API tools faq
paste
Advertisement
bendas

Registry Log File (Afer Trojan)

bendas
Apr 4th, 2025 (edited)
25
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 64.32 KB | None | 0 0
raw download clone embed print report
  1. Regshot 1.9.0 x64 ANSI
  2. Comments:
  3. Datetime: 2025/4/4 13:38:46 , 2025/4/4 13:45:35
  4. Computer: DESKTOP-OD61403 , DESKTOP-OD61403
  5. Username: Malware , Malware
  6.  
  7. ----------------------------------
  8. Keys deleted: 4
  9. ----------------------------------
  10. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\0e62b840-b93f-4b39-ae70-33adb43225a7
  11. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\0e62b840-b93f-4b39-ae70-33adb43225a7
  12. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023011620230123
  13. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023020420230205
  14.  
  15. ----------------------------------
  16. Keys added: 60
  17. ----------------------------------
  18. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-18_{D6D5A677-0872-4AB0-9442-BB792FCE85C5}
  19. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-19_{D6D5A677-0872-4AB0-9442-BB792FCE85C5}
  20. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-19_{DF60E2DF-88AD-4526-AE21-83D130EF0F68}
  21. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-1497642843-3941697449-2312607874-1002_S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
  22. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-1497642843-3941697449-2312607874-1002_{67082621-8D18-4333-9C64-10DE93676363}
  23. HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1
  24. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\25666a01-40c8-44b9-998c-d32932863c25
  25. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}
  26. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F09606E28C3B03FD6663107F0CC92CBEAA76DF98CF9EBE33D5A2F7D95B45713F4C
  27. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI
  28. HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\25666a01-40c8-44b9-998c-d32932863c25
  29. HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1
  30. HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\16
  31. HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\Probe\{e046360f-3218-42b9-ae44-dc89ea9e5980}
  32. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1
  33. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\Parameters
  34. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\Parameters\Wdf
  35. HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\16
  36. HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e046360f-3218-42b9-ae44-dc89ea9e5980}
  37. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1
  38. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\Parameters
  39. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\Parameters\Wdf
  40. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e8-27-4e
  41. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/redirect
  42. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/redirect\OpenWithList
  43. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020482
  44. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020702
  45. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000303AC
  46. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000305CC
  47. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000003067E
  48. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004035C
  49. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000405B6
  50. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040716
  51. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060676
  52. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060726
  53. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000007029A
  54. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A05F4
  55. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D067E
  56. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001101F4
  57. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000120552
  58. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000130552
  59. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012025040420250405
  60. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{391BDA50-4D27-4F0B-8DD6-43F7EF32C6EC}\RecentItems
  61. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{391BDA50-4D27-4F0B-8DD6-43F7EF32C6EC}\RecentItems\{A6CD5AB6-9F7D-49E7-8926-5B7F1D341005}
  62. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{03D11E97-2734-4D18-9007-ED8DB2A2B934}
  63. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C954005D-A8CB-477C-B299-602E9B916E20}
  64. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D366BE5D-3E32-44D2-8783-0BC1455D3FDE}
  65. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F70A6E37-0E42-4AF7-8343-ED7F45E7B0EA}
  66. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Sysinternals\Process Explorer
  67. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Sysinternals\TCPView
  68. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4
  69. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0
  70. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0
  71. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82
  72. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell
  73. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4
  74. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0
  75. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0
  76. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82
  77. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell
  78.  
  79. ----------------------------------
  80. Values deleted: 32
  81. ----------------------------------
  82. HKLM\SYSTEM\ControlSet001\Services\BITS\Performance\PerfMMFileName: "Global\MMF_BITSad349ad4-0f6e-4af0-ad4f-3b1ea90a8218"
  83. HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces\Tcpip_{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpNameServerList: 31 39 32 2E 31 36 38 2E 32 34 2E 32 00 00
  84. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpDomain: "localdomain"
  85. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer: "192.168.24.2"
  86. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpIPAddress: "192.168.24.128"
  87. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpSubnetMask: "255.255.255.0"
  88. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpDomain: "localdomain"
  89. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpNameServer: "192.168.24.2"
  90. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpDefaultGateway: 31 39 32 2E 31 36 38 2E 32 34 2E 32 00 00
  91. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpSubnetMaskOpt: 32 35 35 2E 32 35 35 2E 32 35 35 2E 30 00 00
  92. HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance\PerfMMFileName: "Global\MMF_BITSad349ad4-0f6e-4af0-ad4f-3b1ea90a8218"
  93. HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpNameServerList: 31 39 32 2E 31 36 38 2E 32 34 2E 32 00 00
  94. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpDomain: "localdomain"
  95. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer: "192.168.24.2"
  96. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpIPAddress: "192.168.24.128"
  97. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpSubnetMask: "255.255.255.0"
  98. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpDomain: "localdomain"
  99. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpNameServer: "192.168.24.2"
  100. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpDefaultGateway: 31 39 32 2E 31 36 38 2E 32 34 2E 32 00 00
  101. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DhcpSubnetMaskOpt: 32 35 35 2E 32 35 35 2E 32 35 35 2E 30 00 00
  102. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023011620230123\CachePrefix: ":2023011620230123: "
  103. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023011620230123\CachePath: "C:\Users\Malware\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012023011620230123"
  104. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023011620230123\CacheRelativePath: "Microsoft\Windows\History\History.IE5\MSHist012023011620230123"
  105. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023011620230123\CacheOptions: 0x0000000B
  106. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023011620230123\CacheRepair: 0x00000000
  107. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023011620230123\CacheLimit: 0x00000001
  108. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023020420230205\CachePrefix: ":2023020420230205: "
  109. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023020420230205\CachePath: "C:\Users\Malware\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012023020420230205"
  110. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023020420230205\CacheRelativePath: "Microsoft\Windows\History\History.IE5\MSHist012023020420230205"
  111. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023020420230205\CacheOptions: 0x0000000B
  112. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023020420230205\CacheRepair: 0x00000000
  113. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012023020420230205\CacheLimit: 0x00000001
  114.  
  115. ----------------------------------
  116. Values added: 187
  117. ----------------------------------
  118. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-18_{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ThrottleCount: 0x00000001
  119. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-18_{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ThrottleStartedTime: 0E 0B 1D 24 66 A5 DB 01
  120. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-19_{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ThrottleCount: 0x00000001
  121. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-19_{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ThrottleStartedTime: 00 59 CE 25 66 A5 DB 01
  122. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-19_{DF60E2DF-88AD-4526-AE21-83D130EF0F68}\ThrottleCount: 0x00000003
  123. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-19_{DF60E2DF-88AD-4526-AE21-83D130EF0F68}\ThrottleStartedTime: 61 3F A8 24 66 A5 DB 01
  124. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-1497642843-3941697449-2312607874-1002_S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\ThrottleCount: 0x00000001
  125. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-1497642843-3941697449-2312607874-1002_S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157\ThrottleStartedTime: B8 A9 E7 16 66 A5 DB 01
  126. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-1497642843-3941697449-2312607874-1002_{67082621-8D18-4333-9C64-10DE93676363}\ThrottleCount: 0x00000001
  127. HKLM\SOFTWARE\Microsoft\IdentityCRL\ThrottleCache\S-1-5-21-1497642843-3941697449-2312607874-1002_{67082621-8D18-4333-9C64-10DE93676363}\ThrottleStartedTime: 70 89 AF 7D 66 A5 DB 01
  128. HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob: 19 00 00 00 01 00 00 00 10 00 00 00 CB 9D D0 FC EA AA 49 2F 75 CE 29 2C 21 BB FB DD 03 00 00 00 01 00 00 00 14 00 00 00 80 94 64 0E B5 A7 A1 CA 11 9C 1F DD D5 9F 81 02 63 A7 FB D1 7E 00 00 00 01 00 00 00 08 00 00 00 00 80 C8 2B 68 86 D7 01 7A 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 1D 00 00 00 01 00 00 00 10 00 00 00 52 1F 5C 98 97 0D 19 A8 E5 15 EF 6E EB 6D 48 EF 14 00 00 00 01 00 00 00 14 00 00 00 AE 6C 05 A3 93 13 E2 A2 E7 E2 D7 1C D6 C7 F0 7F C8 67 53 A0 7F 00 00 00 01 00 00 00 16 00 00 00 30 14 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 09 62 00 00 00 01 00 00 00 20 00 00 00 2C AB EA FE 37 D0 6C A2 2A BA 73 91 C0 03 3D 25 98 29 52 C4 53 64 73 49 76 3A 3A B5 AD 6C CF 69 0B 00 00 00 01 00 00 00 30 00 00 00 47 00 6C 00 6F 00 62 00 61 00 6C 00 53 00 69 00 67 00 6E 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 41 00 20 00 2D 00 20 00
  129. 52 00 36 00 00 00 09 00 00 00 01 00 00 00 56 00 00 00 30 54 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 0C 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 7E 00 00 00 30 7C 30 1F 06 09 2B 06 01 04 01 A0 32 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1F 06 09 2B 06 01 04 01 A0 32 01 02 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 0F 00 00 00 01 00 00 00 30 00 00 00 EA 09 C5 1D 4C 3A 33 4C E4 AC D2 BC 08 C6 A9 BE 35 2E 33 4F 45 C4 FC CF CA B6 3E DB 9F 82 DC 87 D4 BD 2E D2 FA DA E1 11 63 FB 95 48 09 98 4F F1 20 00 00 00 01 00 00 00 87 05 00 00 30 82 05 83 30 82 03 6B A0 03 02 01 02 02 0E 45 E6 BB 03
  130. 83 33 C3 85 65 48 E6 FF 45 51 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0C 05 00 30 4C 31 20 30 1E 06 03 55 04 0B 13 17 47 6C 6F 62 61 6C 53 69 67 6E 20 52 6F 6F 74 20 43 41 20 2D 20 52 36 31 13 30 11 06 03 55 04 0A 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 31 13 30 11 06 03 55 04 03 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 30 1E 17 0D 31 34 31 32 31 30 30 30 30 30 30 30 5A 17 0D 33 34 31 32 31 30 30 30 30 30 30 30 5A 30 4C 31 20 30 1E 06 03 55 04 0B 13 17 47 6C 6F 62 61 6C 53 69 67 6E 20 52 6F 6F 74 20 43 41 20 2D 20 52 36 31 13 30 11 06 03 55 04 0A 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 31 13 30 11 06 03 55 04 03 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 95 07 E8 73 CA 66 F9 EC 14 CA 7B 3C F7 0D 08 F1 B4 45 0B 2C 82 B4 48 C6 EB 5B 3C AE 83 B8 41 92 33 14 A4 6F 7F E9 2A CC C6 B0 88 6B C5 B6 89 D1 C6 B2 FF 14 CE 51 14 21 EC 4A DD 1B 5A C6 D6 87 EE 4D 3A 15 06 ED 64 66 0B 92 80 CA 44 DE 73 94 4E F3 A7 89 7F 4F 78 6
  131. 3 08 C8 12 50 6D 42 66 2F 4D B9 79 28 4D 52 1A 8A 1A 80 B7 19 81 0E 7E C4 8A BC 64 4C 21 1C 43 68 D7 3D 3C 8A C5 B2 66 D5 90 9A B7 31 06 C5 BE E2 6D 32 06 A6 1E F9 B9 EB AA A3 B8 BF BE 82 63 50 D0 F0 18 89 DF E4 0F 79 F5 EA A2 1F 2A D2 70 2E 7B E7 BC 93 BB 6D 53 E2 48 7C 8C 10 07 38 FF 66 B2 77 61 7E E0 EA 8C 3C AA B4 A4 F6 F3 95 4A 12 07 6D FD 8C B2 89 CF D0 A0 61 77 C8 58 74 B0 D4 23 3A F7 5D 3A CA A2 DB 9D 09 DE 5D 44 2D 90 F1 81 CD 57 92 FA 7E BC 50 04 63 34 DF 6B 93 18 BE 6B 36 B2 39 E4 AC 24 36 B7 F0 EF B6 1C 13 57 93 B6 DE B2 F8 E2 85 B7 73 A2 B8 35 AA 45 F2 E0 9D 36 A1 6F 54 8A F1 72 56 6E 2E 88 C5 51 42 44 15 94 EE A3 C5 38 96 9B 4E 4E 5A 0B 47 F3 06 36 49 77 30 BC 71 37 E5 A6 EC 21 08 75 FC E6 61 16 3F 77 D5 D9 91 97 84 0A 6C D4 02 4D 74 C0 14 ED FD 39 FB 83 F2 5E 14 A1 04 B0 0B E9 FE EE 8F E1 6E 0B B2 08 B3 61 66 09 6A B1 06 3A 65 96 59 C0 F0 35 FD C9 DA 28 8D 1A 11 87 70 81 0A A8 9A 75 1D 9E 3A 86 05 00 9E DB 80 D6 25 F9 DC 05 9E 27 59 4C 76 39 5B EA F9 A5 A1 D8 83 0F D1 FF
  132. DF 30 11 F9 85 CF 33 48 F5 CA 6D 64 14 2C 7A 58 4F D3 4B 08 49 C5 95 64 1A 63 0E 79 3D F5 B3 8C CA 58 AD 9C 42 45 79 6E 0E 87 19 5C 54 B1 65 B6 BF 8C 9B DC 13 E9 0D 6F B8 2E DC 67 6E C9 8B 11 B5 84 14 8A 00 19 70 83 79 91 97 91 D4 1A 27 BF 37 1E 32 07 D8 14 63 3C 28 4C AF 02 03 01 00 01 A3 63 30 61 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 AE 6C 05 A3 93 13 E2 A2 E7 E2 D7 1C D6 C7 F0 7F C8 67 53 A0 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AE 6C 05 A3 93 13 E2 A2 E7 E2 D7 1C D6 C7 F0 7F C8 67 53 A0 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0C 05 00 03 82 02 01 00 83 25 ED E8 D1 FD 95 52 CD 9E C0 04 A0 91 69 E6 5C D0 84 DE DC AD A2 4F E8 47 78 D6 65 98 A9 5B A8 3C 87 7C 02 8A D1 6E B7 16 73 E6 5F C0 54 98 D5 74 BE C1 CD E2 11 91 AD 23 18 3D DD E1 72 44 96 B4 95 5E C0 7B 8E 99 78 16 43 13 56 57 B3 A2 B3 3B B5 77 DC 40 72 AC A3 EB 9B 35 3E B1 08 21 A1 E7 C4 43 37 79 32 BE B5 E7 9C 2C 4C BC 43 29 99 8E 30 D3
  133. AC 21 E0 E3 1D FA D8 07 33 76 54 00 22 2A B9 4D 20 2E 70 68 DA E5 53 FC 83 5C D3 9D F2 FF 44 0C 44 66 F2 D2 E3 BD 46 00 1A 6D 02 BA 25 5D 8D A1 31 51 DD 54 46 1C 4D DB 99 96 EF 1A 1C 04 5C A6 15 EF 78 E0 79 FE 5D DB 3E AA 4C 55 FD 9A 15 A9 6F E1 A6 FB DF 70 30 E9 C3 EE 42 46 ED C2 93 05 89 FA 7D 63 7B 3F D0 71 81 7C 00 E8 98 AE 0E 78 34 C3 25 FB AF 0A 9F 20 6B DD 3B 13 8F 12 8C E2 41 1A 48 7A 73 A0 77 69 C7 B6 5C 7F 82 C8 1E FE 58 1B 28 2B A8 6C AD 5E 6D C0 05 D2 7B B7 EB 80 FE 25 37 FE 02 9B 68 AC 42 5D C3 EE F5 CC DC F0 50 75 D2 36 69 9C E6 7B 04 DF 6E 06 69 B6 DE 0A 09 48 59 87 EB 7B 14 60 7A 64 AA 69 43 EF 91 C7 4C EC 18 DD 6C EF 53 2D 8C 99 E1 5E F2 72 3E CF 54 C8 BD 67 EC A4 0F 4C 45 FF D3 B9 30 23 07 4C 8F 10 BF 86 96 D9 99 5A B4 99 57 1C A4 CC BB 15 89 53 BA 2C 05 0F E4 C4 9E 19 B1 18 34 D5 4C 9D BA ED F7 1F AF 24 95 04 78 A8 03 BB EE 81 E5 DA 5F 7C 8B 4A A1 90 74 25 A7 B3 3E 4B C8 2C 56 BD C7 C8 EF 38 E2 5C 92 F0 79 F7 9C 84 BA 74 2D 61 01 20 7E 7E D1 F2 4F 07 59 5F 8B 2D 43 5
  134. 2 EB 46 0C 94 E1 F5 66 47 79 77 D5 54 5B 1F AD 24 37 CB 45 5A 4E A0 44 48 C8 D8 B0 99 C5 15 84 09 F6 D6 49 49 C0 65 B8 E6 1A 71 6E A0 A8 F1 82 E8 45 3E 6C D6 02 D7 0A 67 83 05 5A C9 A4 10
  135. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\{4D33B1D2-CE38-4B8C-A6CA-CFD89A6A0744}: 00 50 56 E8 27 4E
  136. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}\ProfileName: "Network 6"
  137. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}\Description: "Network"
  138. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}\Managed: 0x00000000
  139. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}\Category: 0x00000000
  140. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}\DateCreated: E9 07 04 00 05 00 04 00 10 00 2B 00 13 00 F9 00
  141. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}\NameType: 0x00000006
  142. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{E046360F-3218-42B9-AE44-DC89EA9E5980}\DateLastConnected: E9 07 04 00 05 00 04 00 10 00 2B 00 13 00 F9 00
  143. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F09606E28C3B03FD6663107F0CC92CBEAA76DF98CF9EBE33D5A2F7D95B45713F4C\ProfileGuid: "{E046360F-3218-42B9-AE44-DC89EA9E5980}"
  144. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F09606E28C3B03FD6663107F0CC92CBEAA76DF98CF9EBE33D5A2F7D95B45713F4C\Description: "Network 6"
  145. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F09606E28C3B03FD6663107F0CC92CBEAA76DF98CF9EBE33D5A2F7D95B45713F4C\Source: 0x00000008
  146. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F09606E28C3B03FD6663107F0CC92CBEAA76DF98CF9EBE33D5A2F7D95B45713F4C\DnsSuffix: "<none>"
  147. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F09606E28C3B03FD6663107F0CC92CBEAA76DF98CF9EBE33D5A2F7D95B45713F4C\FirstNetwork: "Network 6"
  148. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged\010103000F0000F0080000000F0000F09606E28C3B03FD6663107F0CC92CBEAA76DF98CF9EBE33D5A2F7D95B45713F4C\DefaultGatewayMac: 00 50 56 E8 27 4E
  149. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\41C64E6DA3CE6055: 01 00 04 80 44 00 00 00 50 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 00 00 01 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 20 00 00 00
  150. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\41C64E6DA3CE8055: 01 00 04 80 44 00 00 00 50 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 00 00 01 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 20 00 00 00
  151. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI\EnableFileTracing: 0x00000000
  152. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI\EnableAutoFileTracing: 0x00000000
  153. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI\EnableConsoleTracing: 0x00000000
  154. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI\FileTracingMask: 0xFFFF0000
  155. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI\ConsoleTracingMask: 0xFFFF0000
  156. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI\MaxFileSize: 0x00100000
  157. HKLM\SOFTWARE\WOW6432Node\Microsoft\Tracing\MPRAPI\FileDirectory: "%windir%\tracing"
  158. HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob: 19 00 00 00 01 00 00 00 10 00 00 00 CB 9D D0 FC EA AA 49 2F 75 CE 29 2C 21 BB FB DD 03 00 00 00 01 00 00 00 14 00 00 00 80 94 64 0E B5 A7 A1 CA 11 9C 1F DD D5 9F 81 02 63 A7 FB D1 7E 00 00 00 01 00 00 00 08 00 00 00 00 80 C8 2B 68 86 D7 01 7A 00 00 00 01 00 00 00 0C 00 00 00 30 0A 06 08 2B 06 01 05 05 07 03 09 1D 00 00 00 01 00 00 00 10 00 00 00 52 1F 5C 98 97 0D 19 A8 E5 15 EF 6E EB 6D 48 EF 14 00 00 00 01 00 00 00 14 00 00 00 AE 6C 05 A3 93 13 E2 A2 E7 E2 D7 1C D6 C7 F0 7F C8 67 53 A0 7F 00 00 00 01 00 00 00 16 00 00 00 30 14 06 08 2B 06 01 05 05 07 03 03 06 08 2B 06 01 05 05 07 03 09 62 00 00 00 01 00 00 00 20 00 00 00 2C AB EA FE 37 D0 6C A2 2A BA 73 91 C0 03 3D 25 98 29 52 C4 53 64 73 49 76 3A 3A B5 AD 6C CF 69 0B 00 00 00 01 00 00 00 30 00 00 00 47 00 6C 00 6F 00 62 00 61 00 6C 00 53 00 69 00 67 00 6E 00 20 00 52 00 6F 00 6F 00 74 00 20 00 43 00 41 00 20 00
  159. 2D 00 20 00 52 00 36 00 00 00 09 00 00 00 01 00 00 00 56 00 00 00 30 54 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 0C 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 09 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 7E 00 00 00 30 7C 30 1F 06 09 2B 06 01 04 01 A0 32 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1F 06 09 2B 06 01 04 01 A0 32 01 02 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 0F 00 00 00 01 00 00 00 30 00 00 00 EA 09 C5 1D 4C 3A 33 4C E4 AC D2 BC 08 C6 A9 BE 35 2E 33 4F 45 C4 FC CF CA B6 3E DB 9F 82 DC 87 D4 BD 2E D2 FA DA E1 11 63 FB 95 48 09 98 4F F1 20 00 00 00 01 00 00 00 87 05 00 00 30 82 05 83 30 82 03 6B A0 03 02 01 02 02 0E
  160. 45 E6 BB 03 83 33 C3 85 65 48 E6 FF 45 51 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0C 05 00 30 4C 31 20 30 1E 06 03 55 04 0B 13 17 47 6C 6F 62 61 6C 53 69 67 6E 20 52 6F 6F 74 20 43 41 20 2D 20 52 36 31 13 30 11 06 03 55 04 0A 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 31 13 30 11 06 03 55 04 03 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 30 1E 17 0D 31 34 31 32 31 30 30 30 30 30 30 30 5A 17 0D 33 34 31 32 31 30 30 30 30 30 30 30 5A 30 4C 31 20 30 1E 06 03 55 04 0B 13 17 47 6C 6F 62 61 6C 53 69 67 6E 20 52 6F 6F 74 20 43 41 20 2D 20 52 36 31 13 30 11 06 03 55 04 0A 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 31 13 30 11 06 03 55 04 03 13 0A 47 6C 6F 62 61 6C 53 69 67 6E 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 95 07 E8 73 CA 66 F9 EC 14 CA 7B 3C F7 0D 08 F1 B4 45 0B 2C 82 B4 48 C6 EB 5B 3C AE 83 B8 41 92 33 14 A4 6F 7F E9 2A CC C6 B0 88 6B C5 B6 89 D1 C6 B2 FF 14 CE 51 14 21 EC 4A DD 1B 5A C6 D6 87 EE 4D 3A 15 06 ED 64 66 0B 92 80 CA 44 DE 73 94 4E F3 A7 8
  161. 9 7F 4F 78 63 08 C8 12 50 6D 42 66 2F 4D B9 79 28 4D 52 1A 8A 1A 80 B7 19 81 0E 7E C4 8A BC 64 4C 21 1C 43 68 D7 3D 3C 8A C5 B2 66 D5 90 9A B7 31 06 C5 BE E2 6D 32 06 A6 1E F9 B9 EB AA A3 B8 BF BE 82 63 50 D0 F0 18 89 DF E4 0F 79 F5 EA A2 1F 2A D2 70 2E 7B E7 BC 93 BB 6D 53 E2 48 7C 8C 10 07 38 FF 66 B2 77 61 7E E0 EA 8C 3C AA B4 A4 F6 F3 95 4A 12 07 6D FD 8C B2 89 CF D0 A0 61 77 C8 58 74 B0 D4 23 3A F7 5D 3A CA A2 DB 9D 09 DE 5D 44 2D 90 F1 81 CD 57 92 FA 7E BC 50 04 63 34 DF 6B 93 18 BE 6B 36 B2 39 E4 AC 24 36 B7 F0 EF B6 1C 13 57 93 B6 DE B2 F8 E2 85 B7 73 A2 B8 35 AA 45 F2 E0 9D 36 A1 6F 54 8A F1 72 56 6E 2E 88 C5 51 42 44 15 94 EE A3 C5 38 96 9B 4E 4E 5A 0B 47 F3 06 36 49 77 30 BC 71 37 E5 A6 EC 21 08 75 FC E6 61 16 3F 77 D5 D9 91 97 84 0A 6C D4 02 4D 74 C0 14 ED FD 39 FB 83 F2 5E 14 A1 04 B0 0B E9 FE EE 8F E1 6E 0B B2 08 B3 61 66 09 6A B1 06 3A 65 96 59 C0 F0 35 FD C9 DA 28 8D 1A 11 87 70 81 0A A8 9A 75 1D 9E 3A 86 05 00 9E DB 80 D6 25 F9 DC 05 9E 27 59 4C 76 39 5B EA F9 A5 A1 D8
  162. 83 0F D1 FF DF 30 11 F9 85 CF 33 48 F5 CA 6D 64 14 2C 7A 58 4F D3 4B 08 49 C5 95 64 1A 63 0E 79 3D F5 B3 8C CA 58 AD 9C 42 45 79 6E 0E 87 19 5C 54 B1 65 B6 BF 8C 9B DC 13 E9 0D 6F B8 2E DC 67 6E C9 8B 11 B5 84 14 8A 00 19 70 83 79 91 97 91 D4 1A 27 BF 37 1E 32 07 D8 14 63 3C 28 4C AF 02 03 01 00 01 A3 63 30 61 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 AE 6C 05 A3 93 13 E2 A2 E7 E2 D7 1C D6 C7 F0 7F C8 67 53 A0 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AE 6C 05 A3 93 13 E2 A2 E7 E2 D7 1C D6 C7 F0 7F C8 67 53 A0 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0C 05 00 03 82 02 01 00 83 25 ED E8 D1 FD 95 52 CD 9E C0 04 A0 91 69 E6 5C D0 84 DE DC AD A2 4F E8 47 78 D6 65 98 A9 5B A8 3C 87 7C 02 8A D1 6E B7 16 73 E6 5F C0 54 98 D5 74 BE C1 CD E2 11 91 AD 23 18 3D DD E1 72 44 96 B4 95 5E C0 7B 8E 99 78 16 43 13 56 57 B3 A2 B3 3B B5 77 DC 40 72 AC A3 EB 9B 35 3E B1 08 21 A1 E7 C4 43 37 79 32 BE B5 E7 9C 2C 4C BC 43 29
  163. 99 8E 30 D3 AC 21 E0 E3 1D FA D8 07 33 76 54 00 22 2A B9 4D 20 2E 70 68 DA E5 53 FC 83 5C D3 9D F2 FF 44 0C 44 66 F2 D2 E3 BD 46 00 1A 6D 02 BA 25 5D 8D A1 31 51 DD 54 46 1C 4D DB 99 96 EF 1A 1C 04 5C A6 15 EF 78 E0 79 FE 5D DB 3E AA 4C 55 FD 9A 15 A9 6F E1 A6 FB DF 70 30 E9 C3 EE 42 46 ED C2 93 05 89 FA 7D 63 7B 3F D0 71 81 7C 00 E8 98 AE 0E 78 34 C3 25 FB AF 0A 9F 20 6B DD 3B 13 8F 12 8C E2 41 1A 48 7A 73 A0 77 69 C7 B6 5C 7F 82 C8 1E FE 58 1B 28 2B A8 6C AD 5E 6D C0 05 D2 7B B7 EB 80 FE 25 37 FE 02 9B 68 AC 42 5D C3 EE F5 CC DC F0 50 75 D2 36 69 9C E6 7B 04 DF 6E 06 69 B6 DE 0A 09 48 59 87 EB 7B 14 60 7A 64 AA 69 43 EF 91 C7 4C EC 18 DD 6C EF 53 2D 8C 99 E1 5E F2 72 3E CF 54 C8 BD 67 EC A4 0F 4C 45 FF D3 B9 30 23 07 4C 8F 10 BF 86 96 D9 99 5A B4 99 57 1C A4 CC BB 15 89 53 BA 2C 05 0F E4 C4 9E 19 B1 18 34 D5 4C 9D BA ED F7 1F AF 24 95 04 78 A8 03 BB EE 81 E5 DA 5F 7C 8B 4A A1 90 74 25 A7 B3 3E 4B C8 2C 56 BD C7 C8 EF 38 E2 5C 92 F0 79 F7 9C 84 BA 74 2D 61 01 20 7E 7E D1 F2 4F 07 59 5
  164. F 8B 2D 43 52 EB 46 0C 94 E1 F5 66 47 79 77 D5 54 5B 1F AD 24 37 CB 45 5A 4E A0 44 48 C8 D8 B0 99 C5 15 84 09 F6 D6 49 49 C0 65 B8 E6 1A 71 6E A0 A8 F1 82 E8 45 3E 6C D6 02 D7 0A 67 83 05 5A C9 A4 10
  165. HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\10\0000000180000600c0a8898000000000: FF FF FF FF FF FF FF FF 10 00 00 00 10 00 00 00 18 FF EF 00 FF FF FF FF FF FF 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  166. HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\30\065ea729ee1060429b879f53517037f10000000180000600: 18 58 ED 0F 01 00 00 00 25 F2 BA 02 00 00 00 00 01 00 00 00 00 00 00 00 00 E3 8F 12 00 00 00 00 ED 7E 38 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  167. HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\16\00000000000000000000000000000000000000000000000000000001800006000000000180000600c0a889fe00000000: FF FF FF FF FF FF FF FF FF FF FF FF 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  168. HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\30\065ea729ee1060429b879f53517037f10000000180000600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  169. HKLM\SYSTEM\ControlSet001\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Users\Malware\AppData\Local\Temp\procexp64.exe: 75 07 7B F2 66 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  170. HKLM\SYSTEM\ControlSet001\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Users\Malware\Desktop\Sysinternals\Tcpview.exe: BB 90 FD 21 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  171. HKLM\SYSTEM\ControlSet001\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Windows\System32\cmd.exe: C3 ED 36 83 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  172. HKLM\SYSTEM\ControlSet001\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Program Files\Wireshark\Wireshark.exe: 2B D2 1A 4B 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  173. HKLM\SYSTEM\ControlSet001\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Windows\System32\OpenWith.exe: 38 9F E6 86 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  174. HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\Probe\{e046360f-3218-42b9-ae44-dc89ea9e5980}\LastProbeTime: 0x67F00C27
  175. HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\Probe\{e046360f-3218-42b9-ae44-dc89ea9e5980}\NetworkPerformsHijacking: 0x00000000
  176. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\IPAddress: 31 39 32 2E 31 36 38 2E 31 33 37 2E 31 32 38 00 00
  177. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\SubnetMask: 32 35 35 2E 32 35 35 2E 32 35 35 2E 30 00 00
  178. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DefaultGateway: 31 39 32 2E 31 36 38 2E 31 33 37 2E 32 35 34 00 00
  179. HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DefaultGatewayMetric: 31 00 00
  180. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\Type: 0x00000001
  181. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\Start: 0x00000004
  182. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\ErrorControl: 0x00000001
  183. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\ImagePath: "\??\C:\Users\Malware\AppData\Local\Temp\_MEI49~1\WinDivert64.sys"
  184. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\DisplayName: "WinDivert1.1"
  185. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\DeleteFlag: 0x00000001
  186. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\Parameters\Wdf\WdfMajorVersion: 0x00000001
  187. HKLM\SYSTEM\ControlSet001\Services\WinDivert1.1\Parameters\Wdf\WdfMinorVersion: 0x00000009
  188. HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\10\0000000180000600c0a8898000000000: FF FF FF FF FF FF FF FF 10 00 00 00 10 00 00 00 18 FF EF 00 FF FF FF FF FF FF 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  189. HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\30\065ea729ee1060429b879f53517037f10000000180000600: 18 58 ED 0F 01 00 00 00 25 F2 BA 02 00 00 00 00 01 00 00 00 00 00 00 00 00 E3 8F 12 00 00 00 00 ED 7E 38 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  190. HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\16\00000000000000000000000000000000000000000000000000000001800006000000000180000600c0a889fe00000000: FF FF FF FF FF FF FF FF FF FF FF FF 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  191. HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\30\065ea729ee1060429b879f53517037f10000000180000600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
  192. HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Users\Malware\AppData\Local\Temp\procexp64.exe: 75 07 7B F2 66 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  193. HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Users\Malware\Desktop\Sysinternals\Tcpview.exe: BB 90 FD 21 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  194. HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Windows\System32\cmd.exe: C3 ED 36 83 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  195. HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Program Files\Wireshark\Wireshark.exe: 2B D2 1A 4B 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  196. HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-1497642843-3941697449-2312607874-1002\\Device\HarddiskVolume2\Windows\System32\OpenWith.exe: 38 9F E6 86 67 A5 DB 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
  197. HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e046360f-3218-42b9-ae44-dc89ea9e5980}\LastProbeTime: 0x67F00C27
  198. HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e046360f-3218-42b9-ae44-dc89ea9e5980}\NetworkPerformsHijacking: 0x00000000
  199. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\IPAddress: 31 39 32 2E 31 36 38 2E 31 33 37 2E 31 32 38 00 00
  200. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\SubnetMask: 32 35 35 2E 32 35 35 2E 32 35 35 2E 30 00 00
  201. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DefaultGateway: 31 39 32 2E 31 36 38 2E 31 33 37 2E 32 35 34 00 00
  202. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d33b1d2-ce38-4b8c-a6ca-cfd89a6a0744}\DefaultGatewayMetric: 31 00 00
  203. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\Type: 0x00000001
  204. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\Start: 0x00000004
  205. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\ErrorControl: 0x00000001
  206. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\ImagePath: "\??\C:\Users\Malware\AppData\Local\Temp\_MEI49~1\WinDivert64.sys"
  207. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\DisplayName: "WinDivert1.1"
  208. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\DeleteFlag: 0x00000001
  209. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\Parameters\Wdf\WdfMajorVersion: 0x00000001
  210. HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1\Parameters\Wdf\WdfMinorVersion: 0x00000009
  211. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e8-27-4e\WpadDecisionReason: 0x00000001
  212. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e8-27-4e\WpadDecisionTime: 48 A0 8C 89 67 A5 DB 01
  213. HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e8-27-4e\WpadDecision: 0x00000000
  214. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\AppXq0fevzme2pys62n3e0fbqa7peapykr8v_http: 0x00000000
  215. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/redirect\OpenWithList\a: "LaunchWinApp.exe"
  216. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/redirect\OpenWithList\MRUList: "a"
  217. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\15: 72 00 65 00 64 00 69 00 72 00 65 00 63 00 74 00 00 00 C0 00 32 00 00 00 00 00 00 00 00 00 00 00 68 74 74 70 2D 2D 77 77 77 2E 6D 73 66 74 63 6F 6E 6E 65 63 74 74 65 73 74 2E 63 6F 6D 2D 72 65 64 69 72 65 63 74 2E 6C 6E 6B 00 00 86 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 00 74 00 74 00 70 00 2D 00 2D 00 77 00 77 00 77 00 2E 00 6D 00 73 00 66 00 74 00 63 00 6F 00 6E 00 6E 00 65 00 63 00 74 00 74 00 65 00 73 00 74 00 2E 00 63 00 6F 00 6D 00 2D 00 72 00 65 00 64 00 69 00 72 00 65 00 63 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 3A 00 00 00
  218. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Gbbyf\CebprffRkcybere\cebprkc.rkr: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 40 09 62 F2 66 A5 DB 01 00 00 00 00
  219. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Znyjner\NccQngn\Ybpny\Grzc\cebprkc64.rkr: 00 00 00 00 00 00 00 00 03 00 00 00 2D AF 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
  220. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Znyjner\Qrfxgbc\Flfvagreanyf\Gpcivrj.rkr: 00 00 00 00 01 00 00 00 01 00 00 00 A2 21 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF B0 F4 EF 21 67 A5 DB 01 00 00 00 00
  221. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{POS46999-NRR8-RPNN-76N8-8N01PSP16460}: 00 00 00 00 02 00 00 00 04 00 00 00 9D 40 01 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 60 E3 26 83 67 A5 DB 01 00 00 00 00
  222. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Znyjner\Qbjaybnqf\Puebzr-k64.rkr: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 50 12 CC 73 67 A5 DB 01 00 00 00 00
  223. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\P:\Hfref\Znyjner\Qrfxgbc\cebprkc.yax: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 40 09 62 F2 66 A5 DB 01 00 00 00 00
  224. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\Count\P:\Hfref\Znyjner\Qrfxgbc\Argjbexvat\SnxrArg-AT.yax: 00 00 00 00 02 00 00 00 00 00 00 00 02 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 60 E3 26 83 67 A5 DB 01 00 00 00 00
  225. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020482\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  226. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020702\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  227. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000303AC\VirtualDesktop: 10 00 00 00 30 30 44 56 81 44 CE 10 79 D8 DF 41 92 EA 33 90 D3 EB 4B EA
  228. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000305CC\VirtualDesktop: 10 00 00 00 30 30 44 56 81 44 CE 10 79 D8 DF 41 92 EA 33 90 D3 EB 4B EA
  229. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000003067E\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  230. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000004035C\VirtualDesktop: 10 00 00 00 30 30 44 56 81 44 CE 10 79 D8 DF 41 92 EA 33 90 D3 EB 4B EA
  231. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000405B6\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  232. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000040716\VirtualDesktop: 10 00 00 00 30 30 44 56 81 44 CE 10 79 D8 DF 41 92 EA 33 90 D3 EB 4B EA
  233. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060676\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  234. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060726\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  235. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000007029A\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  236. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A05F4\VirtualDesktop: 10 00 00 00 30 30 44 56 81 44 CE 10 79 D8 DF 41 92 EA 33 90 D3 EB 4B EA
  237. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D067E\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  238. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001101F4\VirtualDesktop: 10 00 00 00 30 30 44 56 81 44 CE 10 79 D8 DF 41 92 EA 33 90 D3 EB 4B EA
  239. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000120552\VirtualDesktop: 10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  240. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000130552\VirtualDesktop: 10 00 00 00 30 30 44 56 81 44 CE 10 79 D8 DF 41 92 EA 33 90 D3 EB 4B EA
  241. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012025040420250405\CachePrefix: ":2025040420250405: "
  242. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012025040420250405\CachePath: "C:\Users\Malware\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012025040420250405"
  243. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012025040420250405\CacheRelativePath: "Microsoft\Windows\History\History.IE5\MSHist012025040420250405"
  244. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012025040420250405\CacheOptions: 0x0000000B
  245. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012025040420250405\CacheRepair: 0x00000000
  246. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012025040420250405\CacheLimit: 0x00000001
  247. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge: 71 D5 76 86 67 A5 DB 01
  248. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{391BDA50-4D27-4F0B-8DD6-43F7EF32C6EC}\RecentItems\{A6CD5AB6-9F7D-49E7-8926-5B7F1D341005}\Type: 0x00000000
  249. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{391BDA50-4D27-4F0B-8DD6-43F7EF32C6EC}\RecentItems\{A6CD5AB6-9F7D-49E7-8926-5B7F1D341005}\Path: "http://www.msftconnecttest.com/redirect"
  250. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{391BDA50-4D27-4F0B-8DD6-43F7EF32C6EC}\RecentItems\{A6CD5AB6-9F7D-49E7-8926-5B7F1D341005}\DisplayName: "http://www.msftconnecttest.com/redirect"
  251. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{391BDA50-4D27-4F0B-8DD6-43F7EF32C6EC}\RecentItems\{A6CD5AB6-9F7D-49E7-8926-5B7F1D341005}\LastAccessedTime: 64 AF 76 86 67 A5 DB 01
  252. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{391BDA50-4D27-4F0B-8DD6-43F7EF32C6EC}\RecentItems\{A6CD5AB6-9F7D-49E7-8926-5B7F1D341005}\Points: 00 00 80 3F
  253. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{03D11E97-2734-4D18-9007-ED8DB2A2B934}\LastAccessedTime: 60 E3 26 83 67 A5 DB 01
  254. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{03D11E97-2734-4D18-9007-ED8DB2A2B934}\AppId: "Microsoft.AutoGenerated.{CBF46999-AEE8-ECAA-76A8-8A01CFC16460}"
  255. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{03D11E97-2734-4D18-9007-ED8DB2A2B934}\LaunchCount: 0x00000002
  256. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{03D11E97-2734-4D18-9007-ED8DB2A2B934}\AppPath: ""
  257. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C954005D-A8CB-477C-B299-602E9B916E20}\LastAccessedTime: 40 09 62 F2 66 A5 DB 01
  258. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C954005D-A8CB-477C-B299-602E9B916E20}\AppId: "C:\Tools\ProcessExplorer\procexp.exe"
  259. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C954005D-A8CB-477C-B299-602E9B916E20}\LaunchCount: 0x00000001
  260. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{C954005D-A8CB-477C-B299-602E9B916E20}\AppPath: ""
  261. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D366BE5D-3E32-44D2-8783-0BC1455D3FDE}\LastAccessedTime: 50 12 CC 73 67 A5 DB 01
  262. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D366BE5D-3E32-44D2-8783-0BC1455D3FDE}\AppId: "C:\Users\Malware\Downloads\Chrome-x64.exe"
  263. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D366BE5D-3E32-44D2-8783-0BC1455D3FDE}\LaunchCount: 0x00000001
  264. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{D366BE5D-3E32-44D2-8783-0BC1455D3FDE}\AppPath: ""
  265. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F70A6E37-0E42-4AF7-8343-ED7F45E7B0EA}\LastAccessedTime: B0 F4 EF 21 67 A5 DB 01
  266. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F70A6E37-0E42-4AF7-8343-ED7F45E7B0EA}\AppId: "C:\Users\Malware\Desktop\Sysinternals\Tcpview.exe"
  267. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F70A6E37-0E42-4AF7-8343-ED7F45E7B0EA}\LaunchCount: 0x00000001
  268. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{F70A6E37-0E42-4AF7-8343-ED7F45E7B0EA}\AppPath: ""
  269. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E44E9428-BDBC-4987-A099-40DC8FD255E7} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF: 01 00 00 00 00 00 00 00 3F D6 61 86 67 A5 DB 01
  270. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Tools\ProcessExplorer\procexp.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 18 21 2B 00 C0 99 2B 00 01 00 00 00 00 00 00 00 00 00 00 0A 00 21 00 00 DB 80 FD AC 28 39 D3 01 00 00 00 00 00 00 00 00
  271. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Malware\Desktop\Sysinternals\Tcpview.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 20 97 04 00 6C DC 04 00 01 00 00 00 00 00 00 00 00 00 01 06 71 22 00 00 DB 80 FD AC 28 39 D3 01 00 00 00 00 00 00 00 00
  272. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\Malware\Downloads\Chrome-x64.exe: 53 41 43 50 01 00 00 00 00 00 00 00 07 00 00 00 28 00 00 00 C0 F1 C2 07 55 BE C3 07 01 00 00 00 00 00 00 00 00 00 00 0A 71 22 00 00 DB 80 FD AC 28 39 D3 01 00 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 07 00 00 00 00 00 00 01 00 00 00 01 00 00 00
  273. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Sysinternals\Process Explorer\OriginalPath: "C:\Tools\ProcessExplorer\procexp.exe"
  274. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Sysinternals\Process Explorer\Path: "C:\Users\Malware\AppData\Local\Temp\procexp64.exe"
  275. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Sysinternals\Process Explorer\EulaAccepted: 0x00000001
  276. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Sysinternals\TCPView\EulaAccepted: 0x00000001
  277. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\MuiCache\46\52C64B7E\@%SystemRoot%\System32\ListSvc.dll,-101: "Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running."
  278. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\MuiCache\46\52C64B7E\@%SystemRoot%\system32\drivers\mslldp.sys,-201: "Microsoft Link-Layer Discovery Protocol Driver"
  279. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\MuiCache\46\52C64B7E\@C:\Windows\System32\ieframe.dll,-55175: "Internet Explorer"
  280. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4: 78 00 31 00 00 00 00 00 0C 55 3D 5D 11 00 55 73 65 72 73 00 64 00 09 00 04 00 EF BE 3D 4B A6 45 0C 55 3D 5D 2E 00 00 00 47 06 00 00 00 00 01 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 16 98 1B 00 55 00 73 00 65 00 72 00 73 00 00 00 40 00 73 00 68 00 65 00 6C 00 6C 00 33 00 32 00 2E 00 64 00 6C 00 6C 00 2C 00 2D 00 32 00 31 00 38 00 31 00 33 00 00 00 14 00 00 00
  281. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0: 56 00 31 00 00 00 00 00 44 56 3C 9D 10 00 4D 61 6C 77 61 72 65 00 40 00 09 00 04 00 EF BE 0C 55 C2 00 44 56 3C 9D 2E 00 00 00 58 07 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C FB D6 00 4D 00 61 00 6C 00 77 00 61 00 72 00 65 00 00 00 16 00 00 00
  282. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\MRUListEx: 00 00 00 00 FF FF FF FF
  283. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0: 84 00 31 00 00 00 00 00 84 5A 06 6D 11 00 44 4F 57 4E 4C 4F 7E 31 00 00 6C 00 09 00 04 00 EF BE 0C 55 C2 00 84 5A 06 6D 2E 00 00 00 7B 08 00 00 00 00 03 00 00 00 00 00 00 00 00 00 42 00 00 00 00 00 45 DD 4F 00 44 00 6F 00 77 00 6E 00 6C 00 6F 00 61 00 64 00 73 00 00 00 40 00 73 00 68 00 65 00 6C 00 6C 00 33 00 32 00 2E 00 64 00 6C 00 6C 00 2C 00 2D 00 32 00 31 00 37 00 39 00 38 00 00 00 18 00 00 00
  284. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\MRUListEx: 00 00 00 00 FF FF FF FF
  285. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0\NodeSlot: 0x00000052
  286. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0\MRUListEx: FF FF FF FF
  287. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos2322x1280x96(1).x: 0xFFFFFFFF
  288. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos2322x1280x96(1).y: 0xFFFFFFFF
  289. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos2322x1280x96(1).x: 0xFFFFFFFF
  290. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos2322x1280x96(1).y: 0xFFFFFFFF
  291. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).left: 0x00000235
  292. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).top: 0x00000281
  293. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).right: 0x000006A8
  294. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).bottom: 0x00000502
  295. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
  296. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\SniffedFolderType: "Generic"
  297. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\MuiCache\46\52C64B7E\@%SystemRoot%\System32\ListSvc.dll,-101: "Makes local computer changes associated with configuration and maintenance of the homegroup-joined computer. If this service is stopped or disabled, your computer will not work properly in a homegroup and your homegroup might not work properly. It is recommended that you keep this service running."
  298. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\MuiCache\46\52C64B7E\@%SystemRoot%\system32\drivers\mslldp.sys,-201: "Microsoft Link-Layer Discovery Protocol Driver"
  299. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\MuiCache\46\52C64B7E\@C:\Windows\System32\ieframe.dll,-55175: "Internet Explorer"
  300. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4: 78 00 31 00 00 00 00 00 0C 55 3D 5D 11 00 55 73 65 72 73 00 64 00 09 00 04 00 EF BE 3D 4B A6 45 0C 55 3D 5D 2E 00 00 00 47 06 00 00 00 00 01 00 00 00 00 00 00 00 00 00 3A 00 00 00 00 00 16 98 1B 00 55 00 73 00 65 00 72 00 73 00 00 00 40 00 73 00 68 00 65 00 6C 00 6C 00 33 00 32 00 2E 00 64 00 6C 00 6C 00 2C 00 2D 00 32 00 31 00 38 00 31 00 33 00 00 00 14 00 00 00
  301. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0: 56 00 31 00 00 00 00 00 44 56 3C 9D 10 00 4D 61 6C 77 61 72 65 00 40 00 09 00 04 00 EF BE 0C 55 C2 00 44 56 3C 9D 2E 00 00 00 58 07 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4C FB D6 00 4D 00 61 00 6C 00 77 00 61 00 72 00 65 00 00 00 16 00 00 00
  302. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\MRUListEx: 00 00 00 00 FF FF FF FF
  303. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0: 84 00 31 00 00 00 00 00 84 5A 06 6D 11 00 44 4F 57 4E 4C 4F 7E 31 00 00 6C 00 09 00 04 00 EF BE 0C 55 C2 00 84 5A 06 6D 2E 00 00 00 7B 08 00 00 00 00 03 00 00 00 00 00 00 00 00 00 42 00 00 00 00 00 45 DD 4F 00 44 00 6F 00 77 00 6E 00 6C 00 6F 00 61 00 64 00 73 00 00 00 40 00 73 00 68 00 65 00 6C 00 6C 00 33 00 32 00 2E 00 64 00 6C 00 6C 00 2C 00 2D 00 32 00 31 00 37 00 39 00 38 00 00 00 18 00 00 00
  304. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\MRUListEx: 00 00 00 00 FF FF FF FF
  305. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0\NodeSlot: 0x00000052
  306. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\4\0\0\MRUListEx: FF FF FF FF
  307. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos2322x1280x96(1).x: 0xFFFFFFFF
  308. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos2322x1280x96(1).y: 0xFFFFFFFF
  309. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos2322x1280x96(1).x: 0xFFFFFFFF
  310. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos2322x1280x96(1).y: 0xFFFFFFFF
  311. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).left: 0x00000235
  312. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).top: 0x00000281
  313. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).right: 0x000006A8
  314. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos2322x1280x96(1).bottom: 0x00000502
  315. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
  316. HKU\S-1-5-21-1497642843-3941697449-2312607874-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\82\Shell\SniffedFolderType: "Generic"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!