bs+Fs7Cs}@suG
AssemblyCompanyAttribute
aBojJyk7Zdr3C5Wy6qEyI65bg8Gp
9#=
r
RjFBMgDtSRIt2d1srh7eQnRYz
Nkpm|Upw|
k9wD
&GCx!
sHpAOBRWZ2P4i5vlF221LdVY2nflq
HUCFIVPWM\KJF*
U=	N
o! u=]e)
Nxpm_vk]|{l~\o|wm
m`i|
>8T]
6a}i
JJONs
S(y,
:Jmkpw~j
J|mZk|xmpvwMpt|
Zvwzxm
q	mX
]|{l~\o|wmM`i|
pn}T
qajRyfFn8TMlNNSWisrc
y[7?
BaEVyxEKW13C2ZsJ5r0cXg4
m $
!dMBp69vVk3uQ7xCNhqYyP9Vgo36cSqQBd
C}?x#
Zvwmxpwj
[~
|_1
Ikvm|zm
JS
a
a?/
tm'*
p@^:
M|am
'o|kjl
ew-,!2_
pg1"
Q|xi_k||
vt'`
]L^$
%JmxkmliI|kjpjmxwz|'{FF+
":N!n9
MemberInfo
Hrr{xu
&oGUeOIO0AxEUm9BW7FIYTWevsJGZlyXomd2WnE
mYJs
xcGZ
M0U5+
qYzX
YONq
b4m
`
meJJq
$kCvWGUeNS7ETZR5o2jQoOq3vRRK02El5W75b
1!Lv
Pyv}
~|mF_luu`Hlxup
d5U^
aUslr
uK7Y(
oxul|FF
%6Mxjr'
J`jm|t7Zvuu|zmpvwj
C9\D5
R{C9
stCOAsiGs7
]=QQ
\y@L
#Blob
5DS#
m#s}
2dL6khB
| YF
rL	-O
^|mR|kw|uV{s|zmJ|zlkpm`
9999%XuuvnQxk}M|ktpwxm|'
AsvFszCst
`<T2aBs
\az|impvwPw
3`R6b2
AssemblyFileVersionAttribute
HHHHHHKI
4r(3
AskCs}
?|F7u
~|mF\apmMqk|x}
Ikvz|jjJmxkmPw
Xj`wzZxuu{xzr
Klwmpt|M`i|Qxw}u|
jhupm|*FzvultwFm|am
Svpw
8TlUz42rsKSVgYWkestOH6gI
#0&"[
JkN
vktxmpvwU|w~mq
pfa0
9999%6K|~pjmkxmpvwMkp~~|k'
}n\apmZv}|
J|ko|k
Usb]
As|Bsi
Leo2mKysK5KV8hSm1DWdNmnvZdXaO7Dw
]pxuv~K|jlum
l7qMJX
"w[
BnT*
!3Exy.$R
]=!NI
/%U_
}
F]vj
9999%Ikpwzpixu9p}$;Xlmqvk;'
us8r
q	{X
AskBs|
GJ`jm|t7V{s|zmBDBD59tjzvkup{59O|kjpvw$-7)7)7)59Zlumlk|$w|lmkxu59Il{upzR|`Mvr|w${..x,z,/( *-|)! EJ`jm|t7Jmkpw~BD59tjzvkup{59O|kjpvw$-7)7)7)59Zlumlk|$w|lmkxu59Il{upzR|`Mvr|w${..x,z,/( *-|)! IX]
HJJJJJJq9
]\JM
oDoAG40YMOpZZZOrqdPQ
qvjmwxt|
?/tjO
GetValue
8IowxtJsyFsc5vfprCh6
OOqT
JszAs#
XI*+l
ui[xj|X}}k|jj
Xiiupzxmpvw
a1k
AsjBsEFsW
OOqa
K|jvlkz|Txwx~|k
;rN
FL]>!
%f1XeLHoGBUWgdvLYE0tYHHSjEDozPPz69Jx0M
KQDUy9TBWUiqdumSLtNNSXn4G
_lzrxo7kl
k&(kA
%V|p
IqI@X
#BD86oEeY2QeHzff6dG8ZKlNSGceqdjbgMRQ
q=rX
ZK\XM\FIKVZ\JJF]\[L^FPW_V
OOqv
|d@$g
Xu~vkpmqtM`i|
jml{
]=	"
YZ)L
0yJoKcTxssi5rI5teo74vmKP
m D
Klwmpt|Q|ui|kj
Bj
UIX
:^LP]
j|mF_pu|Wxt|
v5{e
xuj|%6]pjxuuvnJmxkmP
j3E,:
jhupm|*Fik|ixk|Fo+
IINI
l
HIN
h^+d
Zk|xm|Xip
Ixjjnvk}
un'l
Zuvw|}
99%Mkp~~|kj'
KPIF\O\WM
d5HHzZtmqdUp5PwdLWU4
[`m|jNkpmm|w
GetProperties
CnK|jlt|Mqk|x}
K|~pjmk`Oxul|Rpw}
Exception
99EHWgeHey9D0tXwAwo9GTl
DialogResult
CDAqsQwQmhpsjhByEprBUIYrEBEuzdwI
FMQK\X]F]\[L^FPW_V
[uvzrZvi`
3#cbA;m
=${X
.text
List`1
?s-
Asj@sE
; FeB
%' FFZxzq|}Xwvw`tvljT|mqv}]|u|~xm|,
GetObject
uvzxmpvw
x;+eO
&<nd
`?$W
AsxBsk
Zk|xm|Pwjmxwz|
get_Count
\APMFIKVZ\JJF]\[L^F\O\WM
X}}MvJmxkmli
]pjx{u|LXZ
^|w|kpzJ|zlkpm`]|jzkpimvk
Ir+'
uiwU|w~mqW||}|}
$9DU|!
System.Reflection
Nq={X
mUq5
aZDGjV5YKN7rBRH96rElIzPbil0
4
k"
js~?
mwN*
K|x}Vwu`Zvuu|zmpvw[xj|
x|
h]o
KlwI\]uu
}{(Qs^^{
=kQO
3C9w{
mnxk|7zvt6
qyzX
X{x
*%4t
BL7d
b*Q8
9WEK%
}}h
qubX
v73WjH5IDXDxzxYcElcUtMss9XO
^|mJmkpw~
UF[b
UV
^
Kpsw}x|u
qA{X
CXXD
JqmtX
mYN*
ot>&
Y
#qI7wSdNy7VvmAxKo4ws7GXYfB1dddPS0tya
Nq	gX
Zvtixk|Xkkx`j
`.rsrc
7Fp5AKAo43rBOYsYZovnKaRTvg
]=1LI
](!
W|am
T`qW
mVNOqI|X
qIzX
ikvz|jjQxw}u|
ZvZk|xm|Pwjmxwz|
99%Ikpwzpixuj'
_L`W
)#
*&
m+ g
U=QQ
;UO?
!ufrPRdwLy7IKiDOFJG4vH0jNvhuHPgrTL
ikvzwxt|
FVG0Jw5kymOZ62HIJnS6s6e89n6uzaI7
q=JX
YFGD
XuuvzQ^uv{xu
#whvoQJfYnD5cNa5QdQ9YFyx4VL6NbR8Ae9h
YFGB
OJqUnX
0MFZ
}uuwxt|
^|mM`i|_kvtQxw}u|
Z}uz
kJOs
wU|w~mq
ZK\XM\FMQK\X]F]\[L^F\O\WM
}3R]
wmikvm|zmopkmlxut|tvk`
kftoO
7m|am
K@4-m
M=)"
(5Y(
Nkpm|XuuM|am
M\9M
2]=IDBFG
"!lZ
%u0WQMpgtnJ093MdskAYvaW5tX82mKpPsQGCLR
^|m]|
q2AG<L
OOOHIK
IMF66wotZeV
@@ONq
}X
Zk|xm|]pk|zmvk`
d9h
OxlumVi|wOxlum
OJqqnX
?Vcu
]pjx{u|ZT]
!QJYH0kzNdo2STCEGvZYMEYOafHBB0hzPb
q
pX
}Y*
^
IIOI
^|m]vnwuvx}|kPm|tj
%K3-
JF0R
Gsl@sq
Jpc|]|zvtik|jj|}
U==2
^|mQPWJMXWZ\
999999%Uv~vwM`i|'Pwm|kxzmpo|Mvr|w%6Uv~vwM`i|'
gZn`
Jq5BX
}%<B
x*|v
xuj|%6Qp}}|w'
q){X
Lz_
m
UO+WZ
9999%KlwVwu`P
9999%]xm|'+)(-4()4+,M(-#+.#--7! + )+.%6]xm|'
Gg?S
($EE
7KjvZm4rJKoMUOc1XfGZCAAI
oJ
VGZ:
>;<?!1
\hlxuj
HJO*
U=1 U=Y
)OEB
c5-Px
gWFi
9[A9
viFPw|hlxupm`
px{u|Zv}|Xmmkp{lm|
VLMILMF]\[L^FJMKPW^F\O\WM
\jr=
Pws|zm
g(
pDN{
}|{l~xzmpo|ikvz|jj
JJJJ
w]|{l~Pw
[xj|X}}k|jj
Hx!0
tf;y/
pu|wxt|7|a|
r`hz
w8546
j|mFXmmkp{lm|j
!Uw4
sJAsvCs
l7qipX
#|\O.
NXLQ
999999%Lj|kP}'<LJ\K<%6Lj|kP}'
HJOq
HJON
Invoke
BstAsx
lj|kwxt|Foxul|
WrapNonExceptionThrows
sZBJ
oXe
aE-
* Z6
HHON
E!/6dfC7
/"~63
sJAsv
mVOs
xIUp{9o(7)(99499mq|9jtxuu|k9mq|9{|mm|k9#0
Hp_{|A
zvt7
M`i|
DN,2q
=(u{ h
-5{`'
KwXAMZUB9efyqdIP99bQWlc
'ALDNMIsQYVsHDzkrI0QadkhRCwqGJJyndZ9tw9i
NNq27
5KeQ
naP41
~|mFKpiPw
2{@6
99%6Mkp~~|kj'
},'
NM8,uJ
^|m_vu}|kIxmq
h;
"vj
1](;
m7zvt6npw}vnj6+))-6)+6tpm6mxjr;'
~|mFJmxw}xk}Pwilm
IIqzv
AsMCs*
jhupm|*Fik|ixk|
&xtVhm2uUKvTKPK5e9BuCdNRrfWIufzy7DKZGVY
m6 D	m%O
j|mFK|}pk|zmJmxw}xk}Pwilm
1fDd1YB5llUxJUnmApSnLaKpK3vuj
Ikvz|jjNpw}vnJm`u|
Q8
;EFsW
qymX
{YsB
IR((F^|mPwm|kwxuR|`Juvm
q
@X
RucM
&;EWX
]xm|Mpt|
CsmAsx
56Fu
Txpw
tP{]
qq{X
System
9999
9999%6Ikpwzpixu'
].o^
,sr[B
Xkkx`
"E=	o^JH
}nIkvz|jjvkK|opjpvw
^|mZlkk|wm
ZNVK]FU\W
NNNN
<x3~ty
7m3v
J`jm|t7J|zlkpm`
Asp@swFsZ
J8.g
Pwm|kw
m
saNI
%aH\
Nxpm_vk\apm
YV[{Z
cdi2PMXu3nI
Txkjqxu
)ky:.
mQOOq
]=]"
KkCeRJhZxlgbg3sa7yWsffFG
}nV|tP}
"Wn+
99%Xzmpvwj9Zvwm|am$;Xlmqvk;'
nD$N
#Strings
s<Asj@sE
ewWs
YJON
UVX]F]UUF]\[L^F\O\WM
~|mr|kw|uv{s|zmj|zlkpm`
_pu|Xmmkp{lm|j
\	@@
CVjjm
~|mFWxt|
'#mfO
9?QO
9`N0_C9
TXZ$<)+A<)+A<)+APWJMXUU$<)!A<)!Ar
NNqK
ZK\XM\FIKVZ\JJF]\[L^F\O\WM
@nT0
]=)"]=1
~|mFUvx}]uu
MxHGQOvit7puXEXrhXf9PEV9
;j|3
~|mFQxw}u|
&pT
OYIJ
uW|nIkvm|zm
%jRntjgLrBC9Hr0D39m95M9mzJY2hcVXxXEUvq
U=)IH
m Nq
jVi1J
@s<Asj
mFJN
\A;Z
3,*
TQ}r
AslGsu@s`
^vpw~Vw[xmm|kp|j'
x?~
m.Ns
bL_f!
AagnIdUjuCARFOgvMgvJ
uiX}}k|jj
m4Jq5}X
J`jm|t
Kxw}vt
,=
l^a7
P}u|'
m\w
SUp{kxk`7Ivkmx{u|\a|zlmx{u|
uiWlt{|kV
AsmFsn
Lwuvx}]uu
xiiu
dBbm
112'E9
[k :
~|mFZvlwm
5f%v
J`jm|t7J|zlkpm`7Xzz|jjZvwmkvu
H%ce
^@@Wl
!0C
Txwx~|t|wmV{s|zmJ|xkzq|k
Vi|wJl{R|`
\
ON*
xlum[kvnj|k
}nTpuupj|zvw}j
J`jm|tNp}|I|kjpjm|wz|
e|DO
uxjmFzvtixmp{u|Fo|kjpvw
\wlt
Pws|zmpvwM`i|
!IX
_pa|}
{38?M
m|O*
mc'<
q_pu|
]=!
Iq!cX
Ikvz|jjvkj
]\[L^F\O\WM
%<?!
OpkmlxuIkvm|zm\a
Vjs%
~|mF\wmk`Ivpwm
HUCFO\KJPVWFK\OPJPVW
3;^
mzJOq
T|tvk`Jmk|xt
$D0jRLgULrye76770zEznOnfhfhlzJ0WSikzT
8zel
Wm_k||OpkmlxuT|tvk`
=V.MX
N8t2lNSbJTOh4qJK8ikW
zxuu{xzr
QaN
Zs 3
vktxmpvw
E*KS
q:da
VSW1aljlg1bg9lp2MhHiekCiSV
Ikvz|jj
Lfo?
NqEHX
]|jrmvi
29m
u|zmpvw
TaoKJPQ5eq923Yu0Fvct
Pmj|u
R0[
}n\kkvk
7zzmvk
ylyYI
K|~Xjt
m%Oq5
J`jm|t7M|am
Ci|i
&LrN
7/%_1
^|mM|tiIxmq
mbJ*
xkkx`+
9ONs
amwasHVTWn2CxApj0z7A
KIOO
jmkpw~
Q=9
~|mF[xj|X}}k|jj
9999%XuuvnJmxkmVw]|txw}'mkl|%6XuuvnJmxkmVw]|txw}'
R$f6<
X	vw
`&s6	f9
Qm
r
~|mFTv}lu|Wxt|
[1
9
&Pl7X94eph2P9NUW36gOYCDrgCtqlZMyhbvJqji
B37jVDx3EA1hqjMwvpNTFPCX6CnhkF
]=1"
LWZVTIK\JJ\]F\W]
UC9n
Zlj3
l; D
Pwj|kmXz|
gsH.
CsiAsq
U=a*
Mqk|x}Jmxkm
?\iY
'4'3u
NOwc
GFBD
mVJONq
}X
Bid@
%[5}
~H+X
;!t
Om
IJ
Asp@sw
Asp@su
iJONs<CsJGs@AsM
oOr
JJq4
q=HX
Zvi`kp~qm91z09(  !4+)) 9{`9Sv|k~|w9P{j|w59Xuu9Kp~qmj9K|j|ko|}7
uXI(.
@svAsc
[`m|jK|x}
~|mFLM_!
j|mFXk~lt|wmj
~|mF]pjzk|mpvwxk`Xzu
Jmxkm
MJONs
~|mFPjXupo|
ZK\XM\ Y
Asp@sE
LFIET
JJqi
t9rYJURZ8vKHjzAHqW2capn2OgiiTa4P
Y?%a
JJqs
}Y<2
rL	!O
`2q;W
JJq~
><?!
JJqG
mG
\k
[cW5N
Wdt%O
:Q-@
2U=IKHN
	IX
m'Ns
lj|k\a9o(7)7)
xk~j
8XEMx2ncM5MVdoGYPRG7Stb9cFwU2U9n
ikvmvzvu
@@BN
Xmmkp{lm|
qB!!
IX^\FK\X]NKPM\
Txmq
u=9O*
o/jc
9ZI`oC9(+J
x!R
l!qAxX
MJONs<AsjGsEBsT
)FGs
CPsYxCrKEtBJyuMWrjtlbUcE
INqX
u|o|u
|wzk`im|}Lj|kwxt|
k86rlgpeYv2avoVRyprN8zgVZcDie
Tlumpzxjm]|u|~xm|
@sLAsX
~|mFZlkk|wmMqk|x}
}>P-
P *C
mNq
Pws|zmpvwUp{kxk`
'iGMeRYtaiWoidi8szR9JMBlGCbf7pFXlHV0SCbn
=vdx!0
FDUZ
Jozqvjm
:3H
mhWm3Wm
WliO
BJqYMX
Xixkmt|wmJmxm|
/~7$(
!ONs
NPgesKSeFqwXYDzyWZWLGR8TgOYH3s8
As]@s9
uv~pwj
OONO
jfl5is3Pi7peF1xlkq9trKSE0
AstCsj@szGsn
)JONs<AsjBsECs7Fsi@slGsk
mDONq)
$hhVr9txtDQCwHOykacFtHlcmFkZTWCaklWeS
K."/
%Iw
~|mFZlkk|wm
OVU$
q8)%
Nq	nX
<Z5%
jpc|]|zvtik|jj|}
eidW
M=qQ
1lPmgflZUqZEV6XiwOo7zS5xA
ImkMvJmklzmlk|
kf^t
D7v'
$z4\
FsuGsx
OhS.
-u:
PwmImk
FstAs7
HNNs
G*}>g
^|mIkvzX}}k|jj
u7lg
mjNq
MX
pwxupc|
q1tX
sJ@IN
BMzDATuRntPf9GxKZALw8x9lDrUt1dj
vktJl{tpmLKU59qvjmwxt|9_KVT9tvcFuv
]=	N2
@X7\V
99%6J|mmpw~j'
(tKt
qEHX
Nkpm|_pu|
AsvGsmFs
JJJJs
A
	Rx
\	"!m
Pwovr|
T^pP
~|mFPjXmmxzq|}
@s)I
0NtqryolAnhy8mjggt0lzEG
o
 G
`gXb
*<~dM
Oxlum_k||
8cBB
fe4'
OOqW
s|Bs*
'dcQC6Ph3gbKaMUVRF8YMsNwiu2CGrxPaO1CyGlu
CC92
s,_r
~|mF\apmIkvz|jj
OOqJ/
jpc|Zvtik|jj|}
qn
-B
\w}jNpmq
Qo5S6n8S4wMMTHRQIKqFPW5Asa
l	JO
q1bX
i*'ik
vu}|k
Pws|zmpvwT|mqv}
%J`jm|tNp}|I|kjpjm|wz|'{FF/
43sV42
]|zvtik|jj
4XaF+
:Jzq|tx
N|{Zup|wm
!E8
MvXkkx`
l/ \
~|mFT|jjx~|
iONq
Rpuu
klwwpw~
YFGB
NOqyjX
[JS[
J&Gn
C9!sL
KxnXzu
Wg"y
%Ikvz|jjRpuu|k'{FFx
m?Ns
AsEBsM
JJq{X
CnHl|k`Pw
J`jm|tPw
v{s|zm
HKKK
9OOq
Xhsv
.ctor
eu>&
3~SB
]IX
"e=%
J|mZk|xmpvw]xm|
?i)y
mscoree.dll
OOHIK
KPIFPW_V
@RP(b
qPPE
JJNJ
!OOq
Zvwmpwl|]|{l~\o|wm
Tv3sc3Yi4R04f6VbylHtBSM3BU
As{FsT
klwtv}|
>f
+L!~
wVwu`P
VpUP
!r4a
Niz98f3uWtBEyaN2hJaBQ6
spGsuCs~
62.87.72.97
^|mJmxkmli_vu}|k
~|mFXmmkp{lm|j
h~/s
@l=I
AsxCspFs]
MessageBox
]\_XLUMFQ\X]\KU\W
Ikvz|jjTv}lu|Zvuu|zmpvw
Q|xiXuuvz
Y7k|uvz
1iM
#G\#
!DPgArnXFK3PqMwTNAR3QDVbrAy0q6lbM7
m" d
m
Fl\Z
VU\XLM*+7}uu
q)HX
kRaH*
Tvk|9pw
^UBakp
7	Dv
zvlwm
uJ`jm|t7K|jvlkz|j7K|jvlkz|K|x}|k59tjzvkup{59O|kjpvw$-7)7)7)59Zlumlk|$w|lmkxu59Il{upzR|`Mvr|w${..x,z,/( *-|)! :J`jm|t7K|jvlkz|j7Klwmpt|K|jvlkz|J|m
^n]8
HJJq
~6L~
"y1W
@.reloc
j|zlkpm`Pw
LWUVX]F]UUF]\[L^FPW_V
YLJO*
~|mFP}
i|k#
AsvGsmCs|
E\fWn~
AsuCs9@sM
s!As7
HUCFJMK\XTPW^F[L__\K
D
ON
\lCs
4eFaB0XEDKIk1rkp48A4RdAIQ
Byte
l$q
IIqn(
azZv
NJq
}X
s&MQ
DF5
|wzk`im|}Ixjjnvk}
]W%g
Gs+A
mi//JN&
Mkpt
uiMqk|x}Uvzxu[xj|
~=Y\
Iq.C
s7G D
xkkx`
6K1u6Fa7eybgAbGDSz3NlOH0PcPKMEtQ
|Tv}|
Zlkk|wmLj|k
J`jm|t7Npw}vnj7_vktj
\az|impvwK|zvk}
a<?>
t|tzti
":|"
m)P(
/_Y
#9~E
@s_Asu
C|kv
63${T%y
qTv}lu|
IIX
P]pjivjx{u|
9999%Nxr|MvKlw'
iJcL.
]=9QI
-Xzaz
^*m&2
^|m]|{l~Pw
99%6Xzmpvwj'
%veJ8hgytC8ERDcaxcajuUiwTK0EmjbmLzuyBu
ul[od
nw'Ss
XzMt
</7$r
GsiAsv
qICX
get_Item
QZcFy>R"
ax0"
j|mFZk|xm|WvNpw}vn
RuntimeCompatibilityAttribute
1p$q
%FLt
mbH)
#cb%m
((
P7}#
xf=54
9999%JmxkmNq|wXoxpux{u|'mkl|%6JmxkmNq|wXoxpux{u|'
Assembly
sNBsP
Pwm*+
ikvz|jjXzz|jj
ps6(U3
iROw
]=!"
]=!$
qMqk|x}
7#f;x`
}nZvwmpwl|Jmxmlj
m^ON
~LHr
oHbI
I*}E
S2@j
\apmIkvz|jj
\APMFMQK\X]F]\[L^F\O\WM
9<?H
g#!4O
9999%Xlmqvk'<LJ\K<%6Xlmqvk'
mIJO*
IT[j9
R`zH
ZvPwpmpxupc|
f;N,tK
Xz|Hlxup
Wvw|
Wlt{|kIxkxt|m|kj
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
q-MX
~|mFPm|t
|HlpzrUC
Nkpm|Xuu[`m|j
s1s%N
[pw}|kJml{Pm|t
M <]|
lj|}[`Xmmkp{lm|
K|x}Ikvz|jjT|tvk`
&&5bU-[
N8I{
;c [
@@_m
"GJYd+`
MvUvn|k
J|mUxjm\kkvk
J`jm|t7Klwmpt|7Pwm|kviJ|kopz|j
q]eX
S&nsH
vktxmpvwZuxjj
T ,e
Npw}vnj[lpumPwKvu|
N l
m{*
m,N*
Lwo|kp
OsxAs}
5~@*>7S
\apmMqk|x}
wxt|
ONmZ
q}dX
/c4g
m!OOqY
v6>/nGp
HOOONOO
{y
k^ W
ONmm
gKCC
N\;b
}n_pkjmZqxwz|
ONmx
<)+A
Qqjt[8?
m*N*
_k||Q^uv{xu
`3bm
U`h
]==2
\AZ\IMPVWF]\[L^FPW_V
K!$
qQuX
/;Y}
mcqBEiyM7Gtte4XjiPrtPFJ7R36C
As\@sT
J|mR|kw|uV{s|zmJ|zlkpm`
-BFGD
R\KW\U*+7}uu
9999%Kl r
OxlumZuvj|Oxlum
-GFJ
IIqql
/TVKs
K|jvuo|\o|wmXk~j
y^=GK21
~|mFTv}lu|
^"$
Zljmvt
~|mF\a|zlmx{u|Ixmq
^|m\u|t|wmM`i|
F6YAixXQy1yXBIjzW0NLA
MethodBase
PjPwJmxkmli_vu}|k
&-L5
^|mJ|mmpw~
L}Z}
As+FsJ
Bco1h9cHijj5EQ35RMlXJSM0quSxUORS
Pwpmpxupc|Xkkx`
d FKZ
:rg*
K|~pvwJpc|
o(
M>56&
ResourceManager
Show
C9
wR
Z_ D	n
E=
g
j	4';#
"NoWewTFiMluLLSMLO89H6Sx78BruqSfVXz
5IX
E.
}
{|<3ni
u }-v
1s<Asj
Jq-{X
`Xkkx`j
_1xQS^-
Zuvj|Qxw}u|
qJ~L
~|mFZqxkj
l_JH
AsEGsI
h-z9"
N|uuRwvnwJp}M`i|
(&)y
MvZqxkXkkx`
\APMFIKVZ\JJF]\[L^FPW_V
*rPr
nI
#
tN*_6Y|
)YtB
wp2y5mmDN1jRd8zmKnimfX.resources
"_	l
@K!r
System.Resources
Lwpzv}|
l3q9
q5zX
M:<2
QQ,J
AssemblyProductAttribute
Tv}lu|
BFGD
@L<
]
uiTpwptltXiiupzxmpvwX}}k|jj
R_'4
Jpc|Zvtik|jj|}
Ikvm|zmpvw
FIJqEHX
`m|Xkkx`Zvtixk|
AssemblyCopyrightAttribute
viF\hlxupm`
-9~r
\
m
ui[l
D	o
D	m
mhOJ
Li}xm|
>Jy%R
qagX
ITkG
m]sGG
m< $
Vwz|
9s3As7
"aaX5dm6eW4s2kIf6KeSTlP8layS52AxKIo
UONq
j|75
IX^\F\A\ZLM\FK\X]NKPM\
Sqi~
phwi
KF=k
EONq
qieX
hsN!B
T|mqv}Pw
'pxBSFpYRUavjZHZ5bwTSB9bRaE5Z027sJ71VE2f
HUCFIVPWM\KJF(
Hw O
Mh_|5
U
r]dl
jhupm|*F
ax!@
wlt{`m|j
K|jpc|
Q|x}|kj
slGsqAs|
U=%H
wWW
Mqk|x}
m#NIOq
vM`i|
fWB6
yOf#
nT!>
FE
b
JONs
JONq
q]tX
X X
JON}
_*=b	3
PfX^
=kO
@@FO
Nkpm|Q|x}|k
]|HD
-P)&
JmxkmIkvz|jj
Type
JONs3As7
qYHX
ic@Ey4
xlum
stAsu
,G,~
^|w|kpzXz|
JON*
J`jm|t7Zvuu|zmpvwj7^|w|kpz
^CPI
Jmk|xtNkpm|k
qugX
mZNs
vc87*
MuwyG
Ykt
~|mF_pu|Wxt|
R pU;
w13qbckEsBA4E8YP2cxrEVAx2vdnoh
#zPsVhMR1KICwktgzNn8w2xauub2OknRXoZU
]`wxtpz
Ikvz|jjI|kjpjm|wz|
OqmoX
AsuCs}GsE
$fg1kDHdQyziw9HOYYUeRuOQjSsoXdJJuyg6n
a}%GZ
~?goi
$vspSRZ8BYmHGQGb3qMnG7RxWnKCznZuHBxN6
}nMqk|x}P}
$!H8
WBa+
%N!t
e}JJ
*IWAD~
Ihe7NEZ4x0h79ZPeQMavnmC9l3gqN
@u;Lb
^|mUxjm\kkvk
r|kw|u*+7}uu
AspCsz@sk
T|tvk`Pw
!p
]\
HN7.:29=49
M=Y\
A8+=/3 1JRpxj{28o%7h_,!Fhn|gHjKM@o}|M@{
mDNs
Asw@s
9@QD
E.;
)vAg5k
l
JO
}E\f
WmNkpm|OpkmlxuT|tvk`
_@!&
|siTdM
\u|oxm|Ikvz|jj
c\P&.
j|w}|k
P6)#
%' FFZxzq|}Xwvw`tvljT|mqv}]|u|~xm|(
%' FFZxzq|}Xwvw`tvljT|mqv}]|u|~xm|*
&Q5M
*4#%
0zde2NGJbVvpCMwbLya2e9mBQ
EB''
RVJ_
Klwmpt|_p|u}Qxw}u|
hPVc
J|mXixkmt|wmJmxm|
<c7a
RuntimeTypeHandle
kf]
qQrX
nA`MBt
%' FFZxzq|}Xwvw`tvljT|mqv}]|u|~xm|}
@sxAsi
@FGB
j|mr|kw|uv{s|zmj|zlkpm`
{W@2
[`ixjjXoxjmJzxw
GetMethods
HVI
NNqQ9
^|mIkvz|jj|j
CsEAsm
IX^\F^LXK]
tjozkm7}uu
U=1LH
-H(|
{^~g
aUcjpcINJgXx1ak5EIMkVePds4I
MvPwm*+
.IJqenX
^|mJ`jm|tPw
q1aX
ZnyQjfEtCEt
m
IJ
'|1v
7>PiUW
op_Equality
"V8m
\wzv}pw~
7zmvk
JJq\*
Ptx~|
O$NQ
Ivkm
L2G%
#0t5hU85FhWaafP0AbRUbQxgnx2xN1zV4Kwb
\BT5
n*v>
JHUpm|9
T_*K
AssemblyDescriptionAttribute
NJJq
sEAs`CsT
MIX
Asx@spBsu
!4kIHdNWzsSozwCQtCUnEytPRbwCnygbpM
\apm
IIq~
#fUeFf1JnDLNHgLcouuVLnzEzoqnnHQZZJGW
k|jlum
\#}l/h
E/vW1O2s
xuj|%6K|jmxkmVwP}u|'
"I?!
V*>wXU
$S8w
&UccXfskFBpjpp3hU1eGBbMKtkaerC7g8huhzYq
uR,d
#)+@
vWPn
5@ {
W-oM
<F
<?!
E=1"
%'zFF]pjiux`Zuxjj!
@FGB*
X[U\
wgtDNgyA2FpDZ1RGQj31iZ41lQ
jml{7|a|
J`jm|t7PV
@q1tX
7$$i>
m=1Q
qe|X
@FBG
;CS2
t|tvk`pw
}nIx~|Jpc|
t,&X
JSNZ#
T|mqv}[xj|
]pjx{u|Jx
bg<3
(l_
Oxlum^|mPm|t
mUrosaajJxDUhSukbhqsjmV4Bn
qyfX
oN|N
pfGdtFC6tAWJczc5pJb5KLHkawvq
#4O7HcTlwU86FhiPIONvrFdzCSpb0Q2LXIjq
w]|{l~Jmkpw~U|w~mq
qmzX
Upjmy(
@FB*
JV_MNXK\ETpzkvjv
NkxiWvw\az|impvwMqkvnj
}pzm
get_Message
!This program cannot be run in DOS mode.

$
wqeLqnihvMqbP72QNgYMCybwwIArR
[x`B,I
!ONs<AsjFsEGsM
Aeg0 T
J`jm|t7Txwx~|t|wm
u|zmpvwPwovr|
ONpd
Q_+
jhupm|*Fvi|w(/
$hWd]
^lPE
.OeC>
J|mXmmkp{lm|j
q9dX
Ixkxt|m|kpc|}Mqk|x}Jmxkm
M=5"
9[.r|
Qxw}u|
NJ+F*+7}uu
g:kqs/
msaNI
J5 }5
o+7)7,).+.
=JONs3Bs7FsrGs}Cs{@saA
#|3#c
n >>
uiMqk|x}Ixkxt|m|k
0E6Sfqg2uza9tk7DakgFqjR5
LON*
9IX
mOI
HPHzLdgEAF2pOL1rkbfbCxeuDi4
9w"G	pU
get_Name
Jml{Zv}|
l? ,
]|u|m|
ikvz|jj
tM}
'	JAhg
.&3s)
E=x!
UvzxuTxzqpw|
WJJFJqlm}vnw
H::'
Ng./
AsW@s\
U=5H
IIIq!
@BFG
X-M4
s)IHJ
IIIq
,9fR/
DO|P
N+0E
Zvwo|km
AszBsrFs|GsE
As7BsaGstFsu
nvn/-Ikvz|jj
](0D
F68"M(
iJ|zlkpm`]|jzkpimvk
QJONsXAsz@sv
/`YrR
Uvx}]uu
lu#e
M=)NK
T|jjx~|[va
n2TnIRAvCZU
]|u|m|_pu|
vJpc|
sf4$t
l	NqqHX
\APMFMQK\X]F]\[L^FPW_V
tjzvkup{
Npw}vnjP}|wmpm`
slWwU7gabBbW06FwtVJ9G1K
'JJq
FqH h
vlY
qU{X
dsJkQdg22oBvxTeUKGjErpf1M5
m4 $
@BF*
#zepowQ2bNPbL8qCDodyo8PwpoPjS4p5DfpJ
QXJQFOXUL\J
/V-Um
@@^mDq
@s|Asx
xuj|%6\wx{u|}'
E5HV9g9Z9X4ivQBE0DXxVJDc
m;Ns
m-OJ
"WzYxlTmG3zV7YQ478zxWVXbtroRrG4fTzD
As[Fs9@sx
^|mIkvz|jjRpuu|k
[!*1}
'N'
&Z
]|{l~Ikv~kxt
]pjx{u|MxjrTxwx~|k
@s|AsX
Zvuu|zm
}nXuuvzxmpvw^kxwluxkpm`
J`jm|t7W|m
ikvzWxt|
T|jjx~|[va[lmmvwj
m&VJs
]|{l~Xzmpo|Ikvz|jj
FGDB
U=) W	n?HN
ui]|{l~\o|wm
yvvZ5
Ixkxt|m|kPw
XHJO
.ajV@)qink-*OPWA!S^[XrUTCN
m \
j
YnZwvfwXYrb60yWpiVXiBSBYtV5rqXo
Xjj|t{u`
sWls
Zk|xm|_pu|N
KlwI\Qxw}u|k
!wPr
iw<_
]1jz
m.Oq5
J`jm|t7K|
^|mIxkxt|m|kj
R*)z
sjBstAsx@s7
tjzvk||7}uu
m[Js
qygX
upwr
=Z
C
]=="
e=YU
?-%GSX!
A
(8
/IMuq/ m-_U^l^9
Xaf4
lOqipX
aETvz
qQMX
NNqHDO
^9"Hy
%N46ugSjts3uUSeYiW85AtFjU3y6OJBn2Y6km3
;So`9)
JJqA
~|mFZk|xm|Mqk|x}
AsvCs4
)5HSC
mINJ*
2+5&
;!UM
*},l'
_pu|
u^R
xc9~
j|mFNpw}vnJm`u|
M=5o
IIqQ
#jt95IL2qgXn9cz6C2D2rEizm3bAyXDMgtY2
GBFD
j6C_
Txwx~|t|wm[xj|V{s|zm
^|mZlkk|wmIkvz|jj
)lxb
h,$^
{]i
IIqG
]|{l~~|k
R0R8fxdZyfxndLmGhDm9Av30Bjl3o
l?Jq
BX
KlwTv}|
IIqw
IIqx
d&ahBS
CompilationRelaxationsAttribute
`nYr
Y7}xmx
}nWlt{|kV
yificrTv5s7wihR0nWXld07XsMfSnYZ
IIqo
_siu+L+
vktxm9*
^|m\wopkvwt|wmOxkpx{u|
Q.KT
VLMILMF]\[L^FJMKPW^FPW_V
}nIkvz|jjP}
L=n
lRd:
Ivkmx{u|\a|zlmx{u|
vk}|{l~|o|wm
lZVW-
IIq
m=Js
m0s7G
CnV1XIBUWmK8DQkngUqeOcaDdr
M=iQ
s7Asc
Nq=nX
ZK\X
;U|
Zuxjj|jKvvm
TPWV__J\M
@efs
F@(L
]=IQ
x}n
eb_X
|7Jx
/38:
IIq(
Zvt{pw|
uW%^0bp
m:OOq
qY@X
\wopkvwt|wm
\.C0j
UxjmPw}|aV
Af-N
;d<ja
@_"l
{lm2
kf}gj_
mUOq
J`jm|t7PV7Zvtik|jjpvw
jpc|
p73s
Jiupm
.S)S\#
6
O_p2
@1a}
j|mFPj[xzr~kvlw}
^vpw~Vw[xmm|kp|j'mkl|%6JmviP
ui[xj|V
HHON*
75G #K
mLFn
J|zlkpm`P}|wmp
,l~h
Xd
~|mFTv}lu|j
9bvtDTPVGN6p7rxBbzFZKlKeJQ
q=MX
jWv.
0qoo
]=	NKI
2 cFyZR4
^|mT|mqv}
o%V@
AgCQ
[Dmk
@smCsiGsx
KmuWmJmxmljMv]vj\kkvk
O1B%
LPwm*+
]|m|zmJxw}{vap|
"K;w%
HHONq
ZkpmpzxuIkvz|jj
^|mV{s|zm
eV5i
}|{l~Pw
({}B
t75h
qmdX
lpJO*
$\GH
$gA9qadBcWjQlUEr7Rb70GGplNcnGmE4GwDvF
\D4\
qIkvz|jj
uiTxaptltXiiupzxmpvwX}}k|jj
%f,A
%)l!Nq
ut]3
q5}X
d
o
]M9
pv6Oph6Qq3wbs0q9fLbU0U4GFuCaGjE
)FB*
KlwI\
9}C>
iE~l'
AsvCsm
~F!>
,
Au20/
,1
9
"NnPJhkxqAgWIii6LJD26yzg2IIn84xdgSE
"UJ+
mAZE
`IB1T
PjNvn/-Ikvz|jj
r`b
Npw}vnjIkpwzpixu
99%6Ikpwzpixuj'
w.9'%
99%6K|~pjmkxmpvwPw
%Mxjr9o|kjpvw$;(7+;9atuwj$;qmmi#66jzq|txj7tpzkvjv
AsJFsr
]|u|m|Jl{R|`
Xk~lt|wm\az|impvw
vt(
M=)IK
H>jq
:g#,
/HJN
U=
"U=5
MethodInfo
Ikvz|jjTv}lu|
9999%6P}u|J|mmpw~j'
#jb
9999%Tlumpiu|Pwjmxwz|jIvupz`'Jmvi\apjmpw~%6Tlumpiu|Pwjmxwz|jIvupz`'
Tlm|a
:[uv{
{9k7
XuuvzxmpvwIkvm|zm
]=1l{
Npwuv~vw
ALKDqKEBtVhhVQNmZB5FerdbGv
}nXzmpo|Ikvz|jjvkTxjr
mSJONq
}X
Tpzkvjv
t!}_y
Upa
%IX
s
@*
opkmlxuikvm|zm
mZB^K}@
SIQ2_
RJ}T
@swA
E=!2
l8Jq
`9dW
Nkpm|
Ms<#
\
m9Oq
PjUv~~pw~
~5J-`
q!pX
=
y~D
vu|*+7}uu
(x!Y
vkp~pwFlku
Zk|xm|Ikvz|jjPw
99%J|mmpw~j'
Mkpiu|]\J
w+	<
_;R:\
Oxlum\wlt|kxm|Oxlumj
9999%Uv~vwMkp~~|k'
+Acp
SZCZ
{Pwq|kpmQxw}u|
O=UI
icV0nleB4VoIrbZ4mAlZNb
\apjmj
PjX}tpw
OMi3
~|mFJmxkmPw
++6H;
hKX3
ZvttvwXz|
JJ]^
`$`0}
KmuZk|xm|Lj|kMqk|x}
#3V
Oq5}X
xuj|%6Nxr|MvKlw'
m4NN
Wuh6O
`g2F$
D-c0B
@ZFG
m6Ns
W^eH
QJON
}|ux`
'q82
0yx!
UGbe
FWJ%1
Jmxm|
$Tn
9999%Qp}}|w'
GVeBNwcBmYKlxMUw5bCvsD
l$3^,
Tv}p
JrpiO|kp
String
_CorExeMain
Flc=
]=	NJI
}WM3
{%Pr
RU55534544444434
_pu|Pw
IJON
uVu}Ikvm|zm
[`m|
^CpiJmk|xt
w`'6
PropertyInfo
HNNNONNN
~|mF]|{l~Jmkpw~
Iu00
q={X
3D1A5
Tvo|
-.%v.
(14L
k57Spqu4ZMpubqjPhjj198sMd
UnverifiableCodeAttribute
Asv@s{
Jgo
"]#ej
NNq@Y
Jqvn
$OV%
Asv@sw
^|mPws|zmpvwIxmq
jvlkz|
b1wJz
K|~pjmk`
y7k}xmx
MQK\X]FJMXKMFKVLMPW\
Txwx~|t|wmV{s|zmZvuu|zmpvw
PGz_{I
@sECs]
mEZk`imv~kxiq`
0]=
l
Oxul|M`i|
j|mFO|k{
\az|impvwZv}|
&mY
T#b8U0p\V
qqpX
K
@(
Ih`K
t|mqv}
9999%\a|zlmpvwMpt|Uptpm'IM)J%6\a|zlmpvwMpt|Uptpm'
^|mIkvz|jjQ|xi
^|m[pw}|kPm|tj
BOOI
Js<Asj@sE
q9pX
u=	O*
maOJ
lv \
QsQ
GX[bE
vktxmpvwIkvz|jj
|mFK|}pk|zmJmxw}xk}Vlmilm
#Obhg6zfLXCQH2RVjsX14VNY54elZC5b6KkW
HUCFO\KJPVWFTXSVK
CsIAsP
}nIkvz|jjvkM`i|
pbF
SkipVerification
@sUAsp
B
.~
9999%6\a|z'
"wqH5Syh2VGmYzGFw9kNEGRGZlnhlKMhgLw
z#i
Ji|zpxu_vu}|k
FGBD
r;SC
!ONsIAsxGsj@sn
_xjmNkpm|
]|{l~Jmkpw~
&khP%
ytUY
/{w}
N(Z!K
2v3.
"%j;
Zz
:pw
FGB*
]pk|zmvk`Pw
IIqT!~
AojQ
Iq=wX
xuj|%6KlwVwu`P
sPIBYEZNj3Ufc9RdmaIGA7BV
U=%2U=
kWm'
Uvx}Up{kxk`N
NNqT!~
Nq)`X
!c*5
x7p49hh0SSnM3rea7hY943XGQOx
UjxPZk`imLwikvm|zm]xmx
: &<#6QwF>e
Wk5eRCCXQMd3n9RhTdoeoRBJRXu1PEIx
As|Gsr
Th^?
m@NJ
Q	* !
GBF
Object
/[jR
M=yQ
Nq=~X
<AV(Ej
T
gg
WmJ|mPw
Jmkpw~Zvtixkpjvw
8S0raU9cml1d8Y9tLXGNSJQUEgFmwLC
NM1D
%2S7SdZnQUpZwb93eoBmFEllWVMDi6othBG5zj
u=1"
0q[x
)IX
SC9!
Ikvz|jj\a|zlmx{u|Ixmq
^"d
=KGK>6
|KWF
0/-JD
+RJ5
lj|kwxt|
ikvz|jjP}
pjnvn/-ikvz|jj
v_pu|V
]JONs<Asj
|"ci
AFGBD
Jliik|jjPu}xjtXmmkp{lm|
&fUl
~\`%
CBYt
Ikvz|jjRpuu|k
,":|
q	9
2M=IH
|KvK
'|L.
G<>)K1
e~SQ
]vnwuvx}_pu|
^}Is
ONs	@s
_5
4(
'Afd
CsQAs\
?n8nkim
e
]=MZQ
n;v	W
HHJON
Rj&=
~|mF[pwxk`U|w~mq
Xii]vtxpw
'1l1uwCYy2hBqNlTDWo7l9rBLJKQOberkX7flPPy
AsmGsn
mLJN*
74hu
7\Ka
Xunx`j
[|~pwPwovr|
AskGsu
C9k??
/`'En_
?q@"4
^rL"H
nT2!
Mpmu|
qb9X
AyZz212Rj7ld9SNKJfiLE
JtCA
h)28M
8Mqpj9ikv~kxt9zxwwvm9{|9klw9pw9]VJ9tv}|7
"U=	k
@IIq
Nqi`X
q9cX
]=UI
KIHOJ
ZvtipuxmpvwK|uxaxmpvwjXmmkp{lm|
lpJJqa
bi|i
,:Kv
~|mFZk|xm|Ikvz|jjPw
Klwmpt|Zvtixmp{pupm`Xmmkp{lm|
~|mF\az|impvw
]vnwuvx}|kT|wlPm|t
Txwx~|t|wmV{s|zm
n(LId]r
@@j*O
:C9`!=gx!
a"K+g
A:&gD
\`aw
999999%JmviVwP}u|\w}'mkl|%6JmviVwP}u|\w}'
%Mw=
l cC=T`*l8Bd
U=a +
s@s
Zuvj|
m+NqY&
$+j-Dz
?^cA
JmxkmliI|kjpjmxwz|
lViSf1m6JZXDZ2UmPKieBf2hIe
K|x}
qmmi#66
^|m\wlt|kxmvk
s@Z
gfAk2
9999%\wx{u|}'mkl|%6\wx{u|}'
ui_pu|Wxt|
P\wlt|kxmvk
System.Threading
nfWHeOCJa2zVRIJIo8uu
IR((FXlmq|wmpzxm|
UVX]F]UUF]\[L^FPW_V
_vktxm
3O
AsrCsx
@LW:
0Dw
\	FG
K|iuxz|
@LH5
ixjjnvk}Foxul|
~|mFU|w~mq
s<Asj
qipX
k||x}}kpw
0>;U
%&atu9o|kjpvw$;(7);9|wzv}pw~$;LM_4(/;&'
tduESGhsu9uU7gyjaCxSZF0
mq-
qmmij#66
HHJq
OOOqa
~|mFIkvz|jjWxt|
HHJO
YFGBD
EXZ1
lYq1tX
@C9
\g'Rn
ui]|{l~Jmkpw~]xmx
#>2"%
u=
g
5BxQL5T7IHrzOsVgXd0iufrPqe
J`jm|t7Mqk|x}pw~
T|jjx~|[vaPzvw
y7kjkz
j|ko|k
uiJmxkmX}}k|jj
^|mZT]Xk~j
ZT]Xk~M`i|
ARA
9999%6Uv~vwMkp~~|k'
bxQn
QJONs<Asj
q!~X
FBGD
]=
2
2U=IK
K
2n
9L1|
l*_"l
e]cc
JON
m7Npw*+
ONqM
"Q'A
9999%P}u|J|mmpw~j'
Jpc|V
]pjivj|
qe~X
99%Xk~lt|wmj'<XK^LT\WMJ<%6Xk~lt|wmj'
#([z
{%!~
z%Z-
>HZ7
v^.P
Hs1O
Immu
Jmk|xt
*u%i
ModYVRW8mhl0q3lXEC75zd1JhcLjKi
\AZ\IMPVWF]\[L^F\O\WM
paiDBpGOvU2ualfkw6dJk
IIq"
_0N'
?X<:
999999%Zvttxw}'<ZVTTXW]<%6Zvttxw}'
q,"
As\BsE@s
TUyS8YreG52qw6DB8uBuqh6hdfzcpz4
*z,+
7+fq
_+1s	P+
^$kUuE
Nkpm|Ikvz|jjT|tvk`
OHiDHm0kcMfl12NhRn8dy7Z3gid
m-#v
cw_"
!NRW
`?@c/]e
m+N*
LWUVX]F]UUF]\[L^F\O\WM
]=YKI
\az|impvw
v2.0.50727
p[
:
mOs
g@!x
W|mnvkrXoxpux{u|'
G
DE
[w!6
AspBsu
JS)a
b$<?
'%@@l
%Tv}lu|'
J\ZPM\TF_k||Pm|t
D9m
IO
#ICI
qIpX
SND@
]=	NLI
Zlkk|wm]vtxpwFXjj|t{u`K|jvuo|
Zqxw~|Cvw|P]
FZvk\a|Txpw
+lNl
~^u;
E0QDM0gVDLr8ZgmJi9QscsYCIiTQdTRW
mDB4zGhZUl3ijr0u2XQ51aktFnIQhj
IJONs<Asj
YYkTxbKJhhqp0NKDRAgXfJiPWs
NNqb&
\System.String[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089PA
[Z.k
6}W-
;;dtG
ND=/
CnK|x}OpkmlxuT|tvk`
S]iZ
,`]C
jhupm|*Fzuvj|
ft^:?
'6,
3
R
}C L
1Os3As7
:K7}
)ONq
IR((F_k||Juvm
F
?,h
GetTypeFromHandle
WJJFPwpm
f,!+
SYM]t
r|kw|u*+
SNd4VtC
6zq+
U=EKH
oxul|
AHgTq4Pbs6qul4xQiFBNp7dZk
m0NNs
h1<l
Hw<65
-JONs<Asj
M=-K
NNq4
ARA
	9
ikvz
]=]IH
x;&+
Vi|wIkvz|jj
)-h2V
^|m_vu}|k_kvtJmkpw~
2u=1
K|x}[`m|
^|mUxjmNpw*+\kkvk
Zqxw~|M`i|
\az|impvwX}}k|jj
AsE@s`
XU>?A(
IIq[c
PXj`wzK|jlum
^|m[pwxk`_vkt
1mMTJ
NNqM
\w}Pwovr|
NNqs
R8|"
][^F\AZ\IMPVWFWVMFQXW]U\]
mkNs
JmxkmX}X}tpw
tPYF
\AZ\IMPVWFK\ZVK]
C9I4
we]n
BSJB
JNs
BzxMrfUKHI7Bzhy1h3hYc
5~E5
Hc}UE
/.Ix#1-:mQ
}nM`i|
As|Fsw
>lA4C
AspGsr@sk
qQmX
jxDf
vuZx
e=-k-
Os3As7
U=1K
sEAsJ
VGPu
@ap0
m^ONs
?(i3J:
viF\aiupzpm
mQN*
3Yc&
&nYTzS9Iku7JSq7XjlKpL4EvLYmv4GxyM58eE63
System.Runtime.CompilerServices
Ju||i
Zvtipu|k^|w|kxm|}Xmmkp{lm|
T>
q
T|tvk`Jx
q9|X
YJONsJAsv
IR((FZq|zrLj|kIxjjnvk}
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
PjPwKvu|
vktxmpvwikvz|jj
m0OJN
lR \
zvtik|jjp{u|
tj}TA$;
@@ l
[>2+
U) a
Zk|xm|Jl{R|`
s3As7
V{s|zm
As9CsK
^|m]|u|~xm|_vk_lwzmpvwIvpwm|k
Zk|xm|Mqk|x}
~|mFTxpwTv}lu|
W|nPtx~|[xj|
mZOOqB
%WEl
JNNN
^@l
Acfc
kw^fD
@sEAs]Fsm
m==F
qu[C
M=!NK
kn:/
M=	^
K4
JNN*
@@m+N
q5rX
%Klw'{FF)
As+CsI
Cx!s
N	Wyb|R
mqmUI
NNqF3`
2Zhb<
^|mOxul|j
SyHo
ns(w
s3AsT
\\	I
$$w6
^|m\a|zlmpw~Xjj|t{u`
999999%\wx{u|}'
yk+
@FG*
)4>
tzI
cvW
-[RIw
l^Pw
Vw[xmm|kp|j'
mN D
E=AgP
LWZVW]PMPVWXUFTXMZQU\W
%' FFZxzq|}Xwvw`tvljT|mqv}]|u|~xm|{
"1vRlh2zaSiF8Q57Hlk2CmtJ174Pyrq3VOT
}xmx
v<KI50&
"&ve
nxpm
kp0]=
Zvtik|jjpvwTv}|
mkJI
Kpzq
4FqI
Lj|kWxt|
EXl](zm
J`jm|t7J|zlkpm`7Ikpwzpixu
9|"J
R1q(
)MskF
pzxmpvw
q)@X
IR((J]KF]|zk`im
&GbXaCqrMjOgsXRHRrIQiojkiHtKcBPihSe10GU
m*qI}X
08 =
=Y)(+*-,/.! X[Z]\_
ONs	*
#GUID
M|amNkpm|k
qxw}u|
ELWfRNHIppc9JXS6fOjTPzUezgQZg
9999%Ikpvkpm`'.%6Ikpvkpm`'
-)/#
3x>Z
~|mFJmxkmliIxmq
DzC
UH{"8d
~|mx}}kpw
Jl{jmkpw~
3OrH
Zqxk
}n]|{l~Pw
1|S"
-IX
b;&:
J`jm|t7]px~wvjmpzj
JONs3As7Csi
Jmkpw~
<\4\
}|u|m|
yEBICG6eK1ssbLEI3uuHxNjXG
3|y{$
LHSHPOLATanP2jxiCvUtLpAHH
Zk`imJmkpw~Mv[pwxk`X
( `1
AskBs|Fs_
fYG#w:
'84WSvrJPGkiiWjBCVaGQd4HKbbTgVGXygTqqoEj
r>;_
\cwl
j|mmpw~j
}nIkvz|jjvkU|o|u
G#wSe
E=Ad
E=Ag
AsmBs3
|GY2$
G34_7L
RRa<
F_vH
Oq!kX
C9JN
Thread
/DBF
999999%K|jmxkmVwP}u|'
#x!y
alFiRuJvhGCbR4GDIyZczasrhkO
NNJN
}nJpc|
K|jvuo|\o|wmQxw}u|k
99%K|~pjmkxmpvwPw
qoB{
E=A"
m>NO
ZvLwpwpmpxupc|
s-B"E
wmj|mpw
vktxmpvw#9qmmi#66nnn7p{j|wjv
pu|wxt|
x}}FXjj|t{u`K|jvuo|
J3aG
UmQB+
ikvz|jjPw
$EYewgKSxq1xY0fu1mYNUwqqEajRGFXZMx6pm
U=!NH
qACX
@sVAs*
9999%]pjxuuvnJmxkmP
J`jm|t7K|jvlkz|j
q=qX
INqEHX
m
s	O
]pk|zmvk`
*&yn-
vgF{
A;
u#g
s	@s
KINN
`\L#~g
KINJ
lUq1tX
`RK
_pu|J`jm|tPw
\	 \
=<^
JONsJAsV
dEX2Nqa0PTcoZm8FalJJdkBDrJ4s2vA
+_8r
Xz|_ux~j
]|u|~xm|
;.DW
~|mFLwuvx}]uu
m_OO
JONsJAsv
qC9}
Idvsuc3vw0CDdo3KBJR2rs8sRzAlUU
q
}X
8FGD
267,
&dmWsFA9ohzB2J92IKAmor6ZdEkYsfy8PjQ5KGS
JML[7k|jvlkz|j
V$4c)
[C5K
AsjBsE
%/(
*y5*
jhupm|*Fjm|i
l	O*
p1~J
~)"
I'Lp
~NgF>
JmkJmkX
][^FZVWMPWL\
z<[C9
!NSES8bdEEvuLcwgVv9iK3ROv80ROHifgR
Ask@sJ
~.G7&h
Ask@sI
?6HO
nf6
sVAsU
#`YjA3
r/.B
Pg7XObD3SKCP5YHRqbJkqg
wd2W0G2RSg9pVxb9vuaizDOR96q1
-vu]cM
MvJmkpw~
k3k7JojgUXKrrdRcaNELA08
OpkmlxuIkvm|zm
m&NJ
nmrvb1JQc5SBPgiB0B5O9qlCZzbQBIz
System.Collections.Generic
JJOJ
2e=5
J`jm|t7J|zlkpm`7I|ktpjjpvwj7J|zlkpm`I|ktpjjpvwXmmkp{lm|59tjzvkup{59O|kjpvw$+7)7)7)59Zlumlk|$w|lmkxu59Il{upzR|`Mvr|w${..x,z,/( *-|)! 
999999%\wx{u|}'mkl|%6\wx{u|}'
Xuuvzxmpvw[xj|
KpiPw
ylFV
JJOs
Pws|zmpvwT|mqv}M`i|
System.Windows.Forms
~|mFZlkk|wm]vtxpw
Tvo|W|am
]uK`zh(mI+oJ|xv~s,{\L_cHpQM }tRZw/l
m/o/r
K|~pjmk`R|`
YIX
T
Hs
J\U\ZM9|wzk`im|}Lj|kwxt|59|wzk`im|}Ixjjnvk}59
"Fi1Rhy5flaOqWjSyepLoLXBKbp5eHwVtjy
CsvAs
`_+u
@INO
xuj|%6XuuvnQxk}M|ktpwxm|'
HUCFT\TVK@FJX_\
Z!@'
yW@Q
C9;KS@x!
Oxlum\wlt|kxm|Pm|tj
Q[h'
2BG"
qdh\~
lT u=]d^
!5U[
U}k^|mIkvz|}lk|X}}k|jj
S;fG
KxnJ|zlkpm`]|jzkpimvk
SR[Rx
Efsn
9999%\a|z'
Sleep
l7qiJX
zvwmpwl|}|{l~|o|wm
*Pqw>;
"KnZXrRHU4odfTtaFWjfZjSMzRWlUCLEUis
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-09-09 19:26:29 2018-09-09 19:29:47 198

19 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-09-09 19:26:29 2018-09-09 19:29:47 198

11 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\RU55534544444434.exe.config
C:\Users\Seven01\AppData\Local\Temp\RU55534544444434.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Users\Seven01\AppData\Local\Temp\RU55534544444434.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
\Device\KsecDD
C:\Users\Seven01\AppData\Local\Temp\RU55534544444434.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol36.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\it-IT\RU55534544444434.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\RU55534544444434.resources\RU55534544444434.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\RU55534544444434.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\RU55534544444434.resources\RU55534544444434.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Globalization\it.nlp
C:\Users\Seven01\AppData\Local\Temp\it\RU55534544444434.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\RU55534544444434.resources\RU55534544444434.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\RU55534544444434.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\RU55534544444434.resources\RU55534544444434.resources.exe
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.dll
C:\Users\Seven01\AppData\Local\Temp\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\RunPEDll\RunPEDll.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it-IT\stub.resources\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.dll
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources.exe
C:\Users\Seven01\AppData\Local\Temp\it\stub.resources\stub.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2424.16947812
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2424.16947812
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2424.16948062
C:\Program Files\NETGATE\Black Hawk
C:\Program Files (x86)\Lunascape\Lunascape6\plugins\{9BDD5314-20A6-4d98-AB30-8325A95771EE}
C:\Users\Seven01\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Comodo\Dragon\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalComodo\Dragon\Login Data
C:\Users\Seven01\AppData\LocalComodo\Dragon\Default\Login Data
C:\Users\Seven01\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalMapleStudio\ChromePlus\Login Data
C:\Users\Seven01\AppData\LocalMapleStudio\ChromePlus\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome\Login Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome\Default\Login Data
C:\Users\Seven01\AppData\Local\Nichrome\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Nichrome\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalNichrome\Login Data
C:\Users\Seven01\AppData\LocalNichrome\Default\Login Data
C:\Users\Seven01\AppData\Local\RockMelt\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\RockMelt\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalRockMelt\Login Data
C:\Users\Seven01\AppData\LocalRockMelt\Default\Login Data
C:\Users\Seven01\AppData\Local\Spark\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Spark\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalSpark\Login Data
C:\Users\Seven01\AppData\LocalSpark\Default\Login Data
C:\Users\Seven01\AppData\Local\Chromium\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Chromium\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalChromium\Login Data
C:\Users\Seven01\AppData\LocalChromium\Default\Login Data
C:\Users\Seven01\AppData\Local\Titan Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Titan Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalTitan Browser\Login Data
C:\Users\Seven01\AppData\LocalTitan Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\Torch\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Torch\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalTorch\Login Data
C:\Users\Seven01\AppData\LocalTorch\Default\Login Data
C:\Users\Seven01\AppData\Local\Yandex\YandexBrowser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalYandex\YandexBrowser\Login Data
C:\Users\Seven01\AppData\LocalYandex\YandexBrowser\Default\Login Data
C:\Users\Seven01\AppData\Local\Epic Privacy Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Epic Privacy Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalEpic Privacy Browser\Login Data
C:\Users\Seven01\AppData\LocalEpic Privacy Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\CocCoc\Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\CocCoc\Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalCocCoc\Browser\Login Data
C:\Users\Seven01\AppData\LocalCocCoc\Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\Vivaldi\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Vivaldi\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalVivaldi\Login Data
C:\Users\Seven01\AppData\LocalVivaldi\Default\Login Data
C:\Users\Seven01\AppData\Local\Comodo\Chromodo\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Comodo\Chromodo\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalComodo\Chromodo\Login Data
C:\Users\Seven01\AppData\LocalComodo\Chromodo\Default\Login Data
C:\Users\Seven01\AppData\Local\Superbird\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Superbird\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalSuperbird\Login Data
C:\Users\Seven01\AppData\LocalSuperbird\Default\Login Data
C:\Users\Seven01\AppData\Local\Coowon\Coowon\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Coowon\Coowon\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalCoowon\Coowon\Login Data
C:\Users\Seven01\AppData\LocalCoowon\Coowon\Default\Login Data
C:\Users\Seven01\AppData\Local\Mustang Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Mustang Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalMustang Browser\Login Data
C:\Users\Seven01\AppData\LocalMustang Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\360Browser\Browser\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\360Browser\Browser\User Data\Default\Web Data
C:\Users\Seven01\AppData\Local360Browser\Browser\Login Data
C:\Users\Seven01\AppData\Local360Browser\Browser\Default\Login Data
C:\Users\Seven01\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\CatalinaGroup\Citrio\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalCatalinaGroup\Citrio\Login Data
C:\Users\Seven01\AppData\LocalCatalinaGroup\Citrio\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome SxS\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome SxS\Login Data
C:\Users\Seven01\AppData\LocalGoogle\Chrome SxS\Default\Login Data
C:\Users\Seven01\AppData\Local\Orbitum\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Orbitum\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalOrbitum\Login Data
C:\Users\Seven01\AppData\LocalOrbitum\Default\Login Data
C:\Users\Seven01\AppData\Local\Iridium\User Data\Default\Login Data
C:\Users\Seven01\AppData\Local\Iridium\User Data\Default\Web Data
C:\Users\Seven01\AppData\LocalIridium\Login Data
C:\Users\Seven01\AppData\LocalIridium\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\Login Data
C:\Users\Seven01\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\Login Data
C:\Users\Seven01\AppData\Roaming\Opera Software\Opera Stable\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\User Data\Default\Web Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Login Data
C:\Users\Seven01\AppData\Roaming\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Default\Login Data
C:\Users\Seven01\AppData\Local\QupZilla\profiles\default\browsedata.db
C:\Users\Seven01\AppData\Roaming\Opera
C:\Users\Seven01\AppData\Roaming\.purple\accounts.xml
C:\Users\Seven01\Documents\SuperPutty
C:\Program Files (x86)\FTPShell\ftpshell.fsi
C:\Users\Seven01\AppData\Roaming\Notepad++\plugins\config\NppFTP\NppFTP.xml
C:\Program Files (x86)\oZone3D\MyFTP\myftp.ini
C:\Users\Seven01\AppData\Roaming\FTPBox\profiles.conf
C:\Program Files (x86)\Sherrod Computers\sherrod FTP\favorites
C:\Program Files (x86)\FTP Now\sites.xml
C:\Program Files (x86)\NexusFile\userdata\ftpsite.ini
C:\Users\Seven01\AppData\Roaming\NexusFile\ftpsite.ini
C:\Users\Seven01\Documents\NetSarang\Xftp\Sessions
C:\Users\Seven01\AppData\Roaming\NetSarang\Xftp\Sessions
C:\Program Files (x86)\EasyFTP\data
C:\Users\Seven01\AppData\Roaming\SftpNetDrive
C:\Program Files (x86)\AbleFTP7\encPwd.jsd
C:\Program Files (x86)\AbleFTP7\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP7\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP8\encPwd.jsd
C:\Program Files (x86)\AbleFTP8\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP8\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP9\encPwd.jsd
C:\Program Files (x86)\AbleFTP9\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP9\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP10\encPwd.jsd
C:\Program Files (x86)\AbleFTP10\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP10\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP11\encPwd.jsd
C:\Program Files (x86)\AbleFTP11\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP11\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP12\encPwd.jsd
C:\Program Files (x86)\AbleFTP12\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP12\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP13\encPwd.jsd
C:\Program Files (x86)\AbleFTP13\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP13\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\AbleFTP14\encPwd.jsd
C:\Program Files (x86)\AbleFTP14\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\AbleFTP14\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp7\encPwd.jsd
C:\Program Files (x86)\JaSFtp7\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp7\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp8\encPwd.jsd
C:\Program Files (x86)\JaSFtp8\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp8\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp9\encPwd.jsd
C:\Program Files (x86)\JaSFtp9\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp9\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp10\encPwd.jsd
C:\Program Files (x86)\JaSFtp10\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp10\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp11\encPwd.jsd
C:\Program Files (x86)\JaSFtp11\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp11\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp12\encPwd.jsd
C:\Program Files (x86)\JaSFtp12\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp12\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp13\encPwd.jsd
C:\Program Files (x86)\JaSFtp13\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp13\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\JaSFtp14\encPwd.jsd
C:\Program Files (x86)\JaSFtp14\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\JaSFtp14\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize7\encPwd.jsd
C:\Program Files (x86)\Automize7\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize7\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize8\encPwd.jsd
C:\Program Files (x86)\Automize8\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize8\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize9\encPwd.jsd
C:\Program Files (x86)\Automize9\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize9\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize10\encPwd.jsd
C:\Program Files (x86)\Automize10\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize10\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize11\encPwd.jsd
C:\Program Files (x86)\Automize11\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize11\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize12\encPwd.jsd
C:\Program Files (x86)\Automize12\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize12\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize13\encPwd.jsd
C:\Program Files (x86)\Automize13\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize13\data\settings\ftpProfiles-j.jsd
C:\Program Files (x86)\Automize14\encPwd.jsd
C:\Program Files (x86)\Automize14\data\settings\sshProfiles-j.jsd
C:\Program Files (x86)\Automize14\data\settings\ftpProfiles-j.jsd
C:\Users\Seven01\AppData\Roaming\Cyberduck
C:\Users\Seven01\AppData\Roaming\iterate_GmbH
C:\Users\Seven01\.config\fullsync\profiles.xml
C:\Users\Seven01\AppData\Roaming\FTPInfo\ServerList.xml
C:\Users\Seven01\AppData\Roaming\FTPInfo\ServerList.cfg
C:\Program Files (x86)\FileZilla\Filezilla.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\filezilla.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\recentservers.xml
C:\Users\Seven01\AppData\Roaming\FileZilla\sitemanager.xml
C:\Program Files (x86)\Staff-FTP\sites.ini
C:\Users\Seven01\AppData\Roaming\BlazeFtp\site.dat
C:\Program Files (x86)\Fastream NETFile\My FTP Links
C:\Program Files (x86)\GoFTP\settings\Connections.txt
C:\Users\Seven01\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
C:\Program Files (x86)\DeluxeFTP\sites.xml
C:\Windows\wcx_ftp.ini
C:\Users\Seven01\AppData\Roaming\wcx_ftp.ini
C:\Users\Seven01\wcx_ftp.ini
C:\Users\Seven01\AppData\Roaming\GHISLER\wcx_ftp.ini
C:\Program Files (x86)\FTPGetter\Profile\servers.xml
C:\Users\Seven01\AppData\Roaming\FTPGetter\servers.xml
C:\Program Files (x86)\WS_FTP\WS_FTP.INI
C:\Windows\WS_FTP.INI
C:\Users\Seven01\AppData\Roaming\Ipswitch
C:\Users\Seven01\site.xml
C:\Users\Seven01\AppData\Local\PokerStars*
C:\Users\Seven01\AppData\Local\ExpanDrive
C:\Users\Seven01\AppData\Roaming\Steed\bookmarks.txt
C:\Users\Seven01\AppData\Roaming\FlashFXP
C:\ProgramData\FlashFXP
C:\Users\Seven01\AppData\Local\INSoftware\NovaFTP\NovaFTP.db
C:\Users\Seven01\AppData\Roaming\NetDrive\NDSites.ini
C:\Users\Seven01\AppData\Roaming\NetDrive2\drives.dat
C:\ProgramData\NetDrive2\drives.dat
C:\Users\Seven01\AppData\Roaming\SmartFTP
C:\Users\Seven01\AppData\Roaming\Far Manager\Profile\PluginsData\42E4AEB1-A230-44F4-B33C-F195BB654931.db
C:\Users\Seven01\Documents\*.tlp
C:\Users\Seven01\Documents\*.bscp
C:\Users\Seven01\Documents\*.vnc
C:\Users\Seven01\Desktop\*.vnc
C:\Users\Seven01\Documents\mSecure
C:\ProgramData\Syncovery
C:\Program Files (x86)\FreshWebmaster\FreshFTP\FtpSites.SMF
C:\Users\Seven01\AppData\Roaming\BitKinex\bitkinex.ds
C:\Users\Seven01\AppData\Roaming\UltraFXP\sites.xml
C:\Users\Seven01\AppData\Roaming\FTP Now\sites.xml
C:\Program Files (x86)\Odin Secure FTP Expert\QFDefault.QFQ
C:\Program Files (x86)\Odin Secure FTP Expert\SiteInfo.QFP
C:\Program Files (x86)\Foxmail\mail
C:\Foxmail*
C:\Users\Seven01\AppData\Roaming\Pocomail\accounts.ini
C:\Users\Seven01\Documents\Pocomail\accounts.ini
C:\Users\Seven01\AppData\Roaming\GmailNotifierPro\ConfigData.xml
C:\Users\Seven01\AppData\Roaming\DeskSoft\CheckMail
C:\Program Files (x86)\WinFtp Client\Favorites.dat
C:\Windows\32BitFtp.TMP
C:\Windows\32BitFtp.ini
C:\FTP Navigator\Ftplist.txt
C:\Softwarenetz\Mailing\Daten\mailing.vdt
C:\Users\Seven01\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
C:\Users\Seven01\Documents\*Mailbox.ini
C:\Users\Seven01\Documents\yMail2\POP3.xml
C:\Users\Seven01\Documents\yMail2\SMTP.xml
C:\Users\Seven01\Documents\yMail2\Accounts.xml
C:\Users\Seven01\Documents\yMail\ymail.ini
C:\Users\Seven01\AppData\Roaming\TrulyMail\Data\Settings\user.config
C:\Users\Seven01\Documents\*.spn
C:\Users\Seven01\Desktop\*.spn
C:\Users\Seven01\AppData\Roaming\To-Do DeskList\tasks.db
C:\Users\Seven01\AppData\Roaming\stickies\images
C:\Users\Seven01\AppData\Roaming\stickies\rtf
C:\Users\Seven01\AppData\Roaming\NoteFly\notes
C:\Users\Seven01\AppData\Roaming\Conceptworld\Notezilla\Notes8.db
C:\Users\Seven01\AppData\Roaming\Microsoft\Sticky Notes\StickyNotes.snt
C:\Users\Seven01\Documents
C:\Users\Seven01\Documents\*.kdbx
C:\Users\Seven01\Desktop
C:\Users\Seven01\Desktop\*.kdbx
C:\Users\Seven01\Documents\*.kdb
C:\Users\Seven01\Desktop\*.kdb
C:\Users\Seven01\Documents\Enpass
C:\Users\Seven01\Documents\My RoboForm Data
C:\Users\Seven01\Documents\1Password
C:\Users\Seven01\AppData\Local\Temp\Mikrotik\Winbox
C:\Users\Seven01\AppData\Local\Temp\NETAPI32.DLL
C:\Windows\System32\netapi32.dll
C:\Users\Seven01\AppData\Local\Temp\netutils.dll
C:\Windows\System32\netutils.dll
C:\Users\Seven01\AppData\Local\Temp\srvcli.dll
C:\Windows\System32\srvcli.dll
C:\Users\Seven01\AppData\Roaming\E62877
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck
C:\Users\Seven01\AppData\Roaming\Microsoft\Credentials
C:\Users\Seven01\AppData\Roaming\Microsoft\Credentials\*
C:\Users\Seven01\AppData\Local\Microsoft\Credentials
C:\Users\Seven01\AppData\Local\Microsoft\Credentials\*
C:\Users\Seven01\AppData\Local\Temp\ru55534544444434.exe
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.exe
C:\Windows\Temp
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles\LocalService
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\b4bdb6a0-417f-4e60-a0ac-aa00b1c79b4c
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
C:\Windows\Fonts\arial.ttf
C:\Windows\Fonts\ariali.ttf
C:\Windows\Fonts\arialbd.ttf
C:\Windows\Fonts\arialbi.ttf
C:\Windows\Fonts\batang.ttc
C:\Windows\Fonts\cour.ttf
C:\Windows\Fonts\couri.ttf
C:\Windows\Fonts\courbd.ttf
C:\Windows\Fonts\courbi.ttf
C:\Windows\Fonts\daunpenh.ttf
C:\Windows\Fonts\dokchamp.ttf
C:\Windows\Fonts\estre.ttf
C:\Windows\Fonts\euphemia.ttf
C:\Windows\Fonts\gautami.ttf
C:\Windows\Fonts\gautamib.ttf
C:\Windows\Fonts\Vani.ttf
C:\Windows\Fonts\Vanib.ttf
C:\Windows\Fonts\gulim.ttc
C:\Windows\Fonts\impact.ttf
C:\Windows\Fonts\iskpota.ttf
C:\Windows\Fonts\iskpotab.ttf
C:\Windows\Fonts\kalinga.ttf
C:\Windows\Fonts\kalingab.ttf
C:\Windows\Fonts\kartika.ttf
C:\Windows\Fonts\kartikab.ttf
C:\Windows\Fonts\KhmerUI.ttf
C:\Windows\Fonts\KhmerUIb.ttf
C:\Windows\Fonts\LaoUI.ttf
C:\Windows\Fonts\LaoUIb.ttf
C:\Windows\Fonts\latha.ttf
C:\Windows\Fonts\lathab.ttf
C:\Windows\Fonts\lucon.ttf
C:\Windows\Fonts\malgun.ttf
C:\Windows\Fonts\malgunbd.ttf
C:\Windows\Fonts\mangal.ttf
C:\Windows\Fonts\mangalb.ttf
C:\Windows\Fonts\meiryo.ttc
C:\Windows\Fonts\meiryob.ttc
C:\Windows\Fonts\himalaya.ttf
C:\Windows\Fonts\msjh.ttf
C:\Windows\Fonts\msjhbd.ttf
C:\Windows\Fonts\msyh.ttf
C:\Windows\Fonts\msyhbd.ttf
C:\Windows\Fonts\mingliu.ttc
C:\Windows\Fonts\mingliub.ttc
C:\Windows\Fonts\monbaiti.ttf
C:\Windows\Fonts\msgothic.ttc
C:\Windows\Fonts\msmincho.ttc
C:\Windows\Fonts\mvboli.ttf
C:\Windows\Fonts\ntailu.ttf
C:\Windows\Fonts\ntailub.ttf
C:\Windows\Fonts\nyala.ttf
C:\Windows\Fonts\phagspa.ttf
C:\Windows\Fonts\phagspab.ttf
C:\Windows\Fonts\plantc.ttf
C:\Windows\Fonts\raavi.ttf
C:\Windows\Fonts\raavib.ttf
C:\Windows\Fonts\segoesc.ttf
C:\Windows\Fonts\segoescb.ttf
C:\Windows\Fonts\segoeui.ttf
C:\Windows\Fonts\segoeuib.ttf
C:\Windows\Fonts\segoeuii.ttf
C:\Windows\Fonts\segoeuiz.ttf
C:\Windows\Fonts\seguisb.ttf
C:\Windows\Fonts\segoeuil.ttf
C:\Windows\Fonts\seguisym.ttf
C:\Windows\Fonts\shruti.ttf
C:\Windows\Fonts\shrutib.ttf
C:\Windows\Fonts\simsun.ttc
C:\Windows\Fonts\simsunb.ttf
C:\Windows\Fonts\sylfaen.ttf
C:\Windows\Fonts\taile.ttf
C:\Windows\Fonts\taileb.ttf
C:\Windows\Fonts\times.ttf
C:\Windows\Fonts\timesi.ttf
C:\Windows\Fonts\timesbd.ttf
C:\Windows\Fonts\timesbi.ttf
C:\Windows\Fonts\tunga.ttf
C:\Windows\Fonts\tungab.ttf
C:\Windows\Fonts\vrinda.ttf
C:\Windows\Fonts\vrindab.ttf
C:\Windows\Fonts\Shonar.ttf
C:\Windows\Fonts\Shonarb.ttf
C:\Windows\Fonts\msyi.ttf
C:\Windows\Fonts\tahoma.ttf
C:\Windows\Fonts\tahomabd.ttf
C:\Windows\Fonts\micross.ttf
C:\Windows\Fonts\angsa.ttf
C:\Windows\Fonts\angsai.ttf
C:\Windows\Fonts\angsab.ttf
C:\Windows\Fonts\angsaz.ttf
C:\Windows\Fonts\aparaj.ttf
C:\Windows\Fonts\aparajb.ttf
C:\Windows\Fonts\aparajbi.ttf
C:\Windows\Fonts\aparaji.ttf
C:\Windows\Fonts\cordia.ttf
C:\Windows\Fonts\cordiai.ttf
C:\Windows\Fonts\cordiab.ttf
C:\Windows\Fonts\cordiaz.ttf
C:\Windows\Fonts\ebrima.ttf
C:\Windows\Fonts\ebrimabd.ttf
C:\Windows\Fonts\gisha.ttf
C:\Windows\Fonts\gishabd.ttf
C:\Windows\Fonts\kokila.ttf
C:\Windows\Fonts\kokilab.ttf
C:\Windows\Fonts\kokilabi.ttf
C:\Windows\Fonts\kokilai.ttf
C:\Windows\Fonts\leelawad.ttf
C:\Windows\Fonts\leelawdb.ttf
C:\Windows\Fonts\msuighur.ttf
C:\Windows\Fonts\moolbor.ttf
C:\Windows\Fonts\symbol.ttf
C:\Windows\Fonts\utsaah.ttf
C:\Windows\Fonts\utsaahb.ttf
C:\Windows\Fonts\utsaahbi.ttf
C:\Windows\Fonts\utsaahi.ttf
C:\Windows\Fonts\vijaya.ttf
C:\Windows\Fonts\vijayab.ttf
C:\Windows\Fonts\wingding.ttf
C:\Windows\Fonts\modern.fon
C:\Windows\Fonts\roman.fon
C:\Windows\Fonts\script.fon
C:\Windows\Fonts\andlso.ttf
C:\Windows\Fonts\arabtype.ttf
C:\Windows\Fonts\simpo.ttf
C:\Windows\Fonts\simpbdo.ttf
C:\Windows\Fonts\simpfxo.ttf
C:\Windows\Fonts\majalla.ttf
C:\Windows\Fonts\majallab.ttf
C:\Windows\Fonts\trado.ttf
C:\Windows\Fonts\tradbdo.ttf
C:\Windows\Fonts\ahronbd.ttf
C:\Windows\Fonts\david.ttf
C:\Windows\Fonts\davidbd.ttf
C:\Windows\Fonts\frank.ttf
C:\Windows\Fonts\lvnm.ttf
C:\Windows\Fonts\lvnmbd.ttf
C:\Windows\Fonts\mriam.ttf
C:\Windows\Fonts\mriamc.ttf
C:\Windows\Fonts\nrkis.ttf
C:\Windows\Fonts\rod.ttf
C:\Windows\Fonts\simfang.ttf
C:\Windows\Fonts\simhei.ttf
C:\Windows\Fonts\simkai.ttf
C:\Windows\Fonts\angsau.ttf
C:\Windows\Fonts\angsaui.ttf
C:\Windows\Fonts\angsaub.ttf
C:\Windows\Fonts\angsauz.ttf
C:\Windows\Fonts\browa.ttf
C:\Windows\Fonts\browai.ttf
C:\Windows\Fonts\browab.ttf
C:\Windows\Fonts\browaz.ttf
C:\Windows\Fonts\browau.ttf
C:\Windows\Fonts\browaui.ttf
C:\Windows\Fonts\browaub.ttf
C:\Windows\Fonts\browauz.ttf
C:\Windows\Fonts\cordiau.ttf
C:\Windows\Fonts\cordiaub.ttf
C:\Windows\Fonts\cordiauz.ttf
C:\Windows\Fonts\cordiaui.ttf
C:\Windows\Fonts\upcdl.ttf
C:\Windows\Fonts\upcdi.ttf
C:\Windows\Fonts\upcdb.ttf
C:\Windows\Fonts\upcdbi.ttf
C:\Windows\Fonts\upcel.ttf
C:\Windows\Fonts\upcei.ttf
C:\Windows\Fonts\upceb.ttf
C:\Windows\Fonts\upcebi.ttf
C:\Windows\Fonts\upcfl.ttf
C:\Windows\Fonts\upcfi.ttf
C:\Windows\Fonts\upcfb.ttf
C:\Windows\Fonts\upcfbi.ttf
C:\Windows\Fonts\upcil.ttf
C:\Windows\Fonts\upcii.ttf
C:\Windows\Fonts\upcib.ttf
C:\Windows\Fonts\upcibi.ttf
C:\Windows\Fonts\upcjl.ttf
C:\Windows\Fonts\upcji.ttf
C:\Windows\Fonts\upcjb.ttf
C:\Windows\Fonts\upcjbi.ttf
C:\Windows\Fonts\upckl.ttf
C:\Windows\Fonts\upcki.ttf
C:\Windows\Fonts\upckb.ttf
C:\Windows\Fonts\upckbi.ttf
C:\Windows\Fonts\upcll.ttf
C:\Windows\Fonts\upcli.ttf
C:\Windows\Fonts\upclb.ttf
C:\Windows\Fonts\upclbi.ttf
C:\Windows\Fonts\kaiu.ttf
C:\Windows\Fonts\l_10646.ttf
C:\Windows\Fonts\ariblk.ttf
C:\Windows\Fonts\calibri.ttf
C:\Windows\Fonts\calibrii.ttf
C:\Windows\Fonts\calibrib.ttf
C:\Windows\Fonts\calibriz.ttf
C:\Windows\Fonts\cambria.ttc
C:\Windows\Fonts\cambriai.ttf
C:\Windows\Fonts\cambriab.ttf
C:\Windows\Fonts\cambriaz.ttf
C:\Windows\Fonts\Candara.ttf
C:\Windows\Fonts\Candarai.ttf
C:\Windows\Fonts\Candarab.ttf
C:\Windows\Fonts\Candaraz.ttf
C:\Windows\Fonts\comic.ttf
C:\Windows\Fonts\comicbd.ttf
C:\Windows\Fonts\consola.ttf
C:\Windows\Fonts\consolai.ttf
C:\Windows\Fonts\consolab.ttf
C:\Windows\Fonts\consolaz.ttf
C:\Windows\Fonts\constan.ttf
C:\Windows\Fonts\constani.ttf
C:\Windows\Fonts\constanb.ttf
C:\Windows\Fonts\constanz.ttf
C:\Windows\Fonts\corbel.ttf
C:\Windows\Fonts\corbeli.ttf
C:\Windows\Fonts\corbelb.ttf
C:\Windows\Fonts\corbelz.ttf
C:\Windows\Fonts\framd.ttf
C:\Windows\Fonts\framdit.ttf
C:\Windows\Fonts\Gabriola.ttf
C:\Windows\Fonts\georgia.ttf
C:\Windows\Fonts\georgiai.ttf
C:\Windows\Fonts\georgiab.ttf
C:\Windows\Fonts\georgiaz.ttf
C:\Windows\Fonts\pala.ttf
C:\Windows\Fonts\palai.ttf
C:\Windows\Fonts\palab.ttf
C:\Windows\Fonts\palabi.ttf
C:\Windows\Fonts\segoepr.ttf
C:\Windows\Fonts\segoeprb.ttf
C:\Windows\Fonts\trebuc.ttf
C:\Windows\Fonts\trebucit.ttf
C:\Windows\Fonts\trebucbd.ttf
C:\Windows\Fonts\trebucbi.ttf
C:\Windows\Fonts\verdana.ttf
C:\Windows\Fonts\verdanai.ttf
C:\Windows\Fonts\verdanab.ttf
C:\Windows\Fonts\verdanaz.ttf
C:\Windows\Fonts\webdings.ttf
C:\Windows\Fonts\coure.fon
C:\Windows\Fonts\serife.fon
C:\Windows\Fonts\sserife.fon
C:\Windows\Fonts\smalle.fon
C:\Windows\Fonts\smallf.fon
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\EQUATION\MTEXTRA.TTF
C:\Windows\Fonts\ARIALUNI.TTF
C:\Windows\Fonts\CENTURY.TTF
C:\Windows\Fonts\WINGDNG2.TTF
C:\Windows\Fonts\WINGDNG3.TTF
C:\Windows\Fonts\BKANT.TTF
C:\Windows\Fonts\GOTHIC.TTF
C:\Windows\Fonts\OUTLOOK.TTF
C:\Windows\Fonts\TEMPSITC.TTF
C:\Windows\Fonts\MISTRAL.TTF
C:\Windows\Fonts\LHANDW.TTF
C:\Windows\Fonts\ITCKRIST.TTF
C:\Windows\Fonts\JUICE___.TTF
C:\Windows\Fonts\FREESCPT.TTF
C:\Windows\Fonts\ARIALN.TTF
C:\Windows\Fonts\GARA.TTF
C:\Windows\Fonts\MTCORSVA.TTF
C:\Windows\Fonts\ALGER.TTF
C:\Windows\Fonts\BASKVILL.TTF
C:\Windows\Fonts\BAUHS93.TTF
C:\Windows\Fonts\BELL.TTF
C:\Windows\Fonts\BRLNSB.TTF
C:\Windows\Fonts\BERNHC.TTF
C:\Windows\Fonts\BOD_PSTC.TTF
C:\Windows\Fonts\BRITANIC.TTF
C:\Windows\Fonts\BROADW.TTF
C:\Windows\Fonts\BRUSHSCI.TTF
C:\Windows\Fonts\CALIFR.TTF
C:\Windows\Fonts\CENTAUR.TTF
C:\Windows\Fonts\CHILLER.TTF
C:\Windows\Fonts\COLONNA.TTF
C:\Windows\Fonts\COOPBL.TTF
C:\Windows\Fonts\FTLTLT.TTF
C:\Windows\Fonts\HARLOWSI.TTF
C:\Windows\Fonts\HARNGTON.TTF
C:\Windows\Fonts\HTOWERT.TTF
C:\Windows\Fonts\JOKERMAN.TTF
C:\Windows\Fonts\KUNSTLER.TTF
C:\Windows\Fonts\LBRITE.TTF
C:\Windows\Fonts\LCALLIG.TTF
C:\Windows\Fonts\LFAX.TTF
C:\Windows\Fonts\MAGNETOB.TTF
C:\Windows\Fonts\MATURASC.TTF
C:\Windows\Fonts\MOD20.TTF
C:\Windows\Fonts\NIAGENG.TTF
C:\Windows\Fonts\NIAGSOL.TTF
C:\Windows\Fonts\OLDENGL.TTF
C:\Windows\Fonts\ONYX.TTF
C:\Windows\Fonts\PARCHM.TTF
C:\Windows\Fonts\PLAYBILL.TTF
C:\Windows\Fonts\POORICH.TTF
C:\Windows\Fonts\RAVIE.TTF
C:\Windows\Fonts\INFROMAN.TTF
C:\Windows\Fonts\SHOWG.TTF
C:\Windows\Fonts\SNAP____.TTF
C:\Windows\Fonts\STENCIL.TTF
C:\Windows\Fonts\VINERITC.TTF
C:\Windows\Fonts\VIVALDII.TTF
C:\Windows\Fonts\VLADIMIR.TTF
C:\Windows\Fonts\LATINWD.TTF
C:\Windows\Fonts\BOOKOS.TTF
C:\Windows\Fonts\ANTQUAB.TTF
C:\Windows\Fonts\ANTQUABI.TTF
C:\Windows\Fonts\ANTQUAI.TTF
C:\Windows\Fonts\GOTHICB.TTF
C:\Windows\Fonts\GOTHICBI.TTF
C:\Windows\Fonts\GOTHICI.TTF
C:\Windows\Fonts\BSSYM7.TTF
C:\Windows\Fonts\REFSAN.TTF
C:\Windows\Fonts\REFSPCL.TTF
C:\Windows\Fonts\ARIALNB.TTF
C:\Windows\Fonts\ARIALNBI.TTF
C:\Windows\Fonts\ARIALNI.TTF
C:\Windows\Fonts\GARABD.TTF
C:\Windows\Fonts\GARAIT.TTF
C:\Windows\Fonts\BELLB.TTF
C:\Windows\Fonts\BELLI.TTF
C:\Windows\Fonts\BRLNSDB.TTF
C:\Windows\Fonts\BRLNSR.TTF
C:\Windows\Fonts\CALIFB.TTF
C:\Windows\Fonts\CALIFI.TTF
C:\Windows\Fonts\HTOWERTI.TTF
C:\Windows\Fonts\LBRITED.TTF
C:\Windows\Fonts\LBRITEDI.TTF
C:\Windows\Fonts\LBRITEI.TTF
C:\Windows\Fonts\LFAXD.TTF
C:\Windows\Fonts\LFAXDI.TTF
C:\Windows\Fonts\LFAXI.TTF
C:\Windows\Fonts\BOOKOSB.TTF
C:\Windows\Fonts\BOOKOSBI.TTF
C:\Windows\Fonts\BOOKOSI.TTF
C:\Windows\Fonts\marlett.ttf
C:\Windows\sysnative\it-IT\radarrs.dll.mui
\??\PIPE\wkssvc
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\sysnative\dfdts.dll
C:\Windows\sysnative\winevt\Logs\System.evtx
C:\Windows\sysnative\RacEngn.dll
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
C:\Windows\sysnative\shell32.dll
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx
C:\Windows\sysnative\dfdts.dll.manifest
C:\Windows\sysnative\dfdts.dll.123.Manifest
C:\Windows\sysnative\dfdts.dll.124.Manifest
C:\Windows\sysnative\dfdts.dll.2.Manifest
C:\Windows\sysnative\rundll32.exe
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\RU55534544444434.exe.config
C:\Users\Seven01\AppData\Local\Temp\RU55534544444434.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\pubpol36.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\System32\netapi32.dll
C:\Windows\System32\netutils.dll
C:\Windows\System32\srvcli.dll
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4
C:\Windows\sysnative\LogFiles\Scm\5c0aeeea-c154-45be-8499-bea5f11baff6
C:\Windows\sysnative\LogFiles\Scm\a7c73732-9f11-4281-8d19-764d4ec9d94d
C:\Windows\sysnative\LogFiles\Scm\ac4e5acf-89f7-4220-ba21-81ee183975e2
C:\Windows\sysnative\LogFiles\Scm\b4bdb6a0-417f-4e60-a0ac-aa00b1c79b4c
C:\Windows\sysnative\LogFiles\Scm\be669c13-8165-4536-96d0-6d6c39292aae
C:\Windows\sysnative\LogFiles\Scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\fb3c354d-297a-4eb2-9b58-090f6361906b
C:\Windows\sysnative\LogFiles\Scm\fdd56c73-f0d5-41b6-b767-6effd7966428
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
C:\Windows\Fonts\modern.fon
C:\Windows\Fonts\roman.fon
C:\Windows\Fonts\script.fon
C:\Windows\Fonts\coure.fon
C:\Windows\Fonts\serife.fon
C:\Windows\Fonts\sserife.fon
C:\Windows\Fonts\smalle.fon
C:\Windows\Fonts\smallf.fon
C:\Windows\sysnative\it-IT\radarrs.dll.mui
\??\PIPE\wkssvc
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\sysnative\dfdts.dll
C:\Windows\sysnative\RacEngn.dll
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
C:\Windows\sysnative\shell32.dll
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx
C:\Windows\sysnative\dfdts.dll.123.Manifest
C:\Windows\sysnative\dfdts.dll.124.Manifest
C:\Windows\sysnative\dfdts.dll.2.Manifest
C:\Windows\sysnative\rundll32.exe
C:\Windows\sysnative\it-IT\KERNELBASE.dll.mui

Write Files

C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.exe
C:\Windows\sysnative\LogFiles\Scm\c016366b-7126-46ca-b36b-592a3d95a60b
C:\Windows\sysnative\LogFiles\Scm\9435f817-fed2-454e-88cd-7f78fda62c48
C:\Windows\sysnative\LogFiles\Scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec
C:\Windows\sysnative\LogFiles\Scm\046fbef8-2dd6-4a92-a08e-608464edcc44
\??\PIPE\wkssvc
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx
C:\Windows\sysnative\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx

Delete Files

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2424.16947812
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2424.16947812
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2424.16948062
C:\Users\Seven01\AppData\Roaming\E62877\73E4A9.lck
C:\Users\Seven01\AppData\Local\Temp\ru55534544444434.exe

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RU55534544444434.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\66d50043\2404be8b
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\381833da\5c7e70d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|RU55534544444434.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|RU55534544444434.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|RU55534544444434.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\381833da\44b81ded
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ad60644\6f323003
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\235dd0a9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d1b2185\9e47f51
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
HKEY_LOCAL_MACHINE\SOFTWARE\ComodoGroup\IceDragon\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\Safari
HKEY_LOCAL_MACHINE\SOFTWARE\K-Meleon
HKEY_LOCAL_MACHINE\SOFTWARE\mozilla.org\SeaMonkey
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\SeaMonkey
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Flock
HKEY_CURRENT_USER\Software\QtWeb.NET\QtWeb Internet Browser\AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
HKEY_LOCAL_MACHINE\SOFTWARE\8pecxstudios\Cyberfox86
HKEY_LOCAL_MACHINE\SOFTWARE\8pecxstudios\Cyberfox
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Pale Moon
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Waterfox
HKEY_CURRENT_USER\Software\LinasFTP\Site Manager
HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
HKEY_CURRENT_USER\Software\Ghisler\Total Commander
HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software\Adobe
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\JavaSoft
HKEY_CURRENT_USER\Software\Macromedia
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\Netscape
HKEY_CURRENT_USER\Software\ODBC
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Bitvise\BvSshClient
HKEY_CURRENT_USER\Software\VanDyke\SecureFX
HKEY_LOCAL_MACHINE\Software\NCH Software\Fling\Accounts
HKEY_CURRENT_USER\Software\NCH Software\Fling\Accounts
HKEY_LOCAL_MACHINE\Software\NCH Software\ClassicFTP\FTPAccounts
HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions
HKEY_LOCAL_MACHINE\Software\9bis.com\KiTTY\Sessions
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Thunderbird
HKEY_CURRENT_USER\Software\IncrediMail\Identities
HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities
HKEY_CURRENT_USER\Software\Martin Prikryl
HKEY_LOCAL_MACHINE\Software\Martin Prikryl
HKEY_LOCAL_MACHINE\SOFTWARE\Postbox\Postbox
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\FossaMail
HKEY_CURRENT_USER\Software\WinChips\UserAccounts
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\SOFTWARE\flaska.net\trojita
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Parameters\RpcCacheTimeout
HKEY_LOCAL_MACHINE\\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xd0\x9d\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xd1\x9e\xef\xbf\xbd\xd0\x8d\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xd0\x99\xef\xbf\xbd\xef\xbf\xbd\xd1\x8f\xef\xbf\xbd\xef\xbf\xbd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
HKEY_USERS\S-1-5-19
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-19\Environment
HKEY_USERS\S-1-5-19\Volatile Environment
HKEY_USERS\S-1-5-19\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\W. Europe Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\SystemCritical
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\svchost.exe
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialUserCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumUserCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDllUnloadOnStop
HKEY_CURRENT_USER\Software\Classes\AppID\taskhost.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\DiagnosticModules
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\Software\Microsoft\RADAR\HeapLeakDetection\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-WindowsUpdateClient/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-NetworkAccessProtection/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-Windows Defender/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-Diagnosis-Scheduled/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-ReliabilityAnalysisComponent/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\eventlog\Microsoft-Windows-Known Folders API Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics\DFDCollectorInvokeTimes

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index36
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\00471e98b7a362469ed97e3915fd4111\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\10b0e4d6eb1de34dabd532a0806a0fec\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\192e64c97bf3a54488a039619c763627\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\32a3dc9c400a4b448b60ab7fe553a392\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\43e0bb79f0f2d84db98ff4f730d23d24\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6a50d9bd87f9a8478751861a1591a6c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7760e21103136b47946c9c80fa097f15\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\7d19c9e894f20d4780a31c9a9f17da11\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\818ecc2f310b344f807e8af5dc013189\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Email
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation\Parameters\RpcCacheTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PeerDistSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StorSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmRdpService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000\ProfileImagePath
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Group
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityParam
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\ImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\AuthenticationCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\CoInitializeSecurityAppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DeferredCoInitializeSecurityServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation\SystemCritical
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Control Panel\International\sCountry
HKEY_CURRENT_USER\Control Panel\International\sList
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Control Panel\International\sGrouping
HKEY_CURRENT_USER\Control Panel\International\sNativeDigits
HKEY_CURRENT_USER\Control Panel\International\sCurrency
HKEY_CURRENT_USER\Control Panel\International\sMonDecimalSep
HKEY_CURRENT_USER\Control Panel\International\sMonThousandSep
HKEY_CURRENT_USER\Control Panel\International\sMonGrouping
HKEY_CURRENT_USER\Control Panel\International\sPositiveSign
HKEY_CURRENT_USER\Control Panel\International\sNegativeSign
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_CURRENT_USER\Control Panel\International\sShortTime
HKEY_CURRENT_USER\Control Panel\International\s1159
HKEY_CURRENT_USER\Control Panel\International\s2359
HKEY_CURRENT_USER\Control Panel\International\sShortDate
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Control Panel\International\sLongDate
HKEY_CURRENT_USER\Control Panel\International\iCountry
HKEY_CURRENT_USER\Control Panel\International\iMeasure
HKEY_CURRENT_USER\Control Panel\International\iPaperSize
HKEY_CURRENT_USER\Control Panel\International\iDigits
HKEY_CURRENT_USER\Control Panel\International\iLZero
HKEY_CURRENT_USER\Control Panel\International\iNegNumber
HKEY_CURRENT_USER\Control Panel\International\NumShape
HKEY_CURRENT_USER\Control Panel\International\iCurrDigits
HKEY_CURRENT_USER\Control Panel\International\iCurrency
HKEY_CURRENT_USER\Control Panel\International\iNegCurr
HKEY_CURRENT_USER\Control Panel\International\iCalendarType
HKEY_CURRENT_USER\Control Panel\International\iFirstDayOfWeek
HKEY_CURRENT_USER\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceManifest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumSystemCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\InitialUserCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\MaximumUserCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{15fba3b8-a37a-4f91-bdba-fbb98fe804bf}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{282396b2-6c46-4d66-b413-70b0445df33c}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{284ddb2f-beea-4c9d-91e8-e3670ed91517}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{3EA6B3DF-393E-41C3-9885-29EC5A701926}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{45DE1EA9-10BC-4f96-9B21-4B6B83DBF476}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{4d21da64-fd02-4b82-a0a5-783266e430ab}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{50e3b0eb-5780-49de-9eb5-8d53a51fd146}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5C85A128-86F7-41a4-B655-BEE3F2ADEF46}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{5EE64AFB-398D-4edb-AF71-3B830219ABF7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{63e0d0f7-ac2f-493b-a7f2-2f3ccdb66fca}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{67f1ec80-6c5b-43bb-860b-d47ae85242b1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{72dbb5ac-6a91-46e6-885b-d429828bea2e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{7a54f16f-a73a-4258-ba46-a1e998a6aa74}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{85e0acd9-809a-482b-b60b-bcad1f8d0cd7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{88d4896f-f553-446a-9c75-9dec124ff8b7}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8CC29128-0B57-4a2b-A7B9-A74A70BA6FA1}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{8d39bd5b-81f8-4b94-a608-6a50bbff5d15}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{95c162b7-5b71-44f8-82e4-abfd3108f40f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a0d86e0d-3f06-411b-9dd5-35bc5666ff3e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{a59f0643-a6ca-48e0-a7c4-4cdd258439e2}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{abd0ea66-a840-44a9-97b1-fb74fddaa8c8}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{b171ab1c-60e9-4301-a338-beab1c70b3e9}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{bf2de437-b736-48fb-84a0-5f0c389a068e}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{C0F51D84-11B9-4e74-B083-99F11BA2DB0A}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c70949f5-bda4-4bf3-8121-af0bc174925f}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{c8544339-5be9-4f25-862e-485f1b1a6935}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{d8bcedf8-46c3-440e-bc65-dfa6a5094054}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NeverLowerPagePriority
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\DiagnosticModules\{E4CD2E3E-3852-4952-B76B-23BB8E35D344}\NameResource
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WDI\Config\ServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\CLResolutionInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\DisplayInterval
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RADAR\SkipWatson
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\Settings\ReflectionInterval
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-WindowsUpdateClient/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-NetworkAccessProtection/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Windows Defender/WHC\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Diagnosis-Scheduled/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ReliabilityAnalysisComponent/Operational\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\FileMax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\FileCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MinBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MaxBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Latency
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\ClockType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\SidType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\ControlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MaxSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\MaxSizeUpper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Retention
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\AutoBackupLogFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\File
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\FilterId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\Isolation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\OwningPublisher
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Known Folders API Service\ChannelAccess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics\DFDCollectorInvokeTimes

Write Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DiskDiagnostics\DFDCollectorInvokeTimes

Delete Keys

Nothing to display

Mutexes

Global\CLR_CASOFF_MUTEX
D448845E628773E4A9A809DA

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.GetSystemWindowsDirectoryW
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
mscoreei.dll.CreateConfigStream
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
shell32.dll.SHGetFolderPathW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
kernel32.dll.GetFullPathNameW
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptReleaseContext
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.SetErrorMode
kernel32.dll.GetFileAttributesExW
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
mscoree.dll.ND_RI4
mscoreei.dll.ND_RI4
kernel32.dll.VirtualProtect
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SwitchToThread
kernel32.dll.CloseHandle
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
psapi.dll.GetModuleFileNameExW
kernel32.dll.GetProcAddress
kernel32.dll.DebugActiveProcess
kernel32.dll.WaitForDebugEvent
kernel32.dll.ContinueDebugEvent
kernel32.dll.DeleteFileA
advapi32.dll.SetKernelObjectSecurity
advapi32.dll.GetKernelObjectSecurity
ntdll.dll.NtSetInformationProcess
ntdll.dll.NtProtectVirtualMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.GetThreadContext
kernel32.dll.Wow64GetThreadContext
ntdll.dll.NtUnmapViewOfSection
kernel32.dll.ResumeThread
kernel32.dll.SetThreadContext
kernel32.dll.Wow64SetThreadContext
kernel32.dll.WriteProcessMemory
kernel32.dll.ReadProcessMemory
kernel32.dll.TerminateProcess
kernel32.dll.CreateProcessW
ole32.dll.CoUninitialize
ole32.dll.CoGetContextToken
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
advapi32.dll.EventUnregister
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext
vaultcli.dll.VaultEnumerateItems
vaultcli.dll.VaultEnumerateVaults
vaultcli.dll.VaultFree
vaultcli.dll.VaultGetItem
vaultcli.dll.VaultOpenVault
vaultcli.dll.VaultCloseVault
sechost.dll.LookupAccountSidLocalW
netapi32.dll.NetUserGetInfo
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptDestroyKey
ole32.dll.CoInitializeSecurity
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
ole32.dll.CoCreateInstance
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
fntcache.dll.ServiceMain
fntcache.dll.SvchostPushServiceGlobals
ntmarta.dll.GetMartaExtensionInterface
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
dwmapi.dll.DwmIsCompositionEnabled
rpcrt4.dll.UuidFromStringW
radarrs.dll.WdiDiagnosticModuleMain
radarrs.dll.WdiHandleInstance
radarrs.dll.WdiGetDiagnosticModuleInterfaceVersion
wkscli.dll.NetGetJoinInformation
netutils.dll.NetApiBufferFree
dfdts.dll.DfdGetDefaultPolicyAndSMART

Execute Commands

"C:\Users\Seven01\AppData\Local\Temp\RU55534544444434.exe"
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sc.exe start w32time task_started
C:\Windows\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART

Started Services

VaultSvc
W32Time

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2018-09-09 19:26:29 2018-09-09 19:29:47 198

2 HTTP Request(s) detected

http://blackdiamondsco.ae/rooney/fre.php
  • Hostname: blackdiamondsco.ae
  • IP Address:
  • Port: 80
  • Count: 2

POST /rooney/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: blackdiamondsco.ae
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: 85FDB44C
Content-Length: 192
Connection: close

http://blackdiamondsco.ae/rooney/fre.php
  • Hostname: blackdiamondsco.ae
  • IP Address:
  • Port: 80
  • Count: 12

POST /rooney/fre.php HTTP/1.0
User-Agent: Mozilla/4.08 (Charon; Inferno)
Host: blackdiamondsco.ae
Accept: */*
Content-Type: application/octet-stream
Content-Encoding: binary
Content-Key: 85FDB44C
Content-Length: 165
Connection: close

#infosec #automation

TheSystem Itself @ 2018-09-09 19:30:19

Detected family: #Lokibot

TheSystem Itself @ 2018-09-09 19:42:04