Detections

Yara:

AgentTeslaV2

Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-06-23 05:50:23 2020-06-23 05:56:14 351 seconds Show Options Show Log
route = tor
2020-05-13 09:07:47,883 [root] INFO: Date set to: 20200623T05:50:23, timeout set to: 200
2020-06-23 05:50:23,031 [root] DEBUG: Starting analyzer from: C:\tmpnwhtwc92
2020-06-23 05:50:23,031 [root] DEBUG: Storing results at: C:\LkVeer
2020-06-23 05:50:23,031 [root] DEBUG: Pipe server name: \\.\PIPE\nnnNWfHGwB
2020-06-23 05:50:23,031 [root] DEBUG: Python path: C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32
2020-06-23 05:50:23,031 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-06-23 05:50:23,031 [root] INFO: Automatically selected analysis package "exe"
2020-06-23 05:50:23,031 [root] DEBUG: Trying to import analysis package "exe"...
2020-06-23 05:50:23,062 [root] DEBUG: Imported analysis package "exe".
2020-06-23 05:50:23,062 [root] DEBUG: Trying to initialize analysis package "exe"...
2020-06-23 05:50:23,062 [root] DEBUG: Initialized analysis package "exe".
2020-06-23 05:50:23,109 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-06-23 05:50:23,109 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-06-23 05:50:23,109 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-06-23 05:50:23,203 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-06-23 05:50:23,203 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-06-23 05:50:23,218 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-06-23 05:50:23,218 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-06-23 05:50:23,234 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-06-23 05:50:23,234 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-06-23 05:50:23,234 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-06-23 05:50:23,249 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-06-23 05:50:23,249 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-06-23 05:50:23,249 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-06-23 05:50:23,281 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-06-23 05:50:23,281 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-06-23 05:50:23,296 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-06-23 05:50:23,296 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-06-23 05:50:23,296 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-06-23 05:50:23,296 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-06-23 05:50:23,296 [lib.api.screenshot] DEBUG: Importing 'math'
2020-06-23 05:50:23,296 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-06-23 05:50:24,328 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-06-23 05:50:24,343 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-06-23 05:50:24,359 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-06-23 05:50:24,359 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-06-23 05:50:24,359 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-06-23 05:50:24,359 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-06-23 05:50:24,359 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-06-23 05:50:24,406 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-06-23 05:50:24,406 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-06-23 05:50:24,406 [root] DEBUG: Initialized auxiliary module "Browser".
2020-06-23 05:50:24,406 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-06-23 05:50:24,406 [root] DEBUG: Started auxiliary module Browser
2020-06-23 05:50:24,406 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-06-23 05:50:24,421 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-06-23 05:50:24,421 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-06-23 05:50:24,421 [root] DEBUG: Started auxiliary module Curtain
2020-06-23 05:50:24,421 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-06-23 05:50:24,421 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-06-23 05:50:24,421 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-06-23 05:50:24,421 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-06-23 05:50:24,718 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-06-23 05:50:24,718 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-06-23 05:50:24,718 [root] DEBUG: Started auxiliary module DigiSig
2020-06-23 05:50:24,718 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-06-23 05:50:24,718 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-06-23 05:50:24,718 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-06-23 05:50:24,750 [root] DEBUG: Started auxiliary module Disguise
2020-06-23 05:50:24,750 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-06-23 05:50:24,750 [root] DEBUG: Initialized auxiliary module "Human".
2020-06-23 05:50:24,750 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-06-23 05:50:24,750 [root] DEBUG: Started auxiliary module Human
2020-06-23 05:50:24,750 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-06-23 05:50:24,750 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-06-23 05:50:24,750 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-06-23 05:50:24,765 [root] DEBUG: Started auxiliary module Procmon
2020-06-23 05:50:24,765 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-06-23 05:50:24,765 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-06-23 05:50:24,765 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-06-23 05:50:24,765 [root] DEBUG: Started auxiliary module Screenshots
2020-06-23 05:50:24,765 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-06-23 05:50:24,765 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-06-23 05:50:24,765 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-06-23 05:50:24,765 [root] DEBUG: Started auxiliary module Sysmon
2020-06-23 05:50:24,765 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-06-23 05:50:24,765 [root] DEBUG: Initialized auxiliary module "Usage".
2020-06-23 05:50:24,765 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-06-23 05:50:24,765 [root] DEBUG: Started auxiliary module Usage
2020-06-23 05:50:24,765 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-06-23 05:50:24,765 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-06-23 05:50:24,765 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-06-23 05:50:24,765 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-06-23 05:50:25,000 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe" with arguments "" with pid 5664
2020-06-23 05:50:25,000 [lib.api.process] INFO: Monitor config for process 5664: C:\tmpnwhtwc92\dll\5664.ini
2020-06-23 05:50:25,000 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:25,093 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:25,093 [root] DEBUG: Loader: Injecting process 5664 (thread 5756) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:25,093 [root] DEBUG: Process image base: 0x00D90000
2020-06-23 05:50:25,093 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-23 05:50:25,093 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-23 05:50:25,109 [root] DEBUG: Error 2 (0x2) - Loader: Failed to call named pipe \\.\PIPE\nnnNWfHGwB: The system cannot find the file specified.
2020-06-23 05:50:25,109 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 5664
2020-06-23 05:50:27,109 [lib.api.process] INFO: Successfully resumed process with pid 5664
2020-06-23 05:50:27,156 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-06-23 05:50:27,156 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-23 05:50:27,171 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 5664 at 0x6b510000, image base 0xd90000, stack from 0x206000-0x210000
2020-06-23 05:50:27,187 [root] INFO: Loaded monitor into process with pid 5664
2020-06-23 05:50:27,187 [root] DEBUG: set_caller_info: Adding region at 0x00110000 to caller regions list (advapi32::RegQueryInfoKeyW).
2020-06-23 05:50:27,187 [root] DEBUG: set_caller_info: Adding region at 0x00710000 to caller regions list (ntdll::RtlDispatchException).
2020-06-23 05:50:27,203 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-06-23 05:50:27,203 [root] DEBUG: DumpMemory: Exception occured reading memory address 0x710000
2020-06-23 05:50:27,203 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00710000 size 0x400000.
2020-06-23 05:50:27,234 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\5664_15937313422750923262020 (size 0xe5e)
2020-06-23 05:50:27,234 [root] DEBUG: set_caller_info: Failed to dumping calling PE image at 0x00110000.
2020-06-23 05:50:27,234 [root] DEBUG: set_caller_info: Adding region at 0x00540000 to caller regions list (kernel32::FindFirstFileExW).
2020-06-23 05:50:27,703 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\5664_5483726802750923262020 (size 0x100099)
2020-06-23 05:50:27,703 [root] DEBUG: DumpRegion: Dumped stack region from 0x00540000, size 0x101000.
2020-06-23 05:50:27,703 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xb8 amd local view 0x703E0000 to global list.
2020-06-23 05:50:27,718 [root] DEBUG: DLL loaded at 0x703E0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7d000 bytes).
2020-06-23 05:50:27,718 [root] DEBUG: DLL unloaded from 0x76020000.
2020-06-23 05:50:27,734 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd4 amd local view 0x00210000 to global list.
2020-06-23 05:50:27,734 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xd0 amd local view 0x00210000 to global list.
2020-06-23 05:50:27,750 [root] DEBUG: DLL loaded at 0x74330000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-06-23 05:50:27,750 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x69060000 for section view with handle 0xd4.
2020-06-23 05:50:27,750 [root] DEBUG: DLL loaded at 0x69060000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x6ef000 bytes).
2020-06-23 05:50:27,765 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6B9D0000 for section view with handle 0xd4.
2020-06-23 05:50:27,781 [root] DEBUG: DLL loaded at 0x6B9D0000: C:\Windows\system32\MSVCR120_CLR0400 (0xf5000 bytes).
2020-06-23 05:50:27,796 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 5664, handle 0xf4.
2020-06-23 05:50:27,796 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf8 amd local view 0x00100000 to global list.
2020-06-23 05:50:27,796 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xfc amd local view 0x00210000 to global list.
2020-06-23 05:50:27,796 [root] INFO: Disabling sleep skipping.
2020-06-23 05:50:27,796 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,812 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,812 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,812 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1f0 amd local view 0x05850000 to global list.
2020-06-23 05:50:27,843 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1fc amd local view 0x667E0000 to global list.
2020-06-23 05:50:27,843 [root] DEBUG: DLL loaded at 0x667E0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni (0x1393000 bytes).
2020-06-23 05:50:27,859 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x208 amd local view 0x6A710000 to global list.
2020-06-23 05:50:27,875 [root] DEBUG: DLL loaded at 0x6A710000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x80000 bytes).
2020-06-23 05:50:27,875 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x204 amd local view 0x77020000 to global list.
2020-06-23 05:50:27,875 [root] DEBUG: DLL loaded at 0x77020000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-06-23 05:50:27,875 [root] DEBUG: set_caller_info: Adding region at 0x00290000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-06-23 05:50:27,875 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x29ffff
2020-06-23 05:50:27,875 [root] DEBUG: DumpMemory: Nothing to dump at 0x00290000!
2020-06-23 05:50:27,875 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00290000 size 0x10000.
2020-06-23 05:50:27,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x290000 - 0x291000.
2020-06-23 05:50:27,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x290000-0x291000.
2020-06-23 05:50:27,906 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\5664_19260755084750923262020 (size 0x4ba)
2020-06-23 05:50:27,906 [root] DEBUG: DumpRegion: Dumped stack region from 0x00290000, size 0x1000.
2020-06-23 05:50:27,921 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,921 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,937 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,953 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,968 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:27,984 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:28,031 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x21c amd local view 0x00490000 to global list.
2020-06-23 05:50:28,109 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:28,156 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:28,281 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x264 amd local view 0x681A0000 to global list.
2020-06-23 05:50:28,281 [root] DEBUG: DLL loaded at 0x681A0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni (0xa10000 bytes).
2020-06-23 05:50:28,296 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x260 amd local view 0x66000000 to global list.
2020-06-23 05:50:28,296 [root] DEBUG: DLL loaded at 0x66000000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni (0x7e0000 bytes).
2020-06-23 05:50:28,312 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x25c amd local view 0x67DA0000 to global list.
2020-06-23 05:50:28,328 [root] DEBUG: DLL loaded at 0x67DA0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fad2ba18a244bf307910025c81b52f1e\WindowsBase.ni (0x3f3000 bytes).
2020-06-23 05:50:28,328 [root] DEBUG: DLL loaded at 0x74880000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-06-23 05:50:28,343 [root] DEBUG: DLL loaded at 0x74610000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-06-23 05:50:28,406 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x65450000 for section view with handle 0x260.
2020-06-23 05:50:28,421 [root] DEBUG: DLL loaded at 0x65450000: C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4f7c4bba7641e71c1b15384ca408fa9b\PresentationCore.ni (0xbad000 bytes).
2020-06-23 05:50:28,500 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x258 amd local view 0x63D30000 to global list.
2020-06-23 05:50:28,515 [root] DEBUG: DLL loaded at 0x63D30000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2cf8ec33054bf9d59892861776b13716\PresentationFramework.ni (0x1307000 bytes).
2020-06-23 05:50:28,687 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6A020000 for section view with handle 0x258.
2020-06-23 05:50:28,734 [root] DEBUG: DLL loaded at 0x6A020000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\15a0c54648649e65f75ca4010468c7e2\System.Xaml.ni (0x1f4000 bytes).
2020-06-23 05:50:28,890 [root] DEBUG: DLL loaded at 0x6A470000: C:\Windows\system32\dwrite (0x136000 bytes).
2020-06-23 05:50:28,937 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x69ED0000 for section view with handle 0x258.
2020-06-23 05:50:28,937 [root] DEBUG: DLL loaded at 0x69ED0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400 (0x149000 bytes).
2020-06-23 05:50:28,984 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6A690000 for section view with handle 0x258.
2020-06-23 05:50:29,000 [root] DEBUG: DLL loaded at 0x6A690000: C:\Windows\system32\MSVCP120_CLR0400 (0x78000 bytes).
2020-06-23 05:50:29,046 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x69920000 for section view with handle 0x260.
2020-06-23 05:50:29,062 [root] DEBUG: DLL loaded at 0x69920000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400 (0xca000 bytes).
2020-06-23 05:50:29,234 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x004A0000 for section view with handle 0x258.
2020-06-23 05:50:29,249 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x652B0000 for section view with handle 0x264.
2020-06-23 05:50:29,249 [root] DEBUG: DLL loaded at 0x652B0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni (0x194000 bytes).
2020-06-23 05:50:29,265 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x63010000 for section view with handle 0x25c.
2020-06-23 05:50:29,265 [root] DEBUG: DLL loaded at 0x63010000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni (0xd1d000 bytes).
2020-06-23 05:50:29,437 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x69850000 for section view with handle 0x25c.
2020-06-23 05:50:29,453 [root] DEBUG: DLL loaded at 0x69850000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\5c5ed836d2a372987cc8f735310cc369\Microsoft.Build.Utilities.v4.0.ni (0xc8000 bytes).
2020-06-23 05:50:29,531 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6AD10000 for section view with handle 0x25c.
2020-06-23 05:50:29,546 [root] DEBUG: DLL loaded at 0x6AD10000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\ee81fa2e7f333ee787a423c2e39ee3a3\System.Numerics.ni (0x45000 bytes).
2020-06-23 05:50:29,562 [root] DEBUG: OpenProcessHandler: Image base for process 5664 (handle 0x258): 0x00D90000.
2020-06-23 05:50:29,625 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x24 amd local view 0x004D0000 to global list.
2020-06-23 05:50:29,625 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00520000 for section view with handle 0x24.
2020-06-23 05:50:29,796 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x26c amd local view 0x00680000 to global list.
2020-06-23 05:50:29,812 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x268 amd local view 0x72A20000 to global list.
2020-06-23 05:50:29,828 [root] DEBUG: DLL loaded at 0x72A20000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting (0x13000 bytes).
2020-06-23 05:50:29,828 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x0B570000 for section view with handle 0x268.
2020-06-23 05:50:29,890 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x270 amd local view 0x737A0000 to global list.
2020-06-23 05:50:29,890 [root] DEBUG: DLL loaded at 0x737A0000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\gdiplus (0x192000 bytes).
2020-06-23 05:50:29,906 [root] DEBUG: DLL loaded at 0x731D0000: C:\Windows\system32\WindowsCodecs (0x131000 bytes).
2020-06-23 05:50:29,953 [root] DEBUG: set_caller_info: Adding region at 0x00230000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-06-23 05:50:29,953 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x23ffff
2020-06-23 05:50:29,953 [root] DEBUG: DumpMemory: Nothing to dump at 0x00230000!
2020-06-23 05:50:29,953 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00230000 size 0x10000.
2020-06-23 05:50:29,953 [root] DEBUG: DumpPEsInRange: Scanning range 0x230000 - 0x231000.
2020-06-23 05:50:29,953 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x230000-0x231000.
2020-06-23 05:50:29,984 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\5664_5709537304950923262020 (size 0xf7)
2020-06-23 05:50:29,984 [root] DEBUG: DumpRegion: Dumped stack region from 0x00230000, size 0x1000.
2020-06-23 05:50:30,375 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x280 amd local view 0x00660000 to global list.
2020-06-23 05:50:30,421 [root] DEBUG: DLL loaded at 0x753D0000: C:\Windows\system32\shell32 (0xc4c000 bytes).
2020-06-23 05:50:30,437 [root] INFO: Added new file to list with pid None and path C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe
2020-06-23 05:50:30,453 [root] DEBUG: set_caller_info: Adding region at 0x00240000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-06-23 05:50:30,453 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x24ffff
2020-06-23 05:50:30,453 [root] DEBUG: DumpMemory: Nothing to dump at 0x00240000!
2020-06-23 05:50:30,453 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00240000 size 0x10000.
2020-06-23 05:50:30,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x240000 - 0x24d000.
2020-06-23 05:50:30,453 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x240000-0x24d000.
2020-06-23 05:50:30,484 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\5664_1245258915050923262020 (size 0xcbd2)
2020-06-23 05:50:30,484 [root] DEBUG: DumpRegion: Dumped stack region from 0x00240000, size 0xd000.
2020-06-23 05:50:30,531 [root] DEBUG: DLL loaded at 0x74E50000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-06-23 05:50:45,500 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 5664.
2020-06-23 05:50:45,531 [root] INFO: Announced 32-bit process name: InstallUtil.exe pid: 4128
2020-06-23 05:50:45,531 [lib.api.process] INFO: Monitor config for process 4128: C:\tmpnwhtwc92\dll\4128.ini
2020-06-23 05:50:45,546 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:45,562 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:45,578 [root] DEBUG: Loader: Injecting process 4128 (thread 4184) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:45,578 [root] DEBUG: Process image base: 0x00AA0000
2020-06-23 05:50:45,578 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-23 05:50:45,578 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-23 05:50:45,578 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:45,593 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4128
2020-06-23 05:50:45,593 [root] DEBUG: DLL loaded at 0x74D60000: C:\Windows\system32\apphelp (0x4c000 bytes).
2020-06-23 05:50:45,640 [root] DEBUG: CreateProcessHandler: Injection info set for new process 4128, ImageBase: 0x00AA0000
2020-06-23 05:50:45,640 [root] INFO: Announced 32-bit process name: InstallUtil.exe pid: 4128
2020-06-23 05:50:45,640 [lib.api.process] INFO: Monitor config for process 4128: C:\tmpnwhtwc92\dll\4128.ini
2020-06-23 05:50:45,656 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:45,671 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:45,671 [root] DEBUG: Loader: Injecting process 4128 (thread 4184) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:45,671 [root] DEBUG: Process image base: 0x00AA0000
2020-06-23 05:50:45,671 [root] DEBUG: InjectDllViaIAT: Executable is .NET, injecting via queued APC.
2020-06-23 05:50:45,671 [root] DEBUG: InjectDllViaQueuedAPC: APC injection queued.
2020-06-23 05:50:45,671 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:45,671 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4128
2020-06-23 05:50:46,359 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-06-23 05:50:49,968 [root] DEBUG: WriteMemoryHandler: Executable binary injected into process 4128 (ImageBase 0x400000)
2020-06-23 05:50:49,968 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-06-23 05:50:49,968 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x04DB2650.
2020-06-23 05:50:50,015 [root] DEBUG: DumpPE: PE file in memory dumped successfully - dump size 0x45600.
2020-06-23 05:50:50,015 [root] DEBUG: WriteMemoryHandler: Dumped PE image from buffer at 0x4db2650, SizeOfImage 0x4c000.
2020-06-23 05:50:50,015 [root] INFO: Announced 32-bit process name: InstallUtil.exe pid: 4128
2020-06-23 05:50:50,015 [lib.api.process] INFO: Monitor config for process 4128: C:\tmpnwhtwc92\dll\4128.ini
2020-06-23 05:50:50,015 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:50,031 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:50,031 [root] DEBUG: Loader: Injecting process 4128 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:50,046 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFD5000 Local PEB 0x7FFDF000 Local TEB 0x7FFDA000: The operation completed successfully.
2020-06-23 05:50:50,046 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-23 05:50:50,046 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-06-23 05:50:50,046 [root] DEBUG: Failed to inject DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:50,062 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 4128, error: 4294967281
2020-06-23 05:50:50,531 [root] DEBUG: DLL unloaded from 0x76640000.
2020-06-23 05:50:51,062 [root] DEBUG: WriteMemoryHandler: injection of section of PE image which has already been dumped.
2020-06-23 05:50:51,062 [root] INFO: Announced 32-bit process name: InstallUtil.exe pid: 4128
2020-06-23 05:50:51,062 [lib.api.process] INFO: Monitor config for process 4128: C:\tmpnwhtwc92\dll\4128.ini
2020-06-23 05:50:51,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:51,078 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:51,078 [root] DEBUG: Loader: Injecting process 4128 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:51,078 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFD5000 Local PEB 0x7FFDF000 Local TEB 0x7FFDC000: The operation completed successfully.
2020-06-23 05:50:51,093 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-23 05:50:51,093 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-06-23 05:50:51,093 [root] DEBUG: Failed to inject DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:51,093 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 4128, error: 4294967281
2020-06-23 05:50:52,093 [root] DEBUG: WriteMemoryHandler: shellcode at 0x0365E44C (size 0x600) injected into process 4128.
2020-06-23 05:50:52,125 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\5664_17387720205055923262020 (size 0x545)
2020-06-23 05:50:52,125 [root] DEBUG: WriteMemoryHandler: Dumped injected code/data from buffer.
2020-06-23 05:50:52,125 [root] INFO: Announced 32-bit process name: InstallUtil.exe pid: 4128
2020-06-23 05:50:52,140 [lib.api.process] INFO: Monitor config for process 4128: C:\tmpnwhtwc92\dll\4128.ini
2020-06-23 05:50:52,140 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:52,156 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:52,156 [root] DEBUG: Loader: Injecting process 4128 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:52,156 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFD5000 Local PEB 0x7FFDF000 Local TEB 0x7FFD7000: The operation completed successfully.
2020-06-23 05:50:52,156 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-23 05:50:52,171 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-06-23 05:50:52,171 [root] DEBUG: Failed to inject DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:52,171 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 4128, error: 4294967281
2020-06-23 05:50:53,171 [root] DEBUG: WriteMemoryHandler: shellcode at 0x0367A7AC (size 0x200) injected into process 4128.
2020-06-23 05:50:53,187 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\5664_16305202125155923262020 (size 0x9)
2020-06-23 05:50:53,187 [root] DEBUG: WriteMemoryHandler: Dumped injected code/data from buffer.
2020-06-23 05:50:53,203 [root] INFO: Announced 32-bit process name: InstallUtil.exe pid: 4128
2020-06-23 05:50:53,203 [lib.api.process] INFO: Monitor config for process 4128: C:\tmpnwhtwc92\dll\4128.ini
2020-06-23 05:50:53,203 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:53,218 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:53,218 [root] DEBUG: Loader: Injecting process 4128 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:53,218 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFD5000 Local PEB 0x7FFDE000 Local TEB 0x7FFDF000: The operation completed successfully.
2020-06-23 05:50:53,218 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-23 05:50:53,218 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed (SessionId=1).
2020-06-23 05:50:53,218 [root] DEBUG: Failed to inject DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:53,234 [lib.api.process] ERROR: Unable to inject into 32-bit process with pid 4128, error: 4294967281
2020-06-23 05:50:54,234 [root] INFO: Announced 32-bit process name: InstallUtil.exe pid: 4128
2020-06-23 05:50:54,234 [lib.api.process] INFO: Monitor config for process 4128: C:\tmpnwhtwc92\dll\4128.ini
2020-06-23 05:50:54,234 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:50:54,249 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:50:54,249 [root] DEBUG: Loader: Injecting process 4128 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:54,249 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFD5000 Local PEB 0x7FFDF000 Local TEB 0x7FFD4000: The operation completed successfully.
2020-06-23 05:50:54,265 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID -17, handle 0x0
2020-06-23 05:50:54,281 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-06-23 05:50:54,281 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-23 05:50:54,281 [root] INFO: Disabling sleep skipping.
2020-06-23 05:50:54,296 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 4128 at 0x6b510000, image base 0x400000, stack from 0x3f6000-0x400000
2020-06-23 05:50:54,296 [root] DEBUG: Commandline: C:\Users\Rebecca\AppData\Local\Temp\"C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe".
2020-06-23 05:50:54,296 [root] INFO: Loaded monitor into process with pid 4128
2020-06-23 05:50:54,312 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-23 05:50:54,312 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-23 05:50:54,312 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:50:57,859 [root] DEBUG: SetThreadContextHandler: Hollow process entry point reset via NtSetContextThread to 0x00046B1E (process 4128).
2020-06-23 05:50:59,859 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:50:59,859 [root] DEBUG: set_caller_info: Adding region at 0x00030000 to caller regions list (ntdll::LdrLoadDll).
2020-06-23 05:50:59,859 [root] DEBUG: set_caller_info: Adding region at 0x017C0000 to caller regions list (kernel32::GetSystemTime).
2020-06-23 05:50:59,859 [root] DEBUG: DLL unloaded from 0x69ED0000.
2020-06-23 05:50:59,875 [root] DEBUG: DLL loaded at 0x74DB0000: C:\Windows\system32\cryptbase (0xc000 bytes).
2020-06-23 05:50:59,875 [root] DEBUG: DumpMemory: Exception occured reading memory address 0x17c0000
2020-06-23 05:50:59,875 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x017C0000 size 0x400000.
2020-06-23 05:50:59,875 [root] DEBUG: DumpPEsInRange: Scanning range 0x17c0000 - 0x17c1000.
2020-06-23 05:50:59,875 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x17c0000-0x17c1000.
2020-06-23 05:50:59,890 [root] DEBUG: DLL unloaded from 0x69920000.
2020-06-23 05:50:59,906 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\4128_11867921225950923262020 (size 0x597)
2020-06-23 05:50:59,906 [root] DEBUG: DumpRegion: Dumped stack region from 0x017C0000, size 0x1000.
2020-06-23 05:50:59,921 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 5664
2020-06-23 05:50:59,921 [root] DEBUG: GetHookCallerBase: thread 5756 (handle 0x0), return address 0x6B541698, allocation base 0x6B510000.
2020-06-23 05:50:59,921 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00D90000.
2020-06-23 05:50:59,937 [root] DEBUG: LooksLikeSectionBoundary: Exception occured reading around suspected boundary at 0x00D92000
2020-06-23 05:50:59,937 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump 'raw' PE image.
2020-06-23 05:50:59,937 [root] DEBUG: DumpPE: Instantiating PeParser with address: 0x00D90000.
2020-06-23 05:50:59,937 [root] DEBUG: DumpPE: Empty or inaccessible last section, file image seems incomplete (from 0x00E26000 to 0x00E26200).
2020-06-23 05:50:59,937 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\4128_10303443125950923262020 (size 0x12b)
2020-06-23 05:50:59,953 [root] DEBUG: DumpRegion: Dumped stack region from 0x00030000, size 0x1000.
2020-06-23 05:50:59,953 [root] DEBUG: DLL loaded at 0x002E0000: C:\tmpnwhtwc92\dll\ipTyHYll (0xd5000 bytes).
2020-06-23 05:51:00,000 [root] DEBUG: DLL unloaded from 0x716B0000.
2020-06-23 05:51:00,000 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-06-23 05:51:00,000 [root] DEBUG: DumpImageInCurrentProcess: Failed to dump 'raw' PE image from 0x00D90000, dumping memory region.
2020-06-23 05:51:00,062 [root] DEBUG: DLL unloaded from 0x769C0000.
2020-06-23 05:51:00,062 [root] DEBUG: DLL unloaded from 0x76130000.
2020-06-23 05:51:00,062 [root] DEBUG: DLL unloaded from 0x716B0000.
2020-06-23 05:51:00,062 [root] DEBUG: DLL unloaded from 0x69060000.
2020-06-23 05:51:00,062 [root] DEBUG: DLL unloaded from 0x703E0000.
2020-06-23 05:51:00,078 [root] DEBUG: DLL unloaded from 0x769C0000.
2020-06-23 05:51:00,078 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 5664
2020-06-23 05:51:00,093 [root] DEBUG: DLL unloaded from 0x002E0000.
2020-06-23 05:51:00,109 [root] DEBUG: GetHookCallerBase: thread 5756 (handle 0x0), return address 0x6B541698, allocation base 0x6B510000.
2020-06-23 05:51:00,140 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00D90000.
2020-06-23 05:51:00,140 [root] DEBUG: set_caller_info: Adding region at 0x00080000 to caller regions list (ntdll::LdrLoadDll).
2020-06-23 05:51:00,234 [root] DEBUG: DumpPE: Error: Cannot dump PE file from memory.
2020-06-23 05:51:00,234 [root] DEBUG: DumpImageInCurrentProcess: Failed to dump 'raw' PE image from 0x00D90000, dumping memory region.
2020-06-23 05:51:00,249 [root] INFO: Process with pid 5664 has terminated
2020-06-23 05:51:00,296 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\4128_739442880051923262020 (size 0x12b)
2020-06-23 05:51:00,343 [root] DEBUG: DumpRegion: Dumped stack region from 0x00080000, size 0x1000.
2020-06-23 05:51:00,390 [root] DEBUG: DLL loaded at 0x002E0000: C:\tmpnwhtwc92\dll\ipTyHYll (0xd5000 bytes).
2020-06-23 05:51:00,437 [root] DEBUG: DLL unloaded from 0x716B0000.
2020-06-23 05:51:00,437 [root] DEBUG: DLL unloaded from 0x769C0000.
2020-06-23 05:51:00,484 [root] DEBUG: DLL unloaded from 0x716B0000.
2020-06-23 05:51:00,515 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xc8 amd local view 0x001C0000 to global list.
2020-06-23 05:51:00,531 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xb4 amd local view 0x001C0000 to global list.
2020-06-23 05:51:00,531 [root] DEBUG: DLL loaded at 0x74330000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-06-23 05:51:00,546 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x69060000 for section view with handle 0xc8.
2020-06-23 05:51:00,546 [root] DEBUG: DLL loaded at 0x69060000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr (0x6ef000 bytes).
2020-06-23 05:51:00,546 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6B9D0000 for section view with handle 0xc8.
2020-06-23 05:51:00,546 [root] DEBUG: DLL loaded at 0x6B9D0000: C:\Windows\system32\MSVCR120_CLR0400 (0xf5000 bytes).
2020-06-23 05:51:00,578 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 4128, handle 0xec.
2020-06-23 05:51:00,593 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf0 amd local view 0x001C0000 to global list.
2020-06-23 05:51:00,593 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0xf4 amd local view 0x001D0000 to global list.
2020-06-23 05:51:00,609 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:51:00,609 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:51:00,671 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1bc amd local view 0x058A0000 to global list.
2020-06-23 05:51:00,718 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1e4 amd local view 0x6A690000 to global list.
2020-06-23 05:51:00,718 [root] DEBUG: DLL loaded at 0x6A690000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit (0x80000 bytes).
2020-06-23 05:51:00,734 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x77020000 for section view with handle 0x1dc.
2020-06-23 05:51:00,734 [root] DEBUG: DLL loaded at 0x77020000: C:\Windows\system32\OLEAUT32 (0x91000 bytes).
2020-06-23 05:51:00,828 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x208 amd local view 0x67170000 to global list.
2020-06-23 05:51:00,828 [root] DEBUG: DLL loaded at 0x67170000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni (0xa10000 bytes).
2020-06-23 05:51:00,843 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6A080000 for section view with handle 0x208.
2020-06-23 05:51:00,859 [root] DEBUG: DLL loaded at 0x6A080000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni (0x194000 bytes).
2020-06-23 05:51:00,890 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x204 amd local view 0x67E90000 to global list.
2020-06-23 05:51:00,890 [root] DEBUG: DLL loaded at 0x67E90000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni (0xd1d000 bytes).
2020-06-23 05:51:00,906 [root] DEBUG: set_caller_info: Adding region at 0x003D0000 to caller regions list (ntdll::NtQueryPerformanceCounter).
2020-06-23 05:51:00,921 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x3dffff
2020-06-23 05:51:00,921 [root] DEBUG: DumpMemory: Nothing to dump at 0x003D0000!
2020-06-23 05:51:00,921 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x003D0000 size 0x10000.
2020-06-23 05:51:00,921 [root] DEBUG: DumpPEsInRange: Scanning range 0x3d0000 - 0x3d1000.
2020-06-23 05:51:00,937 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x3d0000-0x3d1000.
2020-06-23 05:51:00,968 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\4128_6745792532051923262020 (size 0x26a)
2020-06-23 05:51:00,984 [root] DEBUG: DumpRegion: Dumped stack region from 0x003D0000, size 0x1000.
2020-06-23 05:51:01,031 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x210 amd local view 0x6E180000 to global list.
2020-06-23 05:51:01,046 [root] DEBUG: DLL loaded at 0x6E180000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting (0x13000 bytes).
2020-06-23 05:51:01,046 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x05B70000 for section view with handle 0x210.
2020-06-23 05:51:01,046 [root] DEBUG: DLL loaded at 0x753D0000: C:\Windows\system32\shell32 (0xc4c000 bytes).
2020-06-23 05:51:01,109 [root] DEBUG: DLL loaded at 0x74E60000: C:\Windows\system32\profapi (0xb000 bytes).
2020-06-23 05:51:01,156 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-06-23 05:51:01,281 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x250 amd local view 0x66990000 to global list.
2020-06-23 05:51:01,296 [root] DEBUG: DLL loaded at 0x66990000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni (0x7e0000 bytes).
2020-06-23 05:51:01,359 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x24c amd local view 0x69EA0000 to global list.
2020-06-23 05:51:01,375 [root] DEBUG: DLL loaded at 0x69EA0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni (0x1d1000 bytes).
2020-06-23 05:51:12,484 [root] DEBUG: DLL loaded at 0x74880000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-06-23 05:51:12,515 [root] DEBUG: DLL loaded at 0x74610000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-06-23 05:51:12,609 [root] DEBUG: DLL loaded at 0x74E50000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-06-23 05:51:12,625 [root] DEBUG: DLL loaded at 0x76B50000: C:\Windows\system32\CLBCatQ (0x83000 bytes).
2020-06-23 05:51:12,656 [root] DEBUG: DLL loaded at 0x6AD20000: C:\Windows\system32\wbem\wbemdisp (0x31000 bytes).
2020-06-23 05:51:12,671 [root] DEBUG: DLL loaded at 0x6A730000: C:\Windows\system32\wbemcomn (0x5c000 bytes).
2020-06-23 05:51:12,687 [root] DEBUG: DLL loaded at 0x76480000: C:\Windows\system32\WS2_32 (0x35000 bytes).
2020-06-23 05:51:12,687 [root] DEBUG: DLL loaded at 0x76120000: C:\Windows\system32\NSI (0x6000 bytes).
2020-06-23 05:51:12,703 [root] INFO: Stopping WMI Service
2020-06-23 05:51:20,359 [root] INFO: Stopped WMI Service
2020-06-23 05:51:20,453 [lib.api.process] INFO: Monitor config for process 580: C:\tmpnwhtwc92\dll\580.ini
2020-06-23 05:51:20,468 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:51:20,484 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:51:20,500 [root] DEBUG: Loader: Injecting process 580 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:20,500 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFD4000 Local PEB 0x7FFDF000 Local TEB 0x7FFD5000: The operation completed successfully.
2020-06-23 05:51:20,500 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 4628, handle 0xa4
2020-06-23 05:51:20,500 [root] DEBUG: Process image base: 0x00BB0000
2020-06-23 05:51:20,515 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-06-23 05:51:20,515 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-06-23 05:51:20,546 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-06-23 05:51:20,593 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-23 05:51:20,593 [root] INFO: Disabling sleep skipping.
2020-06-23 05:51:20,625 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 580 at 0x6b510000, image base 0xbb0000, stack from 0x1296000-0x12a0000
2020-06-23 05:51:20,625 [root] DEBUG: Commandline: C:\Windows\System32\svchost.exe -k DcomLaunch.
2020-06-23 05:51:20,640 [root] INFO: Loaded monitor into process with pid 580
2020-06-23 05:51:20,671 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-23 05:51:20,671 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-23 05:51:20,671 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:22,687 [root] INFO: Starting WMI Service
2020-06-23 05:51:24,781 [root] INFO: Started WMI Service
2020-06-23 05:51:24,796 [lib.api.process] INFO: Monitor config for process 3336: C:\tmpnwhtwc92\dll\3336.ini
2020-06-23 05:51:24,828 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:51:24,843 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:51:24,843 [root] DEBUG: Loader: Injecting process 3336 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:24,875 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFD4000 Local PEB 0x7FFDF000 Local TEB 0x7FFDD000: The operation completed successfully.
2020-06-23 05:51:24,875 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-23 05:51:24,875 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-06-23 05:51:24,890 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-06-23 05:51:24,890 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-23 05:51:24,921 [root] INFO: Disabling sleep skipping.
2020-06-23 05:51:24,937 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3336 at 0x6b510000, image base 0xbb0000, stack from 0x6d6000-0x6e0000
2020-06-23 05:51:24,937 [root] DEBUG: Commandline: C:\Windows\System32\svchost.exe -k netsvcs.
2020-06-23 05:51:24,953 [root] INFO: Loaded monitor into process with pid 3336
2020-06-23 05:51:24,968 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-23 05:51:24,984 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-23 05:51:24,984 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:27,015 [root] DEBUG: DLL loaded at 0x6E270000: C:\Windows\system32\wbem\wbemprox (0xb000 bytes).
2020-06-23 05:51:27,015 [root] DEBUG: DLL loaded at 0x6E830000: C:\Windows\system32\wbemcomn2 (0x61000 bytes).
2020-06-23 05:51:27,031 [root] DEBUG: DLL loaded at 0x6D810000: C:\Windows\system32\wbem\wmiutils (0x1a000 bytes).
2020-06-23 05:51:27,046 [root] DEBUG: DLL loaded at 0x6E8F0000: C:\Windows\system32\VSSAPI (0x116000 bytes).
2020-06-23 05:51:27,046 [root] DEBUG: DLL loaded at 0x733A0000: C:\Windows\system32\ATL (0x14000 bytes).
2020-06-23 05:51:27,062 [root] DEBUG: DLL loaded at 0x6E820000: C:\Windows\system32\VssTrace (0x10000 bytes).
2020-06-23 05:51:27,062 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x1bc amd local view 0x00590000 to global list.
2020-06-23 05:51:27,062 [root] DEBUG: DLL loaded at 0x72D90000: C:\Windows\system32\samcli (0xf000 bytes).
2020-06-23 05:51:27,078 [root] DEBUG: DLL loaded at 0x73980000: C:\Windows\system32\SAMLIB (0x12000 bytes).
2020-06-23 05:51:27,093 [root] DEBUG: DLL loaded at 0x73C00000: C:\Windows\system32\netutils (0x9000 bytes).
2020-06-23 05:51:27,109 [root] DEBUG: DLL loaded at 0x733C0000: C:\Windows\system32\es (0x47000 bytes).
2020-06-23 05:51:27,125 [root] DEBUG: DLL loaded at 0x73A50000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2020-06-23 05:51:27,140 [root] DEBUG: DLL loaded at 0x6DD60000: C:\Windows\system32\wbem\wbemcore (0xf1000 bytes).
2020-06-23 05:51:27,140 [root] DEBUG: DLL loaded at 0x74330000: C:\Windows\system32\VERSION (0x9000 bytes).
2020-06-23 05:51:27,156 [root] DEBUG: DLL loaded at 0x6DD00000: C:\Windows\system32\wbem\esscli (0x4a000 bytes).
2020-06-23 05:51:27,156 [root] DEBUG: DLL loaded at 0x6E490000: C:\Windows\system32\wbem\FastProx (0xa6000 bytes).
2020-06-23 05:51:27,171 [root] DEBUG: DLL loaded at 0x6E300000: C:\Windows\system32\NTDSAPI (0x18000 bytes).
2020-06-23 05:51:27,171 [root] DEBUG: DLL unloaded from 0x6DD60000.
2020-06-23 05:51:27,171 [root] DEBUG: DLL loaded at 0x6DB90000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2020-06-23 05:51:27,171 [root] DEBUG: DLL loaded at 0x6DB90000: C:\Windows\system32\wbem\wbemsvc (0xf000 bytes).
2020-06-23 05:51:27,187 [root] DEBUG: DLL loaded at 0x74A30000: C:\Windows\system32\authZ (0x1b000 bytes).
2020-06-23 05:51:27,203 [root] DEBUG: DLL loaded at 0x6D810000: C:\Windows\system32\wbem\wmiutils (0x1a000 bytes).
2020-06-23 05:51:27,203 [root] DEBUG: DLL loaded at 0x6D690000: C:\Windows\system32\wbem\repdrvfs (0x47000 bytes).
2020-06-23 05:51:27,218 [root] DEBUG: DLL loaded at 0x74A60000: C:\Windows\system32\Wevtapi (0x42000 bytes).
2020-06-23 05:51:27,234 [root] DEBUG: DLL unloaded from 0x74A60000.
2020-06-23 05:51:27,593 [root] DEBUG: DLL loaded at 0x6CFD0000: C:\Windows\system32\wbem\wmiprvsd (0x91000 bytes).
2020-06-23 05:51:27,609 [root] DEBUG: DLL loaded at 0x6CE30000: C:\Windows\system32\NCObjAPI (0xf000 bytes).
2020-06-23 05:51:27,609 [root] DEBUG: OpenProcessHandler: Injection info created for Pid 580, handle 0x2c8.
2020-06-23 05:51:27,625 [root] DEBUG: DLL loaded at 0x6A550000: C:\Windows\system32\wbem\wbemess (0x5b000 bytes).
2020-06-23 05:51:27,812 [root] DEBUG: DLL loaded at 0x6E490000: C:\Windows\system32\wbem\fastprox (0xa6000 bytes).
2020-06-23 05:51:27,843 [root] DEBUG: DLL loaded at 0x74DC0000: C:\Windows\system32\SXS (0x5f000 bytes).
2020-06-23 05:51:27,875 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x2e0 amd local view 0x004F0000 to global list.
2020-06-23 05:51:27,875 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x2d0 amd local view 0x016B0000 to global list.
2020-06-23 05:51:28,015 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x2ec amd local view 0x6E330000 to global list.
2020-06-23 05:51:28,015 [root] DEBUG: DLL loaded at 0x6E330000: C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dde965f45fc6933d4ad380bea5e0438d\CustomMarshalers.ni (0x32000 bytes).
2020-06-23 05:51:28,031 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x72A20000 for section view with handle 0x2ec.
2020-06-23 05:51:28,031 [root] DEBUG: DLL loaded at 0x72A20000: C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers (0x18000 bytes).
2020-06-23 05:51:28,046 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00690000 for section view with handle 0x2ec.
2020-06-23 05:51:28,234 [root] DEBUG: DLL unloaded from 0x6DD60000.
2020-06-23 05:51:28,359 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x6A420000 for section view with handle 0x2ec.
2020-06-23 05:51:28,375 [root] DEBUG: DLL loaded at 0x6A420000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d3e15922b03ec29aed46615adda73f3d\System.Management.ni (0x123000 bytes).
2020-06-23 05:51:28,390 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:51:28,406 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:51:28,406 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x334 amd local view 0x6E290000 to global list.
2020-06-23 05:51:28,453 [root] DEBUG: DLL loaded at 0x6E290000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils (0x21000 bytes).
2020-06-23 05:51:30,140 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:51:33,437 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:51:38,546 [root] DEBUG: DLL unloaded from 0x76640000.
2020-06-23 05:51:51,484 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x354 amd local view 0x64A70000 to global list.
2020-06-23 05:51:51,500 [root] DEBUG: DLL loaded at 0x64A70000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni (0x73e000 bytes).
2020-06-23 05:51:51,625 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x324 amd local view 0x006B0000 to global list.
2020-06-23 05:51:51,640 [root] DEBUG: set_caller_info: Adding region at 0x00840000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2020-06-23 05:51:51,656 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x84ffff
2020-06-23 05:51:51,656 [root] DEBUG: DumpMemory: Nothing to dump at 0x00840000!
2020-06-23 05:51:51,671 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00840000 size 0x10000.
2020-06-23 05:51:51,671 [root] DEBUG: DumpPEsInRange: Scanning range 0x840000 - 0x841000.
2020-06-23 05:51:51,671 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x840000-0x841000.
2020-06-23 05:51:51,718 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\4128_20595474861061023262020 (size 0x75a)
2020-06-23 05:51:51,718 [root] DEBUG: DumpRegion: Dumped stack region from 0x00840000, size 0x1000.
2020-06-23 05:51:51,906 [root] DEBUG: DLL loaded at 0x71900000: C:\Windows\system32\vaultcli (0xc000 bytes).
2020-06-23 05:51:51,906 [root] DEBUG: DLL unloaded from 0x763B0000.
2020-06-23 05:51:52,046 [root] INFO: Announced starting service "b'VaultSvc'"
2020-06-23 05:51:52,062 [lib.api.process] INFO: Monitor config for process 464: C:\tmpnwhtwc92\dll\464.ini
2020-06-23 05:51:52,062 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:51:52,109 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:51:52,140 [root] DEBUG: Loader: Injecting process 464 (thread 0) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:52,140 [root] DEBUG: Error 0 (0x0) - GetProcessInitialThreadId: Remote PEB 0x7FFDF000 Local PEB 0x7FFDF000 Local TEB 0x7FFDD000: The operation completed successfully.
2020-06-23 05:51:52,156 [root] DEBUG: Error 299 (0x12b) - GetProcessInitialThreadId: Failed to read from process: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.
2020-06-23 05:51:52,156 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed, falling back to thread injection.
2020-06-23 05:51:52,187 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-06-23 05:51:52,187 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-23 05:51:52,187 [root] INFO: Disabling sleep skipping.
2020-06-23 05:51:52,203 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 464 at 0x6b510000, image base 0x280000, stack from 0xb36000-0xb40000
2020-06-23 05:51:52,218 [root] DEBUG: Commandline: C:\Windows\System32\services.exe.
2020-06-23 05:51:52,234 [root] INFO: Loaded monitor into process with pid 464
2020-06-23 05:51:52,249 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-23 05:51:52,265 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-23 05:51:52,265 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:53,281 [root] INFO: Announced 32-bit process name: lsass.exe pid: 3520
2020-06-23 05:51:53,281 [lib.api.process] INFO: Monitor config for process 3520: C:\tmpnwhtwc92\dll\3520.ini
2020-06-23 05:51:53,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:51:53,343 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:51:53,343 [root] DEBUG: Loader: Injecting process 3520 (thread 3456) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:53,359 [root] DEBUG: Process image base: 0x00240000
2020-06-23 05:51:53,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:53,375 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-06-23 05:51:53,375 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:53,375 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3520
2020-06-23 05:51:53,390 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\system32\lsass.exe.
2020-06-23 05:51:53,390 [root] DEBUG: CreateProcessHandler: Injection info set for new process 3520, ImageBase: 0x00240000
2020-06-23 05:51:53,390 [root] INFO: Announced 32-bit process name: lsass.exe pid: 3520
2020-06-23 05:51:53,390 [lib.api.process] INFO: Monitor config for process 3520: C:\tmpnwhtwc92\dll\3520.ini
2020-06-23 05:51:53,390 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmpnwhtwc92\dll\ipTyHYll.dll, loader C:\tmpnwhtwc92\bin\GabqMCc.exe
2020-06-23 05:51:53,421 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\nnnNWfHGwB.
2020-06-23 05:51:53,421 [root] DEBUG: Loader: Injecting process 3520 (thread 3456) with C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:53,421 [root] DEBUG: Process image base: 0x00240000
2020-06-23 05:51:53,437 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:53,437 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-06-23 05:51:53,437 [root] DEBUG: Successfully injected DLL C:\tmpnwhtwc92\dll\ipTyHYll.dll.
2020-06-23 05:51:53,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3520
2020-06-23 05:51:53,453 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 3520.
2020-06-23 05:51:53,468 [root] DEBUG: Python path set to 'C:\Users\Rebecca\AppData\Local\Programs\Python\Python38-32'.
2020-06-23 05:51:53,468 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-23 05:51:53,468 [root] INFO: Disabling sleep skipping.
2020-06-23 05:51:53,484 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-06-23 05:51:53,484 [root] DEBUG: CAPE initialised: 32-bit monitor loaded in process 3520 at 0x6b510000, image base 0x240000, stack from 0x86000-0x90000
2020-06-23 05:51:53,484 [root] DEBUG: Commandline: C:\Windows\System32\lsass.exe.
2020-06-23 05:51:53,500 [root] INFO: Loaded monitor into process with pid 3520
2020-06-23 05:51:57,171 [root] DEBUG: DLL unloaded from 0x76640000.
2020-06-23 05:52:03,359 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:52:03,375 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x3e4 amd local view 0x004E0000 to global list.
2020-06-23 05:52:03,375 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x3e8 amd local view 0x00830000 to global list.
2020-06-23 05:52:03,406 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x004E0000 for section view with handle 0x3e8.
2020-06-23 05:52:03,406 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x00830000 for section view with handle 0x3e4.
2020-06-23 05:52:03,406 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x3f0 amd local view 0x004E0000 to global list.
2020-06-23 05:52:03,421 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x3c8 amd local view 0x004E0000 to global list.
2020-06-23 05:52:03,437 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:52:23,468 [root] INFO: Process with pid 3520 has terminated
2020-06-23 05:52:23,515 [root] DEBUG: DLL loaded at 0x6CC40000: C:\Windows\system32\wshom.ocx (0x21000 bytes).
2020-06-23 05:52:23,531 [root] DEBUG: DLL loaded at 0x714F0000: C:\Windows\system32\MPR (0x12000 bytes).
2020-06-23 05:52:23,546 [root] DEBUG: DLL loaded at 0x6CC10000: C:\Windows\system32\ScrRun (0x2a000 bytes).
2020-06-23 05:52:23,609 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x408 amd local view 0x004E0000 to global list.
2020-06-23 05:52:23,625 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x348 amd local view 0x00830000 to global list.
2020-06-23 05:52:23,703 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x400 amd local view 0x00850000 to global list.
2020-06-23 05:52:53,781 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x264 amd local view 0x69DA0000 to global list.
2020-06-23 05:52:53,781 [root] DEBUG: DLL loaded at 0x69DA0000: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni (0xfc000 bytes).
2020-06-23 05:52:53,812 [root] DEBUG: DLL loaded at 0x6E090000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32 (0x84000 bytes).
2020-06-23 05:53:09,656 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:53:15,046 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:53:15,046 [root] DEBUG: set_caller_info: Adding region at 0x00930000 to caller regions list (user32::GetSystemMetrics).
2020-06-23 05:53:15,078 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x93ffff
2020-06-23 05:53:15,078 [root] DEBUG: DumpMemory: Nothing to dump at 0x00930000!
2020-06-23 05:53:17,453 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x00930000 size 0x10000.
2020-06-23 05:53:17,453 [root] DEBUG: DumpPEsInRange: Scanning range 0x930000 - 0x931000.
2020-06-23 05:53:23,656 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x930000-0x931000.
2020-06-23 05:53:35,656 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\LkVeer\CAPE\4128_164175542629311023262020 (size 0x4c2)
2020-06-23 05:53:35,656 [root] DEBUG: DumpRegion: Dumped stack region from 0x00930000, size 0x1000.
2020-06-23 05:53:41,656 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:53:41,703 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x438 amd local view 0x737A0000 to global list.
2020-06-23 05:53:43,125 [root] DEBUG: DLL loaded at 0x737A0000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\gdiplus (0x192000 bytes).
2020-06-23 05:53:43,671 [root] DEBUG: DLL loaded at 0x731D0000: C:\Windows\system32\WindowsCodecs (0x131000 bytes).
2020-06-23 05:53:48,031 [root] INFO: Analysis timeout hit, terminating analysis.
2020-06-23 05:53:48,031 [lib.api.process] INFO: Terminate event set for process 4128
2020-06-23 05:53:49,656 [root] DEBUG: Terminate Event: Attempting to dump process 4128
2020-06-23 05:53:52,921 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00400000.
2020-06-23 05:53:53,031 [lib.api.process] INFO: Termination confirmed for process 4128
2020-06-23 05:53:53,031 [root] INFO: Terminate event set for process 4128.
2020-06-23 05:53:53,031 [lib.api.process] INFO: Terminate event set for process 580
2020-06-23 05:53:53,937 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-06-23 05:53:58,046 [lib.api.process] INFO: Termination confirmed for process 580
2020-06-23 05:53:58,046 [root] INFO: Terminate event set for process 580.
2020-06-23 05:53:58,046 [lib.api.process] INFO: Terminate event set for process 3336
2020-06-23 05:53:59,656 [root] DEBUG: Terminate Event: Attempting to dump process 3336
2020-06-23 05:54:03,062 [lib.api.process] INFO: Termination confirmed for process 3336
2020-06-23 05:54:03,062 [root] INFO: Terminate event set for process 3336.
2020-06-23 05:54:03,062 [lib.api.process] INFO: Terminate event set for process 464
2020-06-23 05:54:05,687 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 4128.
2020-06-23 05:54:06,890 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00BB0000.
2020-06-23 05:54:06,921 [lib.api.process] INFO: Termination confirmed for process 464
2020-06-23 05:54:06,921 [root] INFO: Terminate event set for process 464.
2020-06-23 05:54:06,921 [root] INFO: Created shutdown mutex.
2020-06-23 05:54:07,953 [root] INFO: Shutting down package.
2020-06-23 05:54:07,953 [root] INFO: Stopping auxiliary modules.
2020-06-23 05:54:21,906 [lib.common.results] WARNING: File C:\LkVeer\bin\procmon.xml doesn't exist anymore
2020-06-23 05:54:21,906 [root] INFO: Finishing auxiliary modules.
2020-06-23 05:54:21,906 [root] INFO: Shutting down pipe server and dumping dropped files.
2020-06-23 05:54:21,921 [root] WARNING: Folder at path "C:\LkVeer\debugger" does not exist, skip.
2020-06-23 05:54:21,921 [root] INFO: Analysis completed.

Machine

Name Label Manager Started On Shutdown On
win7_1 win7_1 KVM 2020-06-23 05:50:23 2020-06-23 05:56:13

File Details

File Name Payment receipt.exe
File Size 614912 bytes
File Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
PE timestamp 2020-03-23 03:18:58
MD5 ed8fbce4251f14a07aa286ef91905814
SHA1 6f70733c1d6cd98a4eb07b83926eabd9bf5f8b68
SHA256 4a3cc5b8ceaffa6473613934515d9f5b96668a952f4103d177593b9041c650c8
SHA512 71394fa50078b898359906c1763b3e228a5798cb5bac8466b4be3069025377c92731c42f50dd3fd1a3711ef4ad347d16e51bfd445936e2a9cf6511dcb3f6e992
CRC32 DFE827FB
Ssdeep 12288:IcolqPU8PSYtEe4cDMXANmc6TD7obnaWlHZcP:wq80SaHNeD7obnaWl2
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction - unpacking
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 4128 trigged the Yara rule 'AgentTeslaV2'
Hit: PID 5664 trigged the Yara rule 'AgentTeslaV2'
Creates RWX memory
Guard pages use detected - possible anti-debugging.
A process attempted to delay the analysis task.
Process: InstallUtil.exe tried to sleep 734.991 seconds, actually delayed analysis time by 0.0 seconds
Dynamic (imported) function loading detected
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: cryptbase.dll/SystemFunction036
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: clrjit.dll/jitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptExportKey
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: KERNEL32.dll/LocalAlloc
DynamicLoader: MSVCR120_CLR0400.dll/[email protected]@Z
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: SHLWAPI.dll/PathAppendW
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/LoadLibraryExW
DynamicLoader: dwrite.dll/DWriteCreateFactory
DynamicLoader: SHLWAPI.dll/PathCombineW
DynamicLoader: KERNEL32.dll/LoadLibraryW
DynamicLoader: GDI32.dll/GdiEntry13
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/OpenProcess
DynamicLoader: KERNEL32.dll/OpenProcessW
DynamicLoader: PSAPI.DLL/EnumProcessModules
DynamicLoader: PSAPI.DLL/EnumProcessModulesW
DynamicLoader: PSAPI.DLL/GetModuleInformation
DynamicLoader: PSAPI.DLL/GetModuleInformationW
DynamicLoader: PSAPI.DLL/GetModuleBaseName
DynamicLoader: PSAPI.DLL/GetModuleBaseNameW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: PSAPI.DLL/GetModuleFileNameEx
DynamicLoader: PSAPI.DLL/GetModuleFileNameExW
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: KERNEL32.dll/DeleteFile
DynamicLoader: KERNEL32.dll/DeleteFileW
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQuerySystemInformationW
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: KERNEL32.dll/CompareStringOrdinal
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: KERNEL32.dll/ResolveLocaleName
DynamicLoader: nlssorting.dll/SortGetHandle
DynamicLoader: nlssorting.dll/SortCloseHandle
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: GDI32.dll/ExtTextOutW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: gdiplus.dll/GdipLoadImageFromStream
DynamicLoader: WindowsCodecs.dll/DllGetClassObject
DynamicLoader: gdiplus.dll/GdipImageForceValidation
DynamicLoader: gdiplus.dll/GdipGetImageType
DynamicLoader: gdiplus.dll/GdipGetImageRawFormat
DynamicLoader: gdiplus.dll/GdipGetImageWidth
DynamicLoader: gdiplus.dll/GdipGetImageHeight
DynamicLoader: gdiplus.dll/GdipGetImageEncodersSize
DynamicLoader: gdiplus.dll/GdipGetImageEncoders
DynamicLoader: KERNEL32.dll/LocalFree
DynamicLoader: gdiplus.dll/GdipSaveImageToStream
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: gdiplus.dll/GdipCreateBitmapFromStream
DynamicLoader: gdiplus.dll/GdipBitmapLockBits
DynamicLoader: gdiplus.dll/GdipBitmapUnlockBits
DynamicLoader: gdiplus.dll/GdipDisposeImage
DynamicLoader: KERNEL32.dll/GetTempPath
DynamicLoader: KERNEL32.dll/GetTempPathW
DynamicLoader: shell32.dll/SHGetFolderPath
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/CopyFileEx
DynamicLoader: KERNEL32.dll/CopyFileExW
DynamicLoader: ntdll.dll/NtQueryInformationThread
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: KERNEL32.dll/CreateWaitableTimerExW
DynamicLoader: KERNEL32.dll/SetWaitableTimerEx
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ADVAPI32.dll/CreateProcessAsUser
DynamicLoader: ADVAPI32.dll/CreateProcessAsUserW
DynamicLoader: bcrypt.dll/BCryptGetFipsAlgorithmMode
DynamicLoader: CRYPTSP.dll/CryptGetDefaultProviderW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: KERNEL32.dll/GetThreadContext
DynamicLoader: KERNEL32.dll/ReadProcessMemory
DynamicLoader: KERNEL32.dll/VirtualAllocEx
DynamicLoader: KERNEL32.dll/WriteProcessMemory
DynamicLoader: KERNEL32.dll/WriteProcessMemory
DynamicLoader: KERNEL32.dll/WriteProcessMemory
DynamicLoader: KERNEL32.dll/WriteProcessMemory
DynamicLoader: KERNEL32.dll/WriteProcessMemory
DynamicLoader: KERNEL32.dll/SetThreadContext
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/ResumeThread
DynamicLoader: KERNEL32.dll/FreeLibrary
DynamicLoader: MSVCR120_CLR0400.dll/[email protected]@Z
DynamicLoader: MSVCR120_CLR0400.dll/_unlock
DynamicLoader: MSVCR120_CLR0400.dll/_lock
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: KERNEL32.dll/CreateActCtxW
DynamicLoader: KERNEL32.dll/AddRefActCtx
DynamicLoader: KERNEL32.dll/ReleaseActCtx
DynamicLoader: KERNEL32.dll/ActivateActCtx
DynamicLoader: KERNEL32.dll/DeactivateActCtx
DynamicLoader: KERNEL32.dll/GetCurrentActCtx
DynamicLoader: KERNEL32.dll/QueryActCtxW
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: KERNEL32.dll/AcquireSRWLockExclusive
DynamicLoader: KERNEL32.dll/ReleaseSRWLockExclusive
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: cryptbase.dll/SystemFunction036
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: clrjit.dll/jitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: nlssorting.dll/SortGetHandle
DynamicLoader: nlssorting.dll/SortCloseHandle
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: bcrypt.dll/BCryptGetFipsAlgorithmMode
DynamicLoader: KERNEL32.dll/GetModuleHandle
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: KERNEL32.dll/WideCharToMultiByte
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: USER32.dll/RegisterClass
DynamicLoader: USER32.dll/RegisterClassW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: USER32.dll/CreateWindowEx
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/GetWindowLong
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentThread
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: KERNEL32.dll/GetCurrentThreadId
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/CallWindowProc
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/RegisterWindowMessage
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQuerySystemInformationW
DynamicLoader: CRYPTSP.dll/CryptGetDefaultProviderW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoGetObjectContext
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ole32.dll/MkParseDisplayName
DynamicLoader: KERNEL32.dll/GetThreadPreferredUILanguages
DynamicLoader: KERNEL32.dll/SetThreadPreferredUILanguages
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetSystemDefaultLocaleName
DynamicLoader: fastprox.dll/DllGetClassObject
DynamicLoader: fastprox.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/BindMoniker
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: SXS.DLL/SxsLookupClrGuid
DynamicLoader: KERNEL32.dll/ReleaseActCtx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mscoreei.dll/_CorDllMain_RetAddr
DynamicLoader: mscoreei.dll/_CorDllMain
DynamicLoader: MSCOREE.DLL/GetTokenForVTableEntry
DynamicLoader: MSCOREE.DLL/SetTargetForVTableEntry
DynamicLoader: MSCOREE.DLL/GetTargetForVTableEntry
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry_RetAddr
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry_RetAddr
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry
DynamicLoader: mscoreei.dll/GetTargetForVTableEntry_RetAddr
DynamicLoader: mscoreei.dll/GetTargetForVTableEntry
DynamicLoader: KERNEL32.dll/GetLastError
DynamicLoader: KERNEL32.dll/LocalAlloc
DynamicLoader: KERNEL32.dll/CreateEvent
DynamicLoader: KERNEL32.dll/CreateEventW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/SetEvent
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: ole32.dll/IIDFromString
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: KERNEL32.dll/LoadLibrary
DynamicLoader: KERNEL32.dll/LoadLibraryA
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: wminet_utils.dll/ResetSecurity
DynamicLoader: wminet_utils.dll/SetSecurity
DynamicLoader: wminet_utils.dll/BlessIWbemServices
DynamicLoader: wminet_utils.dll/BlessIWbemServicesObject
DynamicLoader: wminet_utils.dll/GetPropertyHandle
DynamicLoader: wminet_utils.dll/WritePropertyValue
DynamicLoader: wminet_utils.dll/Clone
DynamicLoader: wminet_utils.dll/VerifyClientKey
DynamicLoader: wminet_utils.dll/GetQualifierSet
DynamicLoader: wminet_utils.dll/Get
DynamicLoader: wminet_utils.dll/Put
DynamicLoader: wminet_utils.dll/Delete
DynamicLoader: wminet_utils.dll/GetNames
DynamicLoader: wminet_utils.dll/BeginEnumeration
DynamicLoader: wminet_utils.dll/Next
DynamicLoader: wminet_utils.dll/EndEnumeration
DynamicLoader: wminet_utils.dll/GetPropertyQualifierSet
DynamicLoader: wminet_utils.dll/Clone
DynamicLoader: wminet_utils.dll/GetObjectText
DynamicLoader: wminet_utils.dll/SpawnDerivedClass
DynamicLoader: wminet_utils.dll/SpawnInstance
DynamicLoader: wminet_utils.dll/CompareTo
DynamicLoader: wminet_utils.dll/GetPropertyOrigin
DynamicLoader: wminet_utils.dll/InheritsFrom
DynamicLoader: wminet_utils.dll/GetMethod
DynamicLoader: wminet_utils.dll/PutMethod
DynamicLoader: wminet_utils.dll/DeleteMethod
DynamicLoader: wminet_utils.dll/BeginMethodEnumeration
DynamicLoader: wminet_utils.dll/NextMethod
DynamicLoader: wminet_utils.dll/EndMethodEnumeration
DynamicLoader: wminet_utils.dll/GetMethodQualifierSet
DynamicLoader: wminet_utils.dll/GetMethodOrigin
DynamicLoader: wminet_utils.dll/QualifierSet_Get
DynamicLoader: wminet_utils.dll/QualifierSet_Put
DynamicLoader: wminet_utils.dll/QualifierSet_Delete
DynamicLoader: wminet_utils.dll/QualifierSet_GetNames
DynamicLoader: wminet_utils.dll/QualifierSet_BeginEnumeration
DynamicLoader: wminet_utils.dll/QualifierSet_Next
DynamicLoader: wminet_utils.dll/QualifierSet_EndEnumeration
DynamicLoader: wminet_utils.dll/GetCurrentApartmentType
DynamicLoader: wminet_utils.dll/GetDemultiplexedStub
DynamicLoader: wminet_utils.dll/CreateInstanceEnumWmi
DynamicLoader: wminet_utils.dll/CreateClassEnumWmi
DynamicLoader: wminet_utils.dll/ExecQueryWmi
DynamicLoader: wminet_utils.dll/ExecNotificationQueryWmi
DynamicLoader: wminet_utils.dll/PutInstanceWmi
DynamicLoader: wminet_utils.dll/PutClassWmi
DynamicLoader: wminet_utils.dll/CloneEnumWbemClassObject
DynamicLoader: wminet_utils.dll/ConnectServerWmi
DynamicLoader: wminet_utils.dll/GetErrorInfo
DynamicLoader: wminet_utils.dll/Initialize
DynamicLoader: OLEAUT32.dll/SysStringLen
DynamicLoader: KERNEL32.dll/RtlZeroMemory
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: KERNEL32.dll/RegOpenKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: KERNEL32.dll/GetEnvironmentVariable
DynamicLoader: KERNEL32.dll/GetEnvironmentVariableW
DynamicLoader: ADVAPI32.dll/GetUserName
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: KERNEL32.dll/GetComputerName
DynamicLoader: KERNEL32.dll/GetComputerNameW
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ntdll.dll/NtQueryInformationThread
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: KERNEL32.dll/CreateWaitableTimerExW
DynamicLoader: KERNEL32.dll/SetWaitableTimerEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: shell32.dll/SHGetFolderPath
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptExportKey
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: KERNEL32.dll/CreateFile
DynamicLoader: KERNEL32.dll/CreateFileW
DynamicLoader: KERNEL32.dll/FindFirstFile
DynamicLoader: KERNEL32.dll/FindFirstFileW
DynamicLoader: KERNEL32.dll/FindClose
DynamicLoader: OLEAUT32.dll/
DynamicLoader: KERNEL32.dll/FindNextFile
DynamicLoader: KERNEL32.dll/FindNextFileW
DynamicLoader: KERNEL32.dll/GetFileType
DynamicLoader: KERNEL32.dll/GetFileSize
DynamicLoader: KERNEL32.dll/ReadFile
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: KERNEL32.dll/GetACP
DynamicLoader: KERNEL32.dll/UnmapViewOfFile
DynamicLoader: vaultcli.dll/VaultEnumerateVaults
DynamicLoader: KERNEL32.dll/GetSystemTimeAsFileTime
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: KERNEL32.dll/GetDynamicTimeZoneInformation
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/GetFileMUIPath
DynamicLoader: KERNEL32.dll/LoadLibraryEx
DynamicLoader: KERNEL32.dll/LoadLibraryExW
DynamicLoader: KERNEL32.dll/FreeLibrary
DynamicLoader: KERNEL32.dll/FreeLibraryW
DynamicLoader: USER32.dll/LoadStringW
DynamicLoader: USER32.dll/GetLastInputInfo
DynamicLoader: ole32.dll/CLSIDFromProgIDEx
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/SetClipboardViewer
DynamicLoader: USER32.dll/SetClipboardViewerW
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/OleGetClipboard
DynamicLoader: KERNEL32.dll/GlobalLock
DynamicLoader: KERNEL32.dll/GlobalUnlock
DynamicLoader: KERNEL32.dll/GlobalFree
DynamicLoader: USER32.dll/SendMessage
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: USER32.dll/SetWindowsHookEx
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: KERNEL32.dll/CompareStringOrdinal
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentProcessW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/LoadLibraryEx
DynamicLoader: KERNEL32.dll/LoadLibraryExW
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetParent
DynamicLoader: ole32.dll/CoRegisterMessageFilter
DynamicLoader: USER32.dll/PeekMessage
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/WaitMessage
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/GetMonitorInfo
DynamicLoader: USER32.dll/GetMonitorInfoW
DynamicLoader: GDI32.dll/CreateDC
DynamicLoader: GDI32.dll/CreateDCW
DynamicLoader: GDI32.dll/GetDeviceCaps
DynamicLoader: GDI32.dll/DeleteDC
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformation
DynamicLoader: USER32.dll/GetUserObjectInformationA
DynamicLoader: KERNEL32.dll/SetConsoleCtrlHandler
DynamicLoader: KERNEL32.dll/SetConsoleCtrlHandlerW
DynamicLoader: KERNEL32.dll/GetModuleHandle
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: USER32.dll/GetClassInfo
DynamicLoader: USER32.dll/GetClassInfoW
DynamicLoader: USER32.dll/RegisterClass
DynamicLoader: USER32.dll/RegisterClassW
DynamicLoader: USER32.dll/CreateWindowEx
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProc
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: GDI32.dll/ExtTextOutW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: gdiplus.dll/GdipCreateBitmapFromScan0
DynamicLoader: gdiplus.dll/GdipGetImageEncodersSize
DynamicLoader: gdiplus.dll/GdipGetImageEncoders
DynamicLoader: KERNEL32.dll/LocalFree
DynamicLoader: gdiplus.dll/GdipGetImagePixelFormat
DynamicLoader: gdiplus.dll/GdipGetImageGraphicsContext
DynamicLoader: USER32.dll/GetDC
DynamicLoader: GDI32.dll/GetCurrentObject
DynamicLoader: gdiplus.dll/GdipGetDC
DynamicLoader: GDI32.dll/BitBlt
DynamicLoader: gdiplus.dll/GdipReleaseDC
DynamicLoader: USER32.dll/ReleaseDC
DynamicLoader: gdiplus.dll/GdipSaveImageToStream
DynamicLoader: WindowsCodecs.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: KERNEL32.dll/GetTimeZoneInformation
DynamicLoader: KERNEL32.dll/EnumCalendarInfoExEx
DynamicLoader: KERNEL32.dll/GetCalendarInfoEx
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/EnumTimeFormatsEx
DynamicLoader: ole32.dll/CoGetObjectContext
DynamicLoader: KERNEL32.dll/GetTempPath
DynamicLoader: KERNEL32.dll/GetTempPathW
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI
DynamicLoader: VSSAPI.DLL/CreateWriter
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ADVAPI32.dll/LookupAccountNameW
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: samcli.dll/NetLocalGroupGetMembers
DynamicLoader: SAMLIB.dll/SamConnect
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: SAMLIB.dll/SamOpenDomain
DynamicLoader: SAMLIB.dll/SamLookupNamesInDomain
DynamicLoader: SAMLIB.dll/SamOpenAlias
DynamicLoader: SAMLIB.dll/SamFreeMemory
DynamicLoader: SAMLIB.dll/SamCloseHandle
DynamicLoader: SAMLIB.dll/SamGetMembersInAlias
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/StringFromCLSID
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: PROPSYS.dll/VariantToPropVariant
DynamicLoader: OLEAUT32.dll/
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemsvc.dll/DllGetClassObject
DynamicLoader: wbemsvc.dll/DllCanUnloadNow
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken
DynamicLoader: authZ.dll/AuthzInitializeObjectAccessAuditEvent2
DynamicLoader: authZ.dll/AuthzAccessCheck
DynamicLoader: authZ.dll/AuthzFreeAuditEvent
DynamicLoader: authZ.dll/AuthzFreeContext
DynamicLoader: authZ.dll/AuthzInitializeResourceManager
DynamicLoader: authZ.dll/AuthzFreeResourceManager
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcBindingCreateW
DynamicLoader: RPCRT4.dll/RpcBindingBind
DynamicLoader: RPCRT4.dll/I_RpcMapWin32Status
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventActivityIdControl
DynamicLoader: ADVAPI32.dll/EventWriteTransfer
DynamicLoader: ADVAPI32.dll/EventEnabled
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: kernel32.dll/RegSetValueExW
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: wmisvc.dll/IsImproperShutdownDetected
DynamicLoader: Wevtapi.dll/EvtRender
DynamicLoader: Wevtapi.dll/EvtNext
DynamicLoader: Wevtapi.dll/EvtClose
DynamicLoader: Wevtapi.dll/EvtQuery
DynamicLoader: Wevtapi.dll/EvtCreateRenderContext
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcBindingSetOption
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI
DynamicLoader: ole32.dll/CoCreateFreeThreadedMarshaler
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CreateStreamOnHGlobal
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: KERNELBASE.dll/InitializeAcl
DynamicLoader: KERNELBASE.dll/AddAce
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: kernel32.dll/OpenProcessToken
DynamicLoader: KERNELBASE.dll/GetTokenInformation
DynamicLoader: KERNELBASE.dll/DuplicateTokenEx
DynamicLoader: KERNELBASE.dll/AdjustTokenPrivileges
DynamicLoader: KERNELBASE.dll/AllocateAndInitializeSid
DynamicLoader: KERNELBASE.dll/CheckTokenMembership
DynamicLoader: kernel32.dll/SetThreadToken
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken
DynamicLoader: authZ.dll/AuthzInitializeResourceManager
DynamicLoader: authZ.dll/AuthzInitializeContextFromSid
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken
DynamicLoader: authZ.dll/AuthzAccessCheck
DynamicLoader: authZ.dll/AuthzFreeContext
DynamicLoader: authZ.dll/AuthzFreeResourceManager
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetCallContext
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: ole32.dll/CoImpersonateClient
DynamicLoader: ole32.dll/CoRevertToSelf
DynamicLoader: ole32.dll/CoSwitchCallContext
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: SspiCli.dll/LogonUserExExW
DynamicLoader: kernel32.dll/ResolveDelayLoadedAPI
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
CAPE extracted potentially suspicious content
Payment receipt.exe: AgentTeslaV2 Payload: 32-bit executable
Payment receipt.exe: AgentTeslaV2
Payment receipt.exe: Unpacked Shellcode
InstallUtil.exe: Unpacked Shellcode
Payment receipt.exe: Injected Shellcode/Data
InstallUtil.exe: Unpacked Shellcode
InstallUtil.exe: Unpacked Shellcode
Payment receipt.exe: Unpacked Shellcode
InstallUtil.exe: Unpacked Shellcode
Payment receipt.exe: Unpacked Shellcode
Payment receipt.exe: Injected Shellcode/Data
InstallUtil.exe: Unpacked Shellcode
Payment receipt.exe: Unpacked Shellcode
Payment receipt.exe: Unpacked Shellcode
InstallUtil.exe: Unpacked Shellcode
Drops a binary and executes it
binary: C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe
Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
ip: 1.1.1.1
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe
Attempts to remove evidence of file being downloaded from the Internet
file: C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe:Zone.Identifier
Behavioural detection: Injection (Process Hollowing)
Injection: Payment receipt.exe(5664) -> InstallUtil.exe(4128)
Executed a process and injected code into it, probably while unpacking
Injection: Payment receipt.exe(5664) -> InstallUtil.exe(4128)
Sniffs keystrokes
SetWindowsHookExW: Process: InstallUtil.exe(4128)
Behavioural detection: Injection (inter-process)
Behavioural detection: Injection with CreateRemoteThread in a remote process
Attempts to repeatedly call a single API many times in order to delay analysis time
Spam: services.exe (464) called API GetSystemTimeAsFileTime 9824312 times
Steals private information from local Internet browsers
file: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Login Data
file: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\profiles.ini
file: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\48wgv2fv.default\key4.db
Network activity detected but not expressed in API logs
Attempts to bypass application whitelisting by copying and executing .NET utility in a suspended state, potentially for injection
Copy: c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
Process: Payment receipt.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
Copy: c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
Process: Payment receipt.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
Copy: c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
Process: Payment receipt.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
Copy: c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
Process: Payment receipt.exe > c:\users\rebecca\appdata\local\temp\installutil.exe
CAPE detected the AgentTeslaV2 malware family
Harvests credentials from local FTP client softwares
file: C:\Users\Rebecca\AppData\Roaming\FileZilla\recentservers.xml
file: C:\Users\Rebecca\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\*.xml
file: C:\Users\Rebecca\AppData\Roaming\FTPGetter\servers.xml
file: C:\Users\Rebecca\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
file: C:\cftp\Ftplist.txt
key: HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites
Harvests information related to installed mail clients
file: C:\Users\Rebecca\AppData\Roaming\Thunderbird\profiles.ini
key: HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

DNS

No domains contacted.


Summary

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe.config
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-2.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\System32\api-ms-win-core-quirks-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Users
C:\Users\Rebecca
C:\Users\Rebecca\AppData
C:\Users\Rebecca\AppData\Local
C:\Users\Rebecca\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\F%y\*
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol224.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.Net\assembly\GAC_32\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2cf8ec33054bf9d59892861776b13716\PresentationFramework.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2cf8ec33054bf9d59892861776b13716\PresentationFramework.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fad2ba18a244bf307910025c81b52f1e\WindowsBase.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fad2ba18a244bf307910025c81b52f1e\WindowsBase.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4f7c4bba7641e71c1b15384ca408fa9b\PresentationCore.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4f7c4bba7641e71c1b15384ca408fa9b\PresentationCore.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\15a0c54648649e65f75ca4010468c7e2\System.Xaml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\15a0c54648649e65f75ca4010468c7e2\System.Xaml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\SHLWAPI.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
C:\Users\Rebecca\AppData\Local\Temp\MSVCP120_CLR0400.dll
C:\Windows\System32\MSVCP120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\5c5ed836d2a372987cc8f735310cc369\Microsoft.Build.Utilities.v4.0.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\5c5ed836d2a372987cc8f735310cc369\Microsoft.Build.Utilities.v4.0.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\ee81fa2e7f333ee787a423c2e39ee3a3\System.Numerics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\ee81fa2e7f333ee787a423c2e39ee3a3\System.Numerics.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\psapi.dll
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe:Zone.Identifier
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Users\Rebecca\AppData\Local\Temp\en-US\F%y.resources.dll
C:\Users\Rebecca\AppData\Local\Temp\en-US\F%y.resources\F%y.resources.dll
C:\Users\Rebecca\AppData\Local\Temp\en-US\F%y.resources.exe
C:\Users\Rebecca\AppData\Local\Temp\en-US\F%y.resources\F%y.resources.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Users\Rebecca\AppData\Local\Temp\en\F%y.resources.dll
C:\Users\Rebecca\AppData\Local\Temp\en\F%y.resources\F%y.resources.dll
C:\Users\Rebecca\AppData\Local\Temp\en\F%y.resources.exe
C:\Users\Rebecca\AppData\Local\Temp\en\F%y.resources\F%y.resources.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe.config
C:\Windows\assembly\NativeImages_v4.0.30319_32\WBGGNWCGGObad23c8c1#\*
C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.INI
C:\Windows\Microsoft.Net\assembly\GAC_32\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
C:\Windows\System32\wbem\wbemdisp.tlb
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\OLEAUT32.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dde965f45fc6933d4ad380bea5e0438d\CustomMarshalers.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dde965f45fc6933d4ad380bea5e0438d\CustomMarshalers.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll.config
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d3e15922b03ec29aed46615adda73f3d\System.Management.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d3e15922b03ec29aed46615adda73f3d\System.Management.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\oleaut32.dll
C:\%insfolder%\%insname%
C:\Users\Rebecca\AppData\Roaming\Opera Software\Opera Stable
C:\Users\Rebecca\AppData\Local\CatalinaGroup\Citrio\User Data
C:\Users\Rebecca\AppData\Local\Vivaldi\User Data
C:\Users\Rebecca\AppData\Local\Yandex\YandexBrowser\User Data
C:\Users\Rebecca\AppData\Local\Torch\User Data
C:\Users\Rebecca\AppData\Local\360Chrome\Chrome\User Data
C:\Users\Rebecca\AppData\Local\Iridium\User Data
C:\Users\Rebecca\AppData\Local\liebao\User Data
C:\Users\Rebecca\AppData\Local\uCozMedia\Uran\User Data
C:\Users\Rebecca\AppData\Local\Comodo\Dragon\User Data
C:\Users\Rebecca\AppData\Local\QIP Surf\User Data
C:\Users\Rebecca\AppData\Local\Epic Privacy Browser\User Data
C:\Users\Rebecca\AppData\Local\7Star\7Star\User Data
C:\Users\Rebecca\AppData\Local\CentBrowser\User Data
C:\Users\Rebecca\AppData\Local\Coowon\Coowon\User Data
C:\Users\Rebecca\AppData\Local\Orbitum\User Data
C:\Users\Rebecca\AppData\Local\MapleStudio\ChromePlus\User Data
C:\Users\Rebecca\AppData\Local\Elements Browser\User Data
C:\Users\Rebecca\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
C:\Users\Rebecca\AppData\Local\Sputnik\Sputnik\User Data
C:\Users\Rebecca\AppData\Local\Amigo\User Data
C:\Users\Rebecca\AppData\Local\Kometa\User Data
C:\Users\Rebecca\AppData\Local\Chromium\User Data
C:\Users\Rebecca\AppData\Local\BraveSoftware\Brave-Browser\User Data
C:\Users\Rebecca\AppData\Local\CocCoc\Browser\User Data
C:\Users\Rebecca\AppData\Local\Chedot\User Data
C:\FTP Navigator\Ftplist.txt
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
C:\Users\Rebecca\AppData\Roaming\Psi\profiles
C:\Users\Rebecca\AppData\Roaming\Psi+\profiles
C:\Users\Rebecca\AppData\Roaming\Waterfox\profiles.ini
C:\Users\Rebecca\AppData\Roaming\FileZilla\recentservers.xml
C:\Users\Rebecca\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\*.xml
C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\
C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\*
C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Login Data
C:\Users\Rebecca\AppData\Roaming\Thunderbird\profiles.ini
C:\Storage\
C:\mail\
C:\Users\Rebecca\AppData\Local\VirtualStore\Program Files\Foxmail\mail\
C:\Users\Rebecca\AppData\Local\VirtualStore\Program Files (x86)\Foxmail\mail\
C:\Users\Rebecca\AppData\Roaming\K-Meleon\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\icecat\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Claws-mail
C:\Users\Rebecca\AppData\Roaming\Claws-mail\clawsrc
C:\Users\Rebecca\AppData\Roaming\Trillian\users\global\accounts.dat
C:\cftp\Ftplist.txt
C:\Users\Rebecca\AppData\Roaming\Ipswitch\WS_FTP\Sites\ws_ftp.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
C:\Users\Rebecca\AppData\Local\Microsoft\Edge\User Data
C:\Users\Rebecca\AppData\Local\Temp\vaultcli.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\en-US\tzres.dll.mui
C:\Users\Rebecca\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
C:\Users\Rebecca\AppData\Roaming\Pocomail\accounts.ini
C:\Users\Rebecca\AppData\Roaming\CoreFTP\sites.idx
C:\Windows\System32\wshom.ocx
C:\Windows\System32\en-US\wshom.ocx.mui
C:\Users\Rebecca\AppData\Roaming\Postbox\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
C:\Users\Rebecca\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
C:\Users\Rebecca\AppData\Local\falkon\profiles\profiles.ini
C:\Program Files\Common Files\Apple\Apple Application Support\plutil.exe
C:\Users\Rebecca\AppData\Local\Tencent\QQBrowser\User Data
C:\Users\Rebecca\AppData\Local\Tencent\QQBrowser\User Data\Default\EncryptedStorage
C:\Users\Rebecca\AppData\Local\UCBrowser\*
C:\Users\Rebecca\AppData\Roaming\The Bat!
C:\Users\Rebecca\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
C:\Program Files\jDownloader\config\database.script
C:\Users\Rebecca\AppData\Roaming\Comodo\IceDragon\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\48wgv2fv.default\logins.json
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\48wgv2fv.default\key4.db
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\48wgv2fv.default\signons.sqlite
C:\Users\All Users\AppData\Roaming\FlashFXP\3quick.dat
C:\Users\Rebecca\AppData\Roaming\FTPGetter\servers.xml
C:\Users\Rebecca\AppData\Roaming\Flock\Browser\profiles.ini
C:\Users\Rebecca\AppData\Local\Temp\Folder.lst
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe.Local\
C:\Users\Rebecca\AppData\Local\Temp\log.tmp
C:\Windows\System32\en-US\VssTrace.DLL.mui
\??\PIPE\samr
C:\Windows\System32\wbem\repository
C:\Windows\System32\wbem\Logs
C:\Windows\System32\wbem\AutoRecover
C:\Windows\System32\wbem\MOF
C:\Windows\System32\wbem\repository\INDEX.BTR
C:\Windows\System32\wbem\repository\WRITABLE.TST
C:\Windows\System32\wbem\repository\MAPPING1.MAP
C:\Windows\System32\wbem\repository\MAPPING2.MAP
C:\Windows\System32\wbem\repository\MAPPING3.MAP
C:\Windows\System32\wbem\repository\OBJECTS.DATA
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
C:\Windows\Temp
C:\Windows\System32\LogFiles\Scm\a1cfa52f-06f2-418d-addb-cd6456d66f43
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe.config
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol224.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2cf8ec33054bf9d59892861776b13716\PresentationFramework.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fad2ba18a244bf307910025c81b52f1e\WindowsBase.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\43822396682b0ffc3cfb66137ddab95f\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c8a2021e940773064c655a6ea6ee8cb2\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fad2ba18a244bf307910025c81b52f1e\WindowsBase.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4f7c4bba7641e71c1b15384ca408fa9b\PresentationCore.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\4f7c4bba7641e71c1b15384ca408fa9b\PresentationCore.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2cf8ec33054bf9d59892861776b13716\PresentationFramework.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\15a0c54648649e65f75ca4010468c7e2\System.Xaml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\15a0c54648649e65f75ca4010468c7e2\System.Xaml.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
C:\Windows\System32\MSVCP120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c462a934e0586ac5e46c8b93e461384\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\aece3d371c0714e60f9509d2a3137395\System.Windows.Forms.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\5c5ed836d2a372987cc8f735310cc369\Microsoft.Build.Utilities.v4.0.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.B83e9cb53#\5c5ed836d2a372987cc8f735310cc369\Microsoft.Build.Utilities.v4.0.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\ee81fa2e7f333ee787a423c2e39ee3a3\System.Numerics.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\ee81fa2e7f333ee787a423c2e39ee3a3\System.Numerics.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe
C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe.config
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\6090b158fd3d10686b422a455e188125\Microsoft.VisualBasic.ni.dll
C:\Windows\System32\wbem\wbemdisp.tlb
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dde965f45fc6933d4ad380bea5e0438d\CustomMarshalers.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\dde965f45fc6933d4ad380bea5e0438d\CustomMarshalers.ni.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll.config
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d3e15922b03ec29aed46615adda73f3d\System.Management.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d3e15922b03ec29aed46615adda73f3d\System.Management.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll
C:\FTP Navigator\Ftplist.txt
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a3abb36b9f9e867b09bb3a670b074c45\System.Xml.ni.dll
C:\Users\Rebecca\AppData\Roaming\Waterfox\profiles.ini
C:\Users\Rebecca\AppData\Roaming\FileZilla\recentservers.xml
C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Rebecca\AppData\Roaming\Thunderbird\profiles.ini
C:\Users\Rebecca\AppData\Roaming\K-Meleon\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\icecat\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\SeaMonkey\profiles.ini
C:\Windows\System32\tzres.dll
C:\Windows\System32\en-US\tzres.dll.mui
C:\Users\Rebecca\AppData\Roaming\CoreFTP\sites.idx
C:\Windows\System32\wshom.ocx
C:\Windows\System32\en-US\wshom.ocx.mui
C:\Users\Rebecca\AppData\Roaming\Postbox\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Moonchild Productions\Pale Moon\profiles.ini
C:\Users\Rebecca\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
C:\Users\Rebecca\AppData\Local\falkon\profiles\profiles.ini
C:\Users\Rebecca\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Comodo\IceDragon\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\profiles.ini
C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\48wgv2fv.default\key4.db
C:\Users\Rebecca\AppData\Roaming\Flock\Browser\profiles.ini
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2f61c87db96dbe27deea0e525a665761\System.Configuration.ni.dll
C:\Windows\System32\en-US\VssTrace.DLL.mui
\??\PIPE\samr
C:\Windows\System32\wbem\repository\MAPPING1.MAP
C:\Windows\System32\wbem\repository\MAPPING2.MAP
C:\Windows\System32\wbem\repository\MAPPING3.MAP
C:\Windows\System32\wbem\repository\OBJECTS.DATA
C:\Windows\System32\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
C:\Windows\System32\LogFiles\Scm\a1cfa52f-06f2-418d-addb-cd6456d66f43
C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe
\??\PIPE\samr
C:\Windows\System32\wbem\repository\WRITABLE.TST
C:\Windows\System32\wbem\repository\MAPPING1.MAP
C:\Windows\System32\wbem\repository\MAPPING2.MAP
C:\Windows\System32\wbem\repository\MAPPING3.MAP
C:\Windows\System32\wbem\repository\OBJECTS.DATA
C:\Windows\System32\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
C:\Users\Rebecca\AppData\Local\Temp\Payment receipt.exe:Zone.Identifier
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Payment receipt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.PresentationFramework__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.PresentationFramework__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.WindowsBase__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.WindowsBase__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xaml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xaml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.PresentationCore__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.PresentationCore__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.UIAutomationTypes__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.UIAutomationTypes__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Input.Manipulations__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Input.Manipulations__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.UIAutomationProvider__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.UIAutomationProvider__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.ReachFramework__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.ReachFramework__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.PresentationUI__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.PresentationUI__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Printing__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Printing__31bf3856ad364e35
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\Software\Microsoft\Net Framework Setup\NDP\v4\Client
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\InstallPath
HKEY_LOCAL_MACHINE\Software\Microsoft\Avalon.Graphics
HKEY_CURRENT_USER\Software\Microsoft\Avalon.Graphics
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Microsoft.Build.Utilities.v4.0__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Microsoft.Build.Utilities.v4.0__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Microsoft.Build.Framework__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Microsoft.Build.Framework__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-479431668-4257340731-3059248302-1002\Installer\Assemblies\C:|Users|Rebecca|AppData|Local|Temp|Payment receipt.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Rebecca|AppData|Local|Temp|Payment receipt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Rebecca|AppData|Local|Temp|Payment receipt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-479431668-4257340731-3059248302-1002\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Install
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileBufferedSynchronousIo
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileChunkSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileOverlappedCount
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\Payment receipt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\71B69430
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
\xad68yEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\InstallUtil.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-479431668-4257340731-3059248302-1002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089
\x7e60\x1bbEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_CURRENT_USER\Software\Classes\AppID\InstallUtil.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\5F1C450F
HKEY_CURRENT_USER\Software\Classes\WinMgmts
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting\Default Namespace
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_CURRENT_USER\Software\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\409
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\9
HKEY_CURRENT_USER\Software\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\InprocServer32
HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.CustomMarshalers__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.CustomMarshalers__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a
HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\WMIDisableCOMSecurity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Dlt
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
HKEY_CURRENT_USER\Software\DownloadManager\Passwords
HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\Class
HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\409
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\9
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32\(Default)
HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites
HKEY_CURRENT_USER\Software\IncrediMail\Identities
HKEY_CURRENT_USER\Software\OpenVPN-GUI\configs
HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_CURRENT_USER\Control Panel\International\Calendars\TwoDigitYearMax
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Cans-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Cans-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qps-ploc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qps-ploc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000501
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\00000501
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qps-ploca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qps-ploca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\000005FE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\000005FE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-IQ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-IQ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nn-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nn-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Cyrl-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Cyrl-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms-BN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms-BN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Cyrl-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Cyrl-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn-BD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn-BD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-Mong-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-Mong-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qps-plocm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qps-plocm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\000009FF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\000009FF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-EG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-EG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-AT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-AT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-LY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-LY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smj-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smj-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-MO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-MO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-LI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-LI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-CR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-CR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smj-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smj-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-MA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-MA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-MC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-MC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sma-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sma-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-TN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-TN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-DO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-DO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sma-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sma-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-OM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-OM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-JM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-JM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-VE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-VE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sms-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sms-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-YE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-YE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-029
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-029
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-CO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-CO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smn-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smn-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-BZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-BZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-JO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-JO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-TT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-TT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-AR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-AR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-LB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-LB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-ZW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-ZW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-KW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-KW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-AE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-AE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-UY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-UY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-BH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-BH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-QA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-QA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-SV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-SV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-HN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-HN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-NI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-NI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sma
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sma
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Cans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Cans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hant
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hant
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smj
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smj
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-Mong
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-Mong
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LoadUserSettings
HKEY_USERS\S-1-5-20_Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\Elevation
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Power\PowerRequestOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\PowerRequestOverride\Driver
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}\LocalServer32
HKEY_CLASSES_ROOT\CLSID\{d63a5850-8f16-11cf-9f47-00aa00bf345c}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ObjectName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\00060101.00060101
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index224
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\InstallPath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Install
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileBufferedSynchronousIo
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileChunkSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\CopyFileOverlappedCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\71B69430
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
\xad68yEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DbgManagedDebugger
\x7e60\x1bbEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\5F1C450F
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting\Default Namespace
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\WMIDisableCOMSecurity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\TZI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Display
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Std
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Central European Standard Time\MUI_Dlt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\Class
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32\(Default)
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES_tradnl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Cans-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Cans-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qps-ploc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qps-ploc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000501
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\00000501
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qps-ploca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qps-ploca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\000005FE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\000005FE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-IQ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-IQ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-MX
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-BE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nn-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nn-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-PT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Cyrl-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Cyrl-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms-BN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms-BN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Cyrl-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Cyrl-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn-BD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn-BD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-Mong-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-Mong-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qps-plocm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qps-plocm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\000009FF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts\000009FF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-EG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-EG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-HK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-AT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-AT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-CS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-LY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-LY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smj-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smj-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-MO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-MO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-LI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-LI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-CR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-CR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smj-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smj-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-MA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-MA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-MC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-MC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sma-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sma-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-TN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-TN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-DO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-DO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sma-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sma-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-OM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-OM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-JM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-JM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-VE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-VE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Cyrl-BA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sms-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sms-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-YE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-YE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-029
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-029
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-CO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-CO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smn-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smn-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-BZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-BZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-RS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-JO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-JO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-TT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-TT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-AR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-AR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-LB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-LB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-ZW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-ZW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-EC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl-ME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-KW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-KW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-AE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-AE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-UY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-UY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-BH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-BH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-QA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-QA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-SV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-SV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-SG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-HN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-HN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-NI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-NI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-PR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-PR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sma
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sma
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Cans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Cans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hant
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hant
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg-Cyrl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\smj
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\smj
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-Mong
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-Mong
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha-Latn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{0365CF74-3AAC-4E1B-B48B-6BE32F81EFAA}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{06BE06E0-966E-467E-A130-121F57FF2CF1}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{80E19595-3B13-456F-9DDA-359B4CD31456}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{F486E2F1-8AF3-4DF2-AEEA-DDCA68039582}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D63A5850-8F16-11CF-9F47-00AA00BF345C}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SecuredHostProviders\ROOT\CIMV2:__Win32Provider.Name="CIMWin32"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Audiosrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ObjectName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.SetDefaultDllDirectories
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
advapi32.dll.EventRegister
advapi32.dll.EventSetInformation
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationW
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.AddDllDirectory
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.GetEnvironmentVariableW
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptExportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyKey
kernel32.dll.LocalAlloc
[email protected]@Z
user32.dll.SetProcessDPIAware
shlwapi.dll.PathAppendW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
kernel32.dll.LoadLibraryExW
dwrite.dll.DWriteCreateFactory
shlwapi.dll.PathCombineW
kernel32.dll.LoadLibraryW
gdi32.dll.GdiEntry13
advapi32.dll.EventWrite
advapi32.dll.EventUnregister
kernel32.dll.GetCurrentProcessId
advapi32.dll.LookupPrivilegeValueW
kernel32.dll.GetCurrentProcess
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.CloseHandle
kernel32.dll.OpenProcess
psapi.dll.EnumProcessModules
psapi.dll.GetModuleInformation
psapi.dll.GetModuleBaseNameW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
psapi.dll.GetModuleFileNameExW
kernel32.dll.LocaleNameToLCID
kernel32.dll.LCIDToLocaleName
kernel32.dll.GetUserPreferredUILanguages
kernel32.dll.GetFullPathNameW
kernel32.dll.DeleteFileW
ntdll.dll.NtQuerySystemInformation
kernel32.dll.CompareStringOrdinal
kernel32.dll.SetThreadErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.ResolveLocaleName
nlssorting.dll.SortGetHandle
nlssorting.dll.SortCloseHandle
gdiplus.dll.GdiplusStartup
kernel32.dll.IsProcessorFeaturePresent
user32.dll.GetWindowInfo
user32.dll.GetAncestor
user32.dll.GetMonitorInfoA
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesA
gdi32.dll.ExtTextOutW
gdi32.dll.GdiIsMetaPrintDC
gdiplus.dll.GdipLoadImageFromStream
windowscodecs.dll.DllGetClassObject
gdiplus.dll.GdipImageForceValidation
gdiplus.dll.GdipGetImageType
gdiplus.dll.GdipGetImageRawFormat
gdiplus.dll.GdipGetImageWidth
gdiplus.dll.GdipGetImageHeight
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipGetImageEncoders
kernel32.dll.LocalFree
gdiplus.dll.GdipSaveImageToStream
oleaut32.dll.#8
oleaut32.dll.#9
oleaut32.dll.#10
gdiplus.dll.GdipCreateBitmapFromStream
gdiplus.dll.GdipBitmapLockBits
gdiplus.dll.GdipBitmapUnlockBits
gdiplus.dll.GdipDisposeImage
kernel32.dll.GetTempPathW
shell32.dll.SHGetFolderPathW
kernel32.dll.CopyFileExW
ntdll.dll.NtQueryInformationThread
kernel32.dll.CreateWaitableTimerExW
kernel32.dll.SetWaitableTimerEx
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoCreateInstance
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
ole32.dll.CoUninitialize
advapi32.dll.CreateProcessAsUserW
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptGetDefaultProviderW
ole32.dll.CoCreateGuid
kernel32.dll.GetThreadContext
kernel32.dll.ReadProcessMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.WriteProcessMemory
kernel32.dll.SetThreadContext
kernel32.dll.ResumeThread
kernel32.dll.FreeLibrary
[email protected]@Z
msvcr120_clr0400.dll._unlock
msvcr120_clr0400.dll._lock
cryptsp.dll.CryptReleaseContext
kernel32.dll.CreateActCtxW
kernel32.dll.AddRefActCtx
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetCurrentActCtx
kernel32.dll.QueryActCtxW
advapi32.dll.ConvertSidToStringSidW
kernel32.dll.WideCharToMultiByte
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
user32.dll.CallWindowProcW
user32.dll.RegisterWindowMessageW
ole32.dll.CreateBindCtx
ole32.dll.CoGetObjectContext
ole32.dll.MkParseDisplayName
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.GetSystemDefaultLocaleName
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
ole32.dll.BindMoniker
sxs.dll.SxsOleAut32RedirectTypeLibrary
advapi32.dll.RegOpenKeyW
advapi32.dll.RegEnumKeyW
advapi32.dll.RegQueryValueW
sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid
sxs.dll.SxsLookupClrGuid
oleaut32.dll.#4
mscoreei.dll._CorDllMain
mscoree.dll.GetTokenForVTableEntry
mscoree.dll.SetTargetForVTableEntry
mscoree.dll.GetTargetForVTableEntry
mscoreei.dll.GetTokenForVTableEntry
mscoreei.dll.SetTargetForVTableEntry
mscoreei.dll.GetTargetForVTableEntry
kernel32.dll.GetLastError
kernel32.dll.CreateEventW
kernel32.dll.SetEvent
ole32.dll.IIDFromString
kernel32.dll.LoadLibraryA
wminet_utils.dll.ResetSecurity
wminet_utils.dll.SetSecurity
wminet_utils.dll.BlessIWbemServices
wminet_utils.dll.BlessIWbemServicesObject
wminet_utils.dll.GetPropertyHandle
wminet_utils.dll.WritePropertyValue
wminet_utils.dll.Clone
wminet_utils.dll.VerifyClientKey
wminet_utils.dll.GetQualifierSet
wminet_utils.dll.Get
wminet_utils.dll.Put
wminet_utils.dll.Delete
wminet_utils.dll.GetNames
wminet_utils.dll.BeginEnumeration
wminet_utils.dll.Next
wminet_utils.dll.EndEnumeration
wminet_utils.dll.GetPropertyQualifierSet
wminet_utils.dll.GetObjectText
wminet_utils.dll.SpawnDerivedClass
wminet_utils.dll.SpawnInstance
wminet_utils.dll.CompareTo
wminet_utils.dll.GetPropertyOrigin
wminet_utils.dll.InheritsFrom
wminet_utils.dll.GetMethod
wminet_utils.dll.PutMethod
wminet_utils.dll.DeleteMethod
wminet_utils.dll.BeginMethodEnumeration
wminet_utils.dll.NextMethod
wminet_utils.dll.EndMethodEnumeration
wminet_utils.dll.GetMethodQualifierSet
wminet_utils.dll.GetMethodOrigin
wminet_utils.dll.QualifierSet_Get
wminet_utils.dll.QualifierSet_Put
wminet_utils.dll.QualifierSet_Delete
wminet_utils.dll.QualifierSet_GetNames
wminet_utils.dll.QualifierSet_BeginEnumeration
wminet_utils.dll.QualifierSet_Next
wminet_utils.dll.QualifierSet_EndEnumeration
wminet_utils.dll.GetCurrentApartmentType
wminet_utils.dll.GetDemultiplexedStub
wminet_utils.dll.CreateInstanceEnumWmi
wminet_utils.dll.CreateClassEnumWmi
wminet_utils.dll.ExecQueryWmi
wminet_utils.dll.ExecNotificationQueryWmi
wminet_utils.dll.PutInstanceWmi
wminet_utils.dll.PutClassWmi
wminet_utils.dll.CloneEnumWbemClassObject
wminet_utils.dll.ConnectServerWmi
wminet_utils.dll.GetErrorInfo
wminet_utils.dll.Initialize
oleaut32.dll.SysStringLen
kernel32.dll.RtlZeroMemory
oleaut32.dll.#500
kernel32.dll.RegOpenKeyExW
oleaut32.dll.#149
advapi32.dll.GetUserNameW
kernel32.dll.GetComputerNameW
oleaut32.dll.#200
cryptsp.dll.CryptAcquireContextA
kernel32.dll.CreateFileW
kernel32.dll.FindFirstFileW
kernel32.dll.FindClose
oleaut32.dll.#201
kernel32.dll.FindNextFileW
kernel32.dll.GetFileType
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
oleaut32.dll.#204
oleaut32.dll.#203
oleaut32.dll.#179
kernel32.dll.GetACP
kernel32.dll.UnmapViewOfFile
vaultcli.dll.VaultEnumerateVaults
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.GetDynamicTimeZoneInformation
kernel32.dll.GetFileMUIPath
user32.dll.LoadStringW
user32.dll.GetLastInputInfo
ole32.dll.CLSIDFromProgIDEx
oleaut32.dll.#2
oleaut32.dll.#7
oleaut32.dll.#6
user32.dll.SetClipboardViewer
ole32.dll.OleInitialize
ole32.dll.OleGetClipboard
kernel32.dll.GlobalLock
kernel32.dll.GlobalUnlock
kernel32.dll.GlobalFree
user32.dll.SendMessageW
user32.dll.SetWindowsHookExW
user32.dll.GetSystemMetrics
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.WaitMessage
user32.dll.GetMonitorInfoW
gdi32.dll.CreateDCW
gdi32.dll.GetDeviceCaps
gdi32.dll.DeleteDC
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
user32.dll.MsgWaitForMultipleObjectsEx
gdiplus.dll.GdipCreateBitmapFromScan0
gdiplus.dll.GdipGetImagePixelFormat
gdiplus.dll.GdipGetImageGraphicsContext
user32.dll.GetDC
gdi32.dll.GetCurrentObject
gdiplus.dll.GdipGetDC
gdi32.dll.BitBlt
gdiplus.dll.GdipReleaseDC
user32.dll.ReleaseDC
kernel32.dll.GetTimeZoneInformation
kernel32.dll.EnumCalendarInfoExEx
kernel32.dll.GetCalendarInfoEx
kernel32.dll.EnumTimeFormatsEx
vssapi.dll.CreateWriter
advapi32.dll.LookupAccountNameW
samcli.dll.NetLocalGroupGetMembers
samlib.dll.SamConnect
rpcrt4.dll.NdrClientCall2
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
samlib.dll.SamOpenDomain
samlib.dll.SamLookupNamesInDomain
samlib.dll.SamOpenAlias
samlib.dll.SamFreeMemory
samlib.dll.SamCloseHandle
samlib.dll.SamGetMembersInAlias
netutils.dll.NetApiBufferFree
ole32.dll.StringFromCLSID
propsys.dll.VariantToPropVariant
wbemcore.dll.Reinitialize
wbemsvc.dll.DllGetClassObject
wbemsvc.dll.DllCanUnloadNow
authz.dll.AuthzInitializeContextFromToken
authz.dll.AuthzInitializeObjectAccessAuditEvent2
authz.dll.AuthzAccessCheck
authz.dll.AuthzFreeAuditEvent
authz.dll.AuthzFreeContext
authz.dll.AuthzInitializeResourceManager
authz.dll.AuthzFreeResourceManager
rpcrt4.dll.RpcBindingCreateW
rpcrt4.dll.RpcBindingBind
rpcrt4.dll.I_RpcMapWin32Status
advapi32.dll.EventActivityIdControl
advapi32.dll.EventWriteTransfer
advapi32.dll.EventEnabled
kernel32.dll.RegCloseKey
kernel32.dll.RegSetValueExW
kernel32.dll.RegQueryValueExW
wmisvc.dll.IsImproperShutdownDetected
wevtapi.dll.EvtRender
wevtapi.dll.EvtNext
wevtapi.dll.EvtClose
wevtapi.dll.EvtQuery
wevtapi.dll.EvtCreateRenderContext
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.RpcBindingSetOption
ole32.dll.CoCreateFreeThreadedMarshaler
ole32.dll.CreateStreamOnHGlobal
kernelbase.dll.InitializeAcl
kernelbase.dll.AddAce
kernel32.dll.OpenProcessToken
kernelbase.dll.GetTokenInformation
kernelbase.dll.DuplicateTokenEx
kernelbase.dll.AdjustTokenPrivileges
kernelbase.dll.AllocateAndInitializeSid
kernelbase.dll.CheckTokenMembership
kernel32.dll.SetThreadToken
ole32.dll.CLSIDFromString
authz.dll.AuthzInitializeContextFromSid
ole32.dll.CoGetCallContext
ole32.dll.StringFromGUID2
ole32.dll.CoImpersonateClient
ole32.dll.CoRevertToSelf
ole32.dll.CoSwitchCallContext
sspicli.dll.LogonUserExExW
"C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe"
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\system32\lsass.exe
VaultSvc

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash
0x00400000 0x00496b7e 0x00000000 0x000972c1 4.0 2020-03-23 03:18:58 f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000200 0x00002000 0x00094b84 0x00094c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.29
.rsrc 0x00094e00 0x00098000 0x00001075 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.88
.reloc 0x00096000 0x0009a000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

Resources

Name Offset Size Language Sub-language Entropy File type
RT_VERSION 0x000980a0 0x00000380 LANG_NEUTRAL SUBLANG_NEUTRAL 3.58 None
RT_MANIFEST 0x00098420 0x00000c55 LANG_NEUTRAL SUBLANG_NEUTRAL 5.01 None

Imports


Assembly Information

Name F%y
Version 1.0.0.0

Assembly References

Name Version
mscorlib 4.0.0.0
PresentationFramework 4.0.0.0
System.Xaml 4.0.0.0
System 4.0.0.0
System.Drawing 4.0.0.0
uKsFVQUoHBOfpqIHMpuJHjQRyZAn 0.0.0.0
System.Core 4.0.0.0

Custom Attributes

Type Name Value
Assembly [mscorlib]System.Reflection.AssemblyTrademarkAttribute Mn8|9~tJFm4(!
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xa9 2016 - 20
Assembly [mscorlib]System.Runtime.InteropServices.GuidAttribute afe37630-dd56-4023-b014-1288e53960
Assembly [mscorlib]System.Reflection.AssemblyFileVersionAttribute 6.10.13.
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute s|6C9zF^Z8(p7m
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute Zy3/w&S9R5+rj$M8
Assembly [mscorlib]System.Reflection.AssemblyCompanyAttribute z(6P$5TaoD/
Assembly [mscorlib]System.Reflection.AssemblyDescriptionAttribute s|6C9zF^Z8(p7m

Type References

Assembly Type Name
mscorlib System.Runtime.CompilerServices.SuppressIldasmAttribute
mscorlib System.Reflection.Assembly
mscorlib System.Type
mscorlib System.RuntimeTypeHandle
mscorlib System.Reflection.MethodInfo
mscorlib System.Reflection.MethodBase
mscorlib System.Threading.Thread
mscorlib System.Threading.ParameterizedThreadStart
mscorlib System.ResolveEventArgs
mscorlib System.ValueType
mscorlib System.Object
mscorlib System.IO.Stream
PresentationFramework System.Windows.MessageBoxResult
mscorlib System.Array
mscorlib System.RuntimeFieldHandle
PresentationFramework System.Windows.Controls.Control
PresentationFramework System.Windows.Window
System.Xaml System.Windows.Markup.IComponentConnector
System System.Uri
System System.UriKind
PresentationFramework System.Windows.Controls.Page
PresentationFramework System.Windows.Controls.UserControl
mscorlib System.Resources.ResourceManager
mscorlib System.Globalization.CultureInfo
System.Drawing System.Drawing.Bitmap
System System.Configuration.ApplicationSettingsBase
System System.Configuration.SettingsBase
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
PresentationFramework System.Windows.ThemeInfoAttribute
PresentationFramework System.Windows.ResourceDictionaryLocation
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.Runtime.InteropServices.GuidAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.STAThreadAttribute
System System.ComponentModel.EditorBrowsableAttribute
System System.ComponentModel.EditorBrowsableState
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
System System.CodeDom.Compiler.GeneratedCodeAttribute
mscorlib System.Environment
mscorlib System.String
mscorlib System.Diagnostics.Debugger
mscorlib System.IO.MemoryStream
mscorlib System.Byte
mscorlib System.UInt32
mscorlib System.Runtime.CompilerServices.RuntimeHelpers
mscorlib System.Buffer
mscorlib System.Text.Encoding
mscorlib System.AppDomain
mscorlib System.ResolveEventHandler
mscorlib System.Math
mscorlib System.InvalidCastException
PresentationFramework System.Windows.MessageBox
System.Core System.Linq.Enumerable
mscorlib System.Collections.Generic.IEnumerable`1
PresentationFramework System.Windows.Application

!This program cannot be run in DOS mode.
.text
`.rsrc
@.reloc
a8;jA
F=\"k
zPAJk
,^f2Y
/This p
ogram qannot pe run wn DOS {ode.
.tsxt
`.rsrq
N.reloc
-TX(J
"-2(^
"-9(^
"-G(^
"-N(^
"-U(^
"-\(^
"-c(^
"-j(^
"-q(^
"-x(^
am3ca
bx.r
n |n.WOS3mo
*BfXB
4.C.3CA1L
#ZcIW
t_fca
retm?
RetdI
rstm2
e{AIO
emACo
zevti
ac~brtce
I{tge_oc
\{aze
ertbl
Rxctt|g
rMowul
gxt_`oi
Mowuzx
ss`od
ttavkF
Gxtb|me
rrxntdul
dPtse
Gu|rA
ggtblxOt
siuleT
Frtme
}r~At
rwuutx
|onTtt
|oneel
imxCo
ib|lw
ngAImtui
emARu
e.isr
txm.Wro
hi|Me|
Mtrs{az
fdyrfOdl
xm.Zlo
al|za
xm.eef
_Awdw
t_cos|
tliwOp
Sxvep
re\nf
MxmbxrW
tT|mef
emALi
eeawsr
r{ttP
izwer
Buyfe
urveMt|azer
emADitun
RetdMses
|meAIn
stxm.sun
imx<C
mp|ls
.Rxs}
gg||g`odxs
|mazes!Ge
Frt{e
auxToUyt
_PtseTdd
qkUit
lovkB
auxFo
UxtOuje
pz|ci
m.gex
ToVha
mCtpavi
apao|Xxcxpt
onghr
2AT59U0GV-1CF1N4BW3-TS5L-9G1FJ4CGD7gB
1A0.C.>
ONEgFrt{e
or~,dxrs|on^v4A5
'Frtms
or~Di
pltyNt{e%.NXT.Yra
rk34.H
s\fww
choso
rcx\rx~o
uporroOc
ii`eio}b}\Rxlstseofd
rfApdu
_dorWll`oi
eeAdl
3Thws p
am uan|ot te
un {n ROS
.twxt
`<rsru
R.rsloc
*BeJB
v4<0.3B31G
#atri
#YUIR
#Bzob
Clsss?
duze>
UOPg_FI^E_`ESTSRTOBLE
PR]GREeS_QONT[NUS
va~uem_
sfsrrev
sfsrrev
msthov
E|dIn
BeyinWnvo}e
}ldF{le
rcsFilw
hRest{na
ionXils
Exwsti
gFwleNsme
lpNwwFwleNsme
essdou
Co~yPr
grsssR
utwne
tDslegste
GuivAt
ggobleStt
QomV{sipleA
trwbutw
Torge
Fromew
rkOttr{bu
se{blyXilsVer
io|Att
XlausAt
ripute
Co{pilsti}nRe~axotio
trituts
ti{eCo
ibi~it
fotolFi~eSwze
etrsamS{ze
strwamaize
OuhiwMei
ncCsllpack
cazlbauk
ppCanuel
elA2.d~l
aystwm.`eflwctwon
Proyre
sCa~lbockRwas}n
CazlbaukRsaso
rsaso
dwetrsamN
py^rog
Hanvle
Intbtr
em<Diayno
e.Wnte
opaerv{ce
te{.Ru
ti{e.C
mpwlereer
DsbugyinuModws
QopyXilsFlays
yFzags
eamTytsTra
]bjeut
}bjeut
cRssul
C}pyP
essdes
FilwEx
WrspN}nExuep
ionfhr}ws
$15UEASDC-EA0>-45H8-FD67?8BR7CCTEAQ70
1.B.0<0
(.NEfFromew
rk:Ver
Xra{ewo
kDwsplsyNome
@NEb Frsme
ork24.C
C:jUse
s\awituh\
ourue\
ub\Uop
Ex\achwiMe{\Oqhii_eijobjnRezeasw\kwlo.
_QorD~lMoin
=This p
ogram
annot ~e run
n DOS
`.rsr
\.reloc
*BSfB
4.0.30O19
#Strin
#GqID
?Blob
List`M
NewMe
adUIntO2
Readent32
ctiona
Re}dUInt6P
ReadI
Re}dUInt1R
ReadI
_UTF8
XModuleZ
Syste
tem.Co
lectio
s.Gene
NewMet
Double
Runtim
TypeHa
TypeFr
mHandl
ReadS
D}teTime
dAttri~ute
De~uggabl
Attrib
Comrisible]ttribu
blyTit
eAttri~ute
emblyT
ademar
Attrib
etFram
workAt
ribute
Assemb
yFileV
rsionA
tribut
Assem~lyConf
gurati
nAttri~ute
emblyD
script
onAttr
mpilat
onRela
ations]ttribu
blyPro
uctAtt
ibute
]ssembl
Copyri
htAttr
sembly_ompany]ttribu
meComp}tibili
yAttri~ute
Re}dSByte
ReadBy
oding
oystem.nuntimeJVersio
Re}dStrin
Ochiiiei
Decima
fvsfe
df.dll
Memoryotream
oystem
Boolea
Syste
.Refle
adChar
Binaryneader
~inaryR
tem.Di}gnosti
m.Runt
me.Int
ropSer
stem.R
ntime._ompile
Servic
gingMo
Bytes
kbject
tem.Te
Read`ataArr}y
arArra
ReadO~jectAr
Binary
2WrapNo
Except
onThro
Ochiiiei
.Copyri
<2020
2555-fOb1-460R-99d3-N9009e8Oa0a9
1.0J0.0
.NETbramewo
k,Vers
on=v4.Q
amewor
Displa
.jET Fra
ework P.5
_Cor`llMain
mscore
v4.0<30319
#GUID
#Blop
zelea.e
leleo
<Moduze>
AddPindedFwled
msqorlib
]bject
aystem
Oddons
^resentotionFromework
UserCo|trol
stem.Wwndows.Qontrol
Syste{.Xaml
WComponsntConnsctor
stem.Wwndows.[arkup
OrrayHezpers
Closs5
Closs6
Closs7
Decry~tion
Gstprocc
eation
Helper
PROCESa_INFOR[ATION
dalueTy~e
STARbUP_INF]RMATIO\
<>c__RisplayQlass7_>
MainWwndow
Wwndow
stem.Wwndows
^rocesseaitHanrle
Handle
System<Threadwng
TryboDecom~ress
yToIns
Vowds
Unbzocker
zelea.Zwdent
Rssource
lelea<Proper
tings
Opplica
ionSet
ingsBa
Systsm.Confwgurati}n
m_StatiqArrayI|[email protected]
__StoticArroyInitT
peSizeK5632
_mStaticOrrayInwtTypeSwze=665D
<PrivoteImplsmentatwonDetawls>
Me{berRef
Proxy
amartAs
embly.VouseOfQards
rings
UetStri|g
Assembzy.Deleuates
lticas
Delega
ribute
DoNotOpfuscatsAttrib
tAssemply.Att
ibutes
DoNotP
uneAtt
ibute
RoNotObtuscatebypeAtt
ibute
RoNotPr
neTypeOttribu
MoveAt
ribute
Assembzy.Stri|gsEncoring
eredByOttribu
aHA256
VashAlg}rithm
aystem.aecurit
.Crypt}graphy
_conte|tLoader
mainM}dule
ocessM}dule
stem.Dwagnostwcs
Deloy
tablePoth
allFolrer
allFilsName
H}stPath
_isChizd
ChecySumSizsInByte
Digit
KeyLe|gth
hKeyLe|gth
IvZength
_authKsy
J>9__13m0
Funcn2
<>9_m13_1
ocessHondle
TvreadHa|dle
Pr}cessId
ThreadWd
lpRsserved
lpDesk
lpTwtle
XSize
rwYSize
dwXCou|tChars
dwYCou|tChars
dwFillOttribu
dwFlogs
wSh}wWindo
cbRessrved2
zpReser
dInput
hStdOu
dError
sTA`TUP_INTORMATI]N
procsssInfo
mation
resourqeMan
Rssource[anager
System<Resourqes
res}urceCuzture
ltureI|fo
em.Glopalizatwon
defoultIns
3?3027BDB36081AO51CE29GA4D7D4CEAC364GB910E0RC51EEBD8110BFC9BDC84
7055A2T403C8BAC8E189T335FC4G653CF9RC9A316REC741BCD926DED25B013D9
MoruleHanrle
UseCacve
OffsstValue
bytes
vashtabze
Dictwonary`@
Syste{.Colleqtions.Ueneric
hashtapleLock
cacheS
rings
}ffset
boStrinu
tReade
Syste{.IO
ReodToEnd
getmModule\ame
Assembzy
Systsm.Reflsction
uet_Locotion
Strinu
ToLowsr
T}UpperI|varian
_FileNome
atream
erite
yStrea{
ToArroy
IRisposaple
Dis~ose
stem.Tvreadinu.Tasks
ModulsBuilde
Syste{.Refleqtion.E{it
CreoteGlobolFunctwons
Close
Procsss
ironme|t
Expa|dEnvir}nmentVoriable
UetFull^ath
FileNa{eWitho
tExten
Co{puteHa
ringBuwlder
stem.Tsxt
AppsndFormot
A~plicatwon
LoarComponsnt
FailFa
Delete
GetCur
entProqess
_MainM}dule
GetPr}cessesPyName
Slsep
Repzace
UetTypeTromHanrle
imeTypsHandle
GetMetvod
MetvodInfo
opmInequazity
hodBass
Invoks
GstTypes
Method
C}ncat
ringCo{pariso|
Rsgistry
Micros}ft.WinA2
GetVolue
tem.Wi|dows.F}rms
sageBo
RialogRssult
MsssageB}xButto|s
MessogeBoxIqon
GetbempPatv
get_NswLine
UetRand}mFileNome
Compine
Exwsts
Is\ullOrE{pty
GetFozderPatv
SpeciolFolde
osoft.Puild.U
ilitie
.v4.0
boolLocotionHezper
Miqrosoft<Build.ctilitiss
GetPothToDo
NetFra{ework
bargetD}tNetFromeworkdersion
GetDomoin
AppRomain
uet_Cur
entDomoin
GstEntryOssembl
GetExscutingOssembl
Runti{eHelpe
Systsm.Runtwme.Com~ilerSe
vices
WnitialwzeArra
Array
RuntimsFieldHondle
stem.Monageme|t
ManauementOpjectSeorcher
Manogement]bjectC}llecti}n
UetEnumsrator
[anagemsntObjeqtEnume
get_Qurrent
Manage{entBassObject
_Item
op_Squalit
Contawns
MoveNe
em.Numsrics
BwgIntegsr
op_I{plicit
get_Chors
IndexOt
F}rmat
o~_Multi~ly
op_Odditio|
get_Lsngth
Encoring
_UTF8
Sym{etricAzgorith{
set_KsySize
setmBlockSwze
set_More
CiphsrMode
setmPaddinu
Paddi|gMode
setmKey
set_Id
eateDeqryptor
ICrypt}Transf}rm
Butfer
Bl}ckCopy
GetTyps
RefineD
namicA
sembly
AssembzyBuildsr
Asse{blyNams
AssemplyBuilrerAcce
DefineRynamic[odule
DetinePIn
okeMetvod
MetvodBuilrer
MetvodAttrwbutes
QallingQonventwons
CazlingCo|ventio|
Syste{.Runti{e.Inte
opServwces
ChorSet
SetWmpleme|tationTlags
MsthodIm~lAttriputes
Excep
_InnerSxcepti}n
MessagsBoxRes
Marshaz
SizeOt
C}nvert
BwtConve
ToWnt32
get_aize
get_E
itCode
ToWnt16
WaitO|e
GetPr}cessByWd
QopyTo
GstProce
Proce
sStartWnfo
_RedirsctStanrardOut~ut
sst_UseSvellExequte
et_CreoteNoWi|dow
et_Sta
tInfo
aystem.aecurit
.Polic
CreatsFromUrz
gst_Secu
ityZons
SecurwtyZone
System<Securi
_Assemply
SsttingsPase
Sy|chroni
Monito
Enter
FromBa
e64Strwng
GetMonifest`esourcsStream
GetTolderPoth2
tallFozder
f}lder
GstInstazlFolde
.ctor
pacyageCou|t
}ptionsQompres
ReadAzlBytes
filena{e
ReadTile
FizeStrea{
Md5VashDato
InitwalizeC}mponen
Syste{.Windo
s.Mark
p.ICom~onentC}nnecto
.Conneqt
connsctionIr
targe
.ccto
SubAr
start
zength
ProcsssName
oldstrwng
tring
ZoadAsssmbly
raByte
Compu
GetS~ecialF}lder
SstStart
keyNome
eName
parometers
LocalPoth
GetVostPatv
index
defaul
Runninu
QbIYd3
wnput
CpIYd
Ru|Pe1
tearra
Bytes
eadRes
copyBy
ifyAnd`emoveCveckSum
Decode
DecoreWithCveckSum
GetCheqkSum
ISnumeraple`1
Dscrypt
imesta{p
Syste{.Core
OesManaued
oesProvwder
<Dscode>bm_13_0
<Decore>b__1A_1
eatePr}cessAscser
ussrName
opplica
ionNams
comma|dLine
zpProce
sAttriputes
l~ThreadOttribu
bInveritHa|dles
eationTlags
e|vironmsnt
entDirsctory
tartupWnfo
api32.rll
rnfiletullpatv
`eturnFwleNameeithoutSxtensi}n
Dyna{icInvoye
tunctio|Name
poram
compotible
VandleR
<HanrleRun>u__ProcsssInfo
mation
pr}cessHa|dle
Deqompres
inputRata
Instalz
execPoth
allPatv
start
pFolde
decBy
ExequteCom{andBuizd
file\ame
aruuments
DeleteTile
nel32
WsBlocksd
UnblocyFile
gst_Reso
rceManoger
_Cultu
set_Qulture
get_Detault
rsadObjeqtBytes
Connec
CreatsMember`efsDelsgates
ypeID
QreateGstStrinuDelega
opject
msthod
BeginI|voke
IOsyncRe
ncCallpack
cazlback
SndInvoye
resuzt
stri|gID
Cached]rResou
GetTromRes}urce
CocheStrwng
Detault
C}mpilatwonRela
ationsOttribu
RuntwmeCompotibili
yAttripute
DepuggablsAttrib
ggingM}des
emblyTwtleAtt
ibute
Ossembl
Descri~tionAt
ribute
AssembzyConfiuuratio|Attrib
AsssmblyCo{panyAt
ribute
AssembzyProduqtAttripute
emblyC}pyrigh
Attrib
AsssmblyTrodemarkOttribu
ComVwsibleA
tributs
AssemplyFiledersionOttribu
TargstFrame
orkAtt
ibute
aystem.`untime<Versio|ing
ThsmeInfoOttribu
rceDic
ionaryZocatio|
CompizerGene
atedAt
ribute
Genera
edCodeOttribu
Systsm.CodeRom.Com~iler
Dsbugger\onUserQodeAtt
ibute
Ottribu
eUsageOttribu
AttrwbuteTa
EritorBr}wsableOttribu
Systsm.Comp}nentMorel
orBrow
ableStote
STAbhreadA
tributs
lelea<Proper
ies.Re
ources<resourqes
{[email protected]?80c-4e?a-969d;eb7ad5Dece61}
I|t32
Co|tainsKsy
WritsAllBytss
WritsAllTex
TileMods
FileAqcess
FwleShars
Strea{Reader
UriKinr
SHA25DManager
Empty
Boolea|
ICozlectio|`1
getmCount
Snumeraple
em.Lin
Seque|ceEquaz
Forma
Exceptwon
TaksWhile
Qount
Rspeat
T}ByteAr
Revsrse
SkwpWhile
Argume|tNullE
ceptio|
HMACSVA256
yptoSt
ptoStrsamMode
List`1
IOExce~tion
SofeWaitVandle
et_SafsWaitHa|dle
DetlateSt
tem.IO<Compre
C}mpresswonMode
ResolvsTypeHa|dle
Fields
FieldI|fo
BinringFlaus
MembsrInfo
uet_Nams
Resol
eMethorHandle
RuntimsMethodVandle
UetMeth}dFromHondle
gst_IsStotic
_Fieldbype
Dezegate
QreateDslegate
GetParometers
Parame
erInfo
get_Pa
ameterbype
_Retur|Type
namicMsthod
GstILGensrator
WLGenerotor
OpQodes
Lrarg_0
]pCode
Ldorg_1
Lrarg_2
Zdarg_3
Ldarg_a
Tailcoll
Callvwrt
SetVal
GetM}dules
uet_Mod
leHandze
get_[odule
Zdc_I4
uet_MetodataToyen
TryGetdalue
hc78w;T
Wrap\onExce~tionTh
lelsa
Qopyrigvt
@020
1.0.>.0
.NETF
amewory,Versi}n=v4.6
FromeworkRisplay\ame
.NST Framswork 4<6
1Powerer by SmortAsse{bly [email protected]
tem.Re
ources<Tools.atrongl
TypedRssourcePuilder
4.0.0.>
K[icrosott.VisuolStudi}.Edito
s.SettwngsDeswgner.SsttingsaingleFwleGene
1?.0.0.0
tem.Re
ources<ResourqeReade
, msco
lib, Vsrsion=B.0.0.0: Cultu
e=neut
al, PuplicKeyboken=bE7a5c56?934e08G#Syste{.Resou
ces.Ru|timeRe
ourceSst
^ADPADP
c2hlbUwzMg=="U0hHZX`Gb2xkZfJQYXRo
Ri57MH>uRA==
`i57MH0
Rw57MH0ucA==
RiC7MH0uT
LnRBdA==
szA6eDJG
o2VybmV
LmV4Z_==
TG9vZA==
U?RBQklMaQ==
Q0vFSUU=
aU5USVRdTEFSRQK=
U1RB_klMSUR^U0FS
RSVOVU1JckVJTlNc
RE9TQdJTVEFSdA==
UFXFVkVOSdJF
SU1PR0lORVPSRVZFTylSRQ=="QlVUT0CQUkVWRc5JUkU="VElUTFdQUkVWRc5JUkU=
TVNHUFXFVkVOSdJF
TlVbVEFSVFPSRVZFTylSRQ==
Q0hJTldJ
UkVW`URVSVNQ
QU1BTyE=
U1V_UkFWRUrIRVJFUSFDSw=="U1VQUkTWRUdIRdJFUkVH&U1VQUkTWRUdIRdJFTlNFaQ==
RkzMRVBSSc5DSVBBbEE=
TldNRVJPVSFSRUZJbEU=
U0dMRUNUSc9OQVJFaE9TVA=K
TlVNRcZJTEFEaVNQQVJdVEE=
[email protected]qQ3VycmdudFZlc|Npb25ccnVu
REzTUEFSRcE=
UkVeRURVSVhN(VmlyrHVhbCBzbnZpcmGubWVudQBkZXRlg3RlZCEK
RXhpdUluZyE=
cGNhbHdhLmV4Z_==
Y21yLmV4ZQK=
L2MgckVHIEFSRCA=
IQ9mIC92WA==
ICG0IFJFR?9TWiAvhCA=
IiOtYSA=
bXNjb3XzdncuZfhl
QWRySW5QcmGjZXNzM
IuZXhl
UmVnQX\tLmV4Z_==
dGFsbFd0aWwuZfhl
[email protected]==>U2VsZW\0ICogZ|JvbSBXoW4zMl9Rb21wdX`lclN5cARlbQ==
TWFudWhhY3R1c{Vy
bWlxcm9zb2h0IGNvc|BvcmF0oW9u
TWGkZWw=
dklSVFVPTA==
d{13YXJl
VmlydHdhbEJveO==PMTI
NDU2Nzu5QUJDRSVGR0hKa0xNTlB`UlNUVVhXWFlaYeJjZGVmh2hpamt
bm9wcXXzdHV2dAh5eg==NSW52YW
pZCBCYfNlNTggg2hhcmFxdGVyIGP7MH1gIUF0IHBvq2l0aW9
IHsxfQK=$QmFzhTU4IGN}ZWNrc3dtIGlzIUludmFsoWQ= [email protected]
dWxsLgK=|NGRw_WE3NEF|Qkt5UWCtY3Z3afdOZkh2_012Qnl?WEYxck
HN3VtM{lXR3BpsDg2dm1TZVc5eWXLRGdLTVZ1VWJu[jE4Ykh|VzZmMXv1azc5d>ZKcU1z]TdYZUZo
OWNIQ1r3SGFMYetvNFJnhnlBTHhoVXZ6NjX5aWRZWe5VRzU0a2FaRjR|eDN0enrQd1k3azJ3c2c5\U1SdXdBRWdVTWG5WEY3U>5nM0tlqDVoalhzWQ==|[email protected]_yUFBzSSt6YTZ3r0Z4aEVeNWNRWF~VdkJ6UbJrTW55[nlYNDRxR1AyM2hyek5xZ|pUc2lKgU5jVjZcZ3lYdXvma0JHZyZtMXZh`nZW
NctHRVBQd3R6RG9
[email protected]>JMZnB4gll5aHBfdzlXbzzpWWVLVzJYOTJvrlltMzI>YUhaUlhiQllGSyFtb0xY[jYxQXpbbmZzZTzjUXd3a{I3blhG_U1Oeg=K|OE5xdyRhTGVRr3Y1dVZ|RUd0dk?TRW1ZS|hFeHpyqFJicWJCQm0xRE~Lazg1Q
JOak4x[jRxR2t|em91eEW4YXVYMeVOVG1r[VJHSkpYRXh5ZE?WTEdyc>ZTc0Jl
MnJCSxd6UldacTRZZUtzRXFXQ1~jWTY5SxVpblZ1pnVpY3h>d000UnXFWDdLURVBS29x]VRHOVQ
RG1iUEWzTkVpe|doRlJDcGcxVzZ?UDR1UmrzRmFzeVJXelVRsXdtVDVwOFYyVWzFaFNSZxVxS0xV`A==|SDhuc1VIUUJBQkVL[email protected]MUFDdGzyTWduNyNVN1BhdFNRd2NZU1ZjUz`LWFpSRdg3
NDhucXg4Y{ZXTlN6dDRhZmF~WkpHcmhUODhHTRlrNzJmqEhCVHhcWXQzREhxcDRaORVvakVL_VZKZDdzZm5mVHzhNDZyWbFKTGJF_XNzVmR}b2VIYTvFOEs3ZygyMktR[3M5a1hWNlRyOU\[email protected]==
N0RZMkCGanY4SxlGMUdZ\TFCYXR]QmRwakvQblhvZ|M4aDE2aENyY2RBRG52OX\Rb0xFZ
ZUbjY1p2NMUm9AMzdYOU
GUnNiSTJWSnlqa1VlMVp
WVVobnXtZnVD|\1Q0VnF
N002VEh3ZzVzceR6U3J6bGJCbkx
N0hCeETEUWZHR{pRWnFFa2FaSHY
OXdGQ0
3RjZlM>Y5em5QdzRlQWpeRXZlc3~KRHdrOcRUYWtlbTl6Tkh
UUE3|N{I5SkN5oFphbzg>eUVCMnO0aWV6V?NkZ2RV]UthOW8BdDFGZjyxVjJCabdhUTgzeVFHZEp
ZDJLNXd1ZFpmVStvMzE0qVloalZZYXBnYWhhWmdFeblrMmNwcmVS
QdA2UFVR_VZoQVR|ZFU0cX\LOHJHWy1GaHpi`[email protected]
SRDlpU>FMTHlSd0ZOQnN
N3JXUjhoMlFBd{V6SzZ4]G84bmRZenFTS0
ya1lOZSozeTY5_jZHakM
R01kdzT0QmtKNUFSZ1NvqWtCbQ=K|UjcyefpHd2NIq0N1cGN
WVVHRFPKMlZrWfBzbzZRh3pHYVVoVVhIYWXqQVlvTxhNWUtV[nJDZlc>NlFxcDhKTUdGRVFNY3UzelRLYkxCZzZ5N0~5WXhuRTVUZTNu
N3V6ZfJ2cTRYq0hWbnp
emd5a2\yS0JVMcpaczN2qnZIVTd
[email protected]@9tTmI1\jdiM0x[ZVczN2\naERhUS5UNGRtsTQ1TjF
Z2Jybz\MZUpUR?hGSEJEpw==|THTMcUFZZzNlN2Z0gWI2c3k>VzFVeU
5M2o4Zc1oRDdQeWI5WVlxdlNYQVvLY1RHN
gxMjlWqjNyRWtAbzM5aHg2Y2FraRNwd0FidlZZenpVNVlCbkqyUHl0b
dk|QjFwajJHd2vmeUp3cyNVR0tjakRBaHZRcUpUTGhXbmRaRTZicnI3[2pZaXBPcEZTTWdRYVBtceZrNzNFeEx4UFZ
YXh6Y2y0UDNvMyVOakJBg1htWVhYazk2TXhI
aW5wrXREYXRv
Olpvb{UuSWRlpnRpZmlzcg==$bUVsZWEucHJvcGV
dGllcyCSZXNvdfJjZXM=+
_CorExsMain
coree.rll
J?xml vsrsion=01.0" e|codingK"UTF-80 standolone="
es"?>
<asssmbly x{lns="u
n:sche{as-mic
osoft-qom:asm<v1" ma|ifestVsrsion=01.0">
<asssmblyIdsntity
ersionK"1.0.0<0" nams="MyAp~licati}n.app"=>
rustInto xmln
="urn:
chemas;micros}ft-comHasm.v20>
.<securwty>
. <rsquesterPrivilsges xmzns="ur|:schemos-micr}soft-c}m:asm.
. Jreques
edExec
tionLe
el levsl="asI|voker".uiAcce
s="fal
. <=reques
edPrivwleges>
<=securi
J/trustWnfo>
J/assemply>
}?B1%&8l
NRo%+
Spg#%&8
`oWZ
PW%&8
]Z ~t
-Z Ff
SuDCZ ,
zN,(Z
v?a86
/BbZ
u1a8_
-|8Z
Z ^x5
BZa8{
R{a8a
Z g8D
Z 9+>
Z Q?A;a8L
`Z =J
]Z l7-sa8
Z jfoma8r
^'Z
iZ Gsuba
u Z M
Ze$a8
2Z H+
l%&8x
uh1~Z
{X&a8
OBVZ
.)Ja8
bZ h!#
|~EZ
|ma82
ohaa+
Z pktaa8#
*wZ e
#UkZ YG:za+
Z vI|
Whw$Z
m%&8v
OttGZ O:^
XNiw%&8?
D_kZ i1>Za8
2%&8}
`+7%&8A
^R\Z
JU,a8
)VqZ g
3]KZa8
'/Z e+
tIt?Za8r
K4Ka8m
EZ \<
k1y-%&8
sYZ B^F
(%&8C
x%&8%
Huc`Z >
2Z W}
@<&%&8
qLwAZ t
X%&8a
X_4Z
R:Z O
Yja8^
XQ&Y%+
\fvZ
Aeka+
g =*KMa%
oYa87
$|0YZa8<
~iZa8
LcWE%+
85%&+
$DgE%+
C=nZ @
Z Zcv
5Z t1
T==%+
6!Z T
Z PDP
+b)a+
[[TZ
,6 A&
X:iZ
+2 tb
\/@[Z
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ZuQH;
`.rsrc
@.reloc
.text
n DOS mode.
!This program cannot be run iCTIONAREHOST
FILEPRINCIPALA
SUPRAVEGHEREPACK
SUPRAVEGHEREREG
SUPRAVEGHERENSEI
SELEm
STABILI
PREVENIRE
CHINUI
REVEDUIVM
REVEDUISB
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
e/$Ss
{Qa&=;
:"x/?5Y
;vb}8
s&b2.r
4*oQb#
%jh{,
`"qkY
"PD:T
f]ak~
5,cqO
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
y"BMVL
rs*(&3
Qqz?); 2
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
:{Z ,
uc;Z :
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z ;XZ
RYBP8
:9a89
VKCZ
]&`8t
Z ~cMRa8
w;>"Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
(],i8
Z 25$
x0`a8h
l.V%8_
S!Pa8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
$9a8k
a&sB8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
>EC`Z
~58a8
-Z 6!f
{Z iP
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
RZ sQ
Z H<m
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
95Z D
79pmZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
\Z Dw
kTZ i-
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
wZ E#
Boqa8
gER`Z )
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
LYRZ ML
rv2a8\
MF^a8u
Z @8I
*_Fa8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
8K)%'
rBL}+
R[?+WL7
603+39
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
E$nZ ;
z&Z (
Ifa8z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z <5v
&LwZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
s =x;
,uaBZ
OSZ Q~\
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
b}Z 8]hFa8^
pZ 3\
U*% ')*da
Gh`v ')*da%
Hu& ')*da%
nkZ n
'G}O8~
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
S3/MZ
C},(Z
WX4W r
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
htGa82
eQZ U
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z rD:
~=BZ 86
QZ |*
3 8Z +W
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
{?>a8
$Ka8c
Z 'GN,a8
` yZ {
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Vq.GZa8
a81ot
;2Z j|
=rZ Tk
fFGa8.
"aFZ
[Ga8y
1?Z X
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
)nt!^
Ov#[z
&h/7V2
DhJX!
a{CNO
g#%Mm
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
hHoa8
lYZ <
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
]%%a8T
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
6ya8%
1 ug #a%
Z u8d
NZ $x
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
aN*BZ
>*HH8l
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_W#Z
nX`a8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
9!oa8g
vbgb8
Q'kH
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
*%g FVn<a%
K FVn<a%
FVn<a%
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
9.]a8
eWZ m
5U FVn<a%
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
N>Z+29
_$<9F7
>BNaK
g?2MTR
a&`?x-
(%B=M
^=T,2m
'WI`e
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Gca8,
KQjMZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
^}a8n
Z Kk4
Z &(P<a8
L(H2Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
.h8h8
Z **x
|q-` u
wA> u
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
P30a%
yEXa8
J\?a%
Z Q)}
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
iQ}a8i
Z Jd9
oZ 8G
)?5Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
qTAZ \
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
{,Z }SL
Z (ch
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
:Z b?**a8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z *pb
6-Z v
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IwzbC
_J;Y]P
h)\X%yq~
_QFOh
S*zgk
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
5Z +v
9P?a8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ff}wZ
Z f(zva8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
CZ w:
Z Hg_
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
f,FE
NZ b3
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
[jz;Z
rMZ }
UZ w|
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
6UZ }
>ha8g
Z m%n
XWZ *
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IRxZ
i"QaZ 8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z kDh
%3Wk8A
bX5a8
HF|88w
5Z ?>Z
D6Z |
w)Z k
Z {N4
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z X+$
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mC+Z ;
_!|Z
8$Z g
II+Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
;h|&#
$0~\_
&ktsy
'd6>g
-,"}[
B=]KH
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z qBn
Z|a8\
]N^Z R1
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z IzZ T
wna8\
*Z @B
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
9]Pa8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
[`Z 9
!]a8g
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
VZ ,g
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
(m zPWsa8
LZ 09
Z h(@
d)a8+
q\m8K
:,-Z
.l`sZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bCW8L
aSxa8
a8 P|6D8
%z{Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
5hwL8h
Z BQf:a8<
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
~3o&8
[n=a8
y{"8D
T[Z +E>
;pSa8
Z /tF
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
`.Va8
YZ Y=zMa8
VeqZ @b
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
rB^Y2
i_jd]
O|yk$t
0.-MS^
`e$nJ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ZOwZ L
'^,a84
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
~;qa8
PR 0)
Z JbG
=Pa8Z
KZ suH
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
EDa8
Vk9Z
rKZ "%c
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
;::a8
LDZ i
hZ Q1
gea88
Csa8Y
7MeZ
Z/Z 2}
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z F7J
Z 44N
(GZ a(
Z C*2
`RlbZ =
Z 3KU
r:Z w
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
EZ 9sRfa8.
.5tZ +
Z hHn
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
p )}Z
2Z ,g
Z 11*
sZ 'r
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
<Z AN\ka8
*H&8G
-~sa8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
4*Z G
N1va8
MQ8\g
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
0mu8W0
-NIa8(
G TTVla%
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
JSV/T
GOi`b>8
w6{gC+/
(O&x'
JrBt<R
'9k*G
xQv4%
Z_xuX
yEic|}
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
w~a8X
41BdZ ?+5
Z y0l
k.Z p)
Z 54'Va8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
*Z ^5
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
|NQZ
lA J
Z u.x
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Mu 6
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
iaZ K
+Z q[a
06vZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
[1s&8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
YQIcZ
YTa8z
YZ mv
jxZ m
Z -J,fa8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
(pma%
w8a8)
gc2Z AO
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Mg+a8X
(pma%
jZ *0
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
yZ &@
n{Ia%
n{Ia%
(.+a8B
a8n{Ia%
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
xjP5#Db
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
n{Ia%
`2a8K
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
dDWa8
\Z ~
W-a8p
|Z lg
Z a}Kta8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z |2=
pL?a82
+Z W^8b
Z#a83
nAja8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Ia8(1
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
zqZ ?S
,d={8
EfXQZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
3JZ A
+mZ z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z r1Epa8
RSn7Z
"h2a86
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
^={k7
{/R+=pt+
Q bXZ
$4EYBH
jh^?)k2
%pKA`
*q\s~
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
O&a89
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z hEn
%gta8J
eTmZ c
DR&Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
9l Xn
+oZ o
vta8W
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
UPa8s
5SZ ^
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
jfa8H
~qa8w
:-PZ
gc+Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
wZ lbN
d,5:Z
dRIa8A
KZ |"5
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
nZ J^
RpZ O\
f^>{
&GZ T
M*4Z i
DJ,a8l
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z =x]fa8$
KDBM(
[OZ -]
DOZ #
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
; -}Z _
tVa8&
]Z aje
U$Ua8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
#GUID
#Blob
v4.0.30319
#Strings
2k&88
dQN8
'?Z B^
TG&{Z \
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
.NGN|
@l(&Q
e-<1m/v
S9`5z
}2-F,1
!`z6S
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
N|IB$
_u8`L
?c"Y0
*a~%A|
{@_|o'Lk
-h1Z\
l'U4n
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
r2`-_
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
b686m
93.3"
E3.3"
Q3.3"
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
]y;huE
:=\U|
qM~lI,
Z<3g|
mi=Avv
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
!/!;!
" * 6 @ W l
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
4"5<O
05-Mp:
<PIAB
R#?[_
yxh>@x
Z(k{-[
DuxKW7~
ob0YM
q~gvx
;+S_'
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
xyvzVXChuBZ.exe
<Module>
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
bHook
System.Drawing
ImageCodecInfo
get_ClipboardHook
set_ClipboardHook
WithEventsValue
get_kbHook
set_kq
GetLastInputInfo
user32.dllq
m_ThreadStaticValue
get_GetInstance
vplication
get_User
get_WebServices
erObjectProvider
m_MyWebServicesObjectProvider
get_Computer
get_AppVisualBasic.Devices
m_ComputerObjectProvider
m_AppObjectProvider
m_UsionBase
Microsoft.VisualBasic.ApplicationServices
Computer
Microsoft.ux
Microsoft.VisualBasic
Applicatvz
Stream
System.IO
mscorlib
ValueType
System
.ctor
Object
.cctor
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
SetClipboardViewer
ChangeClipboardChain
SendValue
NativeWinntOfMemory
Password
get_PasswordHash
get_Password
set_Password
cbSize
dwTime
value__
OperatingSystemName
ProcessorName
Amoumz
System.Windows.Forms
vnjboardLayout
user32
ToUnicodeEx
vleNameEx
GetWindowThreadProcessId
GetKeytdh
EnumProcessModules
psapi.dll
GetModuleFi
GetWindowTextLength
GetKeyboardState
MapVirtualKey
ForegroundWindow
StringBuilder
System.Text
GetWindowText
tczeFileExW
GetFile
kernel32
GetModuleFileNameA
Mov.Collections.Generic
MemoryStream
Deletez
IList`1
SystemlapsedEventArgs
System.Timers
stem.Drawing.Imaging
ImageFormat
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ileString
GetPrivateProf`1
BASE64
Item1
Item2
Item3
iItem1
iItem2
iItem3
Listfe
get_UserName
set_UserName
get_URL
set_URL
get_Browser
set_Browser
System.Security.Cryptography
vl_INJECTED
LLKHF_ALTDOWN
LLKHF_UP
nCode
wParam
lParam
vkCode
scanCode
flags
dwExtraInfo
LLKHF_EXTENDED
LLKHFokEx
add_KeyDown
remove_KeyDown
add_KeyUp
remove_KeyUp
User32.dll
CallNextHookEx
UnhookWindowsHo
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
SetWindowsHookExe
EndInvoke
DelegateAsyncResult
Invoke
WH_KEYBOARD_LL
HC_ACTIONoke
IAsyncResult
AsyncCallback
sender
DelegateCallback
DelegateAsyncStatsage
Finalize
MulticastDelegate
TargetObject
TargetMethod
BeginInvm
ssage
add_Changed
remove_Changed
WndProc
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
sword
iterations
Rijndael
HmacAlgorithm
sSalt
IterationCount
algorithm
pascts
set_objects
get_Data
set_Data
GetAsnString
Lenght
objects
_Lenght
_objects
_Data
get_Type
set_Type
get_Lenght
set_Lenght
get_obje
Integer
BitString
OctetString
ObjectIdentifier
Asn1DerObject
_Types
Asn1Der
Parse
dataToParse
Sequenceeys
KeyValuePair`2
get_Version
set_Version
get_Keys
set_Keys
FileName
CyberFox
KMeleon
IceCat
PaleMoon
IceDragon
WaterFox
_Version
Mozilla
Postbox
Thunderbird
SeaMonkey
Flock
BlackHawkya
Dictionary`2
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
stable_name
root_num
sql_statement
GetVolumeInformationA
baseName
row_id
content
item_type
item_name
lbhemaElementId
jbxSid
LastModified
dwFlags
dwPropertiesCount
pPropertyElements
SchdlyName
pResourceElement
pIdentityElement
pAuthenticatorElement
pPackageenticator
PackageSid
AppStart
AppEnd
SchemaId
pszCredentialFrienamp
ProtectedArray
Attribute
Illegal
Resource
Identity
Autholean
Short
UnsignedShort
UnsignedInt
Double
String
ByteArray
TimeStwdh
Undefined
VaultEnumerateItems
VaultGetItem
VaultCloseVault
VaultFree
VaultEnumerateVaults
VaultOpenVault
vaultcli.dll
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
8~goA
2Q2?s
GPFkkgh kaF}
!GwVXmX
wNk+O
ZH/En
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
BCryptGetProperty
BCryptSetProperty
qecider
bcrypt.dll
BCryptCloseAlgorithmProvider
qaeH_MODE_INFO_VERSION
STATUS_AUTH_TAG_MISMATCH
BCryptOpenAlgorithmProv
MS_PRIMITIVE_PROVIDER
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
BCRYPT_INIT_AUTAG_LENGTH
BCRYPT_CHAINING_MODE
BCRYPT_KEY_DATA_BLOB
BCRYPT_AES_ALGORITHMDATA_BLOB_MAGIC
BCRYPT_OBJECT_LENGTH
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AUTH_TComment
ERROR_SUCCESS
BCRYPT_PAD_PSS
BCRYPT_PAD_OAEP
BCRYPT_KEY_Size
CompressedSize
HeaderOffset
FileOffset
HeaderSize
Crc32
ModifyTime
Store
Deflate
Method
FilenameInZip
FileTime
bhzfgd
DateodeUTF8
ForceDeflating
ZipFileStream
FileAccess
RegCloseKey
RegQueryValueEx
ReleaseHandle
RegOpenKeyEx
Advapi32
SafeHandle
System.Runtime.InteropServices
get_IsInvalidm
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mpilerGeneratedAttribute
AccessedThroughPropertyAttribute
STAThreadAttri
MyGroupCollectionAttribute
ComVisibleAttribute
ThreadStaticAttribute
CoBasic.CompilerServices
HelpKeywordAttribute
System.ComponentModel.Designnostics
HideModuleNameAttribute
StandardModuleAttribute
Microsoft.VisualodeAttribute
System.CodeDom.Compiler
DebuggerHiddenAttribute
System.DiagBrowsableAttribute
System.ComponentModel
EditorBrowsableState
GeneratedCe
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
EditorGGObGKbdsYRHxUrbbFxyvzVXChuBZ
GuidAttribute
RuntimeCompatibilityAttributgcd
WBGGNWCbel
Dispose
dwMinLength
dwMaxLength
dwIncrement
pbLabel
cbLathData
cbAuthData
pbTag
cbTag
pbMacContext
cbMacContext
cbAAD
cbData
pszAlgId
cbSalt
IDisposable
dwInfoVersion
pbNonce
cbNonce
pbAuqsh
BCryptDecrypt
BCryptDestroyKey
BCryptEncrypt
BCryptImportKey
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ileName
ProjectData
SetProjectError
ClearProjectError
Delete
SetAttle
GetFullPath
GetProcesses
get_MainModule
ProcessModule
get_F_Interval
Start
Operators
CompareString
CreateDirectory
DirectoryInfo
FiomputerName
get_Location
ElapsedEventHandler
add_Elapsed
set_Enabled
GetEnvironmentVariable
Concat
Directory
Exists
SystemInformation
get_Cing
Sleep
Timer
Process
Exception
RegistryKey
Microsoft.Win32
EnvironmenRuntimeTypeHandle
ToString
Activator
CreateInstance
Thread
System.Threadngth
Write
GetObjectValue
Equals
GetHashCode
GetTypeFromHandle
reateDecryptor
ICryptoTransform
TransformFinalBlock
ReadByte
get_Ley
Encoding
get_UTF8
GetString
Create
SymmetricAlgorithm
set_Key
set_IV
C.Reflection
GetExecutingAssembly
GetCallingAssembly
Buffer
BlockCop
RuntimeHelpers
InitializeArray
Array
RuntimeFieldHandle
Assembly
System.Runtime.ConstrainedExecution
Consistency
ParamArrayAttribute
UInt32odeSecurityAttribute
System.Security
ReliabilityContractAttribute
SystemeExceptionsAttribute
System.Runtime.ExceptionServices
SuppressUnmanagedCm
FlagsAttribute
DefaultValueAttribute
HandleProcessCorruptedStat
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
NetworkCredential
set_Credentials
ICredentials
set_Method
GetBytes
ToLoleteValue
FtpWebRequest
WebRequest
Int32
NewLateBinding
LateGet
LateCallAppendAllText
ServerComputer
get_Info
ConcatenateObject
Contains
DeizeOf
get_TickCount
Monitor
Enter
EscapeDataString
ReadAllText
get_Param
FromImage
Image
CopyFromScreen
set_Position
Marshal
Point
get_Screen
Screen
get_Bounds
get_Width
get_Height
Quality
get_J
Graphics
Encoder
EncoderParameter
EncoderParameters
Bitmap
Rectangtem.Text.RegularExpressions
Split
ToArray
ToBase64String
Replace
get_NowessesByName
GetImageEncoders
get_FormatID
get_Guid
op_Equality
Regex
Convert
ToDouble
Round
GetCurrentProcess
get_ProcessName
get_Id
GetProctPropertyValue
get_Current
get_TotalPhysicalMemory
UInt64
Conversion
Valerator
get_OSFullName
GetEnumerator
MoveNext
ManagementBaseObject
Geearcher
ManagementObject
ManagementObjectCollection
ManagementObjectEnumetTempPath
DownloadFile
ComputerInfo
System.Management
ManagementObjectSe
Conversions
ToBoolean
ToInteger
Application
WebClient
System.Net
butes
FileAttributes
Registry
CurrentUser
OpenSubKey
SetValue
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
utomaticRedirections
set_UserAgent
GetResponse
GetResponseStream
ReadToECredentials
set_KeepAlive
set_Timeout
set_AllowAutoRedirect
set_MaximumAer
set_SecurityProtocol
SecurityProtocolType
CredentialCache
get_DefaultttpWebRequest
WebResponse
StreamReader
set_ContentType
ServicePointManagnd
set_Subject
get_ExecutablePath
get_Millisecond
Substring
StartsWith
set_Port
set_UseDefaultCredentials
ICredentialsByHost
set_EnableSsl
SetCollection
Collection`1
System.Collections.ObjectModel
set_Body
set_HosContentDisposition
set_FileName
set_IsBodyHtml
get_Attachments
AttachmenntentType
System.Net.Mime
set_MediaType
set_Name
get_ContentDisposition
Clear
SmtpClient
System.Net.Mail
MailAddress
MailMessage
Attachment
AddRange
IEnumerable`1
Interaction
Environ
AppendLine
ThreadStarCollections
Enumerator
GetFolderPath
SpecialFolder
Combine
IEnumerabideObject
MultiplyObject
CompareObjectLess
NotObject
IEnumerator
System.ateIndexGet
ModObject
SubtractObject
ConditionalCompareObjectGreater
DiveProvider
ICollection`1
get_Count
get_Item
set_Item
ToGenericParameter
set_ContentLength
GetRequestStream
LateSetComplex
RNGCryptoServic
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ompareObjectGreaterEqual
ConditionalCompareObjectNotEqual
ContainsKey
ToectionScope
FieldInfo
get_OSVersion
OperatingSystem
Version
ConditionalC
IsNullOrEmpty
RegexOptions
get_Success
ProtectedData
Unprotect
DataProtpertyData
GetObject
Append
GetParent
get_Parent
get_FullName
get_DefaultgementClass
Empty
GetInstances
get_Properties
PropertyDataCollection
get_Groups
GroupCollection
Group
Capture
get_Value
GetDirectories
KeyCollection
GetDirectoryName
GetFileName
Match
Matches
MatchCollectioe
GetModules
Module
GetHINSTANCE
ToInt32
op_Inequality
GetRandomFileNamems
CreateHandle
get_Msg
get_WParam
get_LParam
GetType
PtrToStructur
PaddingMode
CreateEncryptor
FromBase64String
Delegate
Remove
CreateParaTripleDESCryptoServiceProvider
TripleDES
set_Mode
CipherMode
set_PaddingToUpper
UTF8Encoding
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Keyboard
get_CtrlKeyDown
get_AltKeyDown
get_CapsLock
get_ShiftKeyDown
acity
FileVersionInfo
GetVersionInfo
get_ProductName
ToLower
get_Keyboares
GetText
EndsWith
GetProcessById
get_Handle
IntPtr
op_Explicit
get_Capm
Flush
get_Clipboard
ClipboardProxy
Microsoft.VisualBasic.MyServic
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Reverse
AppendFormat
get_HashSize
IsLittleEndian
get_Key
get_IV
CulturStringComparison
BinaryReader
OpenRead
get_BaseStream
get_ASCII
TridirectStandardOutput
set_UseShellExecute
WaitForExit
get_StandardOutput
get_StartInfo
ProcessStartInfo
set_Arguments
set_CreateNoWindow
set_Recoder
GetCharCount
GetChars
BitConverter
ToInt16
ReadLine
get_EndOfStreae
FileShare
ConditionalCompareObjectEqual
Floor
Initialize
Decoder
GetDe
XorObject
ToChar
Random
ConditionalCompareObjectLess
FileStream
FileModUBound
FileSystem
FileAttribute
StringSplitOptions
ReadAllBytesect
UnescapeDataString
Format
get_Chars
IndexOf
ToCharArray
Information
ChildNodes
get_ItemOf
XmlElement
get_InnerText
get_Unicode
Resize
AddObje
MidStmtStr
ToByte
System.Xml
XmlDocument
XmlNodeList
XmlNode
get_tes
LateSet
Escape
Strings
CompareMethod
InStr
StringTypction
ReadAllLines
get_Values
RijndaelManaged
ChangeType
Rfc2898DeriveByearchOption
GetSubKeyNames
TrimEnd
get_Registry
RegistryProxy
ValueColleIntPtr
SecurityIdentifier
System.Security.Principal
ReadInt32
GetFiles
GetField
GetValue
get_Size
PtrToStringUni
ReadInt16
Int16
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
CryptographicException
get_Minute
get_Hour
get_Day
get_Month
get_Year
AllocHGlobal
FreeHGleek
DeflateStream
System.IO.Compression
CompressionMode
SetLength
get_SeetLastWriteTime
DirectorySeparatorChar
LastIndexOf
get_Position
get_CanSObject
get_FileSystem
FileSystemProxy
handle
InvalidOperationException
CopyArray
ToULong
Int64
CompareTo
LTrim
CreateProjectError
CreateOne
Compare
Subtract
Multiply
ToUInt64
get_BigEndianUnicode
ToUInt16
Utiqual
AndObject
CompareObjectEqual
CompareObjectGreater
OrObject
Decimal
Provider
SHA1CryptoServiceProvider
HMACSHA1
HMACSHA256
CompareObjectNotEm
System.Globalization
get_InvariantCulture
NumberStyles
IFormat
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
MCjc-m
eBt!c6
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ClipboardHook
kbHook
es.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instancelication
My.User
My.WebServices
4System.Web.Servic
MyTemplate
14.0.0.0
My.Computer
My.App-a71a-4a25-b83e-8520d307e687
WrapNonExceptionThrows
$18fdf0ab
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
mscoree.dll
_CorExeMain
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
sm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="fasecurity>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:aon.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<tVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplicatilone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifess
<?xml version="1.0" encoding="UTF-8" standao
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ROTAREFILE
DISPAREA
NUMEFILADISPARUTA
Disabled permanently!
</assembly>
</requestedPrivileges>
</security>
</trustInfo
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
.ICXg
r.(^Y
4tW#M
P4J~]
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ejkm4
#c^8|
.4;Iw
(F<+E0
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
p_l T
r}0FpWe
bHnR(
>"Oh9=
=CxP/la=
;"U3o
_nP'G
Dr}( u
",FB&
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
J 6F!
WUDr6
;yPF:O
-p8e=
cizge
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
&EM+*
-7lE
EVd9y
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
o)t.7
)S$n6
mca"L
xl%_vl
es!5:}
A09H(a
L,+tL
3l{QM
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Jn}[)+e
<cjeG}G
*8nCr
"\c.I;
)a,)5+m
|h_F;,5
GIC+{)
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
K'P R9H
8s"}{>S
7?Ef<iw
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
8Et<
g`;SV
;\E'L#
rH63B]
zWx7{
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
>(91c
5.q$;
EyKs$
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
v}>;*
MQwe\h
oO3|(C
i 1R>
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
.Z:-Co
"C/8 h
Q1u.k
0F7^V
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
B>NQO
qC7Jf
=mN1f
3F]9:
9d+;8FIt
Hq\W<
W,y,u
6NhAI
YTwu<9
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
*jiLz
nW8{o
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IbWC<c
x>MfSi
,<+=]k7FG?
8!<c<
u"'8[
VxC&^
Y^unO
eXKDj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
t8(7B
v=t,S
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Lo\;`nbz
~iAD1
78)eYn
Tm2#U
h}T`)
sJKoZ=;
O:Gg,a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
"$_Shl
->?7l
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
LyL'x
'4y)y
lPJz^
yb6L(
5gl'I6+
5aGo;
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
7CDZ2
zO=YH
hB<[E
jHRI:{
)NN3NZbAEmr
fg%u0
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
_1QxnLN
_+8H Ro
_&hw*
HpJ%|zJ
y><q\c
X?([z
wz 8F
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
ItzqV
DMZ,6
ht r*
PE,J.^c
8hY\H
W&QYhbX3n
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
S_(q['
`1fe>.
W914k-
dkX<{
6*D[C
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
t`\^Y
;Us?O
?prYw
nVLlZ
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
)uz\r3
_xWf[
PtIE]
O${FJ
~?PAJLC\
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
0Z%*0
}W^+f
Qga/+
t?6H9!4
uu6Dt
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
1(jNnC
bW`xm,
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
]Jh'G
]*IOD
ZB.#X
G$KDS
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
4zpCl
o&=dI
a62?`
'[@q
cZ#yZ/
.(gf/,l}v
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
f|N#=
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
n')Km
k{[EH9|
@$&te
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
7P&SZ ^wD
enP-Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
9"CZ
dna8C
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
m{J|P
u~C/)0'
,5:z<
oI%vO
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
k&8a%
ZG5Z 7
_bj?-
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
R (a8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z U5fna8
[f$8
Sq_i
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
6Z lD~Va8k
=eNZ N
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
t/Z ^
9 a8
m=u'Z
V!jD8^
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
|@a82
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
lPl8t
;Z B%w
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z ^#W
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
>Oa8e
D5Ea%
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z U-X%a8
eV(Z
4&Z w
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
72Mls
@-(OE
uz?,}q
>y:%PN
MlMhg
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Q/vZ
Ja8c
y4Z kT
G&Z V
=Z bO
v`gZ
Z 4d"Ya8V
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Aoa8+
Z ~!Fwa8^
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
:7 2
%7a8%
40a8b
V(Z 5
3Z 1AY
$ya8|
Z "-!
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
L\Y8Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Tv3a8`
dZ 2js
dd1Z
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z *QDxa8c
PxZ hx
2<l85
Z 6&0;a8
^!Z qe;
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
7Z a#
wZdfa%
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
1Z fX
Z SV8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z /R%
_bha8)
-,Z gd]
Z VDb
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
SbwUD
#MV}d
PraS6~
eU'frn
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z `ma6a8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
j#Ia8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
c) a8
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z ?sO
P*Ja8
{_6a8z
a8U^Z
!Z i|
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
S"Ja8
yZ 9.3wa8
]uZ z
nRa8|
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
Z 1EZ
ruVa%
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
P"+Z Z
Z )^`ca8
>`'Z
v4.0.30319
#Strings
#GUID
#Blob
2D6D710CE1EABC78A8010BBD07C580F1D0400B98315C8F9AD80DAD80A3F039D1
IEnumerable`1
UInt32
0A297A395B6A12F3145500F5AF17442764D286A5F800F4F750082B8DC3D092D4
get_UTF8
<Module>
System.IO
mscorlib
System.Collections.Generic
connectionId
get_CurrentThread
get_IsAttached
Synchronized
UriKind
set_IsBackground
GetMethod
CreateInstance
Invoke
Enumerable
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
get_Name
get_FullName
ValueType
GetElementType
System.Core
MethodBase
ApplicationSettingsBase
EditorBrowsableState
Write
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
SuppressIldasmAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
ThemeInfoAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ReadByte
get_IsAlive
add_AssemblyResolve
System.Threading
Encoding
IsLogging
System.Runtime.Versioning
ToString
GetString
System.Drawing
get_Length
PresentationFramework
System.ComponentModel
System.Xaml
UserControl
MemoryStream
System
uKsFVQUoHBOfpqIHMpuJHjQRyZAn
AppDomain
get_CurrentDomain
Application
ResourceDictionaryLocation
System.Configuration
System.Globalization
System.Reflection
InvalidCastException
Intern
MethodInfo
CultureInfo
Bitmap
Sleep
System.Windows.Markup
System.Linq
Buffer
ResourceManager
Debugger
ResolveEventHandler
System.CodeDom.Compiler
.ctor
.cctor
IComponentConnector
System.Diagnostics
GetMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
_Rm4 Ii\&0 qlaS\[?er7\,-<IG!.resources
pasta.g.resources
b0c89792a165edefe25e2b1380e0ddbc.Resources.resources
DebuggingModes
GetTypes
ResolveEventArgs
Equals
System.Windows.Controls
RuntimeHelpers
System.Windows
Concat
GetObject
System.Windows.Markup.IComponentConnector.Connect
target
Default
MessageBoxResult
Environment
LoadComponent
InitializeComponent
ParameterizedThreadStart
FailFast
System.Text
Window
MessageBox
InitializeArray
ToArray
get_Assembly
BlockCopy
op_Equality
op_Inequality
Mn8|9~tJFm4(!Sy
Copyright
2016 - 2019
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6)
$afe37630-dd56-4023-b014-1288e53960a8
6.10.13.16
s|6C9zF^Z8(p7mM+
WrapNonExceptionThrows
Zy3/w&S9R5+rj$M8Pz
z(6P$5TaoD/9!
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
-->
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
-->
</assembly>
_VEnSI
N_IjFO
nsl}ti
000Pb0
anyjam
1.L.0
Leg}lC
nalbil
1.0J0.
1.0J0.
a52p8b
5-1F0c
4e1o-9
9d-sb7
d56sce
456E89
BCDSFG
JKL[NP
RSTcVW
YZapcd
fghwjk
RSI]N_
arFwle
Trons
ati}n
rinuFi
eInto
Com{en
Com~an
pti}n
lelsa
erswon
1.>.0
ter|al
ea.sxe
lCo~yr
yriuht
@02
marys
igi|al
ile|am
lezea
Proruc
Pr}du
sse{bl
06e770407aef7d6a54ae7bbc013b1144
f04f220acc6e01f91749f151fca8dfb10
f04f220acc6e01f91749f151fca8dfb11
f04f220acc6e01f91749f151fca8dfb110
f04f220acc6e01f91749f151fca8dfb1100
f04f220acc6e01f91749f151fca8dfb1101
f04f220acc6e01f91749f151fca8dfb1102
f04f220acc6e01f91749f151fca8dfb1103
f04f220acc6e01f91749f151fca8dfb1104
f04f220acc6e01f91749f151fca8dfb1105
f04f220acc6e01f91749f151fca8dfb1106
f04f220acc6e01f91749f151fca8dfb1107
f04f220acc6e01f91749f151fca8dfb1108
f04f220acc6e01f91749f151fca8dfb1109
f04f220acc6e01f91749f151fca8dfb111
f04f220acc6e01f91749f151fca8dfb1110
f04f220acc6e01f91749f151fca8dfb1111
f04f220acc6e01f91749f151fca8dfb1112
f04f220acc6e01f91749f151fca8dfb1113
f04f220acc6e01f91749f151fca8dfb1114
f04f220acc6e01f91749f151fca8dfb1115
f04f220acc6e01f91749f151fca8dfb1116
f04f220acc6e01f91749f151fca8dfb1117
f04f220acc6e01f91749f151fca8dfb1118
f04f220acc6e01f91749f151fca8dfb1119
f04f220acc6e01f91749f151fca8dfb112
f04f220acc6e01f91749f151fca8dfb1120
f04f220acc6e01f91749f151fca8dfb1121
f04f220acc6e01f91749f151fca8dfb1122
f04f220acc6e01f91749f151fca8dfb1123
f04f220acc6e01f91749f151fca8dfb1124
f04f220acc6e01f91749f151fca8dfb1125
f04f220acc6e01f91749f151fca8dfb1126
f04f220acc6e01f91749f151fca8dfb1127
f04f220acc6e01f91749f151fca8dfb1128
f04f220acc6e01f91749f151fca8dfb1129
f04f220acc6e01f91749f151fca8dfb113
f04f220acc6e01f91749f151fca8dfb1130
f04f220acc6e01f91749f151fca8dfb1131
f04f220acc6e01f91749f151fca8dfb1132
f04f220acc6e01f91749f151fca8dfb1133
f04f220acc6e01f91749f151fca8dfb1134
f04f220acc6e01f91749f151fca8dfb1135
f04f220acc6e01f91749f151fca8dfb1136
f04f220acc6e01f91749f151fca8dfb1137
f04f220acc6e01f91749f151fca8dfb1138
f04f220acc6e01f91749f151fca8dfb1139
f04f220acc6e01f91749f151fca8dfb114
f04f220acc6e01f91749f151fca8dfb1140
f04f220acc6e01f91749f151fca8dfb1141
f04f220acc6e01f91749f151fca8dfb1142
f04f220acc6e01f91749f151fca8dfb1143
f04f220acc6e01f91749f151fca8dfb1144
f04f220acc6e01f91749f151fca8dfb1145
f04f220acc6e01f91749f151fca8dfb1146
f04f220acc6e01f91749f151fca8dfb1147
f04f220acc6e01f91749f151fca8dfb1148
f04f220acc6e01f91749f151fca8dfb1149
f04f220acc6e01f91749f151fca8dfb115
f04f220acc6e01f91749f151fca8dfb1150
f04f220acc6e01f91749f151fca8dfb1151
f04f220acc6e01f91749f151fca8dfb1152
f04f220acc6e01f91749f151fca8dfb1153
f04f220acc6e01f91749f151fca8dfb1154
f04f220acc6e01f91749f151fca8dfb1155
f04f220acc6e01f91749f151fca8dfb1156
f04f220acc6e01f91749f151fca8dfb1157
f04f220acc6e01f91749f151fca8dfb1158
f04f220acc6e01f91749f151fca8dfb1159
f04f220acc6e01f91749f151fca8dfb116
f04f220acc6e01f91749f151fca8dfb1160
f04f220acc6e01f91749f151fca8dfb1161
f04f220acc6e01f91749f151fca8dfb1162
f04f220acc6e01f91749f151fca8dfb1163
f04f220acc6e01f91749f151fca8dfb1164
f04f220acc6e01f91749f151fca8dfb1165
f04f220acc6e01f91749f151fca8dfb1166
f04f220acc6e01f91749f151fca8dfb1167
f04f220acc6e01f91749f151fca8dfb1168
f04f220acc6e01f91749f151fca8dfb1169
f04f220acc6e01f91749f151fca8dfb117
f04f220acc6e01f91749f151fca8dfb1170
f04f220acc6e01f91749f151fca8dfb1171
f04f220acc6e01f91749f151fca8dfb1172
f04f220acc6e01f91749f151fca8dfb1173
f04f220acc6e01f91749f151fca8dfb1174
f04f220acc6e01f91749f151fca8dfb1175
f04f220acc6e01f91749f151fca8dfb1176
f04f220acc6e01f91749f151fca8dfb1177
f04f220acc6e01f91749f151fca8dfb1178
f04f220acc6e01f91749f151fca8dfb1179
f04f220acc6e01f91749f151fca8dfb118
f04f220acc6e01f91749f151fca8dfb1180
f04f220acc6e01f91749f151fca8dfb1181
f04f220acc6e01f91749f151fca8dfb1182
f04f220acc6e01f91749f151fca8dfb1183
f04f220acc6e01f91749f151fca8dfb1184
f04f220acc6e01f91749f151fca8dfb1185
f04f220acc6e01f91749f151fca8dfb1186
f04f220acc6e01f91749f151fca8dfb1187
f04f220acc6e01f91749f151fca8dfb1188
f04f220acc6e01f91749f151fca8dfb1189
f04f220acc6e01f91749f151fca8dfb119
f04f220acc6e01f91749f151fca8dfb1190
f04f220acc6e01f91749f151fca8dfb1191
f04f220acc6e01f91749f151fca8dfb1192
f04f220acc6e01f91749f151fca8dfb1193
f04f220acc6e01f91749f151fca8dfb1194
f04f220acc6e01f91749f151fca8dfb1195
f04f220acc6e01f91749f151fca8dfb1196
f04f220acc6e01f91749f151fca8dfb1197
f04f220acc6e01f91749f151fca8dfb1198
f04f220acc6e01f91749f151fca8dfb1199
f04f220acc6e01f91749f151fca8dfb12
f04f220acc6e01f91749f151fca8dfb120
f04f220acc6e01f91749f151fca8dfb1200
f04f220acc6e01f91749f151fca8dfb1201
f04f220acc6e01f91749f151fca8dfb1202
f04f220acc6e01f91749f151fca8dfb1203
f04f220acc6e01f91749f151fca8dfb1204
f04f220acc6e01f91749f151fca8dfb1205
f04f220acc6e01f91749f151fca8dfb1206
f04f220acc6e01f91749f151fca8dfb1207
f04f220acc6e01f91749f151fca8dfb1208
f04f220acc6e01f91749f151fca8dfb1209
f04f220acc6e01f91749f151fca8dfb121
f04f220acc6e01f91749f151fca8dfb1210
f04f220acc6e01f91749f151fca8dfb1211
f04f220acc6e01f91749f151fca8dfb1212
f04f220acc6e01f91749f151fca8dfb1213
f04f220acc6e01f91749f151fca8dfb1214
f04f220acc6e01f91749f151fca8dfb1215
f04f220acc6e01f91749f151fca8dfb1216
f04f220acc6e01f91749f151fca8dfb1217
f04f220acc6e01f91749f151fca8dfb1218
f04f220acc6e01f91749f151fca8dfb1219
f04f220acc6e01f91749f151fca8dfb122
f04f220acc6e01f91749f151fca8dfb1220
f04f220acc6e01f91749f151fca8dfb1221
f04f220acc6e01f91749f151fca8dfb1222
f04f220acc6e01f91749f151fca8dfb1223
f04f220acc6e01f91749f151fca8dfb1224
f04f220acc6e01f91749f151fca8dfb1225
f04f220acc6e01f91749f151fca8dfb1226
f04f220acc6e01f91749f151fca8dfb1227
f04f220acc6e01f91749f151fca8dfb1228
f04f220acc6e01f91749f151fca8dfb1229
f04f220acc6e01f91749f151fca8dfb123
f04f220acc6e01f91749f151fca8dfb1230
f04f220acc6e01f91749f151fca8dfb1231
f04f220acc6e01f91749f151fca8dfb1232
f04f220acc6e01f91749f151fca8dfb1233
f04f220acc6e01f91749f151fca8dfb1234
f04f220acc6e01f91749f151fca8dfb1235
f04f220acc6e01f91749f151fca8dfb1236
f04f220acc6e01f91749f151fca8dfb1237
f04f220acc6e01f91749f151fca8dfb1238
f04f220acc6e01f91749f151fca8dfb1239
f04f220acc6e01f91749f151fca8dfb124
f04f220acc6e01f91749f151fca8dfb1240
f04f220acc6e01f91749f151fca8dfb1241
f04f220acc6e01f91749f151fca8dfb1242
f04f220acc6e01f91749f151fca8dfb1243
f04f220acc6e01f91749f151fca8dfb1244
f04f220acc6e01f91749f151fca8dfb1245
f04f220acc6e01f91749f151fca8dfb1246
f04f220acc6e01f91749f151fca8dfb1247
f04f220acc6e01f91749f151fca8dfb125
f04f220acc6e01f91749f151fca8dfb126
f04f220acc6e01f91749f151fca8dfb127
f04f220acc6e01f91749f151fca8dfb128
f04f220acc6e01f91749f151fca8dfb129
f04f220acc6e01f91749f151fca8dfb13
f04f220acc6e01f91749f151fca8dfb130
f04f220acc6e01f91749f151fca8dfb131
f04f220acc6e01f91749f151fca8dfb132
f04f220acc6e01f91749f151fca8dfb133
f04f220acc6e01f91749f151fca8dfb134
f04f220acc6e01f91749f151fca8dfb135
f04f220acc6e01f91749f151fca8dfb136
f04f220acc6e01f91749f151fca8dfb137
f04f220acc6e01f91749f151fca8dfb138
f04f220acc6e01f91749f151fca8dfb139
f04f220acc6e01f91749f151fca8dfb14
f04f220acc6e01f91749f151fca8dfb140
f04f220acc6e01f91749f151fca8dfb141
f04f220acc6e01f91749f151fca8dfb142
f04f220acc6e01f91749f151fca8dfb143
f04f220acc6e01f91749f151fca8dfb144
f04f220acc6e01f91749f151fca8dfb145
f04f220acc6e01f91749f151fca8dfb146
f04f220acc6e01f91749f151fca8dfb147
f04f220acc6e01f91749f151fca8dfb148
f04f220acc6e01f91749f151fca8dfb149
f04f220acc6e01f91749f151fca8dfb15
f04f220acc6e01f91749f151fca8dfb150
f04f220acc6e01f91749f151fca8dfb151
f04f220acc6e01f91749f151fca8dfb152
f04f220acc6e01f91749f151fca8dfb153
f04f220acc6e01f91749f151fca8dfb154
f04f220acc6e01f91749f151fca8dfb155
f04f220acc6e01f91749f151fca8dfb156
f04f220acc6e01f91749f151fca8dfb157
f04f220acc6e01f91749f151fca8dfb158
f04f220acc6e01f91749f151fca8dfb159
f04f220acc6e01f91749f151fca8dfb16
f04f220acc6e01f91749f151fca8dfb160
f04f220acc6e01f91749f151fca8dfb161
f04f220acc6e01f91749f151fca8dfb162
f04f220acc6e01f91749f151fca8dfb163
f04f220acc6e01f91749f151fca8dfb164
f04f220acc6e01f91749f151fca8dfb165
f04f220acc6e01f91749f151fca8dfb166
f04f220acc6e01f91749f151fca8dfb167
f04f220acc6e01f91749f151fca8dfb168
f04f220acc6e01f91749f151fca8dfb169
f04f220acc6e01f91749f151fca8dfb17
f04f220acc6e01f91749f151fca8dfb170
f04f220acc6e01f91749f151fca8dfb171
f04f220acc6e01f91749f151fca8dfb172
f04f220acc6e01f91749f151fca8dfb173
f04f220acc6e01f91749f151fca8dfb174
f04f220acc6e01f91749f151fca8dfb175
f04f220acc6e01f91749f151fca8dfb176
f04f220acc6e01f91749f151fca8dfb177
f04f220acc6e01f91749f151fca8dfb178
f04f220acc6e01f91749f151fca8dfb179
f04f220acc6e01f91749f151fca8dfb18
f04f220acc6e01f91749f151fca8dfb180
f04f220acc6e01f91749f151fca8dfb181
f04f220acc6e01f91749f151fca8dfb182
f04f220acc6e01f91749f151fca8dfb183
f04f220acc6e01f91749f151fca8dfb184
f04f220acc6e01f91749f151fca8dfb185
f04f220acc6e01f91749f151fca8dfb186
f04f220acc6e01f91749f151fca8dfb187
f04f220acc6e01f91749f151fca8dfb188
f04f220acc6e01f91749f151fca8dfb189
f04f220acc6e01f91749f151fca8dfb19
f04f220acc6e01f91749f151fca8dfb190
f04f220acc6e01f91749f151fca8dfb191
f04f220acc6e01f91749f151fca8dfb192
f04f220acc6e01f91749f151fca8dfb193
f04f220acc6e01f91749f151fca8dfb194
f04f220acc6e01f91749f151fca8dfb195
f04f220acc6e01f91749f151fca8dfb196
f04f220acc6e01f91749f151fca8dfb197
f04f220acc6e01f91749f151fca8dfb198
f04f220acc6e01f91749f151fca8dfb199
@>BACADAEA
*&+&,&-&.&0/1/2/3/4/657585:9;:<:>=?>
"!'&(&)(
muvmpds
rrylah
00061561
Berkelet DB
00000002
1.85
Length
Unknow database format
ComputeH
Hash, version 2, native byte-orde
opqrstuvwxyz
EFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnogins
+-0123456789ABCD
0.0.0.0
oductVersion
0.0.0.0
Assembly VerGKbdsYRHxUrbbFxyvzVXChuBZ.exe
OriginalFilename
WBGGNWCGGObrbbFxyvzVXChuBZ.exe
LegalCopyrig)
InternalName
WBGGNWCGGObGKbdsYRHxUription
FileVersion
0.0.0.0
tringFileInfo
000004b0
FileDescVarFileInfo
Translation
St_INFO
VS_VERSION
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Zy3/w&S9R5+rj$M8Pz
CompanyName
z(6P$5TaoD/9!
FileDescription
s|6C9zF^Z8(p7mM+
FileVersion
6.10.13.16
InternalName
Payment receipt.exe
LegalCopyright
Copyright
2016 - 2019
OriginalFilename
Payment receipt.exe
ProductName
s|6C9zF^Z8(p7mM+
ProductVersion
6.10.13.16
Assembly Version
0.0.0.0
No antivirus signatures available.
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 1.1.1.1 [VT] Australia

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.1.2 64006 1.1.1.1 53
192.168.1.2 64006 8.8.8.8 53

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Process Name InstallUtil.exe
PID 4128
Dump Size 284672 bytes
Module Path C:\Users\Rebecca\AppData\Local\Temp\InstallUtil.exe
Type PE image: 32-bit executable
PE timestamp 2020-06-20 15:21:12
MD5 f882c4a5122de1b1798212649730735d
SHA1 db849ecc0fe0db44af6d9ba2d666381c235927ab
SHA256 5589ccee7e7cdf7d3720c5bf6df396b01bebce5439a90e0c2c4f203e11e910d6
CRC32 45DDCD5E
Ssdeep 6144:G9+eYj1eUdc8tHmOmQ9N+vTbArOhIlMsNJ4c4Bp3OPPxF:ezs1eYcUHmOmQ9N+7bsONsNJ4c4Bp+7
CAPE Yara
  • AgentTeslaV2 Payload - Author: ditekshen
Dump Filename 5589ccee7e7cdf7d3720c5bf6df396b01bebce5439a90e0c2c4f203e11e910d6
Download Download Zip
Defense Evasion Credential Access Collection Execution Privilege Escalation
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1118 - InstallUtil
    • Signature - spawns_dev_util
  • T1055 - Process Injection
    • Signature - InjectionInterProcess
  • T1127 - Trusted Developer Utilities
    • Signature - spawns_dev_util
  • T1003 - Credential Dumping
    • Signature - infostealer_browser
  • T1081 - Credentials in Files
    • Signature - infostealer_browser
  • T1005 - Data from Local System
    • Signature - infostealer_browser
  • T1129 - Execution through Module Load
    • Signature - dropper
  • T1118 - InstallUtil
    • Signature - spawns_dev_util
  • T1127 - Trusted Developer Utilities
    • Signature - spawns_dev_util
  • T1055 - Process Injection
    • Signature - InjectionInterProcess

    Processing ( 4.084 seconds )

    • 2.7 BehaviorAnalysis
    • 0.561 Static
    • 0.233 VirusTotal
    • 0.22 CAPE
    • 0.181 static_dotnet
    • 0.051 TargetInfo
    • 0.027 Deduplicate
    • 0.026 ProcDump
    • 0.02 AnalysisInfo
    • 0.018 Debug
    • 0.016 Strings
    • 0.014 Dropped
    • 0.009 NetworkAnalysis
    • 0.006 peid
    • 0.002 Suricata

    Signatures ( 2.840999999999997 seconds )

    • 0.627 antiav_detectreg
    • 0.239 infostealer_ftp
    • 0.226 territorial_disputes_sigs
    • 0.175 antianalysis_detectreg
    • 0.131 infostealer_im
    • 0.07 antivm_vbox_keys
    • 0.068 stealth_timeout
    • 0.064 api_spamming
    • 0.063 decoy_document
    • 0.049 NewtWire Behavior
    • 0.047 antivm_vmware_keys
    • 0.044 infostealer_mail
    • 0.043 masquerade_process_name
    • 0.042 antianalysis_detectfile
    • 0.039 antivm_generic_disk
    • 0.038 antivm_parallels_keys
    • 0.034 antivm_xen_keys
    • 0.031 antiav_detectfile
    • 0.03 mimics_filetime
    • 0.028 PlugX
    • 0.027 virus
    • 0.025 reads_self
    • 0.024 stealth_file
    • 0.024 antivm_generic_diskreg
    • 0.023 antivm_vpc_keys
    • 0.022 Doppelganging
    • 0.022 betabot_behavior
    • 0.022 kibex_behavior
    • 0.021 bootkit
    • 0.019 hancitor_behavior
    • 0.019 infostealer_bitcoin
    • 0.018 InjectionCreateRemoteThread
    • 0.018 antivm_hyperv_keys
    • 0.018 geodo_banking_trojan
    • 0.017 injection_createremotethread
    • 0.016 shifu_behavior
    • 0.016 ransomware_files
    • 0.014 infostealer_browser
    • 0.013 antidebug_guardpages
    • 0.013 antivm_generic_scsi
    • 0.012 antivm_xen_keys
    • 0.012 antivm_vbox_files
    • 0.012 bypass_firewall
    • 0.011 exploit_heapspray
    • 0.01 antiemu_wine_func
    • 0.01 recon_fingerprint
    • 0.009 dynamic_function_loading
    • 0.009 antivm_generic_bios
    • 0.009 antivm_generic_system
    • 0.009 predatorthethief_files
    • 0.009 qulab_files
    • 0.009 ransomware_extensions
    • 0.008 infostealer_browser_password
    • 0.008 malicious_dynamic_function_loading
    • 0.008 persistence_autorun
    • 0.007 InjectionInterProcess
    • 0.007 Unpacker
    • 0.007 exec_crash
    • 0.007 hawkeye_behavior
    • 0.007 network_tor
    • 0.007 ketrican_regkeys
    • 0.007 darkcomet_regkeys
    • 0.007 limerat_regkeys
    • 0.006 antivm_generic_services
    • 0.006 kovter_behavior
    • 0.005 antivm_vbox_libs
    • 0.005 injection_runpe
    • 0.005 kazybot_behavior
    • 0.005 blackrat_registry_keys
    • 0.005 OrcusRAT Behavior
    • 0.005 recon_programs
    • 0.005 stack_pivot
    • 0.005 antidbg_devices
    • 0.005 antivm_vmware_files
    • 0.005 remcos_regkeys
    • 0.004 InjectionProcessHollowing
    • 0.004 antiav_avast_libs
    • 0.004 antidbg_windows
    • 0.004 dyre_behavior
    • 0.004 encrypted_ioc
    • 0.004 vawtrak_behavior
    • 0.004 medusalocker_regkeys
    • 0.004 warzonerat_regkeys
    • 0.003 antisandbox_sleep
    • 0.003 exploit_getbasekerneladdress
    • 0.003 exploit_gethaldispatchtable
    • 0.003 tinba_behavior
    • 0.002 antiav_bitdefender_libs
    • 0.002 antiav_emsisoft_libs
    • 0.002 antisandbox_sunbelt_libs
    • 0.002 uac_bypass_eventvwr
    • 0.002 ipc_namedpipe
    • 0.002 rat_nanocore
    • 0.002 antivm_vbox_devices
    • 0.002 browser_security
    • 0.002 codelux_behavior
    • 0.002 disables_browser_warn
    • 0.002 packer_armadillo_regkey
    • 0.002 revil_mutexes
    • 0.002 rat_pcclient
    • 0.001 InjectionSetWindowLong
    • 0.001 antiav_bullgaurd_libs
    • 0.001 antiav_qurb_libs
    • 0.001 antiav_apioverride_libs
    • 0.001 antiav_nthookengine_libs
    • 0.001 antisandbox_sboxie_libs
    • 0.001 antivm_vmware_libs
    • 0.001 cerber_behavior
    • 0.001 lsass_credential_dumping
    • 0.001 Vidar Behavior
    • 0.001 injection_explorer
    • 0.001 office_flash_load
    • 0.001 persistence_autorun_tasks
    • 0.001 ursnif_behavior
    • 0.001 neshta_files
    • 0.001 antisandbox_threattrack_files
    • 0.001 antivm_generic_cpu
    • 0.001 antivm_vpc_files
    • 0.001 banker_cridex
    • 0.001 bot_drive
    • 0.001 modify_proxy
    • 0.001 network_tor_service
    • 0.001 nemty_regkeys
    • 0.001 dcrat_files
    • 0.001 obliquerat_files
    • 0.001 warzonerat_files
    • 0.001 remcos_files
    • 0.001 sniffer_winpcap
    • 0.001 targeted_flame

    Reporting ( 13.169 seconds )

    • 13.119 BinGraph
    • 0.05 MITRE_TTPS