Zips_eedb13532abc50e02980c16e35ab4b79_php_2019-06-26_10_30.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Zips_eedb13532abc50e02980c16e35ab4b79.php"
7. [*] File Size: 73190
8. [*] File Type: "Zip archive data, at least v2.0 to extract"
9. [*] SHA256: "099088fa32b5e184357a60d41878edb2f718b172f4cb6c57566a076ce135f66b"
10. [*] MD5: "eedb13532abc50e02980c16e35ab4b79"
11. [*] SHA1: "15de33385c941c403de1e614bfabc5553683104e"
12. [*] SHA512: "58dcc2c4ece8193e9d3616dbe42b37232c6e1a41bcee20e0a41780c4497f460e4cdc4bf490227ab6aac3cd50fe3caaeb4f26cb5a397145a996a890f1a1c02c34"
13. [*] CRC32: "66788D0D"
14. [*] SSDEEP: "1536:hZQ9qo5NBAhjQoGj3bVBltWJKhZDxqRQAhHNZPymiHrBG1uFmphkm:hZKrBAh6frSJCFM/NZLErBG1Mmphkm"
15.  
16. [*] Process Execution: [
17. "wscript.exe",
18. "me.exe",
19. "cmd.exe",
20. "powershell.exe",
21. "cmd.exe",
22. "sc.exe",
23. "cmd.exe",
24. "sc.exe",
25. "cmd.exe",
26. "sc.exe",
27. "cmd.exe",
28. "sc.exe",
29. "cmd.exe",
30. "powershell.exe",
31. "svchost.exe",
32. "services.exe",
33. "svchost.exe",
34. "mscorsvw.exe",
35. "svchost.exe",
36. "lsass.exe",
37. "mscorsvw.exe",
38. "mscorsvw.exe",
39. "mscorsvw.exe",
40. "mscorsvw.exe",
41. "mscorsvw.exe",
42. "mscorsvw.exe",
43. "mscorsvw.exe",
44. "mscorsvw.exe",
45. "mscorsvw.exe",
46. "mscorsvw.exe",
47. "mscorsvw.exe",
48. "mscorsvw.exe",
49. "mscorsvw.exe",
50. "mscorsvw.exe",
51. "mscorsvw.exe",
52. "mscorsvw.exe",
53. "mscorsvw.exe",
54. "mscorsvw.exe",
55. "mscorsvw.exe",
56. "mscorsvw.exe",
57. "mscorsvw.exe",
58. "mscorsvw.exe",
59. "mscorsvw.exe",
60. "mscorsvw.exe",
61. "mscorsvw.exe",
62. "mscorsvw.exe",
63. "mscorsvw.exe",
64. "mscorsvw.exe",
65. "mscorsvw.exe",
66. "mscorsvw.exe",
67. "mscorsvw.exe",
68. "mscorsvw.exe",
69. "mscorsvw.exe",
70. "mscorsvw.exe",
71. "mscorsvw.exe",
72. "mscorsvw.exe",
73. "mscorsvw.exe",
74. "mscorsvw.exe",
75. "mscorsvw.exe",
76. "mscorsvw.exe",
77. "mscorsvw.exe",
78. "mscorsvw.exe",
79. "mscorsvw.exe",
80. "mscorsvw.exe",
81. "mscorsvw.exe",
82. "mscorsvw.exe",
83. "mscorsvw.exe",
84. "mscorsvw.exe",
85. "mscorsvw.exe",
86. "mscorsvw.exe",
87. "mscorsvw.exe",
88. "mscorsvw.exe",
89. "mscorsvw.exe",
90. "mscorsvw.exe",
91. "sppsvc.exe",
92. "svchost.exe",
93. "svchost.exe",
94. "WMIADAP.exe",
95. "sdclt.exe",
96. "taskhost.exe",
97. "sc.exe",
98. "svchost.exe",
99. "svchost.exe",
100. "WerFault.exe",
101. "wermgr.exe",
102. "explorer.exe"
103. ]
104.  
105. [*] Signatures Detected: [
106. {
107. "Description": "At least one process apparently crashed during execution",
108. "Details": []
109. },
110. {
111. "Description": "Attempts to connect to a dead IP:Port (2 unique times)",
112. "Details": [
113. {
114. "IP": "185.94.230.114:80"
115. },
116. {
117. "IP": "89.249.74.41:80"
118. }
119. ]
120. },
121. {
122. "Description": "Creates RWX memory",
123. "Details": []
124. },
125. {
126. "Description": "Possible date expiration check, exits too soon after checking local time",
127. "Details": [
128. {
129. "process": "cmd.exe, PID 2364"
130. }
131. ]
132. },
133. {
134. "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
135. "Details": [
136. {
137. "ioc": "v2.0.50727"
138. },
139. {
140. "ioc": "ontract.v10.0.dll"
141. }
142. ]
143. },
144. {
145. "Description": "A process created a hidden window",
146. "Details": [
147. {
148. "Process": "me.exe -> cmd"
149. },
150. {
151. "Process": "me.exe -> cmd"
152. },
153. {
154. "Process": "me.exe -> cmd"
155. },
156. {
157. "Process": "svchost.exe -> \\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE"
158. }
159. ]
160. },
161. {
162. "Description": "Drops a binary and executes it",
163. "Details": [
164. {
165. "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe"
166. }
167. ]
168. },
169. {
170. "Description": "Performs some HTTP requests",
171. "Details": [
172. {
173. "url": "http://birthdayeventdxb.com/readme.doc"
174. },
175. {
176. "url": "http://www.msftncsi.com/ncsi.txt"
177. }
178. ]
179. },
180. {
181. "Description": "Queries information on disks, possibly for anti-virtualization",
182. "Details": []
183. },
184. {
185. "Description": "Attempts to stop active services",
186. "Details": [
187. {
188. "servicename": "WinDefend"
189. }
190. ]
191. },
192. {
193. "Description": "A process attempted to delay the analysis task by a long amount of time.",
194. "Details": [
195. {
196. "Process": "svchost.exe tried to sleep 421 seconds, actually delayed analysis time by 0 seconds"
197. },
198. {
199. "Process": "sppsvc.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds"
200. },
201. {
202. "Process": "mscorsvw.exe tried to sleep 4320 seconds, actually delayed analysis time by 0 seconds"
203. }
204. ]
205. },
206. {
207. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
208. "Details": [
209. {
210. "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 12036557 times"
211. }
212. ]
213. },
214. {
215. "Description": "Spoofs its process name and/or associated pathname to appear as a legitimate process",
216. "Details": [
217. {
218. "modified_name": "svchost.exe",
219. "modified_path": "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe",
220. "original_name": "svchost.exe",
221. "original_path": "C:\\Windows\\system32\\svchost.exe"
222. }
223. ]
224. },
225. {
226. "Description": "Creates a hidden or system file",
227. "Details": [
228. {
229. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2029ae4.TMP"
230. },
231. {
232. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat"
233. },
234. {
235. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15e.dat"
236. },
237. {
238. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat"
239. },
240. {
241. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat"
242. },
243. {
244. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat"
245. },
246. {
247. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat"
248. },
249. {
250. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index164.dat"
251. },
252. {
253. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index165.dat"
254. },
255. {
256. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index166.dat"
257. },
258. {
259. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index167.dat"
260. },
261. {
262. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index168.dat"
263. },
264. {
265. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index169.dat"
266. },
267. {
268. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16a.dat"
269. },
270. {
271. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16b.dat"
272. },
273. {
274. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16c.dat"
275. },
276. {
277. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16d.dat"
278. },
279. {
280. "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16e.dat"
281. }
282. ]
283. },
284. {
285. "Description": "Checks the system manufacturer, likely for anti-virtualization",
286. "Details": []
287. },
288. {
289. "Description": "Attempts to disable Windows Defender",
290. "Details": []
291. },
292. {
293. "Description": "Attempts to modify or disable Security Center warnings",
294. "Details": []
295. }
296. ]
297.  
298. [*] Started Service: [
299. "KeyIso",
300. "WerSvc",
301. "W32Time"
302. ]
303.  
304. [*] Executed Commands: [
305. "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe",
306. "\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
307. "cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
308. "\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend",
309. "cmd /c sc stop WinDefend",
310. "\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend",
311. "cmd /c sc delete WinDefend",
312. "C:\\Windows\\system32\\cmd.exe /c sc stop WinDefend",
313. "C:\\Windows\\system32\\cmd.exe /c sc delete WinDefend",
314. "C:\\Windows\\system32\\cmd.exe /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
315. "C:\\Windows\\system32\\svchost.exe",
316. "powershell Set-MpPreference -DisableRealtimeMonitoring $true",
317. "sc stop WinDefend",
318. "sc delete WinDefend",
319. "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
320. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
321. "C:\\Windows\\system32\\lsass.exe",
322. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
323. "C:\\Windows\\system32\\sppsvc.exe",
324. "C:\\Windows\\System32\\sdclt.exe /CONFIGNOTIFICATION",
325. "taskhost.exe $(Arg0)",
326. "C:\\Windows\\system32\\sc.exe start w32time task_started",
327. "C:\\Windows\\system32\\svchost.exe -k LocalService",
328. "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
329. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {4C379ADC-A2D5-471F-8829-B2B86FF3628C} -Comment \"Dependency Analyzer\"",
330. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {6F232156-CB27-4EA6-9706-191CA246F2E3} -Comment \"Dependency Analyzer\"",
331. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {C46F404C-22B0-4E30-A288-93619323BB71} -Comment \"Dependency Analyzer\"",
332. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {CBC80DDF-B67A-4901-9A45-4652276439A2} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\"",
333. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {145395DA-B986-40D2-AF87-5EBA1515B5FD} -Comment \"Dependency Analyzer\"",
334. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {6D7827A2-D51A-45EC-8659-799C2480345F} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\"",
335. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {8ADC8C51-1D13-4EF6-97C9-C718CE031341} -Comment \"Dependency Analyzer\"",
336. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {04335523-E879-4A30-A2A1-7CB7C9B10475} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\"",
337. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1E874562-B0A8-4269-B215-EC61ACBC6122} -Comment \"Dependency Analyzer\"",
338. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {4378F745-0229-4C22-98D4-517BA1550194} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\"",
339. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {2858D7F2-BA10-4C73-8D35-32F5B635BB8C} -Comment \"Dependency Analyzer\"",
340. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {855503EF-CE5E-4448-A6A8-869A0B7326BD} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.Office.Tools.v9.0.dll\"",
341. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {39C532E3-9198-4566-BFCF-D800E5FD148B} -Comment \"Dependency Analyzer\"",
342. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {8A5C3D73-B52C-413B-BEBB-15672A2B5619} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll\"",
343. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E559E549-2903-4836-ABE2-CCAEABFFBFDD} -Comment \"Dependency Analyzer\"",
344. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {7A09B85D-DB8A-4D9D-9D6D-B822ECEE919C} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll\"",
345. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {6D2837CF-9EE6-465B-9031-F4FB53B17561} -Comment \"Dependency Analyzer\"",
346. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {95420859-C24F-43C7-8702-6CDAA6CFB544} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll\"",
347. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {3E06EAE1-73A0-46FA-935D-01E1755FB9F4} -Comment \"Dependency Analyzer\"",
348. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {12A9FD2D-CB8A-4C81-9A5B-A57601326635} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll\"",
349. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {42C6F9FE-125C-4F37-83F7-6B514FE91AB0} -Comment \"Dependency Analyzer\"",
350. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {C4417F92-32D2-4BEA-B13A-4D4D0F4E56DD} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll\"",
351. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E3028FE5-28F8-4A4E-A2DE-EA9962E30059} -Comment \"Dependency Analyzer\"",
352. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1A86F936-B4DA-4528-9172-DE62EBF75063} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll\"",
353. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {FFADB144-C3CA-4FF6-8408-047B1A8A8850} -Comment \"Dependency Analyzer\"",
354. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {2C77062D-3830-41F5-9981-4B3FD059834A} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll\"",
355. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {65F86CCE-D70E-4AC6-B0E8-80980F865BDE} -Comment \"Dependency Analyzer\"",
356. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {8059A64F-38F2-40ED-A3AB-CA056F14333B} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll\"",
357. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {24E8A6BF-7C4C-453F-A441-A08B0392B7FF} -Comment \"Dependency Analyzer\"",
358. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {89D9392D-028D-41BE-9599-DD651074CAFB} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll\"",
359. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {41B9778F-7D15-499D-AFFB-62EF23F545EA} -Comment \"Dependency Analyzer\"",
360. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {D7C5E442-CBEF-494D-90FF-548BF79DBD10} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll\"",
361. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {CD7F0D16-CA92-4236-B674-92A82754138E} -Comment \"Dependency Analyzer\"",
362. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1808E1A9-C220-436A-941C-9839DF14AA94} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll\"",
363. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E25098F7-D21A-44D9-8CC7-09B101301E70} -Comment \"Dependency Analyzer\"",
364. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {EBF8BD6F-D6BB-44AC-BE4F-0BDAFE0530E0} -Comment \"Dependency Analyzer\"",
365. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {975E108B-3F3C-4EF6-8A9D-0A7A751E92DF} -Comment \"Dependency Analyzer\"",
366. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {5F52833E-F8DC-431E-857E-0A46A92AE770} -Comment \"Dependency Analyzer\"",
367. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {3349E304-864A-49CB-9BA9-7F122EFE0A9F} -Comment \"Dependency Analyzer\"",
368. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E4968792-AE22-4E6B-A427-456223E119C9} -Comment \"Dependency Analyzer\"",
369. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {0BD20C93-2FE6-4FBE-A7F8-0BA9183A2A94} -Comment \"Dependency Analyzer\"",
370. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {42C902D0-C46E-4AA1-9D0A-DF5436BC1C7E} -Comment \"Dependency Analyzer\"",
371. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {764FCDCB-7C6D-4166-8AC3-BA795CFCF40F} -Comment \"Dependency Analyzer\"",
372. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {C8ADFA13-B835-433A-BCDB-32A47DCCADE8} -Comment \"Dependency Analyzer\"",
373. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {CD69D9E5-8DE1-4DC2-AC6A-1F88E27B4557} -Comment \"Dependency Analyzer\"",
374. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {05610C32-0A84-4838-B631-E8F47FB64502} -Comment \"Dependency Analyzer\"",
375. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1EE7A7AF-CDDA-4ABF-882E-27CDC15BB23B} -Comment \"Dependency Analyzer\"",
376. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {0F5DE145-1A0C-433F-809F-645013C08829} -Comment \"Dependency Analyzer\"",
377. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {26FB2AF0-763B-4CD0-8C16-B26647502E98} -Comment \"Dependency Analyzer\"",
378. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {FBA35B45-A299-4A71-B8E8-9BDA3945D949} -Comment \"Dependency Analyzer\"",
379. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {7C8F86A7-868D-49BA-8463-73A975CD4309} -Comment \"Dependency Analyzer\"",
380. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {4131E51D-0C82-4A65-9E13-268706F8AE85} -Comment \"Dependency Analyzer\"",
381. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E70B2D75-5475-4CD4-8EA8-60573775340F} -Comment \"Dependency Analyzer\"",
382. "\\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE wmiadap.exe /F /T /R",
383. "C:\\Windows\\system32\\WerFault.exe -u -p 1988 -s 288",
384. "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\""
385. ]
386.  
387. [*] Mutexes: [
388. "Local\\ZoneAttributeCacheCounterMutex",
389. "Local\\ZonesCacheCounterMutex",
390. "Local\\ZonesLockedCacheCounterMutex",
391. "Global\\CLR_CASOFF_MUTEX",
392. "Global\\838B6C9EB27932960",
393. "DBWinMutex",
394. "Local\\WERReportingForProcess1988",
395. "Global\\\\xe5\\x88\\x90\\xc2\\x89",
396. "Global\\\\xed\\x95\\xb0\\xc7\\xa8",
397. "WERUI_BEX64-1f67675514e2d340fc249786aef11e17815cce2",
398. "Global\\ADAP_WMI_ENTRY",
399. "Global\\RefreshRA_Mutex",
400. "Global\\RefreshRA_Mutex_Lib",
401. "Global\\RefreshRA_Mutex_Flag"
402. ]
403.  
404. [*] Modified Files: [
405. "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe",
406. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-0000000000-0000000000-0000000000-1000\\00000000-0000-0000-0000-000000000000b_00000000-0000-0000-0000-000000000000",
407. "C:\\Users\\user\\AppData\\Local\\Temp\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
408. "\\??\\PIPE\\srvsvc",
409. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\Q3EPWVUQGH5AH3D6W3XF.temp",
410. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2029ae4.TMP",
411. "C:\\Windows\\SysWOW64\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
412. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\6PYHSDQP1Z52YDIB7SDH.temp",
413. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms",
414. "C:\\Windows\\sysnative\\LogFiles\\Scm\\2ce1541b-c7b1-4ba0-8974-722d18a3c54d",
415. "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
416. "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d",
417. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.lock",
418. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.log",
419. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngenservicelock.dat",
420. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngenrootstorelock.dat",
421. "C:\\Windows\\Microsoft.NET\\ngenservice_pri3_lock.dat",
422. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.lock",
423. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.log",
424. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenservicelock.dat",
425. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenrootstorelock.dat",
426. "\\??\\SPDevice",
427. "\\??\\PIPE\\wkssvc",
428. "C:\\Windows\\sysnative\\winevt\\Logs\\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx",
429. "C:\\Windows\\sysnative\\winevt\\Logs\\Microsoft-Windows-WER-Diag%4Operational.evtx",
430. "C:\\Windows\\sysnative\\winevt\\Logs\\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx",
431. "C:\\Windows\\SoftwareDistribution\\ReportingEvents.log",
432. "\\Device\\LanmanDatagramReceiver",
433. "C:\\Windows\\appcompat\\Programs\\RecentFileCache.bcf",
434. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2130.tmp\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll",
435. "C:\\Windows\\assembly\\GACLock.dat",
436. "C:\\Windows\\assembly\\ngenlock.dat",
437. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat",
438. "C:\\Windows\\assembly\\temp\\UBVOH9YW6R",
439. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\858a16566417324d7113703e9d9a220f\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll",
440. "C:\\BVTBin\\Tests\\installpackage\\csilogfile.log",
441. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3063.tmp\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll",
442. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat",
443. "C:\\Windows\\assembly\\temp\\WRWIR3X3AC",
444. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\aa8c5b1ed8c1befde1f41b7cd4886163\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll",
445. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP4988.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll",
446. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat",
447. "C:\\Windows\\assembly\\temp\\FHSG32QS1K",
448. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\a00f92391877dd945e4a4639788c20c4\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll",
449. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5B99.tmp\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll",
450. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat",
451. "C:\\Windows\\assembly\\temp\\8XTAEWPY55",
452. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\768fc8d43917315c6e1ea9a91b5295a8\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll",
453. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP6B2A.tmp\\Microsoft.Office.Tools.v9.0.dll",
454. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat",
455. "C:\\Windows\\assembly\\temp\\AEU5GIF59P",
456. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#\\09c86f6b3ef36b680afe553f4bb7182d\\Microsoft.Office.Tools.v9.0.ni.dll",
457. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD",
458. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD",
459. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21",
460. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21",
461. "C:\\Windows\\Temp\\CabA17C.tmp",
462. "C:\\Windows\\Temp\\TarA18D.tmp",
463. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
464. "C:\\Windows\\Temp\\CabAF76.tmp",
465. "C:\\Windows\\Temp\\TarAF77.tmp",
466. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB1D9.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll",
467. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index164.dat",
468. "C:\\Windows\\assembly\\temp\\L96LB2KIOV",
469. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\4b3742b9ce5a12286a9e50f48e6dbbb2\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll",
470. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPBFD2.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll",
471. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index165.dat",
472. "C:\\Windows\\assembly\\temp\\7QNXO4Z4ZB",
473. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\7ccd189d94efd1491116295d6fb86584\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll",
474. "C:\\Windows\\Temp\\CabCBD8.tmp",
475. "C:\\Windows\\Temp\\TarCBD9.tmp",
476. "C:\\Windows\\Temp\\CabD4F0.tmp",
477. "C:\\Windows\\Temp\\TarD4F1.tmp",
478. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPD7A1.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll",
479. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index166.dat",
480. "C:\\Windows\\assembly\\temp\\L7W2UENXBS",
481. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d22de3f4c42430a9421588d3b2c0de6f\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll",
482. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPE79D.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll",
483. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index167.dat",
484. "C:\\Windows\\assembly\\temp\\ZO4F0G3JN8",
485. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\8cace01bdef1fa3c1deb129b0c201333\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll",
486. "C:\\Windows\\Temp\\CabF113.tmp",
487. "C:\\Windows\\Temp\\TarF124.tmp",
488. "C:\\Windows\\Temp\\Cab94.tmp",
489. "C:\\Windows\\Temp\\Tar95.tmp",
490. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2D8.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll",
491. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index168.dat",
492. "C:\\Windows\\assembly\\temp\\LCLKDRIDYP",
493. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f475ddf8555a053a766081058e4df1ec\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll",
494. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPEFB.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll",
495. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index169.dat",
496. "C:\\Windows\\assembly\\temp\\ZTTXJT6ZA5",
497. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\10544e726a20c09e227a1c906be47b69\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll",
498. "C:\\Windows\\Temp\\Cab1F66.tmp",
499. "C:\\Windows\\Temp\\Tar1F77.tmp",
500. "C:\\Windows\\Temp\\Cab31B6.tmp",
501. "C:\\Windows\\Temp\\Tar31D6.tmp",
502. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3523.tmp\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll",
503. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16a.dat",
504. "C:\\Windows\\assembly\\temp\\2RWDXHWCAA",
505. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d55694c2bdd85900a19ab47723f60b3a\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll",
506. "C:\\Windows\\Temp\\Cab456D.tmp",
507. "C:\\Windows\\Temp\\Tar456E.tmp",
508. "C:\\Windows\\Temp\\Cab5490.tmp",
509. "C:\\Windows\\Temp\\Tar5491.tmp",
510. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5722.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll",
511. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16b.dat",
512. "C:\\Windows\\assembly\\temp\\IOEDDD2CPB",
513. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f2fde18290c6c402bbccdab670aa3126\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll",
514. "C:\\Windows\\Temp\\Cab7353.tmp",
515. "C:\\Windows\\Temp\\Tar7363.tmp",
516. "C:\\Windows\\Temp\\Cab8322.tmp",
517. "C:\\Windows\\Temp\\Tar8332.tmp",
518. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP85D3.tmp\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll",
519. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16c.dat",
520. "C:\\Windows\\assembly\\temp\\FUHO2MRNS0",
521. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\cac5185d84f38f3d701b128429bf48f2\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll",
522. "C:\\Windows\\Temp\\CabA3E8.tmp",
523. "C:\\Windows\\Temp\\TarA3E9.tmp",
524. "C:\\Windows\\Temp\\CabAD3F.tmp",
525. "C:\\Windows\\Temp\\TarAD4F.tmp",
526. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPAF64.tmp\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll",
527. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16d.dat",
528. "C:\\Windows\\assembly\\temp\\R0EOGFJRNT",
529. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\b8820392be14b41757054ee7e052b0fd\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll",
530. "\\??\\PIPE\\lsarpc",
531. "C:\\Windows\\Temp\\CabB983.tmp",
532. "C:\\Windows\\Temp\\TarB984.tmp",
533. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC23.tmp.appcompat.txt",
534. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC2EB.tmp.WERInternalMetadata.xml",
535. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC359.tmp.hdmp",
536. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERD5D8.tmp.mdmp",
537. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERBC23.tmp.appcompat.txt",
538. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERC2EB.tmp.WERInternalMetadata.xml",
539. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERC359.tmp.hdmp",
540. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERD5D8.tmp.mdmp",
541. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\Report.wer",
542. "C:\\Windows\\Temp\\CabC2BB.tmp",
543. "C:\\Windows\\Temp\\TarC2BC.tmp",
544. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPC889.tmp\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll",
545. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16e.dat",
546. "C:\\Windows\\assembly\\temp\\QPUBXYN075",
547. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\ca444875ec3917f2861b939de4b4de56\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll",
548. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9",
549. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9",
550. "C:\\Windows\\Temp\\CabF64E.tmp",
551. "C:\\Windows\\Temp\\TarF64F.tmp",
552. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\Report.wer.tmp",
553. "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.h"
554. ]
555.  
556. [*] Deleted Files: [
557. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2029ae4.TMP",
558. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1056.33725421",
559. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1056.33725421",
560. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1056.33725437",
561. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\6PYHSDQP1Z52YDIB7SDH.temp",
562. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.1200.33746609",
563. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1200.33746609",
564. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.1200.33746609",
565. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngenserviceclientlock.dat",
566. "C:\\Windows\\Microsoft.NET\\ngenservice_pri0_lock.dat",
567. "C:\\Windows\\Microsoft.NET\\ngenservice_pri1_lock.dat",
568. "C:\\Windows\\Microsoft.NET\\ngenservice_pri2_lock.dat",
569. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenserviceclientlock.dat",
570. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1140.33956406",
571. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1140.33956406",
572. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1140.33956468",
573. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1776.33977593",
574. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1776.33977609",
575. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1776.33977640",
576. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2164.33978609",
577. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2164.33978609",
578. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2164.33978625",
579. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2130.tmp",
580. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15e.dat",
581. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\858a16566417324d7113703e9d9a220f",
582. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#",
583. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2130.tmp\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll",
584. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2176.33980453",
585. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2176.33980453",
586. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2176.33980468",
587. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.800.33982984",
588. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.800.33982984",
589. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.800.33983000",
590. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3063.tmp",
591. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat",
592. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\aa8c5b1ed8c1befde1f41b7cd4886163",
593. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3063.tmp\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll",
594. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2092.33984375",
595. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2092.33984390",
596. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2092.33984406",
597. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2116.33989671",
598. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2116.33989671",
599. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2116.33989734",
600. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP4988.tmp",
601. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat",
602. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\a00f92391877dd945e4a4639788c20c4",
603. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP4988.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll",
604. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2384.33990812",
605. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2384.33990828",
606. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2384.33990843",
607. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2284.33994218",
608. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2284.33994218",
609. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2284.33994250",
610. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5B99.tmp",
611. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat",
612. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\768fc8d43917315c6e1ea9a91b5295a8",
613. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5B99.tmp\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll",
614. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.948.33995453",
615. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.948.33995453",
616. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.948.33995468",
617. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3064.33998375",
618. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3064.33998390",
619. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3064.33998406",
620. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP6B2A.tmp",
621. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat",
622. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#\\09c86f6b3ef36b680afe553f4bb7182d",
623. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#",
624. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP6B2A.tmp\\Microsoft.Office.Tools.v9.0.dll",
625. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2804.33999406",
626. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2804.33999406",
627. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2804.33999406",
628. "C:\\Windows\\Temp\\CabA17C.tmp",
629. "C:\\Windows\\Temp\\TarA18D.tmp",
630. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3032.34000812",
631. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3032.34000828",
632. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3032.34000843",
633. "C:\\Windows\\Temp\\CabAF76.tmp",
634. "C:\\Windows\\Temp\\TarAF77.tmp",
635. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB1D9.tmp",
636. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat",
637. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\4b3742b9ce5a12286a9e50f48e6dbbb2",
638. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB1D9.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll",
639. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2992.34015734",
640. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2992.34015781",
641. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2992.34015812",
642. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2844.34019125",
643. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2844.34019140",
644. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2844.34019218",
645. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPBFD2.tmp",
646. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index164.dat",
647. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\7ccd189d94efd1491116295d6fb86584",
648. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPBFD2.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll",
649. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2008.34020671",
650. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2008.34020703",
651. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2008.34020765",
652. "C:\\Windows\\Temp\\CabCBD8.tmp",
653. "C:\\Windows\\Temp\\TarCBD9.tmp",
654. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1608.34022843",
655. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1608.34022859",
656. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1608.34022937",
657. "C:\\Windows\\Temp\\CabD4F0.tmp",
658. "C:\\Windows\\Temp\\TarD4F1.tmp",
659. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPD7A1.tmp",
660. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index165.dat",
661. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d22de3f4c42430a9421588d3b2c0de6f",
662. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPD7A1.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll",
663. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2812.34025937",
664. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2812.34025953",
665. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2812.34025953",
666. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.364.34028968",
667. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.364.34029000",
668. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.364.34029093",
669. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPE79D.tmp",
670. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index166.dat",
671. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\8cace01bdef1fa3c1deb129b0c201333",
672. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPE79D.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll",
673. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2856.34030796",
674. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2856.34030828",
675. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2856.34030906",
676. "C:\\Windows\\Temp\\CabF113.tmp",
677. "C:\\Windows\\Temp\\TarF124.tmp",
678. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.968.34032687",
679. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.968.34032734",
680. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.968.34032750",
681. "C:\\Windows\\Temp\\Cab94.tmp",
682. "C:\\Windows\\Temp\\Tar95.tmp",
683. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2D8.tmp",
684. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index167.dat",
685. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f475ddf8555a053a766081058e4df1ec",
686. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2D8.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll",
687. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2024.34035671",
688. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2024.34035703",
689. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2024.34035796",
690. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1180.34039687",
691. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1180.34039718",
692. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1180.34039812",
693. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPEFB.tmp",
694. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index168.dat",
695. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\10544e726a20c09e227a1c906be47b69",
696. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPEFB.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll",
697. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2292.34041078",
698. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2292.34041093",
699. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2292.34041171",
700. "C:\\Windows\\Temp\\Cab1F66.tmp",
701. "C:\\Windows\\Temp\\Tar1F77.tmp",
702. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1424.34043953",
703. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1424.34043984",
704. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1424.34044015",
705. "C:\\Windows\\Temp\\Cab31B6.tmp",
706. "C:\\Windows\\Temp\\Tar31D6.tmp",
707. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3523.tmp",
708. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index169.dat",
709. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d55694c2bdd85900a19ab47723f60b3a",
710. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3523.tmp\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll",
711. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1824.34049406",
712. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1824.34049437",
713. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1824.34049515",
714. "C:\\Windows\\Temp\\Cab456D.tmp",
715. "C:\\Windows\\Temp\\Tar456E.tmp",
716. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2428.34054125",
717. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2428.34054156",
718. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2428.34054234",
719. "C:\\Windows\\Temp\\Cab5490.tmp",
720. "C:\\Windows\\Temp\\Tar5491.tmp",
721. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5722.tmp",
722. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16a.dat",
723. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f2fde18290c6c402bbccdab670aa3126",
724. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5722.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll",
725. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2760.34058296",
726. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2760.34058312",
727. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2760.34058359",
728. "C:\\Windows\\Temp\\Cab7353.tmp",
729. "C:\\Windows\\Temp\\Tar7363.tmp",
730. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1856.34065765",
731. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1856.34065796",
732. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1856.34065859",
733. "C:\\Windows\\Temp\\Cab8322.tmp",
734. "C:\\Windows\\Temp\\Tar8332.tmp",
735. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP85D3.tmp",
736. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16b.dat",
737. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\cac5185d84f38f3d701b128429bf48f2",
738. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP85D3.tmp\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll",
739. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2504.34070078",
740. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2504.34070093",
741. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2504.34070140",
742. "C:\\Windows\\Temp\\CabA3E8.tmp",
743. "C:\\Windows\\Temp\\TarA3E9.tmp",
744. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2452.34077906",
745. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2452.34077937",
746. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2452.34078015",
747. "C:\\Windows\\Temp\\CabAD3F.tmp",
748. "C:\\Windows\\Temp\\TarAD4F.tmp",
749. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPAF64.tmp",
750. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16c.dat",
751. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\b8820392be14b41757054ee7e052b0fd",
752. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPAF64.tmp\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll",
753. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2148.34081453",
754. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2148.34081453",
755. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2148.34081484",
756. "C:\\Windows\\Temp\\CabB983.tmp",
757. "C:\\Windows\\Temp\\TarB984.tmp",
758. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1868.34084609",
759. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1868.34084609",
760. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1868.34084625",
761. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC23.tmp",
762. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC23.tmp.appcompat.txt",
763. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC2EB.tmp",
764. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC2EB.tmp.WERInternalMetadata.xml",
765. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC359.tmp",
766. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC359.tmp.hdmp",
767. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERD5D8.tmp",
768. "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERD5D8.tmp.mdmp",
769. "C:\\Windows\\Temp\\CabC2BB.tmp",
770. "C:\\Windows\\Temp\\TarC2BC.tmp",
771. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPC889.tmp",
772. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16d.dat",
773. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\ca444875ec3917f2861b939de4b4de56",
774. "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPC889.tmp\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll",
775. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2096.34087171",
776. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2096.34087171",
777. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2096.34087187",
778. "C:\\Windows\\Temp\\CabF64E.tmp",
779. "C:\\Windows\\Temp\\TarF64F.tmp",
780. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3020.34093750",
781. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3020.34093750",
782. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3020.34093765",
783. "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\Report.wer.tmp",
784. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2392.34102859",
785. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2392.34102859",
786. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2392.34102875",
787. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1112.34103671",
788. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1112.34103671",
789. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1112.34103687",
790. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1560.34104453",
791. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1560.34104453",
792. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1560.34104468",
793. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.672.34106093",
794. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.672.34106093",
795. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.672.34106109",
796. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1836.34106968",
797. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1836.34106968",
798. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1836.34106984",
799. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2672.34108000",
800. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2672.34108015",
801. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2672.34108031",
802. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1364.34109359",
803. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1364.34109375",
804. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1364.34109390",
805. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1596.34110328",
806. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1596.34110328",
807. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1596.34110343",
808. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2044.34111265",
809. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2044.34111265",
810. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2044.34111281",
811. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2016.34112187",
812. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2016.34112187",
813. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2016.34112203",
814. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2872.34113031",
815. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2872.34113031",
816. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2872.34113046",
817. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1444.34113921",
818. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1444.34113921",
819. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1444.34113937",
820. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.928.34115609",
821. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.928.34115640",
822. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.928.34115750",
823. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3676.34122984",
824. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3676.34123015",
825. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3676.34123125",
826. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3844.34124859",
827. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3844.34124875",
828. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3844.34124984",
829. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3992.34127031",
830. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3992.34127062",
831. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3992.34127203",
832. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1176.34131265",
833. "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1176.34131296",
834. "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1176.34131359"
835. ]
836.  
837. [*] Modified Registry Keys: [
838. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
839. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
840. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender",
841. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\DisableAntiSpyware",
842. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
843. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableBehaviorMonitoring",
844. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnAccessProtection",
845. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnRealtimeEnable",
846. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection",
847. "DisableNotifications",
848. "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
849. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\Start",
850. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\Start",
851. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type",
852. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
853. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3",
854. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\Scenario",
855. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\Status",
856. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\2\\Status",
857. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\ImageList",
858. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\2\\ImageList",
859. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\2\\Status",
860. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\\0\\ImageList",
861. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\\0\\Status",
862. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\\0\\ImageList",
863. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\\0\\Status",
864. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\\0\\ImageList",
865. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\\0\\Status",
866. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\\0\\ImageList",
867. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\\0\\Status",
868. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.Office.Tools.v9.0.dll\\0\\ImageList",
869. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.Office.Tools.v9.0.dll\\0\\Status",
870. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll\\0\\ImageList",
871. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll\\0\\Status",
872. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll\\0\\ImageList",
873. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll\\0\\Status",
874. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll\\0\\ImageList",
875. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll\\0\\Status",
876. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll\\0\\ImageList",
877. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll\\0\\Status",
878. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll\\0\\ImageList",
879. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll\\0\\Status",
880. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll\\0\\ImageList",
881. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll\\0\\Status",
882. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll\\0\\ImageList",
883. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll\\0\\Status",
884. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll\\0\\ImageList",
885. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll\\0\\Status",
886. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll\\0\\ImageList",
887. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll\\0\\Status",
888. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll\\0\\ImageList",
889. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll\\0\\Status",
890. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll\\0\\ImageList",
891. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll\\0\\Status",
892. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\ComSvcConfig, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
893. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\ComSvcConfig, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
894. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\CustomMarshalers, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64\\1\\ImageList",
895. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\CustomMarshalers, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64\\1\\Status",
896. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
897. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
898. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
899. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\Status",
900. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\ImageList",
901. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\Status",
902. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.Framework, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
903. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.Framework, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\Status",
904. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.RuleWizard, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
905. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.RuleWizard, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\Status",
906. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Conversion.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
907. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Conversion.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
908. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
909. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
910. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
911. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
912. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
913. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
914. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
915. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
916. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
917. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
918. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
919. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
920. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
921. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
922. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
923. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
924. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.AdmTmplEditor, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\ImageList",
925. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.AdmTmplEditor, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\Status",
926. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.Interop, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\ImageList",
927. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.Interop, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\Status",
928. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.Reporting, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
929. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform\\ServiceSessionId",
930. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\cval",
931. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Publishers\\{945a8954-c147-4acd-923f-40c45405a658}\\Enabled",
932. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
933. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Reporting\\RebootWatch",
934. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\NextSqmReportTime",
935. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\SusClientIdValidation",
936. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS",
937. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS\\UpdateCount",
938. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106\\CheckSetting",
939. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\\CheckSetting",
940. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103\\CheckSetting",
941. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\\CheckSetting",
942. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\\CheckSetting",
943. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104\\CheckSetting",
944. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
945. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA",
946. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{945a8954-c147-4acd-923f-40c45405a658}.check.42\\CheckSetting",
947. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\WHCIconStartup",
948. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bmp\\OpenWithProgids\\Paint.Picture",
949. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.cab\\OpenWithProgids\\CABFolder",
950. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.contact\\OpenWithProgids\\contact_wab_auto_file",
951. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.css\\OpenWithProgids\\CSSfile",
952. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.csv\\OpenWithProgids\\Excel.CSV",
953. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dib\\OpenWithProgids\\Paint.Picture",
954. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dll\\OpenWithProgids\\dllfile",
955. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.doc\\OpenWithProgids\\Word.Document.8",
956. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.docm\\OpenWithProgids\\Word.DocumentMacroEnabled.12",
957. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.docx\\OpenWithProgids\\Word.Document.12",
958. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dot\\OpenWithProgids\\Word.Template.8",
959. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dotm\\OpenWithProgids\\Word.TemplateMacroEnabled.12",
960. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dotx\\OpenWithProgids\\Word.Template.12",
961. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dwfx\\OpenWithProgids\\Windows.XPSReachViewer",
962. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.easmx\\OpenWithProgids\\Windows.XPSReachViewer",
963. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.edrwx\\OpenWithProgids\\Windows.XPSReachViewer",
964. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.emf\\OpenWithProgids\\emffile",
965. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.eprtx\\OpenWithProgids\\Windows.XPSReachViewer",
966. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids\\exefile",
967. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.fon\\OpenWithProgids\\fonfile",
968. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.gif\\OpenWithProgids\\giffile",
969. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\OpenWithProgids\\ChromeHTML",
970. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\OpenWithProgids\\ChromeHTML",
971. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ico\\OpenWithProgids\\icofile",
972. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ini\\OpenWithProgids\\inifile",
973. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jfif\\OpenWithProgids\\pjpegfile",
974. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpe\\OpenWithProgids\\jpegfile",
975. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpeg\\OpenWithProgids\\jpegfile",
976. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg\\OpenWithProgids\\jpegfile",
977. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jtx\\OpenWithProgids\\Windows.XPSReachViewer",
978. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.lnk\\OpenWithProgids\\lnkfile",
979. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mht\\OpenWithProgids\\mhtmlfile",
980. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mhtml\\OpenWithProgids\\mhtmlfile",
981. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.msg\\OpenWithProgids\\Outlook.File.msg.15",
982. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ocx\\OpenWithProgids\\ocxfile",
983. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.odt\\OpenWithProgids\\Word.OpenDocumentText.12",
984. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.otf\\OpenWithProgids\\otffile",
985. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.png\\OpenWithProgids\\pngfile",
986. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pot\\OpenWithProgids\\PowerPoint.Template.8",
987. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.potm\\OpenWithProgids\\PowerPoint.TemplateMacroEnabled.12",
988. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.potx\\OpenWithProgids\\PowerPoint.Template.12",
989. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppam\\OpenWithProgids\\PowerPoint.Addin.12",
990. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppsm\\OpenWithProgids\\PowerPoint.SlideShowMacroEnabled.12",
991. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppsx\\OpenWithProgids\\PowerPoint.SlideShow.12",
992. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppt\\OpenWithProgids\\PowerPoint.Show.8",
993. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pptm\\OpenWithProgids\\PowerPoint.ShowMacroEnabled.12",
994. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pptx\\OpenWithProgids\\PowerPoint.Show.12",
995. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ps1xml\\OpenWithProgids\\Microsoft.PowerShellXMLData.1",
996. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.rle\\OpenWithProgids\\rlefile",
997. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.rtf\\OpenWithProgids\\Word.RTF.8",
998. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.scf\\OpenWithProgids\\SHCmdFile",
999. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.search-ms\\OpenWithProgids\\SearchFolder",
1000. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.shtml\\OpenWithProgids\\ChromeHTML",
1001. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sldm\\OpenWithProgids\\PowerPoint.SlideMacroEnabled.12",
1002. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sldx\\OpenWithProgids\\PowerPoint.Slide.12",
1003. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sys\\OpenWithProgids\\sysfile",
1004. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.tif\\OpenWithProgids\\TIFImage.Document",
1005. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.tiff\\OpenWithProgids\\TIFImage.Document",
1006. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ttc\\OpenWithProgids\\ttcfile",
1007. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ttf\\OpenWithProgids\\ttffile",
1008. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\OpenWithProgids\\txtfile",
1009. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.vsto\\OpenWithProgids\\bootstrap.vsto.1",
1010. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wdp\\OpenWithProgids\\wdpfile",
1011. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmf\\OpenWithProgids\\wmffile",
1012. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlam\\OpenWithProgids\\Excel.AddInMacroEnabled",
1013. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xls\\OpenWithProgids\\Excel.Sheet.8",
1014. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlsb\\OpenWithProgids\\Excel.SheetBinaryMacroEnabled.12",
1015. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlsm\\OpenWithProgids\\Excel.SheetMacroEnabled.12",
1016. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlsx\\OpenWithProgids\\Excel.Sheet.12",
1017. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlt\\OpenWithProgids\\Excel.Template.8",
1018. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xltm\\OpenWithProgids\\Excel.TemplateMacroEnabled",
1019. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xltx\\OpenWithProgids\\Excel.Template",
1020. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xml\\OpenWithProgids\\xmlfile",
1021. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xps\\OpenWithProgids\\Windows.XPSReachViewer",
1022. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xsl\\OpenWithProgids\\xslfile",
1023. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.zip\\OpenWithProgids\\CompressedFolder",
1024. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\\CheckSetting",
1025. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\ILUsageMask",
1026. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NIUsageMask",
1027. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8",
1028. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\DisplayName",
1029. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\SIG",
1030. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\Status",
1031. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\LastModTime",
1032. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies",
1033. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1034. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7",
1035. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\DisplayName",
1036. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\SIG",
1037. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\Status",
1038. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\LastModTime",
1039. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies",
1040. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1041. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6",
1042. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\DisplayName",
1043. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\SIG",
1044. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\Status",
1045. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\LastModTime",
1046. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies",
1047. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1048. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5",
1049. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\DisplayName",
1050. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\SIG",
1051. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\Status",
1052. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\LastModTime",
1053. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies",
1054. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1055. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\505c41c7\\18407c1\\53",
1056. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1057. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\505c41c7\\18407c1\\53",
1058. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1059. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1060. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\172a6d0a\\5f403964\\b0",
1061. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\505c41c7\\18407c1\\53",
1062. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\30bc7c4f\\3f50fe4f\\90",
1063. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0",
1064. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\DisplayName",
1065. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\Status",
1066. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\MVID",
1067. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ConfigString",
1068. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ConfigMask",
1069. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ILDependencies",
1070. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\NIDependencies",
1071. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f",
1072. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f\\NIUsageMask",
1073. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f\\ILUsageMask",
1074. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
1075. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\SystemStoreChangeId",
1076. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4",
1077. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\DisplayName",
1078. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\SIG",
1079. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\Status",
1080. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\LastModTime",
1081. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies",
1082. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\794b0063\\27dee8be\\ae",
1083. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\30bc7c4f\\3f50fe4f\\90",
1084. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\794b0063\\27dee8be\\ae",
1085. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5b43ba09\\4355c2d6\\7e\\InvertDependencies\\794b0063\\27dee8be\\ae",
1086. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\794b0063\\27dee8be\\ae",
1087. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3",
1088. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\DisplayName",
1089. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\SIG",
1090. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\Status",
1091. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\LastModTime",
1092. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\InvertDependencies",
1093. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\InvertDependencies\\794b0063\\27dee8be\\ae",
1094. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\794b0063\\27dee8be\\ae",
1095. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1",
1096. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\DisplayName",
1097. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\SIG",
1098. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\Status",
1099. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\LastModTime",
1100. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies",
1101. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\794b0063\\27dee8be\\ae",
1102. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\794b0063\\27dee8be\\ae",
1103. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\794b0063\\27dee8be\\ae",
1104. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0",
1105. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\DisplayName",
1106. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\SIG",
1107. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\Status",
1108. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\LastModTime",
1109. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies",
1110. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\794b0063\\27dee8be\\ae",
1111. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\794b0063\\27dee8be\\ae",
1112. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\794b0063\\27dee8be\\ae",
1113. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\794b0063\\27dee8be\\ae",
1114. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\794b0063\\27dee8be\\ae",
1115. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\794b0063\\27dee8be\\ae",
1116. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\794b0063\\27dee8be\\ae",
1117. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae",
1118. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\DisplayName",
1119. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\Status",
1120. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\MVID",
1121. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ConfigString",
1122. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ConfigMask",
1123. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ILDependencies",
1124. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\NIDependencies",
1125. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160",
1126. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160\\NIUsageMask",
1127. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160\\ILUsageMask",
1128. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae",
1129. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\DisplayName",
1130. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\SIG",
1131. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\Status",
1132. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\LastModTime",
1133. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\InvertDependencies",
1134. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\InvertDependencies\\30c713cc\\b50d826\\ad",
1135. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad",
1136. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\DisplayName",
1137. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\SIG",
1138. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\Status",
1139. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\LastModTime",
1140. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\InvertDependencies",
1141. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\InvertDependencies\\30c713cc\\b50d826\\ad",
1142. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\30c713cc\\b50d826\\ad",
1143. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\30c713cc\\b50d826\\ad",
1144. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\30c713cc\\b50d826\\ad",
1145. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\30c713cc\\b50d826\\ad",
1146. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\30c713cc\\b50d826\\ad",
1147. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\30c713cc\\b50d826\\ad",
1148. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\30c713cc\\b50d826\\ad",
1149. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\30c713cc\\b50d826\\ad",
1150. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\30c713cc\\b50d826\\ad",
1151. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\30c713cc\\b50d826\\ad",
1152. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\30c713cc\\b50d826\\ad",
1153. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad",
1154. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\DisplayName",
1155. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\Status",
1156. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\MVID",
1157. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ConfigString",
1158. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ConfigMask",
1159. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ILDependencies",
1160. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\NIDependencies",
1161. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161",
1162. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161\\NIUsageMask",
1163. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161\\ILUsageMask",
1164. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac",
1165. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\DisplayName",
1166. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\SIG",
1167. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\Status",
1168. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\LastModTime",
1169. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\InvertDependencies",
1170. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1171. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab",
1172. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\DisplayName",
1173. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\SIG",
1174. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\Status",
1175. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\LastModTime",
1176. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\InvertDependencies",
1177. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1178. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1179. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1180. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1181. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1182. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1183. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1184. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1185. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1186. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1187. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1188. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
1189. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac",
1190. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\DisplayName",
1191. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\Status",
1192. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\MVID",
1193. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ConfigString",
1194. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ConfigMask",
1195. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ILDependencies",
1196. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\NIDependencies",
1197. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162",
1198. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162\\NIUsageMask",
1199. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162\\ILUsageMask",
1200. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1201. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1202. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1203. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1204. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1205. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1206. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1207. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\350c026a\\791c4ec4\\ab",
1208. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab",
1209. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\DisplayName",
1210. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\Status",
1211. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\MVID",
1212. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ConfigString",
1213. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ConfigMask",
1214. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ILDependencies",
1215. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\NIDependencies",
1216. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163",
1217. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163\\NIUsageMask",
1218. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163\\ILUsageMask",
1219. "HKEY_USERS\\.DEFAULT\\SOFTWARE\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
1220. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa",
1221. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\DisplayName",
1222. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\SIG",
1223. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\Status",
1224. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\LastModTime",
1225. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\InvertDependencies",
1226. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\InvertDependencies\\2d825c1\\265c09da\\aa",
1227. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\2d825c1\\265c09da\\aa",
1228. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7ac727df\\7b5311d7\\69\\InvertDependencies\\2d825c1\\265c09da\\aa",
1229. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\2d825c1\\265c09da\\aa",
1230. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\7ac727df\\7b5311d7\\69",
1231. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\2d825c1\\265c09da\\aa",
1232. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\7ac727df\\7b5311d7\\69",
1233. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa",
1234. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\DisplayName",
1235. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\Status",
1236. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\MVID",
1237. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\ConfigString",
1238. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\ConfigMask",
1239. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\ILDependencies",
1240. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\NIDependencies",
1241. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index164",
1242. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index164\\NIUsageMask",
1243. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index164\\ILUsageMask",
1244. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\435ee1bb\\25016a16\\a9",
1245. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\435ee1bb\\25016a16\\a9",
1246. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\435ee1bb\\25016a16\\a9",
1247. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\435ee1bb\\25016a16\\a9",
1248. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9",
1249. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\DisplayName",
1250. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\Status",
1251. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\MVID",
1252. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\ConfigString",
1253. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\ConfigMask",
1254. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\ILDependencies",
1255. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\NIDependencies",
1256. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index165",
1257. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index165\\NIUsageMask",
1258. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index165\\ILUsageMask",
1259. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9",
1260. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\DisplayName",
1261. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\SIG",
1262. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\Status",
1263. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\LastModTime",
1264. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\InvertDependencies",
1265. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\InvertDependencies\\3a6c7cbb\\dc778d4\\a8",
1266. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3a6c7cbb\\dc778d4\\a8",
1267. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3a6c7cbb\\dc778d4\\a8",
1268. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8",
1269. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\DisplayName",
1270. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\Status",
1271. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\MVID",
1272. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\ConfigString",
1273. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\ConfigMask",
1274. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\ILDependencies",
1275. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\NIDependencies",
1276. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index166",
1277. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index166\\NIUsageMask",
1278. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index166\\ILUsageMask",
1279. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\57632c41\\29e89c9b\\a7",
1280. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\57632c41\\29e89c9b\\a7",
1281. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\57632c41\\29e89c9b\\a7",
1282. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7",
1283. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\DisplayName",
1284. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\Status",
1285. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\MVID",
1286. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\ConfigString",
1287. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\ConfigMask",
1288. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\ILDependencies",
1289. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\NIDependencies",
1290. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index167",
1291. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index167\\NIUsageMask",
1292. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index167\\ILUsageMask",
1293. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8",
1294. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\DisplayName",
1295. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\SIG",
1296. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\Status",
1297. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\LastModTime",
1298. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\InvertDependencies",
1299. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\InvertDependencies\\66a906a3\\7670e6bc\\a6",
1300. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\66a906a3\\7670e6bc\\a6",
1301. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\66a906a3\\7670e6bc\\a6",
1302. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6",
1303. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\DisplayName",
1304. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\Status",
1305. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\MVID",
1306. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\ConfigString",
1307. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\ConfigMask",
1308. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\ILDependencies",
1309. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\NIDependencies",
1310. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index168",
1311. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index168\\NIUsageMask",
1312. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index168\\ILUsageMask",
1313. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\3762b89a\\700244f4\\a3",
1314. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\3762b89a\\700244f4\\a3",
1315. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3762b89a\\700244f4\\a3",
1316. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3762b89a\\700244f4\\a3",
1317. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3",
1318. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\DisplayName",
1319. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\Status",
1320. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\MVID",
1321. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\ConfigString",
1322. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\ConfigMask",
1323. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\ILDependencies",
1324. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\NIDependencies",
1325. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index169",
1326. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index169\\NIUsageMask",
1327. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index169\\ILUsageMask",
1328. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7",
1329. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\DisplayName",
1330. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\SIG",
1331. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\Status",
1332. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\LastModTime",
1333. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\InvertDependencies",
1334. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1335. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1336. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1337. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1338. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1339. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1340. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1341. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6",
1342. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\DisplayName",
1343. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\SIG",
1344. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\Status",
1345. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\LastModTime",
1346. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\InvertDependencies",
1347. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1348. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1349. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1350. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
1351. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2",
1352. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\DisplayName",
1353. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\Status",
1354. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\MVID",
1355. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\ConfigString",
1356. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\ConfigMask",
1357. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\ILDependencies",
1358. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\NIDependencies",
1359. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16a",
1360. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16a\\NIUsageMask",
1361. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16a\\ILUsageMask",
1362. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5",
1363. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\DisplayName",
1364. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\SIG",
1365. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\Status",
1366. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\LastModTime",
1367. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\InvertDependencies",
1368. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\InvertDependencies\\53bd0792\\578927ab\\a1",
1369. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\53bd0792\\578927ab\\a1",
1370. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7ac727df\\7b5311d7\\69\\InvertDependencies\\53bd0792\\578927ab\\a1",
1371. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\53bd0792\\578927ab\\a1",
1372. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\53bd0792\\578927ab\\a1",
1373. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\53bd0792\\578927ab\\a1",
1374. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\53bd0792\\578927ab\\a1",
1375. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\53bd0792\\578927ab\\a1",
1376. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\53bd0792\\578927ab\\a1",
1377. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4",
1378. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\DisplayName",
1379. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\SIG",
1380. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\Status",
1381. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\LastModTime",
1382. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies",
1383. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\53bd0792\\578927ab\\a1",
1384. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3",
1385. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\DisplayName",
1386. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\SIG",
1387. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\Status",
1388. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\LastModTime",
1389. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies",
1390. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\53bd0792\\578927ab\\a1",
1391. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\53bd0792\\578927ab\\a1",
1392. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1",
1393. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\DisplayName",
1394. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\Status",
1395. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\MVID",
1396. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\ConfigString",
1397. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\ConfigMask",
1398. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\ILDependencies",
1399. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\NIDependencies",
1400. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16b",
1401. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16b\\NIUsageMask",
1402. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16b\\ILUsageMask",
1403. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\1c40f42a\\74173843\\a0",
1404. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7ac727df\\7b5311d7\\69\\InvertDependencies\\1c40f42a\\74173843\\a0",
1405. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\1c40f42a\\74173843\\a0",
1406. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\7ac727df\\7b5311d7\\69",
1407. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c1422cf\\34c3ef71\\66\\InvertDependencies\\1c40f42a\\74173843\\a0",
1408. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\1c40f42a\\74173843\\a0",
1409. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\1c40f42a\\74173843\\a0",
1410. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\InvertDependencies\\1c40f42a\\74173843\\a0",
1411. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\1c40f42a\\74173843\\a0",
1412. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\1c40f42a\\74173843\\a0",
1413. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\1c40f42a\\74173843\\a0",
1414. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\1c40f42a\\74173843\\a0",
1415. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\1c40f42a\\74173843\\a0",
1416. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\1c40f42a\\74173843\\a0",
1417. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\1c40f42a\\74173843\\a0",
1418. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\1c40f42a\\74173843\\a0",
1419. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0",
1420. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\DisplayName",
1421. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\Status",
1422. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\MVID",
1423. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\ConfigString",
1424. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\ConfigMask",
1425. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\ILDependencies",
1426. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\NIDependencies",
1427. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16c",
1428. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16c\\NIUsageMask",
1429. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16c\\ILUsageMask",
1430. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2",
1431. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\DisplayName",
1432. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\SIG",
1433. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\Status",
1434. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\LastModTime",
1435. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\InvertDependencies",
1436. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\InvertDependencies\\f65b869\\50d38081\\9f",
1437. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\f65b869\\50d38081\\9f",
1438. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\f65b869\\50d38081\\9f",
1439. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\f65b869\\50d38081\\9f",
1440. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\f65b869\\50d38081\\9f",
1441. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\f65b869\\50d38081\\9f",
1442. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\f65b869\\50d38081\\9f",
1443. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\f65b869\\50d38081\\9f",
1444. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\f65b869\\50d38081\\9f",
1445. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\f65b869\\50d38081\\9f",
1446. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f",
1447. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\DisplayName",
1448. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\Status",
1449. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\MVID",
1450. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\ConfigString",
1451. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\ConfigMask",
1452. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\ILDependencies",
1453. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\NIDependencies",
1454. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16d",
1455. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16d\\NIUsageMask",
1456. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16d\\ILUsageMask",
1457. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining",
1458. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
1459. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent",
1460. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1",
1461. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\DisplayName",
1462. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\SIG",
1463. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\Status",
1464. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\LastModTime",
1465. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\InvertDependencies",
1466. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1467. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1468. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1469. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1470. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1471. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1472. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1473. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1474. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1475. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1476. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1477. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
1478. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e",
1479. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\DisplayName",
1480. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\Status",
1481. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\MVID",
1482. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\ConfigString",
1483. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\ConfigMask",
1484. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\ILDependencies",
1485. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\NIDependencies",
1486. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16e",
1487. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16e\\NIUsageMask",
1488. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16e\\ILUsageMask"
1489. ]
1490.  
1491. [*] Deleted Registry Keys: [
1492. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
1493. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
1494. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
1495. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
1496. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\AccountDomainSid"
1497. ]
1498.  
1499. [*] DNS Communications: [
1500. {
1501. "type": "A",
1502. "request": "birthdayeventdxb.com",
1503. "answers": [
1504. {
1505. "data": "185.94.230.114",
1506. "type": "A"
1507. }
1508. ]
1509. }
1510. ]
1511.  
1512. [*] Domains: [
1513. {
1514. "ip": "185.94.230.114",
1515. "domain": "birthdayeventdxb.com"
1516. }
1517. ]
1518.  
1519. [*] Network Communication - ICMP: []
1520.  
1521. [*] Network Communication - HTTP: [
1522. {
1523. "count": 1,
1524. "body": "",
1525. "uri": "http://birthdayeventdxb.com/readme.doc",
1526. "user-agent": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)",
1527. "method": "GET",
1528. "host": "birthdayeventdxb.com",
1529. "version": "1.1",
1530. "path": "/readme.doc",
1531. "data": "GET /readme.doc HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)\r\nHost: birthdayeventdxb.com\r\n\r\n",
1532. "port": 80
1533. },
1534. {
1535. "count": 1,
1536. "body": "",
1537. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
1538. "user-agent": "Microsoft-CryptoAPI/6.1",
1539. "method": "GET",
1540. "host": "crl.microsoft.com",
1541. "version": "1.1",
1542. "path": "/pki/crl/products/microsoftrootcert.crl",
1543. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
1544. "port": 80
1545. },
1546. {
1547. "count": 1,
1548. "body": "",
1549. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
1550. "user-agent": "Microsoft-CryptoAPI/6.1",
1551. "method": "GET",
1552. "host": "crl.microsoft.com",
1553. "version": "1.1",
1554. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
1555. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
1556. "port": 80
1557. },
1558. {
1559. "count": 1,
1560. "body": "",
1561. "uri": "http://crl.microsoft.com/pki/crl/products/CSPCA.crl",
1562. "user-agent": "Microsoft-CryptoAPI/6.1",
1563. "method": "GET",
1564. "host": "crl.microsoft.com",
1565. "version": "1.1",
1566. "path": "/pki/crl/products/CSPCA.crl",
1567. "data": "GET /pki/crl/products/CSPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
1568. "port": 80
1569. },
1570. {
1571. "count": 1,
1572. "body": "",
1573. "uri": "http://www.msftncsi.com/ncsi.txt",
1574. "user-agent": "Microsoft NCSI",
1575. "method": "GET",
1576. "host": "www.msftncsi.com",
1577. "version": "1.1",
1578. "path": "/ncsi.txt",
1579. "data": "GET /ncsi.txt HTTP/1.1\r\nConnection: Close\r\nUser-Agent: Microsoft NCSI\r\nHost: www.msftncsi.com\r\n\r\n",
1580. "port": 80
1581. }
1582. ]
1583.  
1584. [*] Network Communication - SMTP: []
1585.  
1586. [*] Network Communication - Hosts: []
1587.  
1588. [*] Network Communication - IRC: []
1589.  
1590. [*] Static Analysis: {
1591. "office": {
1592. "Metadata": {
1593. "HasMacros": "No"
1594. }
1595. }
1596. }
1597.  
1598. [*] Resolved APIs: [
1599. "advapi32.dll.SaferIdentifyLevel",
1600. "advapi32.dll.SaferComputeTokenFromLevel",
1601. "advapi32.dll.SaferCloseLevel",
1602. "ole32.dll.CLSIDFromProgIDEx",
1603. "ole32.dll.CoGetClassObject",
1604. "wscript.exe.#1",
1605. "urlmon.dll.#326",
1606. "urlmon.dll.#327",
1607. "shell32.dll.#685",
1608. "shell32.dll.#688",
1609. "urlmon.dll.#395",
1610. "cryptsp.dll.CryptAcquireContextW",
1611. "cryptsp.dll.CryptGenRandom",
1612. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
1613. "winhttp.dll.WinHttpCheckPlatform",
1614. "winhttp.dll.WinHttpOpen",
1615. "winhttp.dll.WinHttpConnect",
1616. "winhttp.dll.WinHttpOpenRequest",
1617. "winhttp.dll.WinHttpCloseHandle",
1618. "winhttp.dll.WinHttpSendRequest",
1619. "winhttp.dll.WinHttpReceiveResponse",
1620. "winhttp.dll.WinHttpAddRequestHeaders",
1621. "winhttp.dll.WinHttpQueryHeaders",
1622. "winhttp.dll.WinHttpReadData",
1623. "winhttp.dll.WinHttpWriteData",
1624. "winhttp.dll.WinHttpQueryDataAvailable",
1625. "winhttp.dll.WinHttpQueryOption",
1626. "winhttp.dll.WinHttpSetOption",
1627. "winhttp.dll.WinHttpSetTimeouts",
1628. "winhttp.dll.WinHttpCrackUrl",
1629. "winhttp.dll.WinHttpCreateUrl",
1630. "oleaut32.dll.#8",
1631. "oleaut32.dll.#12",
1632. "shlwapi.dll.StrRChrA",
1633. "shlwapi.dll.StrCmpNW",
1634. "oleaut32.dll.#4",
1635. "oleaut32.dll.#6",
1636. "kernel32.dll.RegQueryValueExW",
1637. "oleaut32.dll.#2",
1638. "kernel32.dll.RegCloseKey",
1639. "oleaut32.dll.#9",
1640. "ws2_32.dll.GetAddrInfoW",
1641. "ws2_32.dll.WSASocketW",
1642. "ws2_32.dll.#2",
1643. "ws2_32.dll.#21",
1644. "ws2_32.dll.#9",
1645. "ws2_32.dll.WSAIoctl",
1646. "ws2_32.dll.FreeAddrInfoW",
1647. "ws2_32.dll.#6",
1648. "ws2_32.dll.#5",
1649. "ws2_32.dll.WSARecv",
1650. "ws2_32.dll.WSASend",
1651. "ole32.dll.CreateStreamOnHGlobal",
1652. "oleaut32.dll.#411",
1653. "oleaut32.dll.#23",
1654. "oleaut32.dll.#24",
1655. "ole32.dll.GetHGlobalFromStream",
1656. "rpcrt4.dll.RpcBindingFree",
1657. "oleaut32.dll.#500",
1658. "cryptsp.dll.CryptReleaseContext",
1659. "cryptsp.dll.CryptAcquireContextA",
1660. "kernel32.dll.VirtualAlloc",
1661. "ntdll.dll.memcpy",
1662. "kernel32.dll.GetCurrentProcess",
1663. "kernel32.dll.CloseHandle",
1664. "advapi32.dll.OpenProcessToken",
1665. "advapi32.dll.GetTokenInformation",
1666. "kernel32.dll.Wow64EnableWow64FsRedirection",
1667. "advapi32.dll.RegCloseKey",
1668. "advapi32.dll.RegCreateKeyW",
1669. "advapi32.dll.RegOpenKeyExW",
1670. "advapi32.dll.RegSetValueExW",
1671. "shell32.dll.ShellExecuteA",
1672. "ole32.dll.OleInitialize",
1673. "cryptbase.dll.SystemFunction036",
1674. "ole32.dll.CreateBindCtx",
1675. "ole32.dll.CoTaskMemAlloc",
1676. "propsys.dll.PSCreateMemoryPropertyStore",
1677. "propsys.dll.PSPropertyBag_WriteDWORD",
1678. "ole32.dll.CoGetApartmentType",
1679. "ole32.dll.CoRegisterInitializeSpy",
1680. "ole32.dll.CoTaskMemFree",
1681. "comctl32.dll.#236",
1682. "ole32.dll.CoGetMalloc",
1683. "propsys.dll.PSPropertyBag_ReadDWORD",
1684. "propsys.dll.PSPropertyBag_ReadGUID",
1685. "comctl32.dll.#320",
1686. "comctl32.dll.#324",
1687. "comctl32.dll.#323",
1688. "advapi32.dll.RegEnumKeyW",
1689. "advapi32.dll.OpenThreadToken",
1690. "ole32.dll.StringFromGUID2",
1691. "apphelp.dll.ApphelpCheckShellObject",
1692. "ole32.dll.CoCreateInstance",
1693. "urlmon.dll.CreateUri",
1694. "kernel32.dll.InitializeSRWLock",
1695. "kernel32.dll.AcquireSRWLockExclusive",
1696. "kernel32.dll.AcquireSRWLockShared",
1697. "kernel32.dll.ReleaseSRWLockExclusive",
1698. "kernel32.dll.ReleaseSRWLockShared",
1699. "comctl32.dll.#328",
1700. "comctl32.dll.#334",
1701. "shell32.dll.#102",
1702. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
1703. "propsys.dll.PSPropertyBag_ReadStrAlloc",
1704. "ole32.dll.CoInitializeEx",
1705. "advapi32.dll.InitializeSecurityDescriptor",
1706. "advapi32.dll.SetEntriesInAclW",
1707. "ntmarta.dll.GetMartaExtensionInterface",
1708. "advapi32.dll.SetSecurityDescriptorDacl",
1709. "advapi32.dll.IsTextUnicode",
1710. "comctl32.dll.#332",
1711. "comctl32.dll.#338",
1712. "comctl32.dll.#339",
1713. "ole32.dll.CoUninitialize",
1714. "sechost.dll.ConvertSidToStringSidW",
1715. "profapi.dll.#104",
1716. "propsys.dll.#430",
1717. "advapi32.dll.RegGetValueW",
1718. "ole32.dll.CoTaskMemRealloc",
1719. "propsys.dll.InitPropVariantFromStringAsVector",
1720. "propsys.dll.PSCoerceToCanonicalValue",
1721. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
1722. "propsys.dll.PropVariantToStringAlloc",
1723. "ole32.dll.PropVariantClear",
1724. "ole32.dll.CoAllowSetForegroundWindow",
1725. "comctl32.dll.#386",
1726. "shell32.dll.SHGetFolderPathW",
1727. "advapi32.dll.SaferGetPolicyInformation",
1728. "ntdll.dll.RtlDllShutdownInProgress",
1729. "comctl32.dll.#329",
1730. "ole32.dll.OleUninitialize",
1731. "ole32.dll.CoRevokeInitializeSpy",
1732. "comctl32.dll.#388",
1733. "advapi32.dll.CryptAcquireContextA",
1734. "advapi32.dll.CryptImportKey",
1735. "advapi32.dll.CryptEncrypt",
1736. "cryptsp.dll.CryptImportKey",
1737. "cryptbase.dll.SystemFunction040",
1738. "cryptbase.dll.SystemFunction041",
1739. "cryptsp.dll.CryptEncrypt",
1740. "advapi32.dll.UnregisterTraceGuids",
1741. "comctl32.dll.#321",
1742. "kernel32.dll.SetThreadUILanguage",
1743. "kernel32.dll.CopyFileExW",
1744. "kernel32.dll.IsDebuggerPresent",
1745. "kernel32.dll.SetConsoleInputExeNameW",
1746. "kernel32.dll.SortGetHandle",
1747. "kernel32.dll.SortCloseHandle",
1748. "uxtheme.dll.ThemeInitApiHook",
1749. "user32.dll.IsProcessDPIAware",
1750. "shell32.dll.#66",
1751. "comctl32.dll.#385",
1752. "comctl32.dll.#336",
1753. "comctl32.dll.#333",
1754. "linkinfo.dll.IsValidLinkInfo",
1755. "propsys.dll.#417",
1756. "propsys.dll.PSGetNameFromPropertyKey",
1757. "propsys.dll.PSStringFromPropertyKey",
1758. "propsys.dll.InitVariantFromBuffer",
1759. "propsys.dll.PropVariantToGUID",
1760. "linkinfo.dll.CreateLinkInfoW",
1761. "user32.dll.IsCharAlphaW",
1762. "user32.dll.CharPrevW",
1763. "ntshrui.dll.GetNetResourceFromLocalPathW",
1764. "srvcli.dll.NetShareEnum",
1765. "cscapi.dll.CscNetApiGetInterface",
1766. "slc.dll.SLGetWindowsInformationDWORD",
1767. "shlwapi.dll.PathRemoveFileSpecW",
1768. "linkinfo.dll.DestroyLinkInfo",
1769. "propsys.dll.PropVariantToBoolean",
1770. "advapi32.dll.GetSecurityInfo",
1771. "advapi32.dll.SetSecurityInfo",
1772. "advapi32.dll.GetSecurityDescriptorControl",
1773. "advapi32.dll.RegQueryInfoKeyW",
1774. "advapi32.dll.RegEnumKeyExW",
1775. "advapi32.dll.RegEnumValueW",
1776. "advapi32.dll.RegQueryValueExW",
1777. "shlwapi.dll.UrlIsW",
1778. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
1779. "msvcrt.dll._set_error_mode",
1780. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
1781. "kernel32.dll.FindActCtxSectionStringW",
1782. "kernel32.dll.GetSystemWindowsDirectoryW",
1783. "mscoree.dll.GetProcessExecutableHeap",
1784. "mscorwks.dll.DllGetClassObjectInternal",
1785. "mscorwks.dll.GetCLRFunction",
1786. "advapi32.dll.RegisterTraceGuidsW",
1787. "advapi32.dll.GetTraceLoggerHandle",
1788. "advapi32.dll.GetTraceEnableLevel",
1789. "advapi32.dll.GetTraceEnableFlags",
1790. "advapi32.dll.TraceEvent",
1791. "mscoree.dll.IEE",
1792. "mscorwks.dll.IEE",
1793. "mscoree.dll.GetStartupFlags",
1794. "mscoree.dll.GetHostConfigurationFile",
1795. "mscoree.dll.GetCORSystemDirectory",
1796. "ntdll.dll.RtlVirtualUnwind",
1797. "kernel32.dll.IsWow64Process",
1798. "advapi32.dll.AllocateAndInitializeSid",
1799. "advapi32.dll.InitializeAcl",
1800. "advapi32.dll.AddAccessAllowedAce",
1801. "advapi32.dll.FreeSid",
1802. "kernel32.dll.SetThreadStackGuarantee",
1803. "kernel32.dll.FlsSetValue",
1804. "kernel32.dll.FlsGetValue",
1805. "kernel32.dll.FlsAlloc",
1806. "kernel32.dll.FlsFree",
1807. "kernel32.dll.AddVectoredContinueHandler",
1808. "kernel32.dll.RemoveVectoredContinueHandler",
1809. "advapi32.dll.ConvertSidToStringSidW",
1810. "kernel32.dll.FlushProcessWriteBuffers",
1811. "kernel32.dll.GetWriteWatch",
1812. "kernel32.dll.ResetWriteWatch",
1813. "kernel32.dll.CreateMemoryResourceNotification",
1814. "kernel32.dll.QueryMemoryResourceNotification",
1815. "kernel32.dll.GlobalMemoryStatusEx",
1816. "oleaut32.dll.#149",
1817. "ole32.dll.CoGetContextToken",
1818. "kernel32.dll.GetUserDefaultUILanguage",
1819. "kernel32.dll.GetVersionExW",
1820. "kernel32.dll.GetFullPathNameW",
1821. "kernel32.dll.SetErrorMode",
1822. "kernel32.dll.GetFileAttributesExW",
1823. "version.dll.GetFileVersionInfoSizeW",
1824. "version.dll.GetFileVersionInfoW",
1825. "version.dll.VerQueryValueW",
1826. "kernel32.dll.lstrlen",
1827. "kernel32.dll.lstrlenW",
1828. "mscoree.dll.ND_RI2",
1829. "kernel32.dll.lstrcpy",
1830. "kernel32.dll.lstrcpyW",
1831. "version.dll.VerLanguageNameW",
1832. "kernel32.dll.GetCurrentProcessId",
1833. "advapi32.dll.LookupPrivilegeValueW",
1834. "advapi32.dll.AdjustTokenPrivileges",
1835. "kernel32.dll.OpenProcess",
1836. "psapi.dll.EnumProcessModules",
1837. "psapi.dll.GetModuleInformation",
1838. "psapi.dll.GetModuleBaseNameW",
1839. "psapi.dll.GetModuleFileNameExW",
1840. "kernel32.dll.GetExitCodeProcess",
1841. "ntdll.dll.NtQuerySystemInformation",
1842. "user32.dll.EnumWindows",
1843. "user32.dll.GetWindowThreadProcessId",
1844. "kernel32.dll.WerSetFlags",
1845. "kernel32.dll.SetThreadPreferredUILanguages",
1846. "kernel32.dll.GetThreadPreferredUILanguages",
1847. "kernel32.dll.GetUserDefaultLocaleName",
1848. "kernel32.dll.GetEnvironmentVariableW",
1849. "advapi32.dll.CryptReleaseContext",
1850. "advapi32.dll.CryptCreateHash",
1851. "advapi32.dll.CryptDestroyHash",
1852. "advapi32.dll.CryptHashData",
1853. "advapi32.dll.CryptGetHashParam",
1854. "advapi32.dll.CryptExportKey",
1855. "advapi32.dll.CryptGenKey",
1856. "advapi32.dll.CryptGetKeyParam",
1857. "advapi32.dll.CryptDestroyKey",
1858. "advapi32.dll.CryptVerifySignatureA",
1859. "advapi32.dll.CryptSignHashA",
1860. "advapi32.dll.CryptGetProvParam",
1861. "advapi32.dll.CryptGetUserKey",
1862. "advapi32.dll.CryptEnumProvidersA",
1863. "cryptsp.dll.CryptHashData",
1864. "cryptsp.dll.CryptGetHashParam",
1865. "cryptsp.dll.CryptDestroyHash",
1866. "cryptsp.dll.CryptDestroyKey",
1867. "mscoree.dll.GetTokenForVTableEntry",
1868. "mscoree.dll.SetTargetForVTableEntry",
1869. "mscoree.dll.GetTargetForVTableEntry",
1870. "culture.dll.ConvertLangIdToCultureName",
1871. "ole32.dll.CoCreateGuid",
1872. "kernel32.dll.CreateFileW",
1873. "kernel32.dll.GetConsoleScreenBufferInfo",
1874. "kernel32.dll.LocalFree",
1875. "kernel32.dll.LocalAlloc",
1876. "mscoree.dll.ND_RI4",
1877. "advapi32.dll.DuplicateTokenEx",
1878. "advapi32.dll.CheckTokenMembership",
1879. "kernel32.dll.GetConsoleTitleW",
1880. "mscorjit.dll.getJit",
1881. "kernel32.dll.SetConsoleTitleW",
1882. "kernel32.dll.SetConsoleCtrlHandler",
1883. "kernel32.dll.CreateEventW",
1884. "ntdll.dll.WinSqmIsOptedIn",
1885. "kernel32.dll.ExpandEnvironmentStringsW",
1886. "shfolder.dll.SHGetFolderPathW",
1887. "kernel32.dll.SetEnvironmentVariableW",
1888. "kernel32.dll.GetACP",
1889. "kernel32.dll.UnmapViewOfFile",
1890. "kernel32.dll.GetFileType",
1891. "kernel32.dll.ReadFile",
1892. "kernel32.dll.GetSystemInfo",
1893. "kernel32.dll.VirtualQuery",
1894. "secur32.dll.GetUserNameExW",
1895. "advapi32.dll.GetUserNameW",
1896. "kernel32.dll.ReleaseMutex",
1897. "advapi32.dll.RegisterEventSourceW",
1898. "advapi32.dll.DeregisterEventSource",
1899. "advapi32.dll.ReportEventW",
1900. "kernel32.dll.GetLogicalDrives",
1901. "kernel32.dll.GetDriveTypeW",
1902. "kernel32.dll.GetVolumeInformationW",
1903. "kernel32.dll.GetCurrentDirectoryW",
1904. "kernel32.dll.GetLastError",
1905. "kernel32.dll.GetStdHandle",
1906. "kernel32.dll.GetConsoleMode",
1907. "kernel32.dll.SetEvent",
1908. "kernel32.dll.FindFirstFileW",
1909. "kernel32.dll.FindClose",
1910. "mscoree.dll.DllGetClassObject",
1911. "diasymreader.dll.DllGetClassObjectInternal",
1912. "kernel32.dll.GetConsoleOutputCP",
1913. "gdi32.dll.TranslateCharsetInfo",
1914. "kernel32.dll.SetConsoleTextAttribute",
1915. "kernel32.dll.WriteConsoleW",
1916. "mscoree.dll.CorExitProcess",
1917. "mscorwks.dll.CorExitProcess",
1918. "mscorwks.dll._CorDllMain",
1919. "kernel32.dll.CreateActCtxW",
1920. "kernel32.dll.AddRefActCtx",
1921. "kernel32.dll.ReleaseActCtx",
1922. "kernel32.dll.ActivateActCtx",
1923. "kernel32.dll.DeactivateActCtx",
1924. "kernel32.dll.GetCurrentActCtx",
1925. "kernel32.dll.QueryActCtxW",
1926. "netutils.dll.NetApiBufferFree",
1927. "kernel32.dll.IsProcessorFeaturePresent",
1928. "ntdll.dll.RtlUnwind",
1929. "mscoree.dll._CorExeMain",
1930. "mscoree.dll._CorImageUnloading",
1931. "mscoree.dll._CorValidateImage",
1932. "cryptsp.dll.CryptExportKey",
1933. "cryptsp.dll.CryptCreateHash",
1934. "kernel32.dll.SwitchToThread",
1935. "rpcrt4.dll.UuidFromStringW",
1936. "rpcrt4.dll.RpcBindingCreateW",
1937. "rpcrt4.dll.RpcBindingBind",
1938. "sechost.dll.OpenSCManagerW",
1939. "sechost.dll.OpenServiceW",
1940. "sechost.dll.StartServiceW",
1941. "sechost.dll.CloseServiceHandle",
1942. "ole32.dll.CoInitializeSecurity",
1943. "sechost.dll.LookupAccountNameLocalW",
1944. "advapi32.dll.LookupAccountSidW",
1945. "sechost.dll.LookupAccountSidLocalW",
1946. "ssdpsrv.dll.ServiceMain",
1947. "ssdpsrv.dll.SvchostPushServiceGlobals",
1948. "firewallapi.dll.IcfChangeNotificationCreate",
1949. "firewallapi.dll.IcfChangeNotificationDestroy",
1950. "firewallapi.dll.IcfAddrChangeNotificationCreate",
1951. "advapi32.dll.RegCreateKeyExW",
1952. "advapi32.dll.RegNotifyChangeKeyValue",
1953. "iphlpapi.dll.GetAdaptersAddresses",
1954. "mswsock.dll.WSPStartup",
1955. "wship6.dll.WSHOpenSocket",
1956. "wship6.dll.WSHOpenSocket2",
1957. "wship6.dll.WSHJoinLeaf",
1958. "wship6.dll.WSHNotify",
1959. "wship6.dll.WSHGetSocketInformation",
1960. "wship6.dll.WSHSetSocketInformation",
1961. "wship6.dll.WSHGetSockaddrType",
1962. "wship6.dll.WSHGetWildcardSockaddr",
1963. "wship6.dll.WSHAddressToString",
1964. "wship6.dll.WSHStringToAddress",
1965. "wship6.dll.WSHIoctl",
1966. "wshtcpip.dll.WSHOpenSocket",
1967. "wshtcpip.dll.WSHOpenSocket2",
1968. "wshtcpip.dll.WSHJoinLeaf",
1969. "wshtcpip.dll.WSHNotify",
1970. "wshtcpip.dll.WSHGetSocketInformation",
1971. "wshtcpip.dll.WSHSetSocketInformation",
1972. "wshtcpip.dll.WSHGetSockaddrType",
1973. "wshtcpip.dll.WSHGetWildcardSockaddr",
1974. "wshtcpip.dll.WSHGetBroadcastSockaddr",
1975. "wshtcpip.dll.WSHAddressToString",
1976. "wshtcpip.dll.WSHStringToAddress",
1977. "wshtcpip.dll.WSHIoctl",
1978. "advapi32.dll.CreateWellKnownSid",
1979. "iphlpapi.dll.ConvertInterfaceGuidToLuid",
1980. "secur32.dll.InitSecurityInterfaceW",
1981. "cryptsp.dll.SystemFunction035",
1982. "iphlpapi.dll.NotifyUnicastIpAddressChange",
1983. "fntcache.dll.ServiceMain",
1984. "fntcache.dll.SvchostPushServiceGlobals",
1985. "mscorsvc.dll.CorGetSvc",
1986. "advapi32.dll.StartServiceCtrlDispatcherW",
1987. "kernel32.dll.VerSetConditionMask",
1988. "kernel32.dll.VerifyVersionInfoW",
1989. "advapi32.dll.RegisterServiceCtrlHandlerExW",
1990. "advapi32.dll.SetServiceStatus",
1991. "advapi32.dll.OpenSCManagerW",
1992. "advapi32.dll.OpenServiceW",
1993. "advapi32.dll.ChangeServiceConfigW",
1994. "advapi32.dll.CloseServiceHandle",
1995. "mscoree.dll.CorIsLatestSvc",
1996. "msidle.dll.#8",
1997. "wtsapi32.dll.WTSQuerySessionInformationW",
1998. "wtsapi32.dll.WTSFreeMemory",
1999. "wtsapi32.dll.WTSEnumerateSessionsW",
2000. "winsta.dll.WinStationEnumerateW",
2001. "rpcrt4.dll.RpcStringBindingComposeW",
2002. "rpcrt4.dll.RpcBindingFromStringBindingW",
2003. "rpcrt4.dll.RpcStringFreeW",
2004. "rpcrt4.dll.RpcBindingSetAuthInfoExW",
2005. "rpcrt4.dll.NdrClientCall2",
2006. "rpcrt4.dll.I_RpcExceptionFilter",
2007. "winsta.dll.WinStationFreeMemory",
2008. "powrprof.dll.CallNtPowerInformation",
2009. "advapi32.dll.QueryServiceConfig2W",
2010. "advapi32.dll.CreateRestrictedToken",
2011. "mscoree.dll.GetCORRootDirectory",
2012. "rpcrt4.dll.RpcStringBindingComposeA",
2013. "rpcrt4.dll.RpcBindingFromStringBindingA",
2014. "rpcrt4.dll.RpcStringFreeA",
2015. "rpcrt4.dll.NdrClientCall3",
2016. "ws2_32.dll.#116",
2017. "bcryptprimitives.dll.GetHashInterface",
2018. "sspicli.dll.LsaCallAuthenticationPackage",
2019. "sspicli.dll.LsaFreeReturnBuffer",
2020. "crypt32.dll.I_CertSrvProtectFunction",
2021. "advapi32.dll.SetThreadToken",
2022. "advapi32.dll.GetLengthSid",
2023. "advapi32.dll.CopySid",
2024. "advapi32.dll.GetSecurityDescriptorSacl",
2025. "advapi32.dll.CreateProcessAsUserW",
2026. "oleaut32.dll.BSTR_UserSize",
2027. "oleaut32.dll.BSTR_UserMarshal",
2028. "oleaut32.dll.BSTR_UserUnmarshal",
2029. "oleaut32.dll.BSTR_UserFree",
2030. "oleaut32.dll.VARIANT_UserSize",
2031. "oleaut32.dll.VARIANT_UserMarshal",
2032. "oleaut32.dll.VARIANT_UserUnmarshal",
2033. "oleaut32.dll.VARIANT_UserFree",
2034. "oleaut32.dll.LPSAFEARRAY_UserSize",
2035. "oleaut32.dll.LPSAFEARRAY_UserMarshal",
2036. "oleaut32.dll.LPSAFEARRAY_UserUnmarshal",
2037. "oleaut32.dll.LPSAFEARRAY_UserFree",
2038. "advapi32.dll.EventWrite",
2039. "advapi32.dll.EventRegister",
2040. "advapi32.dll.EventUnregister",
2041. "advapi32.dll.EventEnabled",
2042. "ntdll.dll.ZwQueryInformationProcess",
2043. "ntdll.dll.NtQuerySection",
2044. "ntdll.dll.LdrProcessRelocationBlock",
2045. "sppwinob.dll.SppPluginInitialize",
2046. "sppwinob.dll.SppPluginShutdown",
2047. "sppwinob.dll.SppPluginCreateInstance",
2048. "sppwinob.dll.SppPluginCanUnloadNow",
2049. "sppobjs.dll.SppPluginInitialize",
2050. "sppobjs.dll.SppPluginShutdown",
2051. "sppobjs.dll.SppPluginCreateInstance",
2052. "sppobjs.dll.SppPluginCanUnloadNow",
2053. "sspicli.dll.GetUserNameExW",
2054. "advapi32.dll.NotifyServiceStatusChangeW",
2055. "setupapi.dll.SetupDiGetClassDevsW",
2056. "setupapi.dll.SetupDiEnumDeviceInfo",
2057. "setupapi.dll.SetupDiGetDeviceRegistryPropertyW",
2058. "setupapi.dll.SetupDiDestroyDeviceInfoList",
2059. "wintrust.dll.WinVerifyTrust",
2060. "setupapi.dll.SetupDiEnumDeviceInterfaces",
2061. "setupapi.dll.SetupDiGetDeviceInterfaceDetailW",
2062. "kernel32.dll.GetSystemFirmwareTable",
2063. "wkscli.dll.NetGetJoinInformation",
2064. "userenv.dll.UnregisterGPNotification",
2065. "gpapi.dll.UnregisterGPNotificationInternal",
2066. "ole32.dll.CoDisconnectContext",
2067. "wbemcore.dll.Reinitialize",
2068. "wer.dll.WerReportCreate",
2069. "wer.dll.WerReportSubmit",
2070. "wer.dll.WerReportCloseHandle",
2071. "wer.dll.WerReportSetParameter",
2072. "wmisvc.dll.IsShutDown",
2073. "kernel32.dll.GetProductInfo",
2074. "ntdll.dll.WinSqmEventEnabled",
2075. "ntdll.dll.WinSqmSetString",
2076. "wevtapi.dll.EvtIntAssertConfig",
2077. "kernel32.dll.NlsGetCacheUpdateCount",
2078. "sechost.dll.QueryServiceStatus",
2079. "rasapi32.dll.RasEnumConnectionsW",
2080. "rasapi32.dll.RasConnectionNotificationW",
2081. "advapi32.dll.WmiMofEnumerateResourcesW",
2082. "advapi32.dll.WmiFreeBuffer",
2083. "ntdll.dll.EtwUnregisterTraceGuids",
2084. "comctl32.dll.LoadIconMetric",
2085. "ole32.dll.CLSIDFromOle1Class",
2086. "clbcatq.dll.GetCatalogObject",
2087. "clbcatq.dll.GetCatalogObject2",
2088. "ole32.dll.NdrOleInitializeExtension",
2089. "ole32.dll.CoGetMarshalSizeMax",
2090. "ole32.dll.CoMarshalInterface",
2091. "ole32.dll.CoUnmarshalInterface",
2092. "ole32.dll.StringFromIID",
2093. "ole32.dll.CoGetPSClsid",
2094. "ole32.dll.CoReleaseMarshalData",
2095. "ole32.dll.DcomChannelSetHResult",
2096. "oleaut32.dll.DllGetClassObject",
2097. "oleaut32.dll.DllCanUnloadNow",
2098. "sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID",
2099. "advapi32.dll.RegQueryValueW",
2100. "sxs.dll.SxsOleAut32MapIIDToTLBPath",
2101. "advapi32.dll.RegOpenKeyW",
2102. "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
2103. "sxs.dll.SxsOleAut32RedirectTypeLibrary",
2104. "mscorwks.dll.NGenCreateNGenWorker",
2105. "oleaut32.dll.#7",
2106. "oleaut32.dll.#26",
2107. "mscoree.dll.GetMetaDataInternalInterface",
2108. "mscorwks.dll.GetMetaDataInternalInterface",
2109. "cryptsp.dll.CryptVerifySignatureA",
2110. "oleaut32.dll.#19",
2111. "ole32.dll.CoWaitForMultipleHandles",
2112. "ole32.dll.IIDFromString",
2113. "advapi32.dll.RegDeleteKeyExW",
2114. "kernel32.dll.ProcessIdToSessionId",
2115. "imm32.dll.ImmCreateContext",
2116. "imm32.dll.ImmDestroyContext",
2117. "imm32.dll.ImmNotifyIME",
2118. "imm32.dll.ImmAssociateContext",
2119. "imm32.dll.ImmReleaseContext",
2120. "imm32.dll.ImmGetContext",
2121. "imm32.dll.ImmGetCompositionStringA",
2122. "imm32.dll.ImmSetCompositionStringA",
2123. "imm32.dll.ImmGetCompositionStringW",
2124. "imm32.dll.ImmSetCompositionStringW",
2125. "imm32.dll.ImmSetCandidateWindow",
2126. "mscorsec.dll.GetPublisher",
2127. "mscoree.dll.CoInitializeEE",
2128. "mscorwks.dll.CoInitializeEE",
2129. "wintrust.dll.WintrustCertificateTrust",
2130. "mscorsec.dll.CORPolicyEE",
2131. "wintrust.dll.SoftpubInitialize",
2132. "wintrust.dll.SoftpubLoadMessage",
2133. "wintrust.dll.SoftpubLoadSignature",
2134. "wintrust.dll.SoftpubCheckCert",
2135. "wintrust.dll.CryptSIPPutSignedDataMsg",
2136. "wintrust.dll.CryptSIPGetSignedDataMsg",
2137. "imagehlp.dll.ImageGetCertificateData",
2138. "user32.dll.LoadStringW",
2139. "ncrypt.dll.BCryptOpenAlgorithmProvider",
2140. "ncrypt.dll.BCryptGetProperty",
2141. "ncrypt.dll.BCryptCreateHash",
2142. "ncrypt.dll.BCryptHashData",
2143. "wintrust.dll.CryptSIPVerifyIndirectData",
2144. "bcrypt.dll.BCryptOpenAlgorithmProvider",
2145. "bcrypt.dll.BCryptGetProperty",
2146. "bcrypt.dll.BCryptCreateHash",
2147. "bcrypt.dll.BCryptHashData",
2148. "bcrypt.dll.BCryptFinishHash",
2149. "bcrypt.dll.BCryptDestroyHash",
2150. "bcrypt.dll.BCryptCloseAlgorithmProvider",
2151. "ncrypt.dll.BCryptFinishHash",
2152. "cryptsp.dll.CryptSetHashParam",
2153. "ncrypt.dll.BCryptDestroyHash",
2154. "userenv.dll.GetUserProfileDirectoryW",
2155. "sechost.dll.ConvertStringSidToSidW",
2156. "userenv.dll.RegisterGPNotification",
2157. "gpapi.dll.RegisterGPNotificationInternal",
2158. "sechost.dll.QueryServiceConfigW",
2159. "cryptnet.dll.CertDllVerifyRevocation",
2160. "sensapi.dll.IsNetworkAlive",
2161. "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
2162. "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
2163. "advapi32.dll.RegDeleteTreeA",
2164. "advapi32.dll.RegDeleteTreeW",
2165. "nsi.dll.NsiAllocateAndGetTable",
2166. "cfgmgr32.dll.CM_Open_Class_Key_ExW",
2167. "iphlpapi.dll.GetIfEntry2",
2168. "iphlpapi.dll.GetIpForwardTable2",
2169. "iphlpapi.dll.GetIpNetEntry2",
2170. "iphlpapi.dll.FreeMibTable",
2171. "nsi.dll.NsiFreeTable",
2172. "winhttp.dll.WinHttpGetProxyForUrl",
2173. "winhttp.dll.WinHttpTimeFromSystemTime",
2174. "cryptnet.dll.I_CryptNetGetConnectivity",
2175. "cryptnet.dll.CryptRetrieveObjectByUrlW",
2176. "setupapi.dll.SetupIterateCabinetW",
2177. "cabinet.dll.#20",
2178. "cabinet.dll.#22",
2179. "devrtl.dll.DevRtlGetThreadLogToken",
2180. "kernel32.dll.RegOpenKeyExW",
2181. "cabinet.dll.#23",
2182. "sechost.dll.QueryServiceConfigA",
2183. "rpcrt4.dll.RpcEpResolveBinding",
2184. "cryptnet.dll.I_CryptNetSetUrlCachePreFetchInfo",
2185. "cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo",
2186. "wintrust.dll.SoftpubAuthenticode",
2187. "wintrust.dll.SoftpubCleanup",
2188. "advapi32.dll.SaferiSearchMatchingHashRules",
2189. "mscoree.dll.CoUninitializeEE",
2190. "mscorwks.dll.CoUninitializeEE",
2191. "w32time.dll.SvchostEntry_W32Time",
2192. "w32time.dll.SvchostPushServiceGlobals",
2193. "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
2194. "ws2_32.dll.#115",
2195. "ws2_32.dll.#111",
2196. "dsrole.dll.DsRoleGetPrimaryDomainInformation",
2197. "dsrole.dll.DsRoleFreeMemory",
2198. "sspicli.dll.LsaRegisterPolicyChangeNotification",
2199. "w32time.dll.TimeProvClose",
2200. "w32time.dll.TimeProvCommand",
2201. "w32time.dll.TimeProvOpen",
2202. "ws2_32.dll.getaddrinfo",
2203. "ws2_32.dll.freeaddrinfo",
2204. "ws2_32.dll.#23",
2205. "ws2_32.dll.WSAEventSelect",
2206. "vmictimeprovider.dll.TimeProvClose",
2207. "vmictimeprovider.dll.TimeProvCommand",
2208. "vmictimeprovider.dll.TimeProvOpen",
2209. "ws2_32.dll.WSAAddressToStringW",
2210. "ws2_32.dll.#3",
2211. "sspicli.dll.LsaUnregisterPolicyChangeNotification",
2212. "wersvc.dll.ServiceMain",
2213. "wersvc.dll.SvchostPushServiceGlobals",
2214. "faultrep.dll.WerpInitiateCrashReporting",
2215. "wer.dll.WerpCreateMachineStore",
2216. "shell32.dll.SHGetFolderPathEx",
2217. "userenv.dll.CreateEnvironmentBlock",
2218. "userenv.dll.DestroyEnvironmentBlock",
2219. "wer.dll.WerpSvcReportFromMachineQueue",
2220. "advapi32.dll.DuplicateToken",
2221. "wtsapi32.dll.WTSQueryUserToken",
2222. "winsta.dll.WinStationQueryInformationW",
2223. "advapi32.dll.ImpersonateLoggedOnUser",
2224. "advapi32.dll.RevertToSelf",
2225. "imm32.dll.ImmDisableIME",
2226. "wer.dll.WerpCreateIntegratorReportId",
2227. "wer.dll.WerpSetIntegratorReportId",
2228. "dbgeng.dll.DebugCreate",
2229. "ntdll.dll.CsrGetProcessId",
2230. "ntdll.dll.DbgBreakPoint",
2231. "ntdll.dll.DbgPrint",
2232. "ntdll.dll.DbgPrompt",
2233. "ntdll.dll.DbgUiConvertStateChangeStructure",
2234. "ntdll.dll.DbgUiGetThreadDebugObject",
2235. "ntdll.dll.DbgUiIssueRemoteBreakin",
2236. "ntdll.dll.DbgUiSetThreadDebugObject",
2237. "ntdll.dll.NtAllocateVirtualMemory",
2238. "ntdll.dll.NtClose",
2239. "ntdll.dll.NtCreateDebugObject",
2240. "ntdll.dll.NtCreateFile",
2241. "ntdll.dll.NtDebugActiveProcess",
2242. "ntdll.dll.NtDebugContinue",
2243. "ntdll.dll.NtFreeVirtualMemory",
2244. "ntdll.dll.NtOpenProcess",
2245. "ntdll.dll.NtOpenThread",
2246. "ntdll.dll.NtQueryInformationProcess",
2247. "ntdll.dll.NtQueryInformationThread",
2248. "ntdll.dll.NtQueryMutant",
2249. "ntdll.dll.NtQueryObject",
2250. "ntdll.dll.NtRemoveProcessDebug",
2251. "ntdll.dll.NtResumeThread",
2252. "ntdll.dll.NtSetInformationDebugObject",
2253. "ntdll.dll.NtSetInformationProcess",
2254. "ntdll.dll.NtSystemDebugControl",
2255. "ntdll.dll.NtWaitForDebugEvent",
2256. "ntdll.dll.RtlAnsiStringToUnicodeString",
2257. "ntdll.dll.RtlCreateProcessParameters",
2258. "ntdll.dll.RtlCreateUserProcess",
2259. "ntdll.dll.RtlDestroyProcessParameters",
2260. "ntdll.dll.RtlDosPathNameToNtPathName_U",
2261. "ntdll.dll.RtlFindMessage",
2262. "ntdll.dll.RtlFreeHeap",
2263. "ntdll.dll.RtlFreeUnicodeString",
2264. "ntdll.dll.RtlGetFunctionTableListHead",
2265. "ntdll.dll.RtlGetUnloadEventTrace",
2266. "ntdll.dll.RtlGetUnloadEventTraceEx",
2267. "ntdll.dll.RtlInitAnsiString",
2268. "ntdll.dll.RtlInitUnicodeString",
2269. "ntdll.dll.RtlTryEnterCriticalSection",
2270. "ntdll.dll.RtlUnicodeStringToAnsiString",
2271. "ntdll.dll.NtOpenProcessToken",
2272. "ntdll.dll.NtOpenThreadToken",
2273. "ntdll.dll.NtQueryInformationToken",
2274. "kernel32.dll.CloseProfileUserMapping",
2275. "kernel32.dll.CreateToolhelp32Snapshot",
2276. "kernel32.dll.DebugActiveProcessStop",
2277. "kernel32.dll.DebugBreak",
2278. "kernel32.dll.DebugBreakProcess",
2279. "kernel32.dll.DebugSetProcessKillOnExit",
2280. "kernel32.dll.Module32First",
2281. "kernel32.dll.Module32FirstW",
2282. "kernel32.dll.Module32Next",
2283. "kernel32.dll.Module32NextW",
2284. "kernel32.dll.OpenThread",
2285. "kernel32.dll.Process32First",
2286. "kernel32.dll.Process32FirstW",
2287. "kernel32.dll.Process32Next",
2288. "kernel32.dll.Process32NextW",
2289. "kernel32.dll.SetProcessShutdownParameters",
2290. "kernel32.dll.Thread32First",
2291. "kernel32.dll.Thread32Next",
2292. "kernel32.dll.GetTimeZoneInformation",
2293. "kernel32.dll.DuplicateHandle",
2294. "kernel32.dll.Wow64GetThreadSelectorEntry",
2295. "advapi32.dll.ControlService",
2296. "advapi32.dll.CreateServiceA",
2297. "advapi32.dll.CreateServiceW",
2298. "advapi32.dll.DeleteService",
2299. "advapi32.dll.EnumServicesStatusExA",
2300. "advapi32.dll.EnumServicesStatusExW",
2301. "advapi32.dll.GetEventLogInformation",
2302. "advapi32.dll.OpenSCManagerA",
2303. "advapi32.dll.OpenServiceA",
2304. "advapi32.dll.StartServiceA",
2305. "advapi32.dll.StartServiceW",
2306. "advapi32.dll.GetSidSubAuthority",
2307. "advapi32.dll.GetSidSubAuthorityCount",
2308. "version.dll.GetFileVersionInfoSizeExW",
2309. "version.dll.GetFileVersionInfoExW",
2310. "dbghelp.dll.WinDbgExtensionDllInit",
2311. "dbghelp.dll.ExtensionApiVersion",
2312. "wer.dll.WerpSetDynamicParameter",
2313. "wer.dll.WerReportAddDump",
2314. "wer.dll.WerpSetCallBack",
2315. "wer.dll.WerReportSetUIOption",
2316. "wer.dll.WerpAddRegisteredDataToReport",
2317. "user32.dll.CharUpperW",
2318. "wer.dll.WerpAddAppCompatData",
2319. "apphelp.dll.SdbGetFileAttributes",
2320. "apphelp.dll.SdbFormatAttribute",
2321. "apphelp.dll.SdbFreeFileAttributes",
2322. "dbghelp.dll.MiniDumpWriteDump",
2323. "kernel32.dll.GetLongPathNameA",
2324. "kernel32.dll.GetLongPathNameW",
2325. "kernel32.dll.GetProcessTimes",
2326. "advapi32.dll.RegOpenKeyExA",
2327. "advapi32.dll.RegQueryValueExA",
2328. "version.dll.GetFileVersionInfoSizeA",
2329. "version.dll.GetFileVersionInfoA",
2330. "version.dll.VerQueryValueA",
2331. "verifier.dll.VerifierEnumerateResource",
2332. "ntdll.dll.NtSuspendProcess",
2333. "ntdll.dll.NtResumeProcess",
2334. "advapi32.dll.QueryTraceW",
2335. "advapi32.dll.IsValidSid",
2336. "advapi32.dll.AddAccessAllowedAceEx",
2337. "wer.dll.WerpGetStoreLocation",
2338. "wer.dll.WerpGetStoreType",
2339. "user32.dll.MsgWaitForMultipleObjects",
2340. "wer.dll.WerpFreeString",
2341. "user32.dll.GetProcessWindowStation",
2342. "user32.dll.GetThreadDesktop",
2343. "user32.dll.GetUserObjectInformationW",
2344. "werui.dll.WerUICreate",
2345. "werui.dll.WerUIStart",
2346. "werui.dll.WerUITerminate",
2347. "werui.dll.WerUIDelete",
2348. "kernel32.dll.LocaleNameToLCID",
2349. "kernel32.dll.GetLocaleInfoEx",
2350. "kernel32.dll.LCIDToLocaleName",
2351. "kernel32.dll.GetSystemDefaultLocaleName",
2352. "fastprox.dll.DllGetClassObject",
2353. "fastprox.dll.DllCanUnloadNow",
2354. "oleaut32.dll.#283",
2355. "oleaut32.dll.#284",
2356. "psapi.dll.EnumProcesses"
2357. ]
2358.  
2359. [*] Static Analysis: {
2360. "office": {
2361. "Metadata": {
2362. "HasMacros": "No"
2363. }
2364. }
2365. }