Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Dropped/Edited
- C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.exe.config
- C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.exe
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
- C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config
- C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch
- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index12.dat
- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
- C:\DOCUME~1
- C:\DOCUME~1\User
- C:\DOCUME~1\User\LOCALS~1
- C:\DOCUME~1\User\LOCALS~1\Temp
- C:\WINDOWS\system32\l_intl.nls
- C:\Documents and Settings\User
- C:\Documents and Settings\User\LOCALS~1
- C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.INI
- C:/DOCUME~1
- C:/DOCUME~1/User
- C:/DOCUME~1/User/LOCALS~1
- C:/DOCUME~1/User/LOCALS~1/Temp
- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
- C:\WINDOWS\assembly\pubpol1.dat
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
- C:\DOCUME~1\User\LOCALS~1\Temp\FormatDaHex.exe:Zone.Identifier
- C:\Documents and Settings\User\Local Settings\Temp
- PIPE\wkssvc
- IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
- MountPointManager
- STORAGE#Volume#1&30a96598&0&Signature32B832B7Offset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
- C:\Documents and Settings
- C:\Documents and Settings\User\My Documents
- C:\Documents and Settings\User\My Documents\desktop.ini
- C:\Documents and Settings\All Users
- C:\Documents and Settings\All Users\Documents
- C:\Documents and Settings\All Users\Documents\desktop.ini
- C:\Documents and Settings\User\Desktop
- C:\Documents and Settings\All Users\Desktop
- C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
- C:\WINDOWS\Registration\R000000000007.clb
- C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.exe
- c:\documents and settings\user\local settings\temp\formatdahex\formatdahex.exe
- PIPE\lsarpc
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.1592.11332415
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.1592.11332415
- C:\Documents and Settings\User\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch.1592.11332425
- C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.exe.config
- C:\Documents and Settings\User\Local Settings
- C:\Documents and Settings\User\Local Settings\Temp\formatdahex
- C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.INI
- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config
- C:\Documents and Settings\User\Local Settings\Temp\formatdahex\formatdahex.exe:Zone.Identifier
- C:\Documents and Settings\User\Local Settings\Temp\tmp1.tmp
- C:\Documents and Settings\User\Local Settings\Temp\tmp2.tmp
- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb
- C:\WINDOWS\symbols\dll\mscorlib.pdb
- C:\WINDOWS\dll\mscorlib.pdb
- C:\WINDOWS\mscorlib.pdb
- C:\Documents and Settings\User\Application Data\Imminent\Path.dat
- C:\Documents and Settings\User\Application Data\Imminent\Logs\05-08-2017
- C:\WINDOWS\system32\rsaenh.dll
- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
- C:\Device\Afd\AsyncConnectHlp
- C:\Device\Tcp6
- C:\Device\Tcp
- C:\Device\NetBT_Tcpip_{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
- C:\WINDOWS\system32\WBEM\Logs\wbemprox.log
- C:\WINDOWS\system32\wbem\wbemdisp.TLB
- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.INI
- Ip6
- C:\WINDOWS\system32\msctfime.ime
- C:\WINDOWS\system32\stdole2.tlb
- PIPE\ROUTER
- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb
- C:\WINDOWS\symbols\dll\System.pdb
- C:\WINDOWS\dll\System.pdb
- C:\WINDOWS\System.pdb
- Nul
- C:\DOCUME~1\User\LOCALS~1\Temp\ping.*
- C:\DOCUME~1\User\LOCALS~1\Temp\ping
- C:\Python27\ping.*
- C:\Python27\ping
- C:\PHP\ping.*
- C:\PHP\ping
- C:\WINDOWS\system32\ping.*
- C:\WINDOWS\system32\ping.COM
- C:\WINDOWS\system32\ping.EXE
- C:\Documents and Settings\User\Local Settings\Temp\tmp1.tmp.Config
- C:\
- C:\Device\Ip
- # Registry
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
- HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
- HKEY_CURRENT_USER\Software\Microsoft\Fusion
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1547161642-507921405-839522115-1004
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index12
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\1
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\1
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\44e56f68\2260a30b
- HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1cc008fe\5eded54a
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FormatDaHex.exe
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FormatDaHex.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|DOCUME~1|User|LOCALS~1|Temp|FormatDaHex.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\Global
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1cc008fe\10f3896a
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5d608f43\d6a9d8c
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\8
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\6
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\7
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\69db6748\11
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2995e574\9
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\3914f670\25
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\4426ac2f\21
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\e
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\24
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\31de29a4\b
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\10
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
- ActiveComputerName
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\FormatDaHex.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
- HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
- HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
- HKEY_CLASSES_ROOT\.exe
- HKEY_CLASSES_ROOT\exefile
- HKEY_CLASSES_ROOT\exefile\CurVer
- HKEY_CLASSES_ROOT\exefile\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- HKEY_CLASSES_ROOT\exefile\\ShellEx\IconHandler
- HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
- HKEY_CLASSES_ROOT\SystemFileAssociations\application
- HKEY_CLASSES_ROOT\exefile\\Clsid
- HKEY_CLASSES_ROOT\*
- HKEY_CLASSES_ROOT\*\Clsid
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7952-e3d2-11e0-8d7a-806d6172696f}\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{475c7950-e3d2-11e0-8d7a-806d6172696f}\
- HKEY_CLASSES_ROOT\Directory
- HKEY_CLASSES_ROOT\Directory\CurVer
- HKEY_CLASSES_ROOT\Directory\
- HKEY_CLASSES_ROOT\Directory\\ShellEx\IconHandler
- HKEY_CLASSES_ROOT\Directory\\Clsid
- HKEY_CLASSES_ROOT\Folder
- HKEY_CLASSES_ROOT\Folder\Clsid
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
- HKEY_CLASSES_ROOT\CLSID\{AEB6717E-7E19-11D0-97EE-00C04FD91972}\InProcServer32
- HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InProcServer32
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
- HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
- HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
- HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
- HKEY_LOCAL_MACHINE\Software\Classes
- \REGISTRY\USER
- HKEY_LOCAL_MACHINE\Software\Classes\CLSID
- CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
- CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
- \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
- \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32
- \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServerX86
- \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer32
- \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandler32
- \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocHandlerX86
- \CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
- HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
- HKEY_CLASSES_ROOT\exefile\\shell
- HKEY_CLASSES_ROOT\exefile\\shell\open
- HKEY_CLASSES_ROOT\exefile\\
- HKEY_CLASSES_ROOT\exefile\\\shell
- CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
- CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
- \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
- \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServer32
- \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocServerX86
- \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer32
- \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandler32
- \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\InprocHandlerX86
- \CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}
- HKEY_CLASSES_ROOT\CLSID\{FA2FAAC1-9316-48F3-A294-121FEEA80CEC}\TreatAs
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\12.0\Groove
- HKEY_CURRENT_USER\SOFTWARE\Groove Networks, Inc.\Groove
- HKEY_LOCAL_MACHINE\SOFTWARE\Groove Networks, Inc.\Groove
- HKEY_LOCAL_MACHINE\SOFTWARE\Groove.OldData
- HKEY_CURRENT_USER\SOFTWARE\Groove.OldData
- HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Groove\InstallRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Groove
- CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
- CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
- \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
- \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServer32
- \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocServerX86
- \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer32
- \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandler32
- \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\InprocHandlerX86
- \CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}
- HKEY_CLASSES_ROOT\CLSID\{71C3BF7F-682F-4B5E-9E47-5C25D3AC9458}\TreatAs
- CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
- CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
- \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
- \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServer32
- \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocServerX86
- \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer32
- \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandler32
- \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\InprocHandlerX86
- \CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}
- HKEY_CLASSES_ROOT\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}\TreatAs
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- HKEY_CLASSES_ROOT\.ade
- HKEY_CLASSES_ROOT\.adp
- HKEY_CLASSES_ROOT\.app
- HKEY_CLASSES_ROOT\.asp
- HKEY_CLASSES_ROOT\.bas
- HKEY_CLASSES_ROOT\.bat
- HKEY_CLASSES_ROOT\.cer
- HKEY_CLASSES_ROOT\.chm
- HKEY_CLASSES_ROOT\.cmd
- HKEY_CLASSES_ROOT\.com
- HKEY_CLASSES_ROOT\.cpl
- HKEY_CLASSES_ROOT\.crt
- HKEY_CLASSES_ROOT\.csh
- CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
- CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
- \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
- \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32
- \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServerX86
- \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer32
- \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32
- \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandlerX86
- \CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
- HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
- HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Ranges\
- HKEY_LOCAL_MACHINE\System\Setup
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\2
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\3
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\\4
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
- HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
- HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\C\
- HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
- HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Handler\C
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\C
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
- HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
- HKEY_CLASSES_ROOT\exefile\\shell\open\command
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\formatdahex.exe
- HKEY_CLASSES_ROOT\exefile\\shell\open\ddeexec
- HKEY_CLASSES_ROOT\Applications\formatdahex.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation
- HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
- HKEY_CLASSES_ROOT\AppID\FormatDaHex.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1547161642-507921405-839522115-1004\Installer\Assemblies\C:|Documents and Settings|User|Local Settings|Temp|formatdahex|formatdahex.exe
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Documents and Settings|User|Local Settings|Temp|formatdahex|formatdahex.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Documents and Settings|User|Local Settings|Temp|formatdahex|formatdahex.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\7d04a1bb\18
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\19057a88\23
- HKEY_CLASSES_ROOT\AppID\formatdahex.exe
- HKEY_CURRENT_USER\SOFTWARE\Clients
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1b06fe54\14bfca77
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e9bcc1\2cea91a5
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7cdb1e21\7716b2c4
- HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
- HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7454be22\38c284a5
- HKEY_CURRENT_USER\Control Panel\International
- HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\SOFTWARE\Microsoft\Cryptography\Providers\Type 001
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Offload
- HKEY_CLASSES_ROOT\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32
- CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
- CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs
- \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
- \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32
- \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServerX86
- \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\LocalServer32
- \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandler32
- \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocHandlerX86
- \CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}
- HKEY_CLASSES_ROOT\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\TreatAs
- HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum
- CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
- CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs
- \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
- \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServer32
- \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocServerX86
- \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\LocalServer32
- \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandler32
- \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\InprocHandlerX86
- \CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
- HKEY_CLASSES_ROOT\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\TreatAs
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#PCI#VEN_8086&DEV_2415&SUBSYS_00008086&REV_01#3&267a616a&0&28#{65e8773d-8f56-11d0-a3b9-00a0c9223196}
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\DeviceClasses\{65E8773D-8F56-11D0-A3B9-00A0C9223196}\##?#PCI#VEN_8086&DEV_2415&SUBSYS_00008086&REV_01#3&267a616a&0&28#{65e8773d-8f56-11d0-a3b9-00a0c9223196}\#Wave
- HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
- HKEY_CLASSES_ROOT\CLSID
- HKEY_CLASSES_ROOT\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance
- HKEY_CLASSES_ROOT\DirectShow\MediaObjects
- HKEY_CLASSES_ROOT\DirectShow\MediaObjects\Categories\860bb310-5d01-11d0-bd3b-00a0c911ce86
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideo
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
- HKEY_CURRENT_USER\SOFTWARE\Classes\mscfile\shell\open\command
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\b1a55bd
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\ebc8f48
- CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
- CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\TreatAs
- \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
- \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServer32
- \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocServerX86
- \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\LocalServer32
- \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocHandler32
- \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\InprocHandlerX86
- \CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}
- HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\TreatAs
- HKEY_CLASSES_ROOT\CLSID\{A8F03BE3-EDB7-4972-821F-AF6F8EA34884}\Server
- CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
- CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
- \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
- \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
- \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServerX86
- \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer32
- \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandler32
- \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandlerX86
- \CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
- HKEY_CLASSES_ROOT\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
- CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
- CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
- \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
- \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
- \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServerX86
- \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
- \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
- \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandlerX86
- \CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
- HKEY_CLASSES_ROOT\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
- CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
- CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
- \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
- \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
- \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServerX86
- \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer32
- \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
- \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandlerX86
- \CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\LocalServer
- \AppID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
- HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
- HKEY_CLASSES_ROOT\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
- CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
- CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
- \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
- \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
- \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServerX86
- \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
- \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
- \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandlerX86
- \CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
- HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
- HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
- HKEY_CLASSES_ROOT\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
- HKEY_CLASSES_ROOT\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
- CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
- CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
- \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
- \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
- \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServerX86
- \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
- \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
- \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandlerX86
- \CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
- HKEY_CLASSES_ROOT\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
- HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}
- HKEY_CLASSES_ROOT\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
- CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
- CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
- \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
- \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
- \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServerX86
- \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
- \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
- \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandlerX86
- \CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
- HKEY_CLASSES_ROOT\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
- HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
- HKEY_CLASSES_ROOT\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
- HKEY_CLASSES_ROOT\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\.NET
- HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM
- HKEY_CLASSES_ROOT\winmgmts
- HKEY_CLASSES_ROOT\winmgmts\CLSID
- CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}
- CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\TreatAs
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocServer32
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocServerX86
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\LocalServer32
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocHandler32
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocHandlerX86
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\LocalServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
- HKEY_CLASSES_ROOT\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}
- HKEY_CLASSES_ROOT\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\TreatAs
- HKEY_CLASSES_ROOT\winmgmts\CLSID\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InprocHandler
- HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
- HKEY_CLASSES_ROOT\Interface\{0000011A-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\Interface\{0000011A-0000-0000-C000-000000000046}\ProxyStubClsid32
- HKEY_CLASSES_ROOT\Interface\{0000000E-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\Interface\{0000000E-0000-0000-C000-000000000046}\ProxyStubClsid32
- CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}
- CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\TreatAs
- \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}
- \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocServer32
- \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocServerX86
- \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\LocalServer32
- \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocHandler32
- \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\InprocHandlerX86
- \CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}
- HKEY_CLASSES_ROOT\CLSID\{EB87E1BD-3233-11D2-AEC9-00C04FB68820}\TreatAs
- HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}
- HKEY_CLASSES_ROOT\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
- CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
- CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
- \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
- \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
- \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServerX86
- \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer32
- \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
- \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandlerX86
- \CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
- HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
- HKEY_CLASSES_ROOT\TypeLib
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32
- HKEY_CLASSES_ROOT\Interface\{00020401-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\Interface\{00020401-0000-0000-C000-000000000046}\ProxyStubClsid32
- CLSID\{00020422-0000-0000-C000-000000000046}
- CLSID\{00020422-0000-0000-C000-000000000046}\TreatAs
- \CLSID\{00020422-0000-0000-C000-000000000046}
- \CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32
- \CLSID\{00020422-0000-0000-C000-000000000046}\InprocServerX86
- \CLSID\{00020422-0000-0000-C000-000000000046}\LocalServer32
- \CLSID\{00020422-0000-0000-C000-000000000046}\InprocHandler32
- \CLSID\{00020422-0000-0000-C000-000000000046}\InprocHandlerX86
- \CLSID\{00020422-0000-0000-C000-000000000046}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\CLSID\{00020422-0000-0000-C000-000000000046}\TreatAs
- HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\InprocServer32
- HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
- CLSID\{00020420-0000-0000-C000-000000000046}
- CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
- \CLSID\{00020420-0000-0000-C000-000000000046}
- \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
- \CLSID\{00020420-0000-0000-C000-000000000046}\InprocServerX86
- \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
- \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
- \CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandlerX86
- \CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\409
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\9
- HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\win32
- HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\InprocServer32
- HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\46399e7e
- HKEY_CLASSES_ROOT\Interface\{00020404-0000-0000-C000-000000000046}
- CLSID\{00020421-0000-0000-C000-000000000046}
- CLSID\{00020421-0000-0000-C000-000000000046}\TreatAs
- \CLSID\{00020421-0000-0000-C000-000000000046}
- \CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32
- \CLSID\{00020421-0000-0000-C000-000000000046}\InprocServerX86
- \CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer32
- \CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandler32
- \CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandlerX86
- \CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer
- HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\CLSID\{00020421-0000-0000-C000-000000000046}\TreatAs
- HKEY_CLASSES_ROOT\winmgmts\CLSID\1.2
- HKEY_CLASSES_ROOT\winmgmts\CLSID\1.2\0
- HKEY_CLASSES_ROOT\winmgmts\CLSID\1.2\0\win32
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\0
- HKEY_CLASSES_ROOT\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\0\win32
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DnsCache\Parameters
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClient
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813}\Connection
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{00000000-0000-0000-0000-000000000000}\Connection
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\MS TCP Loopback interface
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\IMM
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
- HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
- HKEY_CLASSES_ROOT\CLSID\{D6BDAFB2-9435-491F-BB87-6AA0F0BC31A2}\InprocServer32
- HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
- HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
- HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
- HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing
- HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
- HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
- HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
- HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement