Analysis

Category Started Completed Duration Log
FILE 2017-06-18 22:10:02 2017-06-18 22:11:43 101 seconds Show Log
  • Error: Analysis failed: system restarted unexpectedly
2017-02-18 21:10:02,000 [root] INFO: Date set to: 02-19-17, time set to: 03:10:02
2017-02-18 21:10:02,015 [root] DEBUG: Starting analyzer from: C:\wsxwa
2017-02-18 21:10:02,015 [root] DEBUG: Storing results at: C:\oyKSsC
2017-02-18 21:10:02,015 [root] DEBUG: Pipe server name: \\.\PIPE\dkjszw
2017-02-18 21:10:02,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2017-02-18 21:10:02,015 [root] INFO: Automatically selected analysis package "msi"
2017-02-18 21:10:02,140 [root] DEBUG: Started auxiliary module Browser
2017-02-18 21:10:02,140 [modules.auxiliary.digisig] INFO: Skipping authenticode validation, signtool.exe was not found in bin/
2017-02-18 21:10:02,140 [root] DEBUG: Started auxiliary module DigiSig
2017-02-18 21:10:02,140 [root] DEBUG: Started auxiliary module Disguise
2017-02-18 21:10:02,155 [root] DEBUG: Started auxiliary module Human
2017-02-18 21:10:02,155 [root] DEBUG: Started auxiliary module Screenshots
2017-02-18 21:10:02,155 [root] DEBUG: Started auxiliary module Usage
2017-02-18 21:10:02,171 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\msiexec.exe" with arguments "/I "C:\Users\ADMINI~1\AppData\Local\Temp\hacker-defense-pro-hdp0100-beta-1a-w8.msi"" with pid 1880
2017-02-18 21:10:02,171 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2017-02-18 21:10:02,187 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 1880
2017-02-18 21:10:04,187 [lib.api.process] INFO: Successfully resumed process with pid 1880
2017-02-18 21:10:04,203 [root] INFO: Added new process to list with pid: 1880
2017-02-18 21:10:04,233 [root] INFO: Cuckoomon successfully loaded in process with pid 1880.
2017-02-18 21:10:04,250 [root] INFO: Disabling sleep skipping.
2017-02-18 21:10:09,765 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2017-02-18 21:10:09,765 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2017-02-18 21:10:15,062 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
2017-02-18 21:10:15,062 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
2017-02-18 21:10:25,483 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0766DB9AB186806BB9A6B6802D3BA734
2017-02-18 21:10:25,483 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0766DB9AB186806BB9A6B6802D3BA734
2017-02-18 21:10:29,592 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\Local\Temp\MSIA3B4.tmp
2017-02-18 21:10:29,640 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\Local\Temp\MSIA3F3.tmp
2017-02-18 21:10:30,171 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:30,217 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
2017-02-18 21:10:30,217 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
2017-02-18 21:10:32,171 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:32,578 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E55FEB142F566DFBD0ED964FAB94545
2017-02-18 21:10:32,592 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E55FEB142F566DFBD0ED964FAB94545
2017-02-18 21:10:33,842 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
2017-02-18 21:10:33,842 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
2017-02-18 21:10:34,171 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:34,437 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
2017-02-18 21:10:34,437 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
2017-02-18 21:10:36,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:38,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:40,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:42,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:44,233 [modules.auxiliary.human] INFO: Found button "&Install", clicking it
2017-02-18 21:10:45,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:47,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:49,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:51,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:53,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:55,233 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:10:57,296 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2017-02-18 21:10:58,296 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:11:00,358 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it
2017-02-18 21:11:01,358 [modules.auxiliary.human] INFO: Found button "&Yes", clicking it
2017-02-18 21:11:02,625 [root] INFO: Added new file to list with path: C:\Users\Administrator\AppData\Local\Temp\MSI968c9.LOG
2017-02-18 21:11:03,358 [modules.auxiliary.human] INFO: Found button "OK", clicking it
2017-02-18 21:11:04,358 [modules.auxiliary.human] INFO: Found button "&Next >", clicking it

MalScore

0.3

Benign

Machine

Name Label Manager Started On Shutdown On
cuckoo7 cuckoo7 VirtualBox 2017-06-18 22:10:03 2017-06-18 22:11:43

File Details

File Name hacker-defense-pro-hdp0100-beta-1a-w8.msi
File Size 2267648 bytes
File Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Create Time/Date: Mon Jun 21 08:00:00 1999, Name of Creating Application: Windows Installer, Security: 1, Code page: 1252, Template: Intel;1033, Number of Pages: 200, Revision Number: {442EB01E-64F4-4839-9F54-9672B393A6FC}, Title: Hacker Deterrent Pro, Author: Terra Privacy LLC, Number of Words: 2, Last Saved Time/Date: Sun Apr 30 20:31:18 2017, Last Printed: Sun Apr 30 20:31:18 2017
MD5 f1a55c711918f470100efe4acf5d6922
SHA1 5bb8d0ae24a924cd811b38022c64c9d3cc7ca29f
SHA256 2aa5a239545abe20771b9bafdde0a1a681a573df305ce3cbd7dc41308a424327
SHA512 99555f00db391ca7085cf7c3dda3ddf8874277c969b6a00917aae5ce90c51cb4af51b3861748162e0425729d725ade7db7543d3c9c3f93d90e3442173a720060
CRC32 FC47915F
Ssdeep 49152:Z0vx3Nn7BxwuUcIueEx1qjtLEA0DhpYNELohJT2qhJ4CuxJ2u:Ixdn7BxwuDpktLEA0DX1ULqk4Co
ClamAV None matched
Yara
  • embedded_pe - Contains an embedded PE32 file
  • embedded_win_api - A non-Windows executable contains win32 API functions names
  • shellcode - Matched shellcode byte patterns

Signatures

Performs some HTTP requests
url: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
url: http://ocsp2.globalsign.com/rootr3/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDkgbagcm0ug%2FJgLUglrN
url: http://crl.globalsign.com/root-r3.crl
url: http://ocsp2.globalsign.com/gscodesignsha2g3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRKkjBge%2BJXnExRoXTQ63uIpEYZkgQUDzrnrJSRdC2WAnODrZwuST8ZqlQCDHWFh9D%2BVv51B4njEw%3D%3D
url: http://crl.globalsign.com/gscodesignsha2g3.crl
url: http://ocsp.globalsign.com/ExtendedSSLSHA256CACross/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAASUHHfmv
url: http://crl.globalsign.net/root.crl
url: http://www.msftncsi.com/ncsi.txt

Screenshots


Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] unknown
N 66.61.164.153 [VT] unknown
N 23.218.156.26 [VT] unknown
N 23.218.156.17 [VT] unknown
N 198.41.215.186 [VT] unknown
N 198.41.214.185 [VT] unknown
N 129.6.15.29 [VT] unknown
N 104.16.27.216 [VT] unknown
N 104.16.25.216 [VT] unknown

DNS

Name Response Post-Analysis Lookup
time-b.nist.gov [VT] A 129.6.15.29 [VT] 129.6.15.29 [VT]
teredo.ipv6.microsoft.com [VT] CNAME onpremwindows.ipv6.microsoft.com.akadns.net [VT]
CNAME onpremch2.ipv6.microsoft.com.akadns.net [VT]
A 157.56.149.60 [VT]
65.55.158.118 [VT]
dns.msftncsi.com [VT] A 131.107.255.255 [VT] 131.107.255.255 [VT]
dns.msftncsi.com [VT] AAAA fd3e:4f5a:5b81::1 [VT] 131.107.255.255 [VT]
www.download.windowsupdate.com [VT] A 66.61.164.127 [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
A 66.61.164.153 [VT]
CNAME a767.dspw65.akamai.net [VT]
23.215.99.17 [VT]
ocsp2.globalsign.com [VT] A 104.16.25.216 [VT]
A 104.16.24.216 [VT]
CNAME cdn.globalsigncdn.com [VT]
A 104.16.27.216 [VT]
A 104.16.28.216 [VT]
A 104.16.26.216 [VT]
104.16.25.216 [VT]
crl.globalsign.com [VT] A 198.41.214.185 [VT]
A 198.41.214.186 [VT]
A 198.41.214.187 [VT]
A 198.41.215.183 [VT]
A 198.41.215.182 [VT]
A 198.41.215.185 [VT]
A 198.41.214.183 [VT]
A 198.41.215.184 [VT]
A 198.41.215.186 [VT]
A 198.41.214.184 [VT]
198.41.215.182 [VT]
ocsp.globalsign.com [VT] 104.16.25.216 [VT]
crl.globalsign.net [VT] 198.41.214.186 [VT]
crl.microsoft.com [VT] A 23.218.156.17 [VT]
CNAME a1363.dscg.akamai.net [VT]
CNAME crl.www.ms.akadns.net [VT]
A 23.218.156.10 [VT]
23.218.156.17 [VT]
www.msftncsi.com [VT] A 23.218.156.26 [VT]
CNAME www.msftncsi.com.edgesuite.net [VT]
A 23.218.156.11 [VT]
CNAME a1961.g2.akamai.net [VT]
23.218.156.26 [VT]

Summary

C:\Users\Administrator\AppData\Local\Temp\hacker-defense-pro-hdp0100-beta-1a-w8.msi
C:\Windows\SysWOW64\msimsg.dll
C:\Windows\SysWOW64\en-US\MsiMsg.dll.mui
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Windows\Fonts\staticcache.dat
A:
B:
D:
E:
F:
G:
H:
I:
J:
K:
L:
M:
N:
O:
P:
Q:
R:
S:
T:
U:
V:
W:
X:
Y:
Z:
C:\
C:\Windows\SysWOW64\en-US\WINHTTP.dll.mui
C:\Users\Administrator\AppData\LocalLow
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0766DB9AB186806BB9A6B6802D3BA734
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0766DB9AB186806BB9A6B6802D3BA734
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
C:\Users
C:\Users\Administrator
C:\Users\Administrator\AppData
C:\Users\Administrator\AppData\Local
C:\Users\Administrator\AppData\Local\Temp
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\AppPatch\msimain.sdb
C:\Windows\SysWOW64\sxs.dll
C:\Windows\SysWOW64\en-US\sxs.DLL.mui
C:\Windows\SysWOW64\*
C:\Windows\SysWOW64\ar-SA\sxs.DLL.mui
C:\Windows\SysWOW64\bg-BG\sxs.DLL.mui
C:\Windows\SysWOW64\cs-CZ\sxs.DLL.mui
C:\Windows\SysWOW64\da-DK\sxs.DLL.mui
C:\Windows\SysWOW64\de-DE\sxs.DLL.mui
C:\Windows\SysWOW64\el-GR\sxs.DLL.mui
C:\Windows\SysWOW64\en\sxs.DLL.mui
C:\Windows\SysWOW64\es-ES\sxs.DLL.mui
C:\Windows\SysWOW64\et-EE\sxs.DLL.mui
C:\Windows\SysWOW64\fi-FI\sxs.DLL.mui
C:\Windows\SysWOW64\fr-FR\sxs.DLL.mui
C:\Windows\SysWOW64\he-IL\sxs.DLL.mui
C:\Windows\SysWOW64\hr-HR\sxs.DLL.mui
C:\Windows\SysWOW64\hu-HU\sxs.DLL.mui
C:\Windows\SysWOW64\it-IT\sxs.DLL.mui
C:\Windows\SysWOW64\ja-JP\sxs.DLL.mui
C:\Windows\SysWOW64\ko-KR\sxs.DLL.mui
C:\Windows\SysWOW64\lt-LT\sxs.DLL.mui
C:\Windows\SysWOW64\lv-LV\sxs.DLL.mui
C:\Windows\SysWOW64\nb-NO\sxs.DLL.mui
C:\Windows\SysWOW64\nl-NL\sxs.DLL.mui
C:\Windows\SysWOW64\pl-PL\sxs.DLL.mui
C:\Windows\SysWOW64\pt-BR\sxs.DLL.mui
C:\Windows\SysWOW64\pt-PT\sxs.DLL.mui
C:\Windows\SysWOW64\ro-RO\sxs.DLL.mui
C:\Windows\SysWOW64\ru-RU\sxs.DLL.mui
C:\Windows\SysWOW64\sk-SK\sxs.DLL.mui
C:\Windows\SysWOW64\sl-SI\sxs.DLL.mui
C:\Windows\SysWOW64\sr-Latn-CS\sxs.DLL.mui
C:\Windows\SysWOW64\sv-SE\sxs.DLL.mui
C:\Windows\SysWOW64\th-TH\sxs.DLL.mui
C:\Windows\SysWOW64\tr-TR\sxs.DLL.mui
C:\Windows\SysWOW64\uk-UA\sxs.DLL.mui
C:\Windows\SysWOW64\zh-CN\sxs.DLL.mui
C:\Windows\SysWOW64\zh-HK\sxs.DLL.mui
C:\Windows\SysWOW64\zh-TW\sxs.DLL.mui
C:\Windows\SysWOW64\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\SysWOW64\msiexec.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
C:\Windows\SysWOW64\en\MsiMsg.dll.mui
C:\Users\Administrator\AppData\Local\Temp\
C:\Users\Administrator\AppData\Local\Temp\MSIA3B4.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIA3F3.tmp
C:\Windows\Installer\$PatchCache$\Managed\6881AF797E0D98B439C94A19E17AB9D8
C:\MSI968c8.tmp
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\CustomSetup.dll
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\VeriSign Class 3 Public Primary Certification Authority - G5.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Deterrent.exe
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\gscodesigng3ocsp.crt
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\SymantecClass3_SHA256_CodeSignCA.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\TtcCommon.dll
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\TLD2.DAT
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\TerraPrivacyLLC.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\TerraPrivacySymantec.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\HdetSvc.exe
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\CertUtil\certreq.exe
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\MicrosoftCodeVerifRoot.crt
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\CertImport.cmd
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\TerraPrivacyLLC_EV.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\i386\DriverSetupWfp.exe
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Setup.exe
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\TtcCommon.DLL
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\CertUtil\certcli.dll
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\i386\HdetWfp.sys
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\amd64\HdetWfp.sys
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\CertUtil\certadm.dll
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\HdetWfp.inf
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\HdetBanner.jpg
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\gscodesignsha2g3ocsp.crt
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\GlobalSign_code_sign.crt
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\r1cross.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\GlobalSign Root CA.crt
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\unmanaged.dll
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\ms_auth_root_2010.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\CertUtil\certutil.exe
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\Certs\TerraPrivacyLLC-SHA1.cer
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\HdetWfpPkg.tag
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\MainIcon.ico
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\hdetwfp_amd64.cat
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\ttcsymbols.ttf
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\amd64\DriverSetupWfp.exe
C:\Program Files (x86)\Terra Privacy LLC\Hacker Deterrent Pro\hdetwfp_x86.cat
C:\Windows\SysWOW64\en-US\USER32.dll.mui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hacker Deterrent.lnk
C:\Users\Public\Desktop\Hacker Deterrent.lnk
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E55FEB142F566DFBD0ED964FAB94545
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
C:\Windows\win.ini
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E55FEB142F566DFBD0ED964FAB94545
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\Administrator\AppData\Local\Temp\MSI968c9.LOG
C:\Users\Administrator\AppData\Local\Temp\hacker-defense-pro-hdp0100-beta-1a-w8.msi
C:\Windows\SysWOW64\msimsg.dll
C:\Windows\SysWOW64\en-US\MsiMsg.dll.mui
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Windows\Fonts\staticcache.dat
C:\Windows\SysWOW64\en-US\WINHTTP.dll.mui
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0766DB9AB186806BB9A6B6802D3BA734
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0766DB9AB186806BB9A6B6802D3BA734
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\AppPatch\msimain.sdb
C:\Windows\SysWOW64\sxs.dll
C:\Windows\SysWOW64\en-US\sxs.DLL.mui
C:\Windows\SysWOW64\ar-SA\sxs.DLL.mui
C:\Windows\SysWOW64\bg-BG\sxs.DLL.mui
C:\Windows\SysWOW64\cs-CZ\sxs.DLL.mui
C:\Windows\SysWOW64\da-DK\sxs.DLL.mui
C:\Windows\SysWOW64\de-DE\sxs.DLL.mui
C:\Windows\SysWOW64\el-GR\sxs.DLL.mui
C:\Windows\SysWOW64\en\sxs.DLL.mui
C:\Windows\SysWOW64\es-ES\sxs.DLL.mui
C:\Windows\SysWOW64\et-EE\sxs.DLL.mui
C:\Windows\SysWOW64\fi-FI\sxs.DLL.mui
C:\Windows\SysWOW64\fr-FR\sxs.DLL.mui
C:\Windows\SysWOW64\he-IL\sxs.DLL.mui
C:\Windows\SysWOW64\hr-HR\sxs.DLL.mui
C:\Windows\SysWOW64\hu-HU\sxs.DLL.mui
C:\Windows\SysWOW64\it-IT\sxs.DLL.mui
C:\Windows\SysWOW64\ja-JP\sxs.DLL.mui
C:\Windows\SysWOW64\ko-KR\sxs.DLL.mui
C:\Windows\SysWOW64\lt-LT\sxs.DLL.mui
C:\Windows\SysWOW64\lv-LV\sxs.DLL.mui
C:\Windows\SysWOW64\nb-NO\sxs.DLL.mui
C:\Windows\SysWOW64\nl-NL\sxs.DLL.mui
C:\Windows\SysWOW64\pl-PL\sxs.DLL.mui
C:\Windows\SysWOW64\pt-BR\sxs.DLL.mui
C:\Windows\SysWOW64\pt-PT\sxs.DLL.mui
C:\Windows\SysWOW64\ro-RO\sxs.DLL.mui
C:\Windows\SysWOW64\ru-RU\sxs.DLL.mui
C:\Windows\SysWOW64\sk-SK\sxs.DLL.mui
C:\Windows\SysWOW64\sl-SI\sxs.DLL.mui
C:\Windows\SysWOW64\sr-Latn-CS\sxs.DLL.mui
C:\Windows\SysWOW64\sv-SE\sxs.DLL.mui
C:\Windows\SysWOW64\th-TH\sxs.DLL.mui
C:\Windows\SysWOW64\tr-TR\sxs.DLL.mui
C:\Windows\SysWOW64\uk-UA\sxs.DLL.mui
C:\Windows\SysWOW64\zh-CN\sxs.DLL.mui
C:\Windows\SysWOW64\zh-HK\sxs.DLL.mui
C:\Windows\SysWOW64\zh-TW\sxs.DLL.mui
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\SysWOW64\msiexec.exe.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
C:\Windows\SysWOW64\en\MsiMsg.dll.mui
C:\Users\Administrator\AppData\Local\Temp\MSIA3B4.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIA3F3.tmp
C:\Windows\SysWOW64\en-US\USER32.dll.mui
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E55FEB142F566DFBD0ED964FAB94545
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
C:\Windows\win.ini
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E55FEB142F566DFBD0ED964FAB94545
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0766DB9AB186806BB9A6B6802D3BA734
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0766DB9AB186806BB9A6B6802D3BA734
C:\Users\Administrator\AppData\Local\Temp\MSIA3B4.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIA3F3.tmp
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_864411D0D51960A9AC59CAD1E36DC6E8
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8E55FEB142F566DFBD0ED964FAB94545
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8E55FEB142F566DFBD0ED964FAB94545
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
C:\Users\Administrator\AppData\Local\Temp\MSI968c9.LOG
C:\Users\Administrator\AppData\Local\Temp\MSIA3B4.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIA3F3.tmp
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\6881AF797E0D98B439C94A19E17AB9D8
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\6881AF797E0D98B439C94A19E17AB9D8
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\6881AF797E0D98B439C94A19E17AB9D8
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\msiexec.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109030000000000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109030000000000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109030000000000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109030000000000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109030000000000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\000021091A0090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\000021091A0090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\000021091A0090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021091A0090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021091A0090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109411090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109411090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109411090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109411090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109411090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109440090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109440090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109440090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109440090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109440090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109510090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109510090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109510090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109510090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109510090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109511090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109511090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109511090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109511090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109511090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109610090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109610090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109610090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109610090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109610090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109611090400100000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109611090400100000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109611090400100000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109611090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109611090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109711090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109711090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109711090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109711090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109711090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109810090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109810090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109810090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109810090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109810090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109910090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109910090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109910090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109910090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109910090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109A10090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109A10090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109A10090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109A20000000100000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109A20000000100000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109A20000000100000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20000000100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20000000100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109A20090400100000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109A20090400100000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109A20090400100000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109AB0090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109AB0090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109AB0090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109AB0090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109AB0090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109B10090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109B10090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109B10090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109B10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109B10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109C20090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109C20090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109C20090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109C20090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109C20090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109E60090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109E60090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109E60090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109E60090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109E60090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109F10090400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109F10090400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109F10090400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109F100A0C00000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109F100A0C00000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109F100A0C00000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100A0C00000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100A0C00000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\00002109F100C0400000000000F01FEC
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\00002109F100C0400000000000F01FEC
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\00002109F100C0400000000000F01FEC
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100C0400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100C0400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\3ECDCD77DED23F261845507E5474D270
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\3ECDCD77DED23F261845507E5474D270
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\4EA42A62D9304AC4784BF238120700FF
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\4EA42A62D9304AC4784BF238120700FF
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\4F4A3A23297B6D117AA8000B0D710000
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\4F4A3A23297B6D117AA8000B0D710000
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\68AB67CA7DA73301B7449A0000000010
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\68AB67CA7DA73301B7449A0000000010
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\8663020007180A44EB446B23AFD487F0
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\8663020007180A44EB446B23AFD487F0
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\C28643E881181F13CBC489DC69571E2C
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\C28643E881181F13CBC489DC69571E2C
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\InstanceType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\Products\F60730A4A66673047777F5728467D401
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\Products\F60730A4A66673047777F5728467D401
HKEY_LOCAL_MACHINE\Software\Classes\Installer\Products\F60730A4A66673047777F5728467D401
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\InstanceType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2555225716-619377114-2949403143-500
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2555225716-619377114-2949403143-500\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\Interface\{000C101C-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101C-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{000C103E-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\TreatAs
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InprocHandler
HKEY_CLASSES_ROOT\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6881AF797E0D98B439C94A19E17AB9D8\InstallProperties
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\{97fa1886-d0e7-4b89-939c-a4911ea79b8d}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\0409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\AdvancedInstallers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\com
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Dism
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\drivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\DriverStore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\FxsTmp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicyUsers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\icsxml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\IME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\inetsrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\InstallShield
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\LogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\manifeststore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migwiz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Msdtc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\MUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NDF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NetworkList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oobe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Printing_Admin_Scripts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ras
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Recovery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\restore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Setup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\slmgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Speech
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\spp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sppui
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sysprep
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Wat
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wbem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WCN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wdi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WindowsPowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\winrm
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Registry Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Relative Files
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Target Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_CURRENT_USER\Software\Classes\Interface\{000C1033-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C1033-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C1033-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{000C1025-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C1025-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C1025-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000401
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000402
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000404
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000405
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000406
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000407
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000408
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000409
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040d
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000040f
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000410
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000411
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000412
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000413
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000414
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000415
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000416
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000418
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000419
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041d
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000041f
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000420
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000422
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000423
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000424
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000425
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000426
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000427
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000428
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000429
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000042f
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000432
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000437
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000438
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000439
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000043a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000043b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000043f
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000440
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000442
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000444
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000445
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000446
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000447
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000448
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000449
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000044a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000044b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000044c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000044d
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000044e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000450
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000451
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000452
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000453
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000454
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000045a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000045b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000461
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000463
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000465
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000468
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000046a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000046c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000046d
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000046e
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000046f
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000470
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000480
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000481
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000485
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000488
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000804
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000807
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000809
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000080a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000080c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000813
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000816
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000081a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000082c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000083b
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000843
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000850
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000085d
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000c04
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000c0c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000c1a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001009
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000100c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001404
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00001809
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0000201a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010401
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010401\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010402
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010405
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010405\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010407
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010407\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001040a
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001040a\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001040e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001040e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010410\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010415
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010415\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010416
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010416\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010418
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010418\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010419
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010419\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001041b
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001041b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001041e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001041e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001041f
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001041f\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010426
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010426\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010427
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010427\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001042b
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001042b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001042e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001042e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001042f
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001042f\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010437
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010437\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010439
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010439\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001043a
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001043a\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001043b
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001043b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010445
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010445\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001045a
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001045a\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001045b
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001045b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001045d
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001045d\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010465
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010465\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00010480
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010480\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001080c
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001080c\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0001083b
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001083b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00011009
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00011009\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00011809
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00011809\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020401
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020401\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020402
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020405
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020405\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020418
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020418\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0002041e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0002041e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020422
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020422\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020427
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020427\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0002042e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0002042e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020437
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020437\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00020445
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020445\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0002083b
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0002083b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00030402
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00030402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00030408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00030408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00030409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00030409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\0003041e
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0003041e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00040402
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00040402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00040408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00040408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00040409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00040409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00050408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00050408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00050409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00050409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00060408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00060408\layout id
HKEY_CURRENT_USER\Software\Microsoft\CTF\LayoutIcon\0409\00020409
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-2555225716-619377114-2949403143-500\Installer\UpgradeCodes\6842A227CF25F504E8B9992D75756C69
HKEY_USERS\S-1-5-21-2555225716-619377114-2949403143-500\Software\Microsoft\Installer\UpgradeCodes\6842A227CF25F504E8B9992D75756C69
HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\6842A227CF25F504E8B9992D75756C69
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure
HKEY_CURRENT_USER\Software\Classes\Interface\{000C101D-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109030000000000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109030000000000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021091A0090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\000021091A0090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109411090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109411090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109440090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109440090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109510090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109510090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109511090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109511090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109610090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109610090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109611090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109611090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109711090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109711090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109810090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109810090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109910090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109910090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20000000100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20000000100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20090400100000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109A20090400100000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109AB0090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109AB0090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109B10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109B10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109C20090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109C20090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109E60090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109E60090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F10090400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F10090400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100A0C00000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100A0C00000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100C0400000000000F01FEC\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\00002109F100C0400000000000F01FEC\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3ECDCD77DED23F261845507E5474D270\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4EA42A62D9304AC4784BF238120700FF\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4F4A3A23297B6D117AA8000B0D710000\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5FD4CC3C5A9372041B63B2E3F1A56B2E\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\68AB67CA7DA73301B7449A0000000010\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8663020007180A44EB446B23AFD487F0\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C28643E881181F13CBC489DC69571E2C\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\DFC90B5F2B0FFA63D84FD16F6BF37C4B\InstanceType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\PackageCode
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401\InstanceType
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2555225716-619377114-2949403143-500\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C101D-0000-0000-C000-000000000046}\DllVersion\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\..
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\0409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\AdvancedInstallers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\catroot2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\com
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Dism
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\drivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\DriverStore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\FxsTmp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\GroupPolicyUsers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\icsxml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\IME
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\inetsrv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\InstallShield
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\LogFiles
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\manifeststore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\migwiz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Msdtc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\MUI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NDF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\NetworkList
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oobe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Printing_Admin_Scripts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ras
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Recovery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\restore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Setup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\slmgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Speech
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\spp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sppui
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sysprep
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Tasks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Wat
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wbem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WCN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wdi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\WindowsPowerShell
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\winrm
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\msi.dll\{462EF42B-ABA4-4eac-9843-9EED260F54D0}\Target Version
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RegisteredOrganization
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
HKEY_CURRENT_USER\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C1033-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C1025-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010401\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010405\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010407\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001040a\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001040e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010410\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010415\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010416\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010418\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010419\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001041b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001041e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001041f\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010426\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010427\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001042b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001042e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001042f\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010437\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010439\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001043a\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001043b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010445\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001045a\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001045b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001045d\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010465\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00010480\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001080c\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0001083b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00011009\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00011809\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020401\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020405\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020418\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0002041e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020422\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020427\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0002042e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020437\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00020445\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0002083b\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00030402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00030408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00030409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\0003041e\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00040402\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00040408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00040409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00050408\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00050409\layout id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Keyboard Layouts\00060408\layout id
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInset
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\DragMinDist
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollDelay
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\ScrollInterval
HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C101D-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
cryptsp.dll.CryptAcquireContextW
cryptsp.dll.CryptGenRandom
ole32.dll.CoGetMalloc
comctl32.dll.InitCommonControlsEx
kernel32.dll.GetSystemWow64DirectoryW
kernel32.dll.GetThreadPreferredUILanguages
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
dwmapi.dll.DwmIsCompositionEnabled
comctl32.dll.RegisterClassNameW
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
uxtheme.dll.GetThemeBool
uxtheme.dll.GetThemeInt
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
cryptbase.dll.SystemFunction036
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
shell32.dll.SHGetPropertyStoreForWindow
ole32.dll.CoTaskMemAlloc
propsys.dll.PSStringFromPropertyKey
propsys.dll.PropVariantToString
oleaut32.dll.#6
gdi32.dll.GetLayout
gdi32.dll.GdiRealizationInfo
gdi32.dll.FontIsLinked
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
gdi32.dll.GetTextFaceAliasW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
gdi32.dll.GetFontAssocStatus
advapi32.dll.RegQueryValueExA
advapi32.dll.RegEnumKeyExW
gdi32.dll.GdiIsMetaPrintDC
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BufferedPaintRenderAnimation
uxtheme.dll.GetThemeTransitionDuration
uxtheme.dll.BeginBufferedAnimation
uxtheme.dll.IsThemeBackgroundPartiallyTransparent
uxtheme.dll.DrawThemeParentBackground
uxtheme.dll.DrawThemeBackground
uxtheme.dll.GetThemeBackgroundContentRect
uxtheme.dll.DrawThemeText
uxtheme.dll.EndBufferedAnimation
ole32.dll.CoInitialize
netapi32.dll.NetGetJoinInformation
netapi32.dll.NetApiBufferFree
uxtheme.dll.BufferedPaintStopAllAnimations
kernel32.dll.GetFileAttributesExW
advapi32.dll.CreateWellKnownSid
advapi32.dll.CheckTokenMembership
advapi32.dll.SaferiChangeRegistryScope
advapi32.dll.SaferIdentifyLevel
winhttp.dll.WinHttpOpen
winhttp.dll.WinHttpSetTimeouts
winhttp.dll.WinHttpSetOption
winhttp.dll.WinHttpCrackUrl
shlwapi.dll.StrCmpNW
winhttp.dll.WinHttpConnect
winhttp.dll.WinHttpOpenRequest
winhttp.dll.WinHttpGetDefaultProxyConfiguration
winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
ole32.dll.StringFromIID
nsi.dll.NsiAllocateAndGetTable
cfgmgr32.dll.CM_Open_Class_Key_ExW
iphlpapi.dll.ConvertInterfaceGuidToLuid
iphlpapi.dll.GetIfEntry2
iphlpapi.dll.GetIpForwardTable2
iphlpapi.dll.GetIpNetEntry2
iphlpapi.dll.FreeMibTable
ole32.dll.CoTaskMemFree
nsi.dll.NsiFreeTable
oleaut32.dll.#500
winhttp.dll.WinHttpGetProxyForUrl
winhttp.dll.WinHttpTimeFromSystemTime
winhttp.dll.WinHttpSendRequest
ws2_32.dll.GetAddrInfoW
ws2_32.dll.WSASocketW
ws2_32.dll.#2
ws2_32.dll.#21
ws2_32.dll.#9
ws2_32.dll.WSAIoctl
ws2_32.dll.FreeAddrInfoW
ws2_32.dll.#6
ws2_32.dll.#5
ws2_32.dll.WSARecv
ws2_32.dll.WSASend
winhttp.dll.WinHttpReceiveResponse
winhttp.dll.WinHttpQueryHeaders
shlwapi.dll.StrStrIW
winhttp.dll.WinHttpQueryDataAvailable
winhttp.dll.WinHttpReadData
winhttp.dll.WinHttpCloseHandle
rpcrt4.dll.RpcBindingFree
advapi32.dll.SaferGetLevelInformation
advapi32.dll.SaferCloseLevel
ole32.dll.CoCreateInstance
ole32.dll.CoQueryProxyBlanket
msi.dll.DllGetClassObject
msi.dll.DllCanUnloadNow
ole32.dll.CoSetProxyBlanket
apphelp.dll.ApphelpGetMsiProperties
apphelp.dll.SdbInitDatabase
apphelp.dll.SdbFindFirstMsiPackage_Str
apphelp.dll.SdbReleaseDatabase
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
mscoree.dll.GetCORSystemDirectory
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll.GetCORSystemDirectory_RetAddr
shlwapi.dll.UrlIsW
kernel32.dll.GetSystemWindowsDirectoryW
shell32.dll.SHGetFolderPathW
shell32.dll.DllGetVersion
kernel32.dll.GetNativeSystemInfo
ntdll.dll.NtQuerySystemInformation
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.CheckElevationEnabled
msihnd.dll.DllGetClassObject
kernel32.dll.GetUserDefaultUILanguage
ntdll.dll.NtMapViewOfSection
ntdll.dll.RtlImageNtHeaderEx
kernel32.dll.GetEnvironmentStringsW
ole32.dll.CoIsHandlerConnected
kernel32.dll.FreeEnvironmentStringsW
user32.dll.AllowSetForegroundWindow
rpcrt4.dll.I_RpcBindingInqLocalClientPID
user32.dll.ChangeWindowMessageFilterEx
uxtheme.dll.GetThemeColor
uxtheme.dll.GetThemeMargins
uxtheme.dll.GetThemeFont
uxtheme.dll.GetThemeTextExtent
gdi32.dll.GetTextExtentExPointWPri
oleaut32.dll.SysAllocString
oleaut32.dll.SysStringLen
oleaut32.dll.SysFreeString
dwmapi.dll.DwmSetWindowAttribute
uxtheme.dll.CloseThemeData
uxtheme.dll.BufferedPaintUnInit
uxtheme.dll.GetThemePartSize
uxtheme.dll.DrawThemeParentBackgroundEx
kernel32.dll.SetThreadExecutionState
uxtheme.dll.GetThemeEnumValue
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.EndBufferedPaint
Local\MSCTF.Asm.MutexDefault1
Global\_MSIExecute
No static analysis available.
?dA/B6H
C1A5G
Windows Installer
Intel;1033
{442EB01E-64F4-4839-9F54-9672B393A6FC}
Hacker Deterrent Pro
Terra Privacy LLC
DhE7G
A7CrD
B4FhD&B
.text
`.data
.idata
@.rsrc
@.reloc
8DecodePointer
EncodePointer
InstallUtilLib.dll: Unknown error in %S (0x%x).
mscoree.dll
CLRCreateInstance
GetRequestedRuntimeInfo
SHCreateStreamOnFileW
shlwapi.dll
ClrCreateManagedInstance
(null)
`h````
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
InstallUtilLib.pdb
uTVWhEa
SVWUj
InstallUtilLib.dll
_DecodePointerInternal@4
_EncodePointerInternal@4
ManagedInstall
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
GetProcAddress
LoadLibraryW
InterlockedCompareExchange
FreeLibrary
SwitchToThread
InterlockedExchange
LocalAlloc
lstrlenW
GetLastError
MultiByteToWideChar
LocalFree
FormatMessageW
LoadLibraryA
SetErrorMode
KERNEL32.dll
MessageBoxW
USER32.dll
OLEAUT32.dll
msi.dll
CorBindToRuntimeHost
ClrCreateManagedInstance
mscoree.dll
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
GetModuleFileNameW
RtlUnwind
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
HeapSize
CreateFileW
CloseHandle
FlushFileBuffers
;(;H;
ExE(H
DrDhD7H
=$D(H
ErE<H
B4FhD&B
;J;U=
.text
`.data
.rsrc
@.reloc
Software\Microsoft\NET Framework Setup\NDP\v3.%lu%s
SOFTWARE\Microsoft\NET Framework Setup\DotNetClient\v3.5
Software\Microsoft\NET Framework Setup\NDP
kernel32
IsWow64Process
Attach Debugger To Me
SetTARGETSITE
TargetVersion
%s\v%d\%s
GatherWebSites
GatherAppPools
SetTARGETAPPPOOL
SetTARGETIISPATH
<supportedRuntime version="
<startup>
VsdLaunchConditions
GatherRegisterAspNetProperties
-norestart -sn
-iru
RegisterAspNet
CreateAppRoots
EvaluateURLs
EvaluateURLsMB
EvaluateURLsNoFail
mscoree.dll
GetRequestedRuntimeInfo
CorBindToRuntime
InstallSuccess
\Setup
%lu.%lu
v%lu.%lu
Install
\MSCOREE.dll
CheckFX
RollbackApplyWebFolderProperties
GatherWebFolderProperties
ApplyWebFolderProperties
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
CLSID
AppID
Delete
NoRemove
ForceRemove
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
(null)
`h````
Abad exception
Abad allocation
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__eabi
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
AUnknown exception
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
VSD_FORCE_ANSI
TYPELIB
ARegOpenKeyTransactedA
Advapi32.dll
RegCreateKeyTransactedA
RegDeleteKeyTransactedA
RegDeleteKeyExA
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Ayuml
yacute
ugrave
ucirc
uacute
thorn
szlig
otilde
oslash
ograve
ocirc
oacute
ntilde
igrave
icirc
iacute
egrave
ecirc
eacute
ccedil
atilde
aring
agrave
aelig
acirc
aacute
Yacute
Ugrave
Ucirc
Uacute
THORN
Otilde
Oslash
Ograve
Ocirc
Oacute
Ntilde
Igrave
Icirc
Iacute
Egrave
Ecirc
Eacute
Ccedil
Atilde
Aring
Agrave
Acirc
Aacute
AElig
0123456789abcdef
A%%%02x
SetThreadStackGuarantee
Ae+000
1#QNAN
1#INF
1#IND
1#SNAN
TUUUUU*
@??
DPCA.pdb
SVWUj
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
ADVAPI32.dll
InterlockedCompareExchange
MultiByteToWideChar
lstrlenW
GetLastError
FreeLibrary
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CloseHandle
GetExitCodeProcess
CreateProcessW
WideCharToMultiByte
WriteFile
lstrlenA
LoadLibraryA
SetErrorMode
LoadLibraryExA
GetSystemDirectoryA
KERNEL32.dll
OLEAUT32.dll
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRun
ole32.dll
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
FindWindowW
CharNextA
USER32.dll
ShellExecuteA
SHELL32.dll
msi.dll
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapFree
RaiseException
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapAlloc
IsProcessorFeaturePresent
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
LoadLibraryW
GetModuleFileNameW
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
GetUserDefaultLCID
SetStdHandle
WriteConsoleW
ReadFile
CreateFileW
FlushFileBuffers
GetLocalTime
GetEnvironmentVariableA
GetVersion
FindResourceW
GetEnvironmentVariableW
GetFileAttributesW
GetTempFileNameW
GetTempPathW
LoadLibraryExW
LocalFree
LockResource
LoadResource
SizeofResource
lstrcmpiA
IsDBCSLeadByte
FindResourceA
GetTempFileNameA
GetTempPathA
CreateFileA
GetFileAttributesA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
CustomActions.dll
ApplyWebFolderProperties
CheckFX
CreateAppRoots
EvaluateURLs
EvaluateURLsMB
EvaluateURLsNoFail
GatherAppPools
GatherRegisterAspNetProperties
GatherWebFolderProperties
GatherWebSites
RegisterAspNet
RollbackApplyWebFolderProperties
SetTARGETAPPPOOL
SetTARGETIISPATH
SetTARGETSITE
ToggleNearestAppRoot
VsdLaunchConditions
.?AVCAtlException@ATL@@
.?AV_com_error@@
.?AVtype_info@@
.?AVbad_exception@std@@
.?AVexception@std@@
.?AVbad_alloc@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
>,>0>4>
;$;,;4;<;D;L;
3 3$3(3,303<3@3D3
>">->v?
=#>O>q>
9Q9A;
04080
zw9gj
8D:J9L:N:>B;B
8>B;B
ExE(H
D/;rD'C7CrD
B'C$H
_007C614F1FAE4D67BB99CB7C790E96E8
_044F296434E040819F273DA790F0758E
_0A93AF31B06244B184302667FFB8C7A2
_11110FC3DC2441878334DDD46B1205FE
_1738AF691384425A8D39078F3950B384
_1AD5562886F04E69B6E84809B0A29CB0
_22B744B9DC0B42509F0B848452E7F2D8
_312A9E41E92C4207A40027251F79F72E
_335232B61ED94C7F8BAA77FFF58E4084
_370009048BE34053AC335A764913C338
_3955058832BB4BE59080858D2C49EC25
_418BDD0A57814D29BCBD6EEED090F22A
_464EFBF04FA84B4A89CD12C413DE791E
_4C976AC70A924B40B7BC44AC3C5C8F98
_4F20F0DAC05B42EBBD012FE8B2DE44A1
_553E71D3B3424707968A80DB7E2265DD
_56676753990849A684C3364B6C4EC554
_5B7F2769F7EB4C9E9A8EB0EA7E76532F
_7F8806792CC04DA7A0FB2AE5A3489424
_87FD2877D8584DABA968892A2BB92ED5
_8BA4A59658012AAF4D002C470EB05E6D
_99058C09860143BCA4D14817B82DBD58
_9A4EDEB40FD0474D8EC1A6B8731572B3
_A79188A7A57F426DB2C1E1C88A052223
_A912032900854BB1B851433EC3983F93
_ADEA66CA781B4D5CB4E119CF8B203D01
_B3519CBF8DB54C848C52C4A0BEA50443
_BD43539EAEDF49B495B73E539AFBC7D8
_C12FDA9511104B37BB2DB4C39AB713F6
_D33316ADD0454F21889010D9215043ED
_DFC19A11186E46E8A2113693304B99DE
_E26C16BC2AB547D8ACD534096F724702
_EFC57F330557FE0CAA12068B85DF254B
_F144795FA80447238AA213CCBBE6928F
_F1CED26378D54EB78A02A2BE6A3F12A6
_FD35EA6D1EE44795B39FA1196466A81A
_FE2E8C72A51D4F7981C800300FB07A2F
$|eCM
wM2RQ
pDb:C
wE2y'
hQI:j
L+jKx
B[*!p
``WH?
po[MD
O%P$(h
0w2=G
J`Xhk
GiU79
E+@?4#
/!I)9
z5P"f
g"6%g
6p !Qdx
xv)%C$
+Qf>;
.W:HI
d$JMw.
@nXLf
4pIvZY
s5r&`
e}8z3>A
uVArf
kPR3'(
_wB)2
NRu2g
[{UlS
WM>XZ
M-|Gb^
Q7K5q:
Root Entry
SummaryInformation
kernel32.dll
InstallUtilLib.dll: Unknown error.
.InstallUtilLib.dll:%1!s! (hr=0x%2!08x!): %3!s!
ov4.0.0
ClrCreateManagedInstance
System.Configuration.Install.ManagedInstallerClass,System.Configuration.Install,version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
CorBindToRuntimeHost
MsiGetProperty
CustomActionData
(null)
KERNEL32.DLL
mscoree.dll
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
nruntime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
WUSER32.DLL
CONOUT$
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Managed Installer Object
FileVersion
4.0.30319.33440 built by: FX45W81RTMREL
InternalName
InstallUtilLib.dll
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
InstallUtilLib.dll
ProductName
.NET Framework
ProductVersion
4.0.30319.33440
Comments
Flavor=Retail
PrivateBuild
DDBLD104
VarFileInfo
Translation
SELECT `Directory`, `DefaultDir` FROM `Directory` WHERE `Directory_Parent` = '%s'
SELECT * FROM `%s`
Custom action not implemented.
ToggleNearestAppRoot
Process call was successful.
The error indicates that IIS is in 64 bit mode, while this application is a 32 bit application and thus not compatible.
The error indicates that IIS is in 32 bit mode, while this application is a 64 bit application and thus not compatible.
The error indicates that this version of ASP.NET must first be registered on the machine.
Unknown Error.
The call to aspnet_regiis.exe was failed. Path: '%s'
Process Exit Code: '%ld'.
Create Process failed.
Running process '%s' with parameters '%s' silently...
Access denied.
CoInitializeEx - COM initialization Free Threaded.
CoInitializeEx - COM initialization Apartment Threaded...
VSCADEBUGATTACH
TARGETIISPATH
Root/
TARGETVDIR
TARGETSITE
aspnet_regiis.exe
Path =
Using 64 bit registry key...
Reading registry value Path from key 'HKLM\%s'...
Software\Microsoft\ASP.NET\%s
ProductName
Running show message with fUseMessageBox = %s
FALSE
VSDINVALIDURLMSG
HideFatalErrorForm
Executing URL '%s' with source directory '%s'...
SourceDir
Condition is false.
Condition is true. Nothing more to do.
Evaluating condition '%s'...
Getting the condition to evaluate...
A launch condition has already fired. My work is done here.
Checking a launch condition...
VSDFxConfigFile
Calling WriteFile...
Calling MsiRecordReadStream...
v1.0.3705
Calling MsiRecordDataSize...
Calling MsiViewFetch...
Calling MsiViewExecute...
SELECT `Data` FROM `Binary` WHERE `Name` = 'VSDNETCFG'
Calling MsiDatabaseOpenView...
Calling MsiGetActiveDatabase...
Creating Config File...
v%d.%d
v%d.%d.%d
2.0.50727;
_VsdLaunchCondition
sWEBCA_RegisterAspNet
TARGETASPNETVERSION
Trying 32 bit version of 'aspnet_regiis.exe'...
1.1.4322.0
CustomActionData
TARGETDIR
RESULT: %s
Path not found.
Mapping App Root to hard drive location...
Getting App Root for Url Property: %s
FAILED
Getting Application Name...
Creating at AppRoot '%s'.
Deleting approot at URL '%s'.
Creating approot at URL '%s'.
Update property is not set.
Getting update property...
_Updated
WEB_CA_
_AppRootCreate
_UrlToDir
oWriting config file with version: '%s'...
VSDFXAvailable
v1.1.4322
Calling GetRequestedRuntimeVersion...
false
VSDAllowLaterFrameworkVersions
v2.0.50727
Found GetRequestedRuntimeInfo.
1.0.3705
Could not find GetRequestedRuntimeInfo.
Found CorBindToRuntime.
Getting framework methods...
VSDNETURLMSG
VSDNETMSG
Set VSDNETMSG with the FrameworkVersion.
v3.5.21022
2.0.50727
lClient
Found a version of MSCOREE.DLL
4.0.30319
VSDFrameworkProfile
VSDFrameworkVersion
Xvsdeploy.chm
SELECT `Extension`, `ExePath`, `Verbs` FROM `_AppMappings` WHERE `Directory_` = '%s'
SELECT `Component_` FROM `_AppRootCreate` WHERE `_URLProperty` = '%s'
SELECT `_URLProperty` FROM `_UrlToDir` WHERE `TargetProperty` = '%s'
SELECT * FROM `%s`
Setting IIS Property with SetData...
Not setting the AppIsolated property...
Closing key...
Adding key '%s'.
Opening key '%s'.
Deleting key '%s'
Opening key '%s' to see if it can be deleted...
Failure to get token.
Token is '%s'.
Getting web folder property token...
Property: '%s'
Getting dword IIS Property...
Getting string/multisz IIS Property...
Key path is '%s'.
Extracting the key path from the property...
Marked string is '%s'
Marking escape sequences for'%s'...
Marked string is '%s'.
Marking escape sequences for '%s'.
Data not found while getting IIS property for rollback (ignore above failure).
TARGETAPPPOOL
|"|"|"
No ']' found in the exe path...
Finding ']' in the exe path...
Closing app mappings view...
Fetching app mapping record...
Failed to get the key path from the URL.
Saving metabase data...
Open failed.
Open succeeded.
Failed to create metabase object.
Creating metabase object...
Searching for ',' in '%s'.
Marked app mappings = '%s'.
Marked buffer = '%s'.
Closing key to the directory with CloseKey...
IIsWebVirtualDir
Deleting data for property %ld
Getting METADATA_HANDLE for the directory '%s'.
'%s'.
Splitting property...
CoInitializeEx - COM initialization Apartment Threaded.
RollbackApplyWebFolderProperties
WEBCA_RollbackApplyWebFolderProperties
WEBCA_ApplyWebFolderProperties
_IISProperties
GatherWebFolderProperties
Failed to create metabase object.
ApplyWebFolderProperties
KERNEL32.DLL
mscoree.dll
(null)
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
WUSER32.DLL
CONOUT$
SELECT `_URLProperty` FROM `_UrlToDir` WHERE `TargetProperty` = '%s'
SELECT `Directory_Parent`, `DefaultDir` FROM `Directory` WHERE `Directory` = '%s'
SELECT `_VDirProperty` FROM `_VDirToUrl` WHERE `TargetProperty` = '%s'
%.2i/%.2i/%.4i %.2i:%.2i:%.2i:%.3i
Error formatting the log message.
%-7.7s: [%s] [%-40.40s]: %.512s
ERROR
WARNING
DEBUG
Custom Action completed with return code: '%ld'
Custom Action is starting...
Custom Action succeeded.
Custom Action failed with code: '%ld'
Unknown Custom Action.
TMsiViewExecute - Open Database view on table...
MsiDatabaseOpenViewW - Prepare Database to view table...
Error_DataBase_Does_Not_Exist
Enumerating table using SQL statement: '%s'
Property '%s' retrieved with value '%s'.
MsiGetPropertyW - Getting Property '%s'...
Allocating space...
MsiGetPropertyW - Determine size of property '%s'
MsiSetPropertyW - Setting property '%s' to '%s'.
MsiSetPropertyW - Setting Property Value...
MsiRecordGetStringW - Getting value from column '%ld'...
MsiRecordGetStringW - Fetching value...
MsiRecordGetInteger - Getting value from column '%d'.
MsiGetTargetPathW - Getting Target Path for '%s'.
Memory allocaton failed...
Allocating space for target path...
MsiGetComponentState - %s
MsiDatabaseOpenViewW - Using query '%s'.
Getting AppRoot From Url key '%s'.
AppRoot: '%s'
RootAppRoot: '%s'
RootDirectoryURLProperty: '%s'
DirectoryProperty: '%s'
RootDirectoryProperty: '%s'
INSERT INTO `ComboBox` (`Property`,`Order`,`Value`,`Text`) VALUES (?, ?, ?, ?) TEMPORARY
MsiDatabaseOpenViewW - Using query '
Opening metabase location:
Opening key
Remainder:
Root thus far:
Opening key
Mapping
Calling AppCreate with inprocflag =
with inprocflag =
Calling AppCreate2 at
IIsWebServer
/LM/W3SVC/
IIsApplicationPool
/LM/W3SVC/AppPools
DefaultAppPool
APPID
Classes
REGISTRY
Module_Raw
Module
yacute
ugrave
ucirc
uacute
thorn
szlig
otilde
oslash
ograve
ocirc
oacute
ntilde
igrave
icirc
iacute
egrave
ecirc
eacute
ccedil
atilde
aring
agrave
aelig
acirc
aacute
Yacute
Ugrave
Ucirc
Uacute
THORN
Otilde
Oslash
Ograve
Ocirc
Oacute
Ntilde
Igrave
Icirc
Iacute
Egrave
Ecirc
Eacute
Ccedil
Atilde
Aring
Agrave
Acirc
Aacute
AElig
0123456789abcdef
Failure in DISPID
ekernel32.dll
Software\Microsoft\.NETFramework
sdkInstallRootv2.0
InstallRoot
Version
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Microsoft (R) Visual Studio UrlConvert custom action
FileVersion
10.0.30319.1 built by: RTMRel
InternalName
CustomActions
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
DPCA.DLL
ProductName
2010
ProductVersion
10.0.30319.1
OleSelfRegister
VarFileInfo
Translation
&(*&(*&(*
MsiDigitalSignatureEx
DigitalSignature

Full Results

Antivirus Signature
Bkav Clean
MicroWorld-eScan Clean
nProtect Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
AegisLab Clean
TheHacker Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
TrendMicro-HouseCall Clean
Avast Clean
ClamAV Clean
GData Clean
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Sophos Clean
F-Prot Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
AhnLab-V3 Clean
McAfee Clean
AVware Clean
VBA32 Clean
Zoner Clean
Rising Clean
Yandex Clean
Ikarus Clean
Fortinet Clean
AVG Clean
Panda Clean
Qihoo-360 Clean

Process Tree

  • msiexec.exe 1880 "C:\Windows\system32\msiexec.exe" /I "C:\Users\ADMINI~1\AppData\Local\Temp\hacker-defense-pro-hdp0100-beta-1a-w8.msi"

msiexec.exe, PID: 1880, Parent PID: 1576
Full Path: C:\Windows\SysWOW64\msiexec.exe
Command Line: "C:\Windows\system32\msiexec.exe" /I "C:\Users\ADMINI~1\AppData\Local\Temp\hacker-defense-pro-hdp0100-beta-1a-w8.msi"

Hosts

Direct IP Country Name
Y 8.8.8.8 [VT] unknown
N 66.61.164.153 [VT] unknown
N 23.218.156.26 [VT] unknown
N 23.218.156.17 [VT] unknown
N 198.41.215.186 [VT] unknown
N 198.41.214.185 [VT] unknown
N 129.6.15.29 [VT] unknown
N 104.16.27.216 [VT] unknown
N 104.16.25.216 [VT] unknown

TCP

Source Source Port Destination Destination Port
192.168.56.107 49165 104.16.25.216 ocsp2.globalsign.com 80
192.168.56.107 49173 104.16.27.216 ocsp2.globalsign.com 80
192.168.56.107 49166 198.41.214.185 crl.globalsign.com 80
192.168.56.107 49174 198.41.215.186 crl.globalsign.com 80
192.168.56.107 49186 23.218.156.17 crl.microsoft.com 80
192.168.56.107 49156 23.218.156.26 www.msftncsi.com 80
192.168.56.107 49163 66.61.164.153 www.download.windowsupdate.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.107 123 129.6.15.29 time-b.nist.gov 123
192.168.56.107 137 192.168.56.255 137
192.168.56.107 138 192.168.56.255 138
192.168.56.107 49232 224.0.0.252 5355
192.168.56.107 49334 224.0.0.252 5355
192.168.56.107 49711 224.0.0.252 5355
192.168.56.107 50737 224.0.0.252 5355
192.168.56.107 51375 224.0.0.252 5355
192.168.56.107 52423 224.0.0.252 5355
192.168.56.107 52490 224.0.0.252 5355
192.168.56.107 52628 224.0.0.252 5355
192.168.56.107 52650 224.0.0.252 5355
192.168.56.107 53229 224.0.0.252 5355
192.168.56.107 53905 224.0.0.252 5355
192.168.56.107 54191 224.0.0.252 5355
192.168.56.107 54223 224.0.0.252 5355
192.168.56.107 55665 224.0.0.252 5355
192.168.56.107 57014 224.0.0.252 5355
192.168.56.107 57091 224.0.0.252 5355
192.168.56.107 57515 224.0.0.252 5355
192.168.56.107 57870 224.0.0.252 5355
192.168.56.107 58769 224.0.0.252 5355
192.168.56.107 59390 224.0.0.252 5355
192.168.56.107 59864 224.0.0.252 5355
192.168.56.107 60002 224.0.0.252 5355
192.168.56.107 60348 224.0.0.252 5355
192.168.56.107 60555 224.0.0.252 5355
192.168.56.107 61260 224.0.0.252 5355
192.168.56.107 61557 224.0.0.252 5355
192.168.56.107 61846 224.0.0.252 5355
192.168.56.107 63392 224.0.0.252 5355
192.168.56.107 63514 224.0.0.252 5355
192.168.56.107 64433 224.0.0.252 5355
192.168.56.107 65283 224.0.0.252 5355
192.168.56.107 49636 8.8.8.8 53
192.168.56.107 50636 8.8.8.8 53
192.168.56.107 53365 8.8.8.8 53
192.168.56.107 54453 8.8.8.8 53
192.168.56.107 54480 8.8.8.8 53
192.168.56.107 55470 8.8.8.8 53
192.168.56.107 56330 8.8.8.8 53
192.168.56.107 56478 8.8.8.8 53
192.168.56.107 57701 8.8.8.8 53
192.168.56.107 58042 8.8.8.8 53
192.168.56.107 58201 8.8.8.8 53
192.168.56.107 59566 8.8.8.8 53
192.168.56.107 64247 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
time-b.nist.gov [VT] A 129.6.15.29 [VT] 129.6.15.29 [VT]
teredo.ipv6.microsoft.com [VT] CNAME onpremwindows.ipv6.microsoft.com.akadns.net [VT]
CNAME onpremch2.ipv6.microsoft.com.akadns.net [VT]
A 157.56.149.60 [VT]
65.55.158.118 [VT]
dns.msftncsi.com [VT] A 131.107.255.255 [VT] 131.107.255.255 [VT]
dns.msftncsi.com [VT] AAAA fd3e:4f5a:5b81::1 [VT] 131.107.255.255 [VT]
www.download.windowsupdate.com [VT] A 66.61.164.127 [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
A 66.61.164.153 [VT]
CNAME a767.dspw65.akamai.net [VT]
23.215.99.17 [VT]
ocsp2.globalsign.com [VT] A 104.16.25.216 [VT]
A 104.16.24.216 [VT]
CNAME cdn.globalsigncdn.com [VT]
A 104.16.27.216 [VT]
A 104.16.28.216 [VT]
A 104.16.26.216 [VT]
104.16.25.216 [VT]
crl.globalsign.com [VT] A 198.41.214.185 [VT]
A 198.41.214.186 [VT]
A 198.41.214.187 [VT]
A 198.41.215.183 [VT]
A 198.41.215.182 [VT]
A 198.41.215.185 [VT]
A 198.41.214.183 [VT]
A 198.41.215.184 [VT]
A 198.41.215.186 [VT]
A 198.41.214.184 [VT]
198.41.215.182 [VT]
ocsp.globalsign.com [VT] 104.16.25.216 [VT]
crl.globalsign.net [VT] 198.41.214.186 [VT]
crl.microsoft.com [VT] A 23.218.156.17 [VT]
CNAME a1363.dscg.akamai.net [VT]
CNAME crl.www.ms.akadns.net [VT]
A 23.218.156.10 [VT]
23.218.156.17 [VT]
www.msftncsi.com [VT] A 23.218.156.26 [VT]
CNAME www.msftncsi.com.edgesuite.net [VT]
A 23.218.156.11 [VT]
CNAME a1961.g2.akamai.net [VT]
23.218.156.26 [VT]

HTTP Requests

URI Data
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86402
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 18 Jun 2015 21:27:42 GMT
If-None-Match: "01bdd9bdaad01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://ocsp2.globalsign.com/rootr3/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDkgbagcm0ug%2FJgLUglrN
GET /rootr3/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDkgbagcm0ug%2FJgLUglrN HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com

http://ocsp2.globalsign.com/rootr3/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDkgbagcm0ug%2FJgLUglrN
GET /rootr3/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDkgbagcm0ug%2FJgLUglrN HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com

http://crl.globalsign.com/root-r3.crl
GET /root-r3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.com

http://ocsp2.globalsign.com/gscodesignsha2g3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRKkjBge%2BJXnExRoXTQ63uIpEYZkgQUDzrnrJSRdC2WAnODrZwuST8ZqlQCDHWFh9D%2BVv51B4njEw%3D%3D
GET /gscodesignsha2g3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBRKkjBge%2BJXnExRoXTQ63uIpEYZkgQUDzrnrJSRdC2WAnODrZwuST8ZqlQCDHWFh9D%2BVv51B4njEw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com

http://crl.globalsign.com/gscodesignsha2g3.crl
GET /gscodesignsha2g3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.com

http://ocsp.globalsign.com/ExtendedSSLSHA256CACross/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAASUHHfmv
GET /ExtendedSSLSHA256CACross/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAASUHHfmv HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com

http://crl.globalsign.net/root.crl
GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net

http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
GET /pki/crl/products/CodeSignPCA2.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 16 Apr 2012 23:49:48 GMT
If-None-Match: "0f6669b2b1ccd1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

http://www.msftncsi.com/ncsi.txt
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.
File name MSIA3B4.tmp
Associated Filenames
C:\Users\Administrator\AppData\Local\Temp\MSIA3B4.tmp
C:\Users\Administrator\AppData\Local\Temp\MSIA3F3.tmp
File Size 236872 bytes
File Type PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 0a2626fc9e4e0ca18386c029e9efffd9
SHA1 ac5576497afac2456f485cdb14bf52d895769651
SHA256 97a55524e0bf06419143b1b71778c0ec867716079ab477e8404a0f3125da7dc3
CRC32 B0FED9FF
Ssdeep 3072:Z7PyQaeLAxV9EcU95qWCn7B1kkJQGGhKTWAvdEhMqmc1wtI6M/CoKpixBrnQYaeW:8n3Nn7ByILdEODlcOnlpOuodL+8Y
ClamAV None
Yara None matched
VirusTotal Search for Analysis
Download
JSON Report Download

Comments



No comments posted

Processing ( 4.455 seconds )

  • 2.407 Strings
  • 0.627 NetworkAnalysis
  • 0.567 Static
  • 0.4 VirusTotal
  • 0.382 BehaviorAnalysis
  • 0.054 TargetInfo
  • 0.011 Dropped
  • 0.006 AnalysisInfo
  • 0.001 Debug

Signatures ( 0.185 seconds )

  • 0.036 antiav_detectreg
  • 0.014 infostealer_ftp
  • 0.012 stealth_timeout
  • 0.008 infostealer_im
  • 0.007 api_spamming
  • 0.007 antidbg_windows
  • 0.007 decoy_document
  • 0.007 antianalysis_detectreg
  • 0.007 antiav_detectfile
  • 0.006 antivm_generic_disk
  • 0.006 infostealer_mail
  • 0.005 antivm_generic_services
  • 0.005 antivm_generic_scsi
  • 0.005 infostealer_bitcoin
  • 0.004 bootkit
  • 0.004 mimics_filetime
  • 0.003 reads_self
  • 0.003 stealth_file
  • 0.003 virus
  • 0.003 antivm_vbox_keys
  • 0.002 hancitor_behavior
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 persistence_autorun
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vbox_files
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_xen_keys
  • 0.002 geodo_banking_trojan
  • 0.002 ransomware_files
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 recon_programs
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vpc_keys
  • 0.001 browser_security
  • 0.001 darkcomet_regkeys
  • 0.001 disables_browser_warn
  • 0.001 network_torgateway
  • 0.001 ransomware_extensions
  • 0.001 recon_fingerprint

Reporting ( 0.577 seconds )

  • 0.577 JsonDump
Task ID 6942
Mongo ID 594740f52694ed0c07448036
Cuckoo release 1.3-NG