API tools faq
paste
Advertisement
Guest User

Bryce's RAT Behavioral Analysis

a guest
Aug 23rd, 2017
77
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 42.64 KB | None | 0 0
raw download clone embed print report
  1. # Dropped/Edited
  2. C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.exe.config
  3. C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.exe
  4. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  5. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config
  6. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config
  7. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch
  8. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config
  9. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
  10. C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config
  11. C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch
  12. C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index12.dat
  13. C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
  14. C:\DOCUME~1
  15. C:\DOCUME~1\User
  16. C:\DOCUME~1\User\LOCALS~1
  17. C:\DOCUME~1\User\LOCALS~1\Temp
  18. C:\WINDOWS\system32\l_intl.nls
  19. C:\Documents and Settings\User
  20. C:\Documents and Settings\User\LOCALS~1
  21. C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.INI
  22. C:/DOCUME~1
  23. C:/DOCUME~1/User
  24. C:/DOCUME~1/User/LOCALS~1
  25. C:/DOCUME~1/User/LOCALS~1/Temp
  26. C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
  27. C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
  28. C:\WINDOWS\assembly\pubpol1.dat
  29. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
  30. C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
  31. C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
  32. C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
  33. C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
  34. C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
  35. C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.exe:Zone.Identifier
  36. C:\Documents and Settings\User\Local Settings\Temp
  37. PIPE\wkssvc
  38. IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  39. MountPointManager
  40. STORAGE#Volume#1&30a96598&0&Signature32B832B7Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
  41. C:\Documents and Settings
  42. C:\Documents and Settings\User\My Documents
  43. C:\Documents and Settings\User\My Documents\desktop.ini
  44. C:\Documents and Settings\All Users
  45. C:\Documents and Settings\All Users\Documents
  46. C:\Documents and Settings\All Users\Documents\desktop.ini
  47. C:\Documents and Settings\User\Desktop
  48. C:\Documents and Settings\All Users\Desktop
  49. C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
  50. C:\WINDOWS\Registration\R000000000007.clb
  51. C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.exe
  52. c:\documents and settings\user\local settings\temp\formatdahex\formatdahex.exe
  53. PIPE\lsarpc
  54. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.1592.11332415
  55. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.1592.11332415
  56. C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch.1592.11332425
  57. C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.exe.config
  58. C:\Documents and Settings\User\Local Settings
  59. C:\Documents and Settings\User\Local Settings\Temp\formatdahex
  60. C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.INI
  61. C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
  62. C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config
  63. C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.exe:Zone.Identifier
  64. C:\Documents and Settings\User\Local Settings\Temp\tmp1.tmp
  65. C:\Documents and Settings\User\Local Settings\Temp\tmp2.tmp
  66. C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
  67. C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
  68. C:\WINDOWS\symbols\dll\mscorlib.pdb
  69. C:\WINDOWS\dll\mscorlib.pdb
  70. C:\WINDOWS\mscorlib.pdb
  71. C:\Documents and Settings\User\Application Data\Imminent\Path.dat
  72. C:\Documents and Settings\User\Application Data\Imminent\Logs\05-08-2017
  73. C:\WINDOWS\system32\rsaenh.dll
  74. C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
  75. C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
  76. C:\Device\Afd\AsyncConnectHlp
  77. C:\Device\Tcp6
  78. C:\Device\Tcp
  79. C:\Device\NetBT_Tcpip_{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
  80. C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
  81. C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
  82. C:\WINDOWS\system32\WBEM\Logs\wbemprox.log
  83. C:\WINDOWS\system32\wbem\wbemdisp.TLB
  84. C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  85. C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.INI
  86. Ip6
  87. C:\WINDOWS\system32\msctfime.ime
  88. C:\WINDOWS\system32\stdole2.tlb
  89. PIPE\ROUTER
  90. C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
  91. C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb
  92. C:\WINDOWS\symbols\dll\System.pdb
  93. C:\WINDOWS\dll\System.pdb
  94. C:\WINDOWS\System.pdb
  95. Nul
  96. C:\DOCUME~1\User\LOCALS~1\Temp\ping.*
  97. C:\DOCUME~1\User\LOCALS~1\Temp\ping
  98. C:\Python27\ping.*
  99. C:\Python27\ping
  100. C:\PHP\ping.*
  101. C:\PHP\ping
  102. C:\WINDOWS\system32\ping.*
  103. C:\WINDOWS\system32\ping.COM
  104. C:\WINDOWS\system32\ping.EXE
  105. C:\Documents and Settings\User\Local Settings\Temp\tmp1.tmp.Config
  106. C:\
  107. C:\Device\Ip
  108.  
  109. # Registry
  110. HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  111. HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards
  112. HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards
  113. HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
  114. HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  115. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  116. HKEY_CURRENT_USER\Software\Microsoft\Fusion
  117. HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
  118. HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
  119. HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
  120. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
  121. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  122. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  123. HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
  124. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
  125. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index12
  126. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9
  127. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1
  128. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1
  129. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
  130. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\44e56f68\2260a30b
  131. HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  132. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  133. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1cc008fe\5eded54a
  134. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FormatDaHex.exe
  135. HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FormatDaHex.exe
  136. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FormatDaHex.exe
  137. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\Global
  138. HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
  139. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
  140. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1cc008fe\10f3896a
  141. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d608f43\d6a9d8c
  142. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232
  143. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8
  144. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6
  145. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7
  146. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8
  147. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  148. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e
  149. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748
  150. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\11
  151. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2995e574\9
  152. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\3914f670\25
  153. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\21
  154. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e
  155. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\24
  156. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\b
  157. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10
  158. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  159. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
  160. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  161. ActiveComputerName
  162. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  163. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  164. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\FormatDaHex.exe
  165. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  166. HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
  167. HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  168. HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  169. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
  170. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
  171. HKEY_CLASSES_ROOT\.exe
  172. HKEY_CLASSES_ROOT\exefile
  173. HKEY_CLASSES_ROOT\exefile\CurVer
  174. HKEY_CLASSES_ROOT\exefile\
  175. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
  176. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
  177. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  178. HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
  179. HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
  180. HKEY_CLASSES_ROOT\SystemFileAssociations\application
  181. HKEY_CLASSES_ROOT\exefile\\Clsid
  182. HKEY_CLASSES_ROOT\*
  183. HKEY_CLASSES_ROOT\*\Clsid
  184. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  185. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
  186. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
  187. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
  188. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
  189. HKEY_CLASSES_ROOT\Directory
  190. HKEY_CLASSES_ROOT\Directory\CurVer
  191. HKEY_CLASSES_ROOT\Directory\
  192. HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
  193. HKEY_CLASSES_ROOT\Directory\\Clsid
  194. HKEY_CLASSES_ROOT\Folder
  195. HKEY_CLASSES_ROOT\Folder\Clsid
  196. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  197. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  198. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
  199. HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
  200. HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32
  201. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  202. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
  203. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  204. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  205. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
  206. HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
  207. HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
  208. HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
  209. HKEY_LOCAL_MACHINE\Software\Classes
  210. \REGISTRY\USER
  211. HKEY_LOCAL_MACHINE\Software\Classes\CLSID
  212. CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
  213. CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
  214. \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
  215. \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32
  216. \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86
  217. \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32
  218. \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32
  219. \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86
  220. \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer
  221. HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
  222. HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
  223. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
  224. HKEY_CLASSES_ROOT\exefile\\shell
  225. HKEY_CLASSES_ROOT\exefile\\shell\open
  226. HKEY_CLASSES_ROOT\exefile\\
  227. HKEY_CLASSES_ROOT\exefile\\\shell
  228. CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
  229. CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
  230. \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
  231. \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32
  232. \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86
  233. \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32
  234. \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32
  235. \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86
  236. \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer
  237. HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
  238. HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
  239. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove
  240. HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove
  241. HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove
  242. HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData
  243. HKEY_CURRENT_USER\SOFTWARE\Groove.OldData
  244. HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot
  245. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove
  246. CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
  247. CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
  248. \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
  249. \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32
  250. \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86
  251. \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32
  252. \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32
  253. \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86
  254. \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer
  255. HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
  256. HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
  257. CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
  258. CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
  259. \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
  260. \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
  261. \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
  262. \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
  263. \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
  264. \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
  265. \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
  266. HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
  267. HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
  268. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  269. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  270. HKEY_CLASSES_ROOT\.ade
  271. HKEY_CLASSES_ROOT\.adp
  272. HKEY_CLASSES_ROOT\.app
  273. HKEY_CLASSES_ROOT\.asp
  274. HKEY_CLASSES_ROOT\.bas
  275. HKEY_CLASSES_ROOT\.bat
  276. HKEY_CLASSES_ROOT\.cer
  277. HKEY_CLASSES_ROOT\.chm
  278. HKEY_CLASSES_ROOT\.cmd
  279. HKEY_CLASSES_ROOT\.com
  280. HKEY_CLASSES_ROOT\.cpl
  281. HKEY_CLASSES_ROOT\.crt
  282. HKEY_CLASSES_ROOT\.csh
  283. CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  284. CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  285. \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  286. \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
  287. \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
  288. \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
  289. \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
  290. \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
  291. \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
  292. HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
  293. HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
  294. HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
  295. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  296. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  297. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
  298. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
  299. HKEY_LOCAL_MACHINE\System\Setup
  300. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  301. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
  302. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
  303. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
  304. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
  305. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
  306. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  307. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
  308. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  309. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  310. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  311. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  312. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  313. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
  314. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  315. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  316. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
  317. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  318. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  319. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
  320. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  321. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  322. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
  323. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  324. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  325. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
  326. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  327. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  328. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  329. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  330. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  331. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  332. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  333. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  334. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  335. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  336. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  337. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  338. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  339. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  340. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  341. HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
  342. HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
  343. HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
  344. HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
  345. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
  346. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  347. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  348. HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
  349. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
  350. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
  351. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
  352. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
  353. HKEY_CLASSES_ROOT\exefile\\shell\open\command
  354. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
  355. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\formatdahex.exe
  356. HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
  357. HKEY_CLASSES_ROOT\Applications\formatdahex.exe
  358. HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
  359. HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
  360. HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
  361. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
  362. HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
  363. HKEY_CLASSES_ROOT\AppID\FormatDaHex.exe
  364. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
  365. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\C:|Documents and Settings|User|Local Settings|Temp|formatdahex|formatdahex.exe
  366. HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|User|Local Settings|Temp|formatdahex|formatdahex.exe
  367. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|User|Local Settings|Temp|formatdahex|formatdahex.exe
  368. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\18
  369. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\19057a88\23
  370. HKEY_CLASSES_ROOT\AppID\formatdahex.exe
  371. HKEY_CURRENT_USER\SOFTWARE\Clients
  372. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1b06fe54\14bfca77
  373. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e9bcc1\2cea91a5
  374. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7cdb1e21\7716b2c4
  375. HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
  376. HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
  377. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  378. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  379. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7454be22\38c284a5
  380. HKEY_CURRENT_USER\Control Panel\International
  381. HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
  382. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  383. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
  384. HKEY_CLASSES_ROOT\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32
  385. CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
  386. CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs
  387. \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
  388. \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32
  389. \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServerX86
  390. \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\LocalServer32
  391. \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandler32
  392. \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandlerX86
  393. \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\LocalServer
  394. HKEY_CLASSES_ROOT\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
  395. HKEY_CLASSES_ROOT\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs
  396. HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum
  397. CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
  398. CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs
  399. \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
  400. \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32
  401. \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServerX86
  402. \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\LocalServer32
  403. \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandler32
  404. \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandlerX86
  405. \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\LocalServer
  406. HKEY_CLASSES_ROOT\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
  407. HKEY_CLASSES_ROOT\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs
  408. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses
  409. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}
  410. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#PCI#VEN_8086&DEV_2415&SUBSYS_00008086&REV_01#3&267a616a&0&28#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
  411. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#PCI#VEN_8086&DEV_2415&SUBSYS_00008086&REV_01#3&267a616a&0&28#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#Wave
  412. HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
  413. HKEY_CLASSES_ROOT\CLSID
  414. HKEY_CLASSES_ROOT\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance
  415. HKEY_CLASSES_ROOT\DirectShow\MediaObjects
  416. HKEY_CLASSES_ROOT\DirectShow\MediaObjects\Categories\860bb310-5d01-11d0-bd3b-00a0c911ce86
  417. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
  418. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
  419. HKEY_CURRENT_USER\SOFTWARE\Classes\mscfile\shell\open\command
  420. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\b1a55bd
  421. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
  422. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
  423. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\ebc8f48
  424. CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
  425. CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\TreatAs
  426. \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
  427. \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServer32
  428. \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServerX86
  429. \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\LocalServer32
  430. \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocHandler32
  431. \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocHandlerX86
  432. \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\LocalServer
  433. HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
  434. HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\TreatAs
  435. HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\Server
  436. CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
  437. CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
  438. \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
  439. \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
  440. \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServerX86
  441. \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer32
  442. \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandler32
  443. \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandlerX86
  444. \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer
  445. HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
  446. HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
  447. CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
  448. CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
  449. \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
  450. \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
  451. \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
  452. \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
  453. \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
  454. \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
  455. \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
  456. HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
  457. HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
  458. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
  459. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
  460. CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  461. CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
  462. \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  463. \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
  464. \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
  465. \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
  466. \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
  467. \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
  468. \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
  469. \AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
  470. HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
  471. HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
  472. CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  473. CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
  474. \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  475. \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
  476. \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
  477. \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
  478. \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
  479. \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
  480. \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
  481. HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
  482. HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
  483. HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
  484. HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
  485. HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
  486. HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
  487. CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  488. CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  489. \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  490. \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
  491. \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
  492. \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
  493. \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
  494. \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
  495. \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
  496. HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
  497. HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
  498. HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
  499. HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
  500. CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  501. CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  502. \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  503. \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
  504. \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
  505. \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
  506. \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
  507. \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
  508. \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
  509. HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
  510. HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
  511. HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
  512. HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
  513. HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
  514. HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
  515. HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\.NET
  516. HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM
  517. HKEY_CLASSES_ROOT\winmgmts
  518. HKEY_CLASSES_ROOT\winmgmts\CLSID
  519. CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}
  520. CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\TreatAs
  521. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}
  522. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocServer32
  523. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocServerX86
  524. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\LocalServer32
  525. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocHandler32
  526. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocHandlerX86
  527. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\LocalServer
  528. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
  529. HKEY_CLASSES_ROOT\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}
  530. HKEY_CLASSES_ROOT\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\TreatAs
  531. HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocHandler
  532. HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
  533. HKEY_CLASSES_ROOT\Interface\{0000011A-0000-0000-C000-000000000046}
  534. HKEY_CLASSES_ROOT\Interface\{0000011A-0000-0000-C000-000000000046}\ProxyStubClsid32
  535. HKEY_CLASSES_ROOT\Interface\{0000000E-0000-0000-C000-000000000046}
  536. HKEY_CLASSES_ROOT\Interface\{0000000E-0000-0000-C000-000000000046}\ProxyStubClsid32
  537. CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}
  538. CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\TreatAs
  539. \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}
  540. \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocServer32
  541. \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocServerX86
  542. \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\LocalServer32
  543. \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocHandler32
  544. \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocHandlerX86
  545. \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\LocalServer
  546. HKEY_CLASSES_ROOT\CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}
  547. HKEY_CLASSES_ROOT\CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\TreatAs
  548. HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}
  549. HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
  550. CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
  551. CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
  552. \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
  553. \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
  554. \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServerX86
  555. \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer32
  556. \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
  557. \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandlerX86
  558. \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer
  559. HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
  560. HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
  561. HKEY_CLASSES_ROOT\TypeLib
  562. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
  563. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
  564. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0
  565. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32
  566. HKEY_CLASSES_ROOT\Interface\{00020401-0000-0000-C000-000000000046}
  567. HKEY_CLASSES_ROOT\Interface\{00020401-0000-0000-C000-000000000046}\ProxyStubClsid32
  568. CLSID\{00020422-0000-0000-C000-000000000046}
  569. CLSID\{00020422-0000-0000-C000-000000000046}\TreatAs
  570. \CLSID\{00020422-0000-0000-C000-000000000046}
  571. \CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32
  572. \CLSID\{00020422-0000-0000-C000-000000000046}\InprocServerX86
  573. \CLSID\{00020422-0000-0000-C000-000000000046}\LocalServer32
  574. \CLSID\{00020422-0000-0000-C000-000000000046}\InprocHandler32
  575. \CLSID\{00020422-0000-0000-C000-000000000046}\InprocHandlerX86
  576. \CLSID\{00020422-0000-0000-C000-000000000046}\LocalServer
  577. HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}
  578. HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\TreatAs
  579. HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\InprocServer32
  580. HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}
  581. HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
  582. CLSID\{00020420-0000-0000-C000-000000000046}
  583. CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
  584. \CLSID\{00020420-0000-0000-C000-000000000046}
  585. \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
  586. \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServerX86
  587. \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
  588. \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
  589. \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandlerX86
  590. \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
  591. HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}
  592. HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
  593. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\409
  594. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\9
  595. HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
  596. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\win32
  597. HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\InprocServer32
  598. HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\46399e7e
  599. HKEY_CLASSES_ROOT\Interface\{00020404-0000-0000-C000-000000000046}
  600. CLSID\{00020421-0000-0000-C000-000000000046}
  601. CLSID\{00020421-0000-0000-C000-000000000046}\TreatAs
  602. \CLSID\{00020421-0000-0000-C000-000000000046}
  603. \CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32
  604. \CLSID\{00020421-0000-0000-C000-000000000046}\InprocServerX86
  605. \CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer32
  606. \CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandler32
  607. \CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandlerX86
  608. \CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer
  609. HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}
  610. HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}\TreatAs
  611. HKEY_CLASSES_ROOT\winmgmts\CLSID\1.2
  612. HKEY_CLASSES_ROOT\winmgmts\CLSID\1.2\0
  613. HKEY_CLASSES_ROOT\winmgmts\CLSID\1.2\0\win32
  614. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\0
  615. HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\0\win32
  616. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
  617. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
  618. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
  619. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}\Connection
  620. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{00000000-0000-0000-0000-000000000000}\Connection
  621. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\MS TCP Loopback interface
  622. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
  623. HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
  624. HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
  625. HKEY_CLASSES_ROOT\CLSID\{D6BDAFB2-9435-491F-BB87-6AA0F0BC31A2}\InprocServer32
  626. HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
  627. HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
  628. HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
  629. HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
  630. HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
  631. HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
  632. HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
  633. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
  634. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
  635. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll
  636. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll
  637. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll
  638. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
  639. HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
  640. HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  641. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  642. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  643. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
  644. HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
  645. HKEY_CURRENT_USER\Software\Microsoft\Command Processor
  646. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
  647. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
  648. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!