Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 10.0
- [*] File Name: "Zips_eedb13532abc50e02980c16e35ab4b79.php"
- [*] File Size: 73190
- [*] File Type: "Zip archive data, at least v2.0 to extract"
- [*] SHA256: "099088fa32b5e184357a60d41878edb2f718b172f4cb6c57566a076ce135f66b"
- [*] MD5: "eedb13532abc50e02980c16e35ab4b79"
- [*] SHA1: "15de33385c941c403de1e614bfabc5553683104e"
- [*] SHA512: "58dcc2c4ece8193e9d3616dbe42b37232c6e1a41bcee20e0a41780c4497f460e4cdc4bf490227ab6aac3cd50fe3caaeb4f26cb5a397145a996a890f1a1c02c34"
- [*] CRC32: "66788D0D"
- [*] SSDEEP: "1536:hZQ9qo5NBAhjQoGj3bVBltWJKhZDxqRQAhHNZPymiHrBG1uFmphkm:hZKrBAh6frSJCFM/NZLErBG1Mmphkm"
- [*] Process Execution: [
- "wscript.exe",
- "me.exe",
- "cmd.exe",
- "powershell.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "sc.exe",
- "cmd.exe",
- "powershell.exe",
- "svchost.exe",
- "services.exe",
- "svchost.exe",
- "mscorsvw.exe",
- "svchost.exe",
- "lsass.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "mscorsvw.exe",
- "sppsvc.exe",
- "svchost.exe",
- "svchost.exe",
- "WMIADAP.exe",
- "sdclt.exe",
- "taskhost.exe",
- "sc.exe",
- "svchost.exe",
- "svchost.exe",
- "WerFault.exe",
- "wermgr.exe",
- "explorer.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "At least one process apparently crashed during execution",
- "Details": []
- },
- {
- "Description": "Attempts to connect to a dead IP:Port (2 unique times)",
- "Details": [
- {
- "IP": "185.94.230.114:80"
- },
- {
- "IP": "89.249.74.41:80"
- }
- ]
- },
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details": [
- {
- "process": "cmd.exe, PID 2364"
- }
- ]
- },
- {
- "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
- "Details": [
- {
- "ioc": "v2.0.50727"
- },
- {
- "ioc": "ontract.v10.0.dll"
- }
- ]
- },
- {
- "Description": "A process created a hidden window",
- "Details": [
- {
- "Process": "me.exe -> cmd"
- },
- {
- "Process": "me.exe -> cmd"
- },
- {
- "Process": "me.exe -> cmd"
- },
- {
- "Process": "svchost.exe -> \\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE"
- }
- ]
- },
- {
- "Description": "Drops a binary and executes it",
- "Details": [
- {
- "binary": "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://birthdayeventdxb.com/readme.doc"
- },
- {
- "url": "http://www.msftncsi.com/ncsi.txt"
- }
- ]
- },
- {
- "Description": "Queries information on disks, possibly for anti-virtualization",
- "Details": []
- },
- {
- "Description": "Attempts to stop active services",
- "Details": [
- {
- "servicename": "WinDefend"
- }
- ]
- },
- {
- "Description": "A process attempted to delay the analysis task by a long amount of time.",
- "Details": [
- {
- "Process": "svchost.exe tried to sleep 421 seconds, actually delayed analysis time by 0 seconds"
- },
- {
- "Process": "sppsvc.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds"
- },
- {
- "Process": "mscorsvw.exe tried to sleep 4320 seconds, actually delayed analysis time by 0 seconds"
- }
- ]
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 12036557 times"
- }
- ]
- },
- {
- "Description": "Spoofs its process name and/or associated pathname to appear as a legitimate process",
- "Details": [
- {
- "modified_name": "svchost.exe",
- "modified_path": "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe",
- "original_name": "svchost.exe",
- "original_path": "C:\\Windows\\system32\\svchost.exe"
- }
- ]
- },
- {
- "Description": "Creates a hidden or system file",
- "Details": [
- {
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2029ae4.TMP"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15e.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index164.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index165.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index166.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index167.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index168.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index169.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16a.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16b.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16c.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16d.dat"
- },
- {
- "file": "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16e.dat"
- }
- ]
- },
- {
- "Description": "Checks the system manufacturer, likely for anti-virtualization",
- "Details": []
- },
- {
- "Description": "Attempts to disable Windows Defender",
- "Details": []
- },
- {
- "Description": "Attempts to modify or disable Security Center warnings",
- "Details": []
- }
- ]
- [*] Started Service: [
- "KeyIso",
- "WerSvc",
- "W32Time"
- ]
- [*] Executed Commands: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe",
- "\"C:\\Windows\\System32\\cmd.exe\" /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "cmd /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "\"C:\\Windows\\System32\\cmd.exe\" /c sc stop WinDefend",
- "cmd /c sc stop WinDefend",
- "\"C:\\Windows\\System32\\cmd.exe\" /c sc delete WinDefend",
- "cmd /c sc delete WinDefend",
- "C:\\Windows\\system32\\cmd.exe /c sc stop WinDefend",
- "C:\\Windows\\system32\\cmd.exe /c sc delete WinDefend",
- "C:\\Windows\\system32\\cmd.exe /c powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "C:\\Windows\\system32\\svchost.exe",
- "powershell Set-MpPreference -DisableRealtimeMonitoring $true",
- "sc stop WinDefend",
- "sc delete WinDefend",
- "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
- "C:\\Windows\\system32\\lsass.exe",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
- "C:\\Windows\\system32\\sppsvc.exe",
- "C:\\Windows\\System32\\sdclt.exe /CONFIGNOTIFICATION",
- "taskhost.exe $(Arg0)",
- "C:\\Windows\\system32\\sc.exe start w32time task_started",
- "C:\\Windows\\system32\\svchost.exe -k LocalService",
- "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {4C379ADC-A2D5-471F-8829-B2B86FF3628C} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {6F232156-CB27-4EA6-9706-191CA246F2E3} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {C46F404C-22B0-4E30-A288-93619323BB71} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {CBC80DDF-B67A-4901-9A45-4652276439A2} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {145395DA-B986-40D2-AF87-5EBA1515B5FD} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {6D7827A2-D51A-45EC-8659-799C2480345F} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {8ADC8C51-1D13-4EF6-97C9-C718CE031341} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {04335523-E879-4A30-A2A1-7CB7C9B10475} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1E874562-B0A8-4269-B215-EC61ACBC6122} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {4378F745-0229-4C22-98D4-517BA1550194} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {2858D7F2-BA10-4C73-8D35-32F5B635BB8C} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {855503EF-CE5E-4448-A6A8-869A0B7326BD} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.Office.Tools.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {39C532E3-9198-4566-BFCF-D800E5FD148B} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {8A5C3D73-B52C-413B-BEBB-15672A2B5619} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E559E549-2903-4836-ABE2-CCAEABFFBFDD} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {7A09B85D-DB8A-4D9D-9D6D-B822ECEE919C} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\AddInViews\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {6D2837CF-9EE6-465B-9031-F4FB53B17561} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {95420859-C24F-43C7-8702-6CDAA6CFB544} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {3E06EAE1-73A0-46FA-935D-01E1755FB9F4} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {12A9FD2D-CB8A-4C81-9A5B-A57601326635} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {42C6F9FE-125C-4F37-83F7-6B514FE91AB0} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {C4417F92-32D2-4BEA-B13A-4D4D0F4E56DD} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E3028FE5-28F8-4A4E-A2DE-EA9962E30059} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1A86F936-B4DA-4528-9172-DE62EBF75063} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\Contracts\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {FFADB144-C3CA-4FF6-8408-047B1A8A8850} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {2C77062D-3830-41F5-9981-4B3FD059834A} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {65F86CCE-D70E-4AC6-B0E8-80980F865BDE} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {8059A64F-38F2-40ED-A3AB-CA056F14333B} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {24E8A6BF-7C4C-453F-A441-A08B0392B7FF} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {89D9392D-028D-41BE-9599-DD651074CAFB} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {41B9778F-7D15-499D-AFFB-62EF23F545EA} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {D7C5E442-CBEF-494D-90FF-548BF79DBD10} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {CD7F0D16-CA92-4236-B674-92A82754138E} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1808E1A9-C220-436A-941C-9839DF14AA94} -Comment \"Compile worker for C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\Pipeline.v10.0\\HostSideAdapters\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E25098F7-D21A-44D9-8CC7-09B101301E70} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {EBF8BD6F-D6BB-44AC-BE4F-0BDAFE0530E0} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {975E108B-3F3C-4EF6-8A9D-0A7A751E92DF} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {5F52833E-F8DC-431E-857E-0A46A92AE770} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {3349E304-864A-49CB-9BA9-7F122EFE0A9F} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E4968792-AE22-4E6B-A427-456223E119C9} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {0BD20C93-2FE6-4FBE-A7F8-0BA9183A2A94} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {42C902D0-C46E-4AA1-9D0A-DF5436BC1C7E} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {764FCDCB-7C6D-4166-8AC3-BA795CFCF40F} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {C8ADFA13-B835-433A-BCDB-32A47DCCADE8} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {CD69D9E5-8DE1-4DC2-AC6A-1F88E27B4557} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {05610C32-0A84-4838-B631-E8F47FB64502} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {1EE7A7AF-CDDA-4ABF-882E-27CDC15BB23B} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {0F5DE145-1A0C-433F-809F-645013C08829} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {26FB2AF0-763B-4CD0-8C16-B26647502E98} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {FBA35B45-A299-4A71-B8E8-9BDA3945D949} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {7C8F86A7-868D-49BA-8463-73A975CD4309} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {4131E51D-0C82-4A65-9E13-268706F8AE85} -Comment \"Dependency Analyzer\"",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe -UseCLSID {E70B2D75-5475-4CD4-8EA8-60573775340F} -Comment \"Dependency Analyzer\"",
- "\\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE wmiadap.exe /F /T /R",
- "C:\\Windows\\system32\\WerFault.exe -u -p 1988 -s 288",
- "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\""
- ]
- [*] Mutexes: [
- "Local\\ZoneAttributeCacheCounterMutex",
- "Local\\ZonesCacheCounterMutex",
- "Local\\ZonesLockedCacheCounterMutex",
- "Global\\CLR_CASOFF_MUTEX",
- "Global\\838B6C9EB27932960",
- "DBWinMutex",
- "Local\\WERReportingForProcess1988",
- "Global\\\\xe5\\x88\\x90\\xc2\\x89",
- "Global\\\\xed\\x95\\xb0\\xc7\\xa8",
- "WERUI_BEX64-1f67675514e2d340fc249786aef11e17815cce2",
- "Global\\ADAP_WMI_ENTRY",
- "Global\\RefreshRA_Mutex",
- "Global\\RefreshRA_Mutex_Lib",
- "Global\\RefreshRA_Mutex_Flag"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Local\\Temp\\me.exe",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-0000000000-0000000000-0000000000-1000\\00000000-0000-0000-0000-000000000000b_00000000-0000-0000-0000-000000000000",
- "C:\\Users\\user\\AppData\\Local\\Temp\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
- "\\??\\PIPE\\srvsvc",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\Q3EPWVUQGH5AH3D6W3XF.temp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2029ae4.TMP",
- "C:\\Windows\\SysWOW64\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\6PYHSDQP1Z52YDIB7SDH.temp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\2ce1541b-c7b1-4ba0-8974-722d18a3c54d",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.lock",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.log",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngenservicelock.dat",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngenrootstorelock.dat",
- "C:\\Windows\\Microsoft.NET\\ngenservice_pri3_lock.dat",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.lock",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.log",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenservicelock.dat",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenrootstorelock.dat",
- "\\??\\SPDevice",
- "\\??\\PIPE\\wkssvc",
- "C:\\Windows\\sysnative\\winevt\\Logs\\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx",
- "C:\\Windows\\sysnative\\winevt\\Logs\\Microsoft-Windows-WER-Diag%4Operational.evtx",
- "C:\\Windows\\sysnative\\winevt\\Logs\\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx",
- "C:\\Windows\\SoftwareDistribution\\ReportingEvents.log",
- "\\Device\\LanmanDatagramReceiver",
- "C:\\Windows\\appcompat\\Programs\\RecentFileCache.bcf",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2130.tmp\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll",
- "C:\\Windows\\assembly\\GACLock.dat",
- "C:\\Windows\\assembly\\ngenlock.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat",
- "C:\\Windows\\assembly\\temp\\UBVOH9YW6R",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\858a16566417324d7113703e9d9a220f\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll",
- "C:\\BVTBin\\Tests\\installpackage\\csilogfile.log",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3063.tmp\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat",
- "C:\\Windows\\assembly\\temp\\WRWIR3X3AC",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\aa8c5b1ed8c1befde1f41b7cd4886163\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.ni.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP4988.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat",
- "C:\\Windows\\assembly\\temp\\FHSG32QS1K",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\a00f92391877dd945e4a4639788c20c4\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.ni.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5B99.tmp\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat",
- "C:\\Windows\\assembly\\temp\\8XTAEWPY55",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\768fc8d43917315c6e1ea9a91b5295a8\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.ni.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP6B2A.tmp\\Microsoft.Office.Tools.v9.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat",
- "C:\\Windows\\assembly\\temp\\AEU5GIF59P",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#\\09c86f6b3ef36b680afe553f4bb7182d\\Microsoft.Office.Tools.v9.0.ni.dll",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21",
- "C:\\Windows\\Temp\\CabA17C.tmp",
- "C:\\Windows\\Temp\\TarA18D.tmp",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
- "C:\\Windows\\Temp\\CabAF76.tmp",
- "C:\\Windows\\Temp\\TarAF77.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB1D9.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index164.dat",
- "C:\\Windows\\assembly\\temp\\L96LB2KIOV",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\4b3742b9ce5a12286a9e50f48e6dbbb2\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.ni.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPBFD2.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index165.dat",
- "C:\\Windows\\assembly\\temp\\7QNXO4Z4ZB",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\7ccd189d94efd1491116295d6fb86584\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll",
- "C:\\Windows\\Temp\\CabCBD8.tmp",
- "C:\\Windows\\Temp\\TarCBD9.tmp",
- "C:\\Windows\\Temp\\CabD4F0.tmp",
- "C:\\Windows\\Temp\\TarD4F1.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPD7A1.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index166.dat",
- "C:\\Windows\\assembly\\temp\\L7W2UENXBS",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d22de3f4c42430a9421588d3b2c0de6f\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.ni.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPE79D.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index167.dat",
- "C:\\Windows\\assembly\\temp\\ZO4F0G3JN8",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\8cace01bdef1fa3c1deb129b0c201333\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll",
- "C:\\Windows\\Temp\\CabF113.tmp",
- "C:\\Windows\\Temp\\TarF124.tmp",
- "C:\\Windows\\Temp\\Cab94.tmp",
- "C:\\Windows\\Temp\\Tar95.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2D8.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index168.dat",
- "C:\\Windows\\assembly\\temp\\LCLKDRIDYP",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f475ddf8555a053a766081058e4df1ec\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.ni.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPEFB.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index169.dat",
- "C:\\Windows\\assembly\\temp\\ZTTXJT6ZA5",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\10544e726a20c09e227a1c906be47b69\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.ni.dll",
- "C:\\Windows\\Temp\\Cab1F66.tmp",
- "C:\\Windows\\Temp\\Tar1F77.tmp",
- "C:\\Windows\\Temp\\Cab31B6.tmp",
- "C:\\Windows\\Temp\\Tar31D6.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3523.tmp\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16a.dat",
- "C:\\Windows\\assembly\\temp\\2RWDXHWCAA",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d55694c2bdd85900a19ab47723f60b3a\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.ni.dll",
- "C:\\Windows\\Temp\\Cab456D.tmp",
- "C:\\Windows\\Temp\\Tar456E.tmp",
- "C:\\Windows\\Temp\\Cab5490.tmp",
- "C:\\Windows\\Temp\\Tar5491.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5722.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16b.dat",
- "C:\\Windows\\assembly\\temp\\IOEDDD2CPB",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f2fde18290c6c402bbccdab670aa3126\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.ni.dll",
- "C:\\Windows\\Temp\\Cab7353.tmp",
- "C:\\Windows\\Temp\\Tar7363.tmp",
- "C:\\Windows\\Temp\\Cab8322.tmp",
- "C:\\Windows\\Temp\\Tar8332.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP85D3.tmp\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16c.dat",
- "C:\\Windows\\assembly\\temp\\FUHO2MRNS0",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\cac5185d84f38f3d701b128429bf48f2\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.ni.dll",
- "C:\\Windows\\Temp\\CabA3E8.tmp",
- "C:\\Windows\\Temp\\TarA3E9.tmp",
- "C:\\Windows\\Temp\\CabAD3F.tmp",
- "C:\\Windows\\Temp\\TarAD4F.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPAF64.tmp\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16d.dat",
- "C:\\Windows\\assembly\\temp\\R0EOGFJRNT",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\b8820392be14b41757054ee7e052b0fd\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.ni.dll",
- "\\??\\PIPE\\lsarpc",
- "C:\\Windows\\Temp\\CabB983.tmp",
- "C:\\Windows\\Temp\\TarB984.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC23.tmp.appcompat.txt",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC2EB.tmp.WERInternalMetadata.xml",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC359.tmp.hdmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERD5D8.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERBC23.tmp.appcompat.txt",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERC2EB.tmp.WERInternalMetadata.xml",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERC359.tmp.hdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\WERD5D8.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\Report.wer",
- "C:\\Windows\\Temp\\CabC2BB.tmp",
- "C:\\Windows\\Temp\\TarC2BC.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPC889.tmp\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16e.dat",
- "C:\\Windows\\assembly\\temp\\QPUBXYN075",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\ca444875ec3917f2861b939de4b4de56\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.ni.dll",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9",
- "C:\\Windows\\Temp\\CabF64E.tmp",
- "C:\\Windows\\Temp\\TarF64F.tmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\Report.wer.tmp",
- "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.h"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms~RF2029ae4.TMP",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1056.33725421",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1056.33725421",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1056.33725437",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\6PYHSDQP1Z52YDIB7SDH.temp",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.1200.33746609",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1200.33746609",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.1200.33746609",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\ngenserviceclientlock.dat",
- "C:\\Windows\\Microsoft.NET\\ngenservice_pri0_lock.dat",
- "C:\\Windows\\Microsoft.NET\\ngenservice_pri1_lock.dat",
- "C:\\Windows\\Microsoft.NET\\ngenservice_pri2_lock.dat",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenserviceclientlock.dat",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1140.33956406",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1140.33956406",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1140.33956468",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1776.33977593",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1776.33977609",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1776.33977640",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2164.33978609",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2164.33978609",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2164.33978625",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2130.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15e.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\858a16566417324d7113703e9d9a220f",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2130.tmp\\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2176.33980453",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2176.33980453",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2176.33980468",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.800.33982984",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.800.33982984",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.800.33983000",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3063.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index15f.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\aa8c5b1ed8c1befde1f41b7cd4886163",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3063.tmp\\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2092.33984375",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2092.33984390",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2092.33984406",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2116.33989671",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2116.33989671",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2116.33989734",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP4988.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index160.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\a00f92391877dd945e4a4639788c20c4",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP4988.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2384.33990812",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2384.33990828",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2384.33990843",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2284.33994218",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2284.33994218",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2284.33994250",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5B99.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index161.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\768fc8d43917315c6e1ea9a91b5295a8",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5B99.tmp\\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.948.33995453",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.948.33995453",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.948.33995468",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3064.33998375",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3064.33998390",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3064.33998406",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP6B2A.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index162.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#\\09c86f6b3ef36b680afe553f4bb7182d",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.Office.To#",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP6B2A.tmp\\Microsoft.Office.Tools.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2804.33999406",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2804.33999406",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2804.33999406",
- "C:\\Windows\\Temp\\CabA17C.tmp",
- "C:\\Windows\\Temp\\TarA18D.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3032.34000812",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3032.34000828",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3032.34000843",
- "C:\\Windows\\Temp\\CabAF76.tmp",
- "C:\\Windows\\Temp\\TarAF77.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB1D9.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index163.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\4b3742b9ce5a12286a9e50f48e6dbbb2",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPB1D9.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2992.34015734",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2992.34015781",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2992.34015812",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2844.34019125",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2844.34019140",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2844.34019218",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPBFD2.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index164.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\7ccd189d94efd1491116295d6fb86584",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPBFD2.tmp\\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2008.34020671",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2008.34020703",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2008.34020765",
- "C:\\Windows\\Temp\\CabCBD8.tmp",
- "C:\\Windows\\Temp\\TarCBD9.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1608.34022843",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1608.34022859",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1608.34022937",
- "C:\\Windows\\Temp\\CabD4F0.tmp",
- "C:\\Windows\\Temp\\TarD4F1.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPD7A1.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index165.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d22de3f4c42430a9421588d3b2c0de6f",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPD7A1.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2812.34025937",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2812.34025953",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2812.34025953",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.364.34028968",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.364.34029000",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.364.34029093",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPE79D.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index166.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\8cace01bdef1fa3c1deb129b0c201333",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPE79D.tmp\\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2856.34030796",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2856.34030828",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2856.34030906",
- "C:\\Windows\\Temp\\CabF113.tmp",
- "C:\\Windows\\Temp\\TarF124.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.968.34032687",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.968.34032734",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.968.34032750",
- "C:\\Windows\\Temp\\Cab94.tmp",
- "C:\\Windows\\Temp\\Tar95.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2D8.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index167.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f475ddf8555a053a766081058e4df1ec",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP2D8.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2024.34035671",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2024.34035703",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2024.34035796",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1180.34039687",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1180.34039718",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1180.34039812",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPEFB.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index168.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\10544e726a20c09e227a1c906be47b69",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPEFB.tmp\\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2292.34041078",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2292.34041093",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2292.34041171",
- "C:\\Windows\\Temp\\Cab1F66.tmp",
- "C:\\Windows\\Temp\\Tar1F77.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1424.34043953",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1424.34043984",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1424.34044015",
- "C:\\Windows\\Temp\\Cab31B6.tmp",
- "C:\\Windows\\Temp\\Tar31D6.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3523.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index169.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\d55694c2bdd85900a19ab47723f60b3a",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP3523.tmp\\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1824.34049406",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1824.34049437",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1824.34049515",
- "C:\\Windows\\Temp\\Cab456D.tmp",
- "C:\\Windows\\Temp\\Tar456E.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2428.34054125",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2428.34054156",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2428.34054234",
- "C:\\Windows\\Temp\\Cab5490.tmp",
- "C:\\Windows\\Temp\\Tar5491.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5722.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16a.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\f2fde18290c6c402bbccdab670aa3126",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP5722.tmp\\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2760.34058296",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2760.34058312",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2760.34058359",
- "C:\\Windows\\Temp\\Cab7353.tmp",
- "C:\\Windows\\Temp\\Tar7363.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1856.34065765",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1856.34065796",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1856.34065859",
- "C:\\Windows\\Temp\\Cab8322.tmp",
- "C:\\Windows\\Temp\\Tar8332.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP85D3.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16b.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\cac5185d84f38f3d701b128429bf48f2",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAP85D3.tmp\\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2504.34070078",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2504.34070093",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2504.34070140",
- "C:\\Windows\\Temp\\CabA3E8.tmp",
- "C:\\Windows\\Temp\\TarA3E9.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2452.34077906",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2452.34077937",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2452.34078015",
- "C:\\Windows\\Temp\\CabAD3F.tmp",
- "C:\\Windows\\Temp\\TarAD4F.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPAF64.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16c.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\b8820392be14b41757054ee7e052b0fd",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPAF64.tmp\\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2148.34081453",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2148.34081453",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2148.34081484",
- "C:\\Windows\\Temp\\CabB983.tmp",
- "C:\\Windows\\Temp\\TarB984.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1868.34084609",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1868.34084609",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1868.34084625",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC23.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC23.tmp.appcompat.txt",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC2EB.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC2EB.tmp.WERInternalMetadata.xml",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC359.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC359.tmp.hdmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERD5D8.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERD5D8.tmp.mdmp",
- "C:\\Windows\\Temp\\CabC2BB.tmp",
- "C:\\Windows\\Temp\\TarC2BC.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPC889.tmp",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index16d.dat",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.VisualStu#\\ca444875ec3917f2861b939de4b4de56",
- "C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Temp\\ZAPC889.tmp\\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2096.34087171",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2096.34087171",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2096.34087187",
- "C:\\Windows\\Temp\\CabF64E.tmp",
- "C:\\Windows\\Temp\\TarF64F.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3020.34093750",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3020.34093750",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3020.34093765",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_1f67675514e2d340fc249786aef11e17815cce2_cab_0926034b\\Report.wer.tmp",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2392.34102859",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2392.34102859",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2392.34102875",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1112.34103671",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1112.34103671",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1112.34103687",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1560.34104453",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1560.34104453",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1560.34104468",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.672.34106093",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.672.34106093",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.672.34106109",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1836.34106968",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1836.34106968",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1836.34106984",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2672.34108000",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2672.34108015",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2672.34108031",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1364.34109359",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1364.34109375",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1364.34109390",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1596.34110328",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1596.34110328",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1596.34110343",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2044.34111265",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2044.34111265",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2044.34111281",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2016.34112187",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2016.34112187",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2016.34112203",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2872.34113031",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2872.34113031",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2872.34113046",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1444.34113921",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1444.34113921",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1444.34113937",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.928.34115609",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.928.34115640",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.928.34115750",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3676.34122984",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3676.34123015",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3676.34123125",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3844.34124859",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3844.34124875",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3844.34124984",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.3992.34127031",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.3992.34127062",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.3992.34127203",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.1176.34131265",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1176.34131296",
- "C:\\Windows\\sysnative\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.1176.34131359"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\DisableAntiSpyware",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableBehaviorMonitoring",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnAccessProtection",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableOnRealtimeEnable",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection",
- "DisableNotifications",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\Start",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\Start",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\Scenario",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\2\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\3\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\2\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\AuditPolicyGPManagedStubs.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\2\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.Office.Tools.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.Office.Tools.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/AddInViews/Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/Contracts/Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll\\0\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\C:/Program Files (x86)/Common Files/Microsoft Shared/VSTA/Pipeline.v10.0/HostSideAdapters/Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll\\0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\ComSvcConfig, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\ComSvcConfig, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\CustomMarshalers, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\CustomMarshalers, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.Framework, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.Framework, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.RuleWizard, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.ApplicationId.RuleWizard, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Conversion.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Conversion.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Engine, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Framework, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Tasks.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.Build.Utilities.v3.5, Version=3.5.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.AdmTmplEditor, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.AdmTmplEditor, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.Interop, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.Interop, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64\\1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\v2.0.50727\\NGENService\\Roots\\Microsoft.GroupPolicy.Reporting, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil\\1\\ImageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform\\ServiceSessionId",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\cval",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT\\Publishers\\{945a8954-c147-4acd-923f-40c45405a658}\\Enabled",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Reporting\\RebootWatch",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\NextSqmReportTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\SusClientIdValidation",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS\\UpdateCount",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.106\\CheckSetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.101\\CheckSetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.103\\CheckSetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\\CheckSetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\\CheckSetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{E8433B72-5842-4d43-8645-BC2C35960837}.check.104\\CheckSetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{945a8954-c147-4acd-923f-40c45405a658}.check.42\\CheckSetting",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\WHCIconStartup",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.bmp\\OpenWithProgids\\Paint.Picture",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.cab\\OpenWithProgids\\CABFolder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.contact\\OpenWithProgids\\contact_wab_auto_file",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.css\\OpenWithProgids\\CSSfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.csv\\OpenWithProgids\\Excel.CSV",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dib\\OpenWithProgids\\Paint.Picture",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dll\\OpenWithProgids\\dllfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.doc\\OpenWithProgids\\Word.Document.8",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.docm\\OpenWithProgids\\Word.DocumentMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.docx\\OpenWithProgids\\Word.Document.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dot\\OpenWithProgids\\Word.Template.8",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dotm\\OpenWithProgids\\Word.TemplateMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dotx\\OpenWithProgids\\Word.Template.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.dwfx\\OpenWithProgids\\Windows.XPSReachViewer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.easmx\\OpenWithProgids\\Windows.XPSReachViewer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.edrwx\\OpenWithProgids\\Windows.XPSReachViewer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.emf\\OpenWithProgids\\emffile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.eprtx\\OpenWithProgids\\Windows.XPSReachViewer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids\\exefile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.fon\\OpenWithProgids\\fonfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.gif\\OpenWithProgids\\giffile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\OpenWithProgids\\ChromeHTML",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\OpenWithProgids\\ChromeHTML",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ico\\OpenWithProgids\\icofile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ini\\OpenWithProgids\\inifile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jfif\\OpenWithProgids\\pjpegfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpe\\OpenWithProgids\\jpegfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpeg\\OpenWithProgids\\jpegfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jpg\\OpenWithProgids\\jpegfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.jtx\\OpenWithProgids\\Windows.XPSReachViewer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.lnk\\OpenWithProgids\\lnkfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mht\\OpenWithProgids\\mhtmlfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.mhtml\\OpenWithProgids\\mhtmlfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.msg\\OpenWithProgids\\Outlook.File.msg.15",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ocx\\OpenWithProgids\\ocxfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.odt\\OpenWithProgids\\Word.OpenDocumentText.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.otf\\OpenWithProgids\\otffile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.png\\OpenWithProgids\\pngfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pot\\OpenWithProgids\\PowerPoint.Template.8",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.potm\\OpenWithProgids\\PowerPoint.TemplateMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.potx\\OpenWithProgids\\PowerPoint.Template.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppam\\OpenWithProgids\\PowerPoint.Addin.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppsm\\OpenWithProgids\\PowerPoint.SlideShowMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppsx\\OpenWithProgids\\PowerPoint.SlideShow.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ppt\\OpenWithProgids\\PowerPoint.Show.8",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pptm\\OpenWithProgids\\PowerPoint.ShowMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pptx\\OpenWithProgids\\PowerPoint.Show.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ps1xml\\OpenWithProgids\\Microsoft.PowerShellXMLData.1",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.rle\\OpenWithProgids\\rlefile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.rtf\\OpenWithProgids\\Word.RTF.8",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.scf\\OpenWithProgids\\SHCmdFile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.search-ms\\OpenWithProgids\\SearchFolder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.shtml\\OpenWithProgids\\ChromeHTML",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sldm\\OpenWithProgids\\PowerPoint.SlideMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sldx\\OpenWithProgids\\PowerPoint.Slide.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.sys\\OpenWithProgids\\sysfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.tif\\OpenWithProgids\\TIFImage.Document",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.tiff\\OpenWithProgids\\TIFImage.Document",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ttc\\OpenWithProgids\\ttcfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.ttf\\OpenWithProgids\\ttffile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.txt\\OpenWithProgids\\txtfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.vsto\\OpenWithProgids\\bootstrap.vsto.1",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wdp\\OpenWithProgids\\wdpfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.wmf\\OpenWithProgids\\wmffile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlam\\OpenWithProgids\\Excel.AddInMacroEnabled",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xls\\OpenWithProgids\\Excel.Sheet.8",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlsb\\OpenWithProgids\\Excel.SheetBinaryMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlsm\\OpenWithProgids\\Excel.SheetMacroEnabled.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlsx\\OpenWithProgids\\Excel.Sheet.12",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xlt\\OpenWithProgids\\Excel.Template.8",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xltm\\OpenWithProgids\\Excel.TemplateMacroEnabled",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xltx\\OpenWithProgids\\Excel.Template",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xml\\OpenWithProgids\\xmlfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xps\\OpenWithProgids\\Windows.XPSReachViewer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.xsl\\OpenWithProgids\\xslfile",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.zip\\OpenWithProgids\\CompressedFolder",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\\CheckSetting",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\505c41c7\\18407c1\\53",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\505c41c7\\18407c1\\53",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\505c41c7\\18407c1\\53",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\30bc7c4f\\3f50fe4f\\90",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\172a6d0a\\5f403964\\b0\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index15f\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\SystemStoreChangeId",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\30bc7c4f\\3f50fe4f\\90",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5b43ba09\\4355c2d6\\7e\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\61b2c30f\\70d479e\\b3\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\794b0063\\27dee8be\\ae\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index160\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\b50d826\\39ee39d6\\ae\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\696e98a8\\5621414f\\ad\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30c713cc\\b50d826\\ad\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index161\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7ecb7908\\a57652a\\ac\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5eb5da09\\60f328e1\\ab\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\5f403964\\690f05a5\\b8\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\27dee8be\\45d0e051\\b4\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\110db8ad\\7ecb7908\\ac\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index162\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\350c026a\\791c4ec4\\ab\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index163\\ILUsageMask",
- "HKEY_USERS\\.DEFAULT\\SOFTWARE\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\InvertDependencies\\2d825c1\\265c09da\\aa",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\2d825c1\\265c09da\\aa",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7ac727df\\7b5311d7\\69\\InvertDependencies\\2d825c1\\265c09da\\aa",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\2d825c1\\265c09da\\aa",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\7ac727df\\7b5311d7\\69",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\2d825c1\\265c09da\\aa",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\7ac727df\\7b5311d7\\69",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\2d825c1\\265c09da\\aa\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index164",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index164\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index164\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\435ee1bb\\25016a16\\a9",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\435ee1bb\\25016a16\\a9",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\435ee1bb\\25016a16\\a9",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\435ee1bb\\25016a16\\a9",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\435ee1bb\\25016a16\\a9\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index165",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index165\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index165\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\InvertDependencies\\3a6c7cbb\\dc778d4\\a8",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3a6c7cbb\\dc778d4\\a8",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3a6c7cbb\\dc778d4\\a8",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a6c7cbb\\dc778d4\\a8\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index166",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index166\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index166\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\57632c41\\29e89c9b\\a7",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\57632c41\\29e89c9b\\a7",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\57632c41\\29e89c9b\\a7",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\57632c41\\29e89c9b\\a7\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index167",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index167\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index167\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\InvertDependencies\\66a906a3\\7670e6bc\\a6",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\66a906a3\\7670e6bc\\a6",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\66a906a3\\7670e6bc\\a6",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\66a906a3\\7670e6bc\\a6\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index168",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index168\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index168\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\3762b89a\\700244f4\\a3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\3762b89a\\700244f4\\a3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3762b89a\\700244f4\\a3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3762b89a\\700244f4\\a3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3762b89a\\700244f4\\a3\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index169",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index169\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index169\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2b7888ea\\50e8bad8\\a7\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\dc778d4\\674fbc54\\a9\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4759019d\\2f13fb6e\\a6\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\265c09da\\b55bce9\\aa\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3a2060d0\\2b7888ea\\a2\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16a",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16a\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16a\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\578927ab\\15e8ad0c\\a5\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\25016a16\\48c6af76\\b7\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7ac727df\\7b5311d7\\69\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\53bd0792\\578927ab\\a1\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16b",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16b\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16b\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7ac727df\\7b5311d7\\69\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\7ac727df\\7b5311d7\\69",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c1422cf\\34c3ef71\\66\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\791c4ec4\\7f00610c\\b1\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7670e6bc\\7f028a6e\\a8\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\1c40f42a\\74173843\\a0\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16c",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16c\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16c\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\50d38081\\715fdbb8\\a2\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\f65b869\\50d38081\\9f\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16d",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16d\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16d\\ILUsageMask",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\SIG",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\LastModTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\InvertDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4b03c88c\\4025af17\\a1\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\4c502bfe\\5b540d10\\b6\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\29e89c9b\\75d60fde\\b5\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\700244f4\\45e7f6bc\\b0\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\505c41c7\\18407c1\\53\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\23a3725a\\3f4e5352\\4f\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6c75b233\\40826f2d\\a4\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\74173843\\9e7130e\\a3\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\InvertDependencies\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\DisplayName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\Status",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\MVID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\ConfigString",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\ConfigMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\ILDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3403ac73\\4b03c88c\\9e\\NIDependencies",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16e",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16e\\NIUsageMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index16e\\ILUsageMask"
- ]
- [*] Deleted Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\AccountDomainSid"
- ]
- [*] DNS Communications: [
- {
- "type": "A",
- "request": "birthdayeventdxb.com",
- "answers": [
- {
- "data": "185.94.230.114",
- "type": "A"
- }
- ]
- }
- ]
- [*] Domains: [
- {
- "ip": "185.94.230.114",
- "domain": "birthdayeventdxb.com"
- }
- ]
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://birthdayeventdxb.com/readme.doc",
- "user-agent": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)",
- "method": "GET",
- "host": "birthdayeventdxb.com",
- "version": "1.1",
- "path": "/readme.doc",
- "data": "GET /readme.doc HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)\r\nHost: birthdayeventdxb.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/microsoftrootcert.crl",
- "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
- "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://crl.microsoft.com/pki/crl/products/CSPCA.crl",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "crl.microsoft.com",
- "version": "1.1",
- "path": "/pki/crl/products/CSPCA.crl",
- "data": "GET /pki/crl/products/CSPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
- "port": 80
- },
- {
- "count": 1,
- "body": "",
- "uri": "http://www.msftncsi.com/ncsi.txt",
- "user-agent": "Microsoft NCSI",
- "method": "GET",
- "host": "www.msftncsi.com",
- "version": "1.1",
- "path": "/ncsi.txt",
- "data": "GET /ncsi.txt HTTP/1.1\r\nConnection: Close\r\nUser-Agent: Microsoft NCSI\r\nHost: www.msftncsi.com\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "office": {
- "Metadata": {
- "HasMacros": "No"
- }
- }
- }
- [*] Resolved APIs: [
- "advapi32.dll.SaferIdentifyLevel",
- "advapi32.dll.SaferComputeTokenFromLevel",
- "advapi32.dll.SaferCloseLevel",
- "ole32.dll.CLSIDFromProgIDEx",
- "ole32.dll.CoGetClassObject",
- "wscript.exe.#1",
- "urlmon.dll.#326",
- "urlmon.dll.#327",
- "shell32.dll.#685",
- "shell32.dll.#688",
- "urlmon.dll.#395",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptGenRandom",
- "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
- "winhttp.dll.WinHttpCheckPlatform",
- "winhttp.dll.WinHttpOpen",
- "winhttp.dll.WinHttpConnect",
- "winhttp.dll.WinHttpOpenRequest",
- "winhttp.dll.WinHttpCloseHandle",
- "winhttp.dll.WinHttpSendRequest",
- "winhttp.dll.WinHttpReceiveResponse",
- "winhttp.dll.WinHttpAddRequestHeaders",
- "winhttp.dll.WinHttpQueryHeaders",
- "winhttp.dll.WinHttpReadData",
- "winhttp.dll.WinHttpWriteData",
- "winhttp.dll.WinHttpQueryDataAvailable",
- "winhttp.dll.WinHttpQueryOption",
- "winhttp.dll.WinHttpSetOption",
- "winhttp.dll.WinHttpSetTimeouts",
- "winhttp.dll.WinHttpCrackUrl",
- "winhttp.dll.WinHttpCreateUrl",
- "oleaut32.dll.#8",
- "oleaut32.dll.#12",
- "shlwapi.dll.StrRChrA",
- "shlwapi.dll.StrCmpNW",
- "oleaut32.dll.#4",
- "oleaut32.dll.#6",
- "kernel32.dll.RegQueryValueExW",
- "oleaut32.dll.#2",
- "kernel32.dll.RegCloseKey",
- "oleaut32.dll.#9",
- "ws2_32.dll.GetAddrInfoW",
- "ws2_32.dll.WSASocketW",
- "ws2_32.dll.#2",
- "ws2_32.dll.#21",
- "ws2_32.dll.#9",
- "ws2_32.dll.WSAIoctl",
- "ws2_32.dll.FreeAddrInfoW",
- "ws2_32.dll.#6",
- "ws2_32.dll.#5",
- "ws2_32.dll.WSARecv",
- "ws2_32.dll.WSASend",
- "ole32.dll.CreateStreamOnHGlobal",
- "oleaut32.dll.#411",
- "oleaut32.dll.#23",
- "oleaut32.dll.#24",
- "ole32.dll.GetHGlobalFromStream",
- "rpcrt4.dll.RpcBindingFree",
- "oleaut32.dll.#500",
- "cryptsp.dll.CryptReleaseContext",
- "cryptsp.dll.CryptAcquireContextA",
- "kernel32.dll.VirtualAlloc",
- "ntdll.dll.memcpy",
- "kernel32.dll.GetCurrentProcess",
- "kernel32.dll.CloseHandle",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "kernel32.dll.Wow64EnableWow64FsRedirection",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegCreateKeyW",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegSetValueExW",
- "shell32.dll.ShellExecuteA",
- "ole32.dll.OleInitialize",
- "cryptbase.dll.SystemFunction036",
- "ole32.dll.CreateBindCtx",
- "ole32.dll.CoTaskMemAlloc",
- "propsys.dll.PSCreateMemoryPropertyStore",
- "propsys.dll.PSPropertyBag_WriteDWORD",
- "ole32.dll.CoGetApartmentType",
- "ole32.dll.CoRegisterInitializeSpy",
- "ole32.dll.CoTaskMemFree",
- "comctl32.dll.#236",
- "ole32.dll.CoGetMalloc",
- "propsys.dll.PSPropertyBag_ReadDWORD",
- "propsys.dll.PSPropertyBag_ReadGUID",
- "comctl32.dll.#320",
- "comctl32.dll.#324",
- "comctl32.dll.#323",
- "advapi32.dll.RegEnumKeyW",
- "advapi32.dll.OpenThreadToken",
- "ole32.dll.StringFromGUID2",
- "apphelp.dll.ApphelpCheckShellObject",
- "ole32.dll.CoCreateInstance",
- "urlmon.dll.CreateUri",
- "kernel32.dll.InitializeSRWLock",
- "kernel32.dll.AcquireSRWLockExclusive",
- "kernel32.dll.AcquireSRWLockShared",
- "kernel32.dll.ReleaseSRWLockExclusive",
- "kernel32.dll.ReleaseSRWLockShared",
- "comctl32.dll.#328",
- "comctl32.dll.#334",
- "shell32.dll.#102",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "propsys.dll.PSPropertyBag_ReadStrAlloc",
- "ole32.dll.CoInitializeEx",
- "advapi32.dll.InitializeSecurityDescriptor",
- "advapi32.dll.SetEntriesInAclW",
- "ntmarta.dll.GetMartaExtensionInterface",
- "advapi32.dll.SetSecurityDescriptorDacl",
- "advapi32.dll.IsTextUnicode",
- "comctl32.dll.#332",
- "comctl32.dll.#338",
- "comctl32.dll.#339",
- "ole32.dll.CoUninitialize",
- "sechost.dll.ConvertSidToStringSidW",
- "profapi.dll.#104",
- "propsys.dll.#430",
- "advapi32.dll.RegGetValueW",
- "ole32.dll.CoTaskMemRealloc",
- "propsys.dll.InitPropVariantFromStringAsVector",
- "propsys.dll.PSCoerceToCanonicalValue",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "propsys.dll.PropVariantToStringAlloc",
- "ole32.dll.PropVariantClear",
- "ole32.dll.CoAllowSetForegroundWindow",
- "comctl32.dll.#386",
- "shell32.dll.SHGetFolderPathW",
- "advapi32.dll.SaferGetPolicyInformation",
- "ntdll.dll.RtlDllShutdownInProgress",
- "comctl32.dll.#329",
- "ole32.dll.OleUninitialize",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptEncrypt",
- "cryptsp.dll.CryptImportKey",
- "cryptbase.dll.SystemFunction040",
- "cryptbase.dll.SystemFunction041",
- "cryptsp.dll.CryptEncrypt",
- "advapi32.dll.UnregisterTraceGuids",
- "comctl32.dll.#321",
- "kernel32.dll.SetThreadUILanguage",
- "kernel32.dll.CopyFileExW",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.SetConsoleInputExeNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "shell32.dll.#66",
- "comctl32.dll.#385",
- "comctl32.dll.#336",
- "comctl32.dll.#333",
- "linkinfo.dll.IsValidLinkInfo",
- "propsys.dll.#417",
- "propsys.dll.PSGetNameFromPropertyKey",
- "propsys.dll.PSStringFromPropertyKey",
- "propsys.dll.InitVariantFromBuffer",
- "propsys.dll.PropVariantToGUID",
- "linkinfo.dll.CreateLinkInfoW",
- "user32.dll.IsCharAlphaW",
- "user32.dll.CharPrevW",
- "ntshrui.dll.GetNetResourceFromLocalPathW",
- "srvcli.dll.NetShareEnum",
- "cscapi.dll.CscNetApiGetInterface",
- "slc.dll.SLGetWindowsInformationDWORD",
- "shlwapi.dll.PathRemoveFileSpecW",
- "linkinfo.dll.DestroyLinkInfo",
- "propsys.dll.PropVariantToBoolean",
- "advapi32.dll.GetSecurityInfo",
- "advapi32.dll.SetSecurityInfo",
- "advapi32.dll.GetSecurityDescriptorControl",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegQueryValueExW",
- "shlwapi.dll.UrlIsW",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "mscorwks.dll.DllGetClassObjectInternal",
- "mscorwks.dll.GetCLRFunction",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.IEE",
- "mscorwks.dll.IEE",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlVirtualUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsFree",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "kernel32.dll.GlobalMemoryStatusEx",
- "oleaut32.dll.#149",
- "ole32.dll.CoGetContextToken",
- "kernel32.dll.GetUserDefaultUILanguage",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.GetFullPathNameW",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "version.dll.GetFileVersionInfoSizeW",
- "version.dll.GetFileVersionInfoW",
- "version.dll.VerQueryValueW",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "mscoree.dll.ND_RI2",
- "kernel32.dll.lstrcpy",
- "kernel32.dll.lstrcpyW",
- "version.dll.VerLanguageNameW",
- "kernel32.dll.GetCurrentProcessId",
- "advapi32.dll.LookupPrivilegeValueW",
- "advapi32.dll.AdjustTokenPrivileges",
- "kernel32.dll.OpenProcess",
- "psapi.dll.EnumProcessModules",
- "psapi.dll.GetModuleInformation",
- "psapi.dll.GetModuleBaseNameW",
- "psapi.dll.GetModuleFileNameExW",
- "kernel32.dll.GetExitCodeProcess",
- "ntdll.dll.NtQuerySystemInformation",
- "user32.dll.EnumWindows",
- "user32.dll.GetWindowThreadProcessId",
- "kernel32.dll.WerSetFlags",
- "kernel32.dll.SetThreadPreferredUILanguages",
- "kernel32.dll.GetThreadPreferredUILanguages",
- "kernel32.dll.GetUserDefaultLocaleName",
- "kernel32.dll.GetEnvironmentVariableW",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptGetHashParam",
- "cryptsp.dll.CryptDestroyHash",
- "cryptsp.dll.CryptDestroyKey",
- "mscoree.dll.GetTokenForVTableEntry",
- "mscoree.dll.SetTargetForVTableEntry",
- "mscoree.dll.GetTargetForVTableEntry",
- "culture.dll.ConvertLangIdToCultureName",
- "ole32.dll.CoCreateGuid",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetConsoleScreenBufferInfo",
- "kernel32.dll.LocalFree",
- "kernel32.dll.LocalAlloc",
- "mscoree.dll.ND_RI4",
- "advapi32.dll.DuplicateTokenEx",
- "advapi32.dll.CheckTokenMembership",
- "kernel32.dll.GetConsoleTitleW",
- "mscorjit.dll.getJit",
- "kernel32.dll.SetConsoleTitleW",
- "kernel32.dll.SetConsoleCtrlHandler",
- "kernel32.dll.CreateEventW",
- "ntdll.dll.WinSqmIsOptedIn",
- "kernel32.dll.ExpandEnvironmentStringsW",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.SetEnvironmentVariableW",
- "kernel32.dll.GetACP",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.GetFileType",
- "kernel32.dll.ReadFile",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.VirtualQuery",
- "secur32.dll.GetUserNameExW",
- "advapi32.dll.GetUserNameW",
- "kernel32.dll.ReleaseMutex",
- "advapi32.dll.RegisterEventSourceW",
- "advapi32.dll.DeregisterEventSource",
- "advapi32.dll.ReportEventW",
- "kernel32.dll.GetLogicalDrives",
- "kernel32.dll.GetDriveTypeW",
- "kernel32.dll.GetVolumeInformationW",
- "kernel32.dll.GetCurrentDirectoryW",
- "kernel32.dll.GetLastError",
- "kernel32.dll.GetStdHandle",
- "kernel32.dll.GetConsoleMode",
- "kernel32.dll.SetEvent",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindClose",
- "mscoree.dll.DllGetClassObject",
- "diasymreader.dll.DllGetClassObjectInternal",
- "kernel32.dll.GetConsoleOutputCP",
- "gdi32.dll.TranslateCharsetInfo",
- "kernel32.dll.SetConsoleTextAttribute",
- "kernel32.dll.WriteConsoleW",
- "mscoree.dll.CorExitProcess",
- "mscorwks.dll.CorExitProcess",
- "mscorwks.dll._CorDllMain",
- "kernel32.dll.CreateActCtxW",
- "kernel32.dll.AddRefActCtx",
- "kernel32.dll.ReleaseActCtx",
- "kernel32.dll.ActivateActCtx",
- "kernel32.dll.DeactivateActCtx",
- "kernel32.dll.GetCurrentActCtx",
- "kernel32.dll.QueryActCtxW",
- "netutils.dll.NetApiBufferFree",
- "kernel32.dll.IsProcessorFeaturePresent",
- "ntdll.dll.RtlUnwind",
- "mscoree.dll._CorExeMain",
- "mscoree.dll._CorImageUnloading",
- "mscoree.dll._CorValidateImage",
- "cryptsp.dll.CryptExportKey",
- "cryptsp.dll.CryptCreateHash",
- "kernel32.dll.SwitchToThread",
- "rpcrt4.dll.UuidFromStringW",
- "rpcrt4.dll.RpcBindingCreateW",
- "rpcrt4.dll.RpcBindingBind",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.StartServiceW",
- "sechost.dll.CloseServiceHandle",
- "ole32.dll.CoInitializeSecurity",
- "sechost.dll.LookupAccountNameLocalW",
- "advapi32.dll.LookupAccountSidW",
- "sechost.dll.LookupAccountSidLocalW",
- "ssdpsrv.dll.ServiceMain",
- "ssdpsrv.dll.SvchostPushServiceGlobals",
- "firewallapi.dll.IcfChangeNotificationCreate",
- "firewallapi.dll.IcfChangeNotificationDestroy",
- "firewallapi.dll.IcfAddrChangeNotificationCreate",
- "advapi32.dll.RegCreateKeyExW",
- "advapi32.dll.RegNotifyChangeKeyValue",
- "iphlpapi.dll.GetAdaptersAddresses",
- "mswsock.dll.WSPStartup",
- "wship6.dll.WSHOpenSocket",
- "wship6.dll.WSHOpenSocket2",
- "wship6.dll.WSHJoinLeaf",
- "wship6.dll.WSHNotify",
- "wship6.dll.WSHGetSocketInformation",
- "wship6.dll.WSHSetSocketInformation",
- "wship6.dll.WSHGetSockaddrType",
- "wship6.dll.WSHGetWildcardSockaddr",
- "wship6.dll.WSHAddressToString",
- "wship6.dll.WSHStringToAddress",
- "wship6.dll.WSHIoctl",
- "wshtcpip.dll.WSHOpenSocket",
- "wshtcpip.dll.WSHOpenSocket2",
- "wshtcpip.dll.WSHJoinLeaf",
- "wshtcpip.dll.WSHNotify",
- "wshtcpip.dll.WSHGetSocketInformation",
- "wshtcpip.dll.WSHSetSocketInformation",
- "wshtcpip.dll.WSHGetSockaddrType",
- "wshtcpip.dll.WSHGetWildcardSockaddr",
- "wshtcpip.dll.WSHGetBroadcastSockaddr",
- "wshtcpip.dll.WSHAddressToString",
- "wshtcpip.dll.WSHStringToAddress",
- "wshtcpip.dll.WSHIoctl",
- "advapi32.dll.CreateWellKnownSid",
- "iphlpapi.dll.ConvertInterfaceGuidToLuid",
- "secur32.dll.InitSecurityInterfaceW",
- "cryptsp.dll.SystemFunction035",
- "iphlpapi.dll.NotifyUnicastIpAddressChange",
- "fntcache.dll.ServiceMain",
- "fntcache.dll.SvchostPushServiceGlobals",
- "mscorsvc.dll.CorGetSvc",
- "advapi32.dll.StartServiceCtrlDispatcherW",
- "kernel32.dll.VerSetConditionMask",
- "kernel32.dll.VerifyVersionInfoW",
- "advapi32.dll.RegisterServiceCtrlHandlerExW",
- "advapi32.dll.SetServiceStatus",
- "advapi32.dll.OpenSCManagerW",
- "advapi32.dll.OpenServiceW",
- "advapi32.dll.ChangeServiceConfigW",
- "advapi32.dll.CloseServiceHandle",
- "mscoree.dll.CorIsLatestSvc",
- "msidle.dll.#8",
- "wtsapi32.dll.WTSQuerySessionInformationW",
- "wtsapi32.dll.WTSFreeMemory",
- "wtsapi32.dll.WTSEnumerateSessionsW",
- "winsta.dll.WinStationEnumerateW",
- "rpcrt4.dll.RpcStringBindingComposeW",
- "rpcrt4.dll.RpcBindingFromStringBindingW",
- "rpcrt4.dll.RpcStringFreeW",
- "rpcrt4.dll.RpcBindingSetAuthInfoExW",
- "rpcrt4.dll.NdrClientCall2",
- "rpcrt4.dll.I_RpcExceptionFilter",
- "winsta.dll.WinStationFreeMemory",
- "powrprof.dll.CallNtPowerInformation",
- "advapi32.dll.QueryServiceConfig2W",
- "advapi32.dll.CreateRestrictedToken",
- "mscoree.dll.GetCORRootDirectory",
- "rpcrt4.dll.RpcStringBindingComposeA",
- "rpcrt4.dll.RpcBindingFromStringBindingA",
- "rpcrt4.dll.RpcStringFreeA",
- "rpcrt4.dll.NdrClientCall3",
- "ws2_32.dll.#116",
- "bcryptprimitives.dll.GetHashInterface",
- "sspicli.dll.LsaCallAuthenticationPackage",
- "sspicli.dll.LsaFreeReturnBuffer",
- "crypt32.dll.I_CertSrvProtectFunction",
- "advapi32.dll.SetThreadToken",
- "advapi32.dll.GetLengthSid",
- "advapi32.dll.CopySid",
- "advapi32.dll.GetSecurityDescriptorSacl",
- "advapi32.dll.CreateProcessAsUserW",
- "oleaut32.dll.BSTR_UserSize",
- "oleaut32.dll.BSTR_UserMarshal",
- "oleaut32.dll.BSTR_UserUnmarshal",
- "oleaut32.dll.BSTR_UserFree",
- "oleaut32.dll.VARIANT_UserSize",
- "oleaut32.dll.VARIANT_UserMarshal",
- "oleaut32.dll.VARIANT_UserUnmarshal",
- "oleaut32.dll.VARIANT_UserFree",
- "oleaut32.dll.LPSAFEARRAY_UserSize",
- "oleaut32.dll.LPSAFEARRAY_UserMarshal",
- "oleaut32.dll.LPSAFEARRAY_UserUnmarshal",
- "oleaut32.dll.LPSAFEARRAY_UserFree",
- "advapi32.dll.EventWrite",
- "advapi32.dll.EventRegister",
- "advapi32.dll.EventUnregister",
- "advapi32.dll.EventEnabled",
- "ntdll.dll.ZwQueryInformationProcess",
- "ntdll.dll.NtQuerySection",
- "ntdll.dll.LdrProcessRelocationBlock",
- "sppwinob.dll.SppPluginInitialize",
- "sppwinob.dll.SppPluginShutdown",
- "sppwinob.dll.SppPluginCreateInstance",
- "sppwinob.dll.SppPluginCanUnloadNow",
- "sppobjs.dll.SppPluginInitialize",
- "sppobjs.dll.SppPluginShutdown",
- "sppobjs.dll.SppPluginCreateInstance",
- "sppobjs.dll.SppPluginCanUnloadNow",
- "sspicli.dll.GetUserNameExW",
- "advapi32.dll.NotifyServiceStatusChangeW",
- "setupapi.dll.SetupDiGetClassDevsW",
- "setupapi.dll.SetupDiEnumDeviceInfo",
- "setupapi.dll.SetupDiGetDeviceRegistryPropertyW",
- "setupapi.dll.SetupDiDestroyDeviceInfoList",
- "wintrust.dll.WinVerifyTrust",
- "setupapi.dll.SetupDiEnumDeviceInterfaces",
- "setupapi.dll.SetupDiGetDeviceInterfaceDetailW",
- "kernel32.dll.GetSystemFirmwareTable",
- "wkscli.dll.NetGetJoinInformation",
- "userenv.dll.UnregisterGPNotification",
- "gpapi.dll.UnregisterGPNotificationInternal",
- "ole32.dll.CoDisconnectContext",
- "wbemcore.dll.Reinitialize",
- "wer.dll.WerReportCreate",
- "wer.dll.WerReportSubmit",
- "wer.dll.WerReportCloseHandle",
- "wer.dll.WerReportSetParameter",
- "wmisvc.dll.IsShutDown",
- "kernel32.dll.GetProductInfo",
- "ntdll.dll.WinSqmEventEnabled",
- "ntdll.dll.WinSqmSetString",
- "wevtapi.dll.EvtIntAssertConfig",
- "kernel32.dll.NlsGetCacheUpdateCount",
- "sechost.dll.QueryServiceStatus",
- "rasapi32.dll.RasEnumConnectionsW",
- "rasapi32.dll.RasConnectionNotificationW",
- "advapi32.dll.WmiMofEnumerateResourcesW",
- "advapi32.dll.WmiFreeBuffer",
- "ntdll.dll.EtwUnregisterTraceGuids",
- "comctl32.dll.LoadIconMetric",
- "ole32.dll.CLSIDFromOle1Class",
- "clbcatq.dll.GetCatalogObject",
- "clbcatq.dll.GetCatalogObject2",
- "ole32.dll.NdrOleInitializeExtension",
- "ole32.dll.CoGetMarshalSizeMax",
- "ole32.dll.CoMarshalInterface",
- "ole32.dll.CoUnmarshalInterface",
- "ole32.dll.StringFromIID",
- "ole32.dll.CoGetPSClsid",
- "ole32.dll.CoReleaseMarshalData",
- "ole32.dll.DcomChannelSetHResult",
- "oleaut32.dll.DllGetClassObject",
- "oleaut32.dll.DllCanUnloadNow",
- "sxs.dll.SxsOleAut32MapIIDToProxyStubCLSID",
- "advapi32.dll.RegQueryValueW",
- "sxs.dll.SxsOleAut32MapIIDToTLBPath",
- "advapi32.dll.RegOpenKeyW",
- "sxs.dll.SxsOleAut32MapConfiguredClsidToReferenceClsid",
- "sxs.dll.SxsOleAut32RedirectTypeLibrary",
- "mscorwks.dll.NGenCreateNGenWorker",
- "oleaut32.dll.#7",
- "oleaut32.dll.#26",
- "mscoree.dll.GetMetaDataInternalInterface",
- "mscorwks.dll.GetMetaDataInternalInterface",
- "cryptsp.dll.CryptVerifySignatureA",
- "oleaut32.dll.#19",
- "ole32.dll.CoWaitForMultipleHandles",
- "ole32.dll.IIDFromString",
- "advapi32.dll.RegDeleteKeyExW",
- "kernel32.dll.ProcessIdToSessionId",
- "imm32.dll.ImmCreateContext",
- "imm32.dll.ImmDestroyContext",
- "imm32.dll.ImmNotifyIME",
- "imm32.dll.ImmAssociateContext",
- "imm32.dll.ImmReleaseContext",
- "imm32.dll.ImmGetContext",
- "imm32.dll.ImmGetCompositionStringA",
- "imm32.dll.ImmSetCompositionStringA",
- "imm32.dll.ImmGetCompositionStringW",
- "imm32.dll.ImmSetCompositionStringW",
- "imm32.dll.ImmSetCandidateWindow",
- "mscorsec.dll.GetPublisher",
- "mscoree.dll.CoInitializeEE",
- "mscorwks.dll.CoInitializeEE",
- "wintrust.dll.WintrustCertificateTrust",
- "mscorsec.dll.CORPolicyEE",
- "wintrust.dll.SoftpubInitialize",
- "wintrust.dll.SoftpubLoadMessage",
- "wintrust.dll.SoftpubLoadSignature",
- "wintrust.dll.SoftpubCheckCert",
- "wintrust.dll.CryptSIPPutSignedDataMsg",
- "wintrust.dll.CryptSIPGetSignedDataMsg",
- "imagehlp.dll.ImageGetCertificateData",
- "user32.dll.LoadStringW",
- "ncrypt.dll.BCryptOpenAlgorithmProvider",
- "ncrypt.dll.BCryptGetProperty",
- "ncrypt.dll.BCryptCreateHash",
- "ncrypt.dll.BCryptHashData",
- "wintrust.dll.CryptSIPVerifyIndirectData",
- "bcrypt.dll.BCryptOpenAlgorithmProvider",
- "bcrypt.dll.BCryptGetProperty",
- "bcrypt.dll.BCryptCreateHash",
- "bcrypt.dll.BCryptHashData",
- "bcrypt.dll.BCryptFinishHash",
- "bcrypt.dll.BCryptDestroyHash",
- "bcrypt.dll.BCryptCloseAlgorithmProvider",
- "ncrypt.dll.BCryptFinishHash",
- "cryptsp.dll.CryptSetHashParam",
- "ncrypt.dll.BCryptDestroyHash",
- "userenv.dll.GetUserProfileDirectoryW",
- "sechost.dll.ConvertStringSidToSidW",
- "userenv.dll.RegisterGPNotification",
- "gpapi.dll.RegisterGPNotificationInternal",
- "sechost.dll.QueryServiceConfigW",
- "cryptnet.dll.CertDllVerifyRevocation",
- "sensapi.dll.IsNetworkAlive",
- "winhttp.dll.WinHttpGetDefaultProxyConfiguration",
- "winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser",
- "advapi32.dll.RegDeleteTreeA",
- "advapi32.dll.RegDeleteTreeW",
- "nsi.dll.NsiAllocateAndGetTable",
- "cfgmgr32.dll.CM_Open_Class_Key_ExW",
- "iphlpapi.dll.GetIfEntry2",
- "iphlpapi.dll.GetIpForwardTable2",
- "iphlpapi.dll.GetIpNetEntry2",
- "iphlpapi.dll.FreeMibTable",
- "nsi.dll.NsiFreeTable",
- "winhttp.dll.WinHttpGetProxyForUrl",
- "winhttp.dll.WinHttpTimeFromSystemTime",
- "cryptnet.dll.I_CryptNetGetConnectivity",
- "cryptnet.dll.CryptRetrieveObjectByUrlW",
- "setupapi.dll.SetupIterateCabinetW",
- "cabinet.dll.#20",
- "cabinet.dll.#22",
- "devrtl.dll.DevRtlGetThreadLogToken",
- "kernel32.dll.RegOpenKeyExW",
- "cabinet.dll.#23",
- "sechost.dll.QueryServiceConfigA",
- "rpcrt4.dll.RpcEpResolveBinding",
- "cryptnet.dll.I_CryptNetSetUrlCachePreFetchInfo",
- "cryptnet.dll.I_CryptNetSetUrlCacheFlushInfo",
- "wintrust.dll.SoftpubAuthenticode",
- "wintrust.dll.SoftpubCleanup",
- "advapi32.dll.SaferiSearchMatchingHashRules",
- "mscoree.dll.CoUninitializeEE",
- "mscorwks.dll.CoUninitializeEE",
- "w32time.dll.SvchostEntry_W32Time",
- "w32time.dll.SvchostPushServiceGlobals",
- "sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW",
- "ws2_32.dll.#115",
- "ws2_32.dll.#111",
- "dsrole.dll.DsRoleGetPrimaryDomainInformation",
- "dsrole.dll.DsRoleFreeMemory",
- "sspicli.dll.LsaRegisterPolicyChangeNotification",
- "w32time.dll.TimeProvClose",
- "w32time.dll.TimeProvCommand",
- "w32time.dll.TimeProvOpen",
- "ws2_32.dll.getaddrinfo",
- "ws2_32.dll.freeaddrinfo",
- "ws2_32.dll.#23",
- "ws2_32.dll.WSAEventSelect",
- "vmictimeprovider.dll.TimeProvClose",
- "vmictimeprovider.dll.TimeProvCommand",
- "vmictimeprovider.dll.TimeProvOpen",
- "ws2_32.dll.WSAAddressToStringW",
- "ws2_32.dll.#3",
- "sspicli.dll.LsaUnregisterPolicyChangeNotification",
- "wersvc.dll.ServiceMain",
- "wersvc.dll.SvchostPushServiceGlobals",
- "faultrep.dll.WerpInitiateCrashReporting",
- "wer.dll.WerpCreateMachineStore",
- "shell32.dll.SHGetFolderPathEx",
- "userenv.dll.CreateEnvironmentBlock",
- "userenv.dll.DestroyEnvironmentBlock",
- "wer.dll.WerpSvcReportFromMachineQueue",
- "advapi32.dll.DuplicateToken",
- "wtsapi32.dll.WTSQueryUserToken",
- "winsta.dll.WinStationQueryInformationW",
- "advapi32.dll.ImpersonateLoggedOnUser",
- "advapi32.dll.RevertToSelf",
- "imm32.dll.ImmDisableIME",
- "wer.dll.WerpCreateIntegratorReportId",
- "wer.dll.WerpSetIntegratorReportId",
- "dbgeng.dll.DebugCreate",
- "ntdll.dll.CsrGetProcessId",
- "ntdll.dll.DbgBreakPoint",
- "ntdll.dll.DbgPrint",
- "ntdll.dll.DbgPrompt",
- "ntdll.dll.DbgUiConvertStateChangeStructure",
- "ntdll.dll.DbgUiGetThreadDebugObject",
- "ntdll.dll.DbgUiIssueRemoteBreakin",
- "ntdll.dll.DbgUiSetThreadDebugObject",
- "ntdll.dll.NtAllocateVirtualMemory",
- "ntdll.dll.NtClose",
- "ntdll.dll.NtCreateDebugObject",
- "ntdll.dll.NtCreateFile",
- "ntdll.dll.NtDebugActiveProcess",
- "ntdll.dll.NtDebugContinue",
- "ntdll.dll.NtFreeVirtualMemory",
- "ntdll.dll.NtOpenProcess",
- "ntdll.dll.NtOpenThread",
- "ntdll.dll.NtQueryInformationProcess",
- "ntdll.dll.NtQueryInformationThread",
- "ntdll.dll.NtQueryMutant",
- "ntdll.dll.NtQueryObject",
- "ntdll.dll.NtRemoveProcessDebug",
- "ntdll.dll.NtResumeThread",
- "ntdll.dll.NtSetInformationDebugObject",
- "ntdll.dll.NtSetInformationProcess",
- "ntdll.dll.NtSystemDebugControl",
- "ntdll.dll.NtWaitForDebugEvent",
- "ntdll.dll.RtlAnsiStringToUnicodeString",
- "ntdll.dll.RtlCreateProcessParameters",
- "ntdll.dll.RtlCreateUserProcess",
- "ntdll.dll.RtlDestroyProcessParameters",
- "ntdll.dll.RtlDosPathNameToNtPathName_U",
- "ntdll.dll.RtlFindMessage",
- "ntdll.dll.RtlFreeHeap",
- "ntdll.dll.RtlFreeUnicodeString",
- "ntdll.dll.RtlGetFunctionTableListHead",
- "ntdll.dll.RtlGetUnloadEventTrace",
- "ntdll.dll.RtlGetUnloadEventTraceEx",
- "ntdll.dll.RtlInitAnsiString",
- "ntdll.dll.RtlInitUnicodeString",
- "ntdll.dll.RtlTryEnterCriticalSection",
- "ntdll.dll.RtlUnicodeStringToAnsiString",
- "ntdll.dll.NtOpenProcessToken",
- "ntdll.dll.NtOpenThreadToken",
- "ntdll.dll.NtQueryInformationToken",
- "kernel32.dll.CloseProfileUserMapping",
- "kernel32.dll.CreateToolhelp32Snapshot",
- "kernel32.dll.DebugActiveProcessStop",
- "kernel32.dll.DebugBreak",
- "kernel32.dll.DebugBreakProcess",
- "kernel32.dll.DebugSetProcessKillOnExit",
- "kernel32.dll.Module32First",
- "kernel32.dll.Module32FirstW",
- "kernel32.dll.Module32Next",
- "kernel32.dll.Module32NextW",
- "kernel32.dll.OpenThread",
- "kernel32.dll.Process32First",
- "kernel32.dll.Process32FirstW",
- "kernel32.dll.Process32Next",
- "kernel32.dll.Process32NextW",
- "kernel32.dll.SetProcessShutdownParameters",
- "kernel32.dll.Thread32First",
- "kernel32.dll.Thread32Next",
- "kernel32.dll.GetTimeZoneInformation",
- "kernel32.dll.DuplicateHandle",
- "kernel32.dll.Wow64GetThreadSelectorEntry",
- "advapi32.dll.ControlService",
- "advapi32.dll.CreateServiceA",
- "advapi32.dll.CreateServiceW",
- "advapi32.dll.DeleteService",
- "advapi32.dll.EnumServicesStatusExA",
- "advapi32.dll.EnumServicesStatusExW",
- "advapi32.dll.GetEventLogInformation",
- "advapi32.dll.OpenSCManagerA",
- "advapi32.dll.OpenServiceA",
- "advapi32.dll.StartServiceA",
- "advapi32.dll.StartServiceW",
- "advapi32.dll.GetSidSubAuthority",
- "advapi32.dll.GetSidSubAuthorityCount",
- "version.dll.GetFileVersionInfoSizeExW",
- "version.dll.GetFileVersionInfoExW",
- "dbghelp.dll.WinDbgExtensionDllInit",
- "dbghelp.dll.ExtensionApiVersion",
- "wer.dll.WerpSetDynamicParameter",
- "wer.dll.WerReportAddDump",
- "wer.dll.WerpSetCallBack",
- "wer.dll.WerReportSetUIOption",
- "wer.dll.WerpAddRegisteredDataToReport",
- "user32.dll.CharUpperW",
- "wer.dll.WerpAddAppCompatData",
- "apphelp.dll.SdbGetFileAttributes",
- "apphelp.dll.SdbFormatAttribute",
- "apphelp.dll.SdbFreeFileAttributes",
- "dbghelp.dll.MiniDumpWriteDump",
- "kernel32.dll.GetLongPathNameA",
- "kernel32.dll.GetLongPathNameW",
- "kernel32.dll.GetProcessTimes",
- "advapi32.dll.RegOpenKeyExA",
- "advapi32.dll.RegQueryValueExA",
- "version.dll.GetFileVersionInfoSizeA",
- "version.dll.GetFileVersionInfoA",
- "version.dll.VerQueryValueA",
- "verifier.dll.VerifierEnumerateResource",
- "ntdll.dll.NtSuspendProcess",
- "ntdll.dll.NtResumeProcess",
- "advapi32.dll.QueryTraceW",
- "advapi32.dll.IsValidSid",
- "advapi32.dll.AddAccessAllowedAceEx",
- "wer.dll.WerpGetStoreLocation",
- "wer.dll.WerpGetStoreType",
- "user32.dll.MsgWaitForMultipleObjects",
- "wer.dll.WerpFreeString",
- "user32.dll.GetProcessWindowStation",
- "user32.dll.GetThreadDesktop",
- "user32.dll.GetUserObjectInformationW",
- "werui.dll.WerUICreate",
- "werui.dll.WerUIStart",
- "werui.dll.WerUITerminate",
- "werui.dll.WerUIDelete",
- "kernel32.dll.LocaleNameToLCID",
- "kernel32.dll.GetLocaleInfoEx",
- "kernel32.dll.LCIDToLocaleName",
- "kernel32.dll.GetSystemDefaultLocaleName",
- "fastprox.dll.DllGetClassObject",
- "fastprox.dll.DllCanUnloadNow",
- "oleaut32.dll.#283",
- "oleaut32.dll.#284",
- "psapi.dll.EnumProcesses"
- ]
- [*] Static Analysis: {
- "office": {
- "Metadata": {
- "HasMacros": "No"
- }
- }
- }
Add Comment
Please, Sign In to add comment