Analysis
| Category | Package | Started | Completed | Duration | Options | Log(s) |
|---|---|---|---|---|---|---|
| FILE | exe | 2025-06-12 13:18:54 | 2025-06-12 13:50:05 | 1871 seconds | Show Options | Show Analysis Log |
procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1
2024-11-25 13:37:15,803 [root] INFO: Date set to: 20250611T17:26:15, timeout set to: 1800 2025-06-11 18:26:15,112 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad 2025-06-11 18:26:15,112 [root] DEBUG: Storing results at: C:\ZvbKyXZRGS 2025-06-11 18:26:15,112 [root] DEBUG: Pipe server name: \\.\PIPE\SMSdEingq 2025-06-11 18:26:15,112 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32 2025-06-11 18:26:15,127 [root] INFO: analysis running as an admin 2025-06-11 18:26:15,127 [root] INFO: analysis package specified: "exe" 2025-06-11 18:26:15,127 [root] DEBUG: importing analysis package module: "modules.packages.exe"... 2025-06-11 18:26:15,143 [root] DEBUG: imported analysis package "exe" 2025-06-11 18:26:15,143 [root] DEBUG: initializing analysis package "exe"... 2025-06-11 18:26:15,143 [lib.common.common] INFO: wrapping 2025-06-11 18:26:15,143 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation 2025-06-11 18:26:15,143 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\WNetWatcher.exe 2025-06-11 18:26:15,143 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option 2025-06-11 18:26:15,143 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option 2025-06-11 18:26:15,143 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option 2025-06-11 18:26:15,143 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option 2025-06-11 18:26:16,268 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2025-06-11 18:26:16,284 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2025-06-11 18:26:16,315 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2025-06-11 18:26:16,331 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2025-06-11 18:26:16,346 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2025-06-11 18:26:16,346 [lib.api.screenshot] ERROR: No module named 'PIL' 2025-06-11 18:26:16,346 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2025-06-11 18:26:16,346 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2025-06-11 18:26:16,346 [root] DEBUG: Initialized auxiliary module "Browser" 2025-06-11 18:26:16,346 [root] DEBUG: attempting to configure 'Browser' from data 2025-06-11 18:26:16,346 [root] DEBUG: module Browser does not support data configuration, ignoring 2025-06-11 18:26:16,346 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2025-06-11 18:26:16,346 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2025-06-11 18:26:16,346 [root] DEBUG: Initialized auxiliary module "DigiSig" 2025-06-11 18:26:16,346 [root] DEBUG: attempting to configure 'DigiSig' from data 2025-06-11 18:26:16,362 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2025-06-11 18:26:16,362 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2025-06-11 18:26:16,362 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2025-06-11 18:26:37,783 [modules.auxiliary.digisig] DEBUG: File has a valid signature 2025-06-11 18:26:37,783 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2025-06-11 18:26:37,783 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2025-06-11 18:26:37,783 [root] DEBUG: Initialized auxiliary module "Disguise" 2025-06-11 18:26:37,783 [root] DEBUG: attempting to configure 'Disguise' from data 2025-06-11 18:26:37,783 [root] DEBUG: module Disguise does not support data configuration, ignoring 2025-06-11 18:26:37,783 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2025-06-11 18:26:37,783 [modules.auxiliary.disguise] INFO: Disguising GUID to 360275ad-5a38-4351-b7f1-16d7e3a19730 2025-06-11 18:26:37,783 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2025-06-11 18:26:37,783 [root] DEBUG: Initialized auxiliary module "Human" 2025-06-11 18:26:37,783 [root] DEBUG: attempting to configure 'Human' from data 2025-06-11 18:26:37,783 [root] DEBUG: module Human does not support data configuration, ignoring 2025-06-11 18:26:37,783 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2025-06-11 18:26:37,783 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2025-06-11 18:26:37,783 [root] DEBUG: Initialized auxiliary module "Screenshots" 2025-06-11 18:26:37,783 [root] DEBUG: attempting to configure 'Screenshots' from data 2025-06-11 18:26:37,783 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2025-06-11 18:26:37,783 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2025-06-11 18:26:37,783 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2025-06-11 18:26:37,783 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2025-06-11 18:26:37,783 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2025-06-11 18:26:37,783 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2025-06-11 18:26:37,783 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2025-06-11 18:26:37,783 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2025-06-11 18:26:37,783 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696 2025-06-11 18:26:37,862 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini 2025-06-11 18:26:37,862 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor 2025-06-11 18:26:37,862 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor 2025-06-11 18:26:37,862 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor 2025-06-11 18:26:37,862 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor 2025-06-11 18:26:37,862 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor 2025-06-11 18:26:37,862 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor 2025-06-11 18:26:37,877 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\bdrnTF.dll, loader C:\tmpjeo7jmad\bin\ugJfAWah.exe 2025-06-11 18:26:37,972 [root] DEBUG: Loader: IAT patching disabled. 2025-06-11 18:26:37,972 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\bdrnTF.dll. 2025-06-11 18:26:37,987 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'. 2025-06-11 18:26:37,987 [root] INFO: Disabling sleep skipping. 2025-06-11 18:26:37,987 [root] DEBUG: 696: Full process memory dumps enabled. 2025-06-11 18:26:37,987 [root] DEBUG: 696: Import reconstruction of process dumps enabled. 2025-06-11 18:26:37,987 [root] DEBUG: 696: Active unpacking of payloads enabled 2025-06-11 18:26:37,987 [root] DEBUG: 696: CAPE debug - unrecognised key norefer. 2025-06-11 18:26:38,002 [root] DEBUG: 696: TLS secret dump mode enabled. 2025-06-11 18:26:38,002 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542 2025-06-11 18:26:38,002 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable 2025-06-11 18:26:38,018 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0 2025-06-11 18:26:38,018 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF822E30000, thread 4888, image base 0x00007FF60D500000, stack from 0x0000008EFABF4000-0x0000008EFAC00000 2025-06-11 18:26:38,018 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe 2025-06-11 18:26:38,034 [root] DEBUG: 696: Hooked 5 out of 5 functions 2025-06-11 18:26:38,034 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread. 2025-06-11 18:26:38,034 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\bdrnTF.dll. 2025-06-11 18:26:38,034 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe> 2025-06-11 18:26:38 <truncated>
Machine
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10-2 | win10-2 | KVM | 2025-06-12 13:18:54 | 2025-06-12 13:49:45 | none |
File Details
| File Name |
WNetWatcher.exe
|
|---|---|
| File Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| File Size | 412024 bytes |
| MD5 | 4c4266123dd3488754d3aa35747393e4 |
| SHA1 | fe4f3f96896913905eddd326d0e11e4ac1a3c7b1 |
| SHA256 | 5516ad3025bbb362953932825e18f6e59f14b3c15516b8834757398be80afe90 [VT] [MWDB] [Bazaar] |
| SHA3-384 | c0d554ee4ce5504f4633e321420c520dcf93d1867a343946301c73d1b594511d425a1748faa07c5cecb25e3ff6f8136c |
| CRC32 | F9694040 |
| TLSH | T169942340F720315CFDDA2CF69944AF1B1B60B515B58A82B734B82923BC63A4139EE56F |
| Ssdeep | 12288:ViQniD2J8i+gQJ/rdAKp0lD2mczcCZhMWgr+Nxo/Q88UIAY:2Di8i+3J/rd1qlD2fzcOMWgyNS+UIAY |
| PE | File Strings BinGraph Vba2Graph VirusTotal |
blMDB
V!77Y
jS}cM
Achgc
=7OB^
`w6uB
a.hUBjQ
%USERTrust RSA Certification Authority
Y%52h
?b;_w
cfti2t
'%a,$*
7QPy&
dl_=a
{BV7x
CXFJ*
|'CL8v
ep*9WHW
a}+Fb5\
EFyVRx
`P()u
lOs2F
'#72L
9KKh)
KZ 3!u
v!pK}M
wcslw2qp
K SFko,
0JcWDf
1Z/#5'N
a72149
ilA1EI
PHOTO"@
MD501
DL,WNS
VG9B)Y0
`N/(z
5AG2AE}Pk
b] Ql
DW9A@
'+8gX
0CT`T
yLezu
K[ ]Q
V!08Y7l
!A{t6
n5TPS
Mmyke
=w3Eho?jm<
G$|(0/Roy
D.S)m
8 m1iB
BsIa%
4Vc-dJl
bajQ;
9))Aq*
+Dj6HL
"qP[0
ospGa
Gte5fiT
,0yFC@ga`
6.Bc6
`qwyEy
\318k4
7_@f.r
o=4,n
axSAS
Y5QzIGX
"{1{JV
BDfPRE+
0AKD[
D"lQ*
-C),/
[-%A2
FF8I65
z=(Jip
mciSendStringW
%<`O"
+A0K%b=
deaA3a
)6(E$
$#aCa5Q
Ci&TG
F{kMI
%a$bw
)[ffx6
o7%BBEI
IZPac
qA6}DZ
*Jaqv
BMI-,LY
s}Di1
6492R
Hl`eo
l2W96
p0-U0i
P`{Z)
>miVBP
vVB)1
EsmPg
360%&
MIfMMU
SJhZy
p [/TH
$iE!u
"4-%E
gjhM[
<%<Kb
_72W[
rqCaA
.C/HA
0/CaB
#s[WD6
5X".T8
^s"4qSZ
3ZVR2
|'7S0
0BSkyBg
%5aNu
1$`K"gE9
mPRs:
@$O]p$
A*P@S
3ne58
M,VNu
comdlg32.dll
EKpexX
SYI3$10A
;OaEa
.e3Am
kT=:Z
M=XLSK8
yq']K7q
.&I95B
,9TCZ
LCc86
cbjKY
L lq[i
040904b0
8;`<c%
]@+lO1
1UfW?QQ
+2$NB
sdn-sW
190909000000Z
frFQb
5LSYM'
vu/125
_4QSk
Z6F1<B
?hHUR
181102000000Z
|g~}.
NubHtry[
0^m!|
PHv2R
HR-H0SE<
.F79i2
5$5qS
KpK0n
F)#R3[x
*#Gl\pqPr{
j%PkSd
:pXC
yV'uP.
#R98U,
p/8FX%
hMt0:n
KEhl=S
iP#:kA
)N<d<
Ak1%9
_A7OLm
fGgthHWD
ZG'rjA
r!*s=-1O
KERNEL32.DLL
0^"07#
-AD4R
9m2 R "sv
BMBJR!
fVwEZ
k@=qn
dxBEyJ'L
a-T S
R&7DhM,
-gYIC
3DP5@
x@dPAD
HtFW&"1i8
V^CDH)X52A
TRO-MhANICS(T
r-OHap
RW/6[9K
EEaFG\
Jstsf
iw=2Z
iw-`7
sO>Z0t<Mi
7MvBFb{
X94C8
HXGHFg
0l76#v
WS2_32.dll
QA}L^
40,(i|.
i6#aw"
C;y|s
XQBl7
mX!/S2W
xD8CS
MXTC:
b{9D.
Qt-P,
88 NRXhA<9_X
G2x=H
KTFK7
kp'/Oxy
eeUwiA`K0?E4
B}hLE*W
fuA`X:
\5=6"
q/E5a
0?DZ&
5{9Xy
eA2(mx
UJ+=Q
KOBVA
E3.0a5
>ZUHvb
L+7mVQ
PVW!9O
Bo^E\
-bkb7
EkM308C
%kyFr
E3k-F
S0Q!0P
xOKb]
6bmnv
%88D9v
#pELp
~j\P>6
ZVND:0}
XZl[}
eW)\
zs4Kz
@+3$)
8k_35
JcIA.
|9CQ5
a@XmH
vE+,um-
7endAR
:0mjC
[8m2cu
QV! }
d&ftvj
xLPWAAYX
3{-MqAM
Qc@<B"X&
ypy)49P$
Sectigo RSA Time Stamping CA0
=lfO=
FkM_tMTN
@@< t
.R.LX
= D?uJ
aF[D1
`Rich
8EkA,
8HXYS
"dD)%
So]09uL
3L Xik^ac
8(qpvt
F70D7l
%3E3ER
U7=DQ
ECHNOLOGIES
17DA%1
Aruba,h Hew+
\`VIi
'N pH
P(pX4:
lyE7A
zgaB (
+N]-'
p^Fk7
B3VS1>
NTJ3m
P@k!jx
g?\Apl
8muUK
X+"J8
s}^1l"
)564G6
2011 - 2022 Nir Sofer
''49RV
9DWCC0t
1lqBu
-\4nBW
3/AGKYU
-8JXR
BaseNameWFn
$9xU4lV
Vu2C` I
R#(9/
$V\*&2
LoadLibraryA
SOFT6^P"W
5Vm^V
J[Oxl5
8MZJH<
8sE1x3
ny(t]!$OK
th5FF
6]3u\
QI{>D
yIF`$%
Z1&}_
vJ|DN
PH9J<
DaBXK
pQCEHS
PD6;Fsu
zDDoS-
,i^2Yr
CE;<-X
1t9MJ
jcd./h
9I",A`
FKXOFC,
L<TIFc
1hLU)
5`&\F
Se` (
W&DJ~
fO17kj1
-gyQb
NC/$,$FQ
mt^Ju~
Njp-e
3Y3=ss$c
h$m=cQl
A5 )6=A
3BpOs
09~XD*+
*gzCX
ruZ q
U-YX&
OUbhu
WF3,m
^.o 3
8PiBaVD
udg7~
EFV5)
DlW x)
Oay)+Ao
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
nze[_
Ed$Sk
-7,ch5
WIOItTm
FAW18
jAxa6
/8Ada
1%aBD7
1dL&9
$)6R1y
5u75H
~t3Ce
>DSL;
6.A[Q
9FyG7
106.*\
eS17pq
'jIW1
9'Yaoji(
|",P[
N~Ve1
d3Mx,jq
&{ mZS
V9Pg!/0
5411;
GDUtOVODOY
gJDU`S
GCstA
ZET80S
xHHl$
Dk3NT
eo$QO
&QZhK
9AHefT
Y&uDv
AX_q&
AS{1u
46cpIC
s2@`<
301231235959Z0|1
AT|ys2
LT,LNsW
PJ\%`vf
^'C+g
VF5IB
D|CT2
xK/0E
Fx#6sX
S+'r4W
Yu8B]hQ=BO.Tje8
H}z^D
Rk0 33B
o6b6(k=Bs2v
bau[h
$R.YT!
!*ew.i
_t.p.A
!0WW7
&M*iiT1bu+m)7
S1.`ca
k8C^X
AxLxMN7
I0G0E
5C=%^
+9uZ:
@HtX)
@#VOIc$<ge
5``$aF{
l=j`Cb
rr:r2eA)
B`YK3
">W0qAA
0l2UICT
FOa"OC
4qY(Le'&
Hop158
8VZ z
an3FqEU
*AhdC
@!hog
J+BC6
hek6B,zc
http://ocsp.usertrust.com0
jyUDZxXX
sWow64P[K
$oH3`
$qVT-
i:4 8M
udMi'
jNBZ
tu"Vmp
dJCF-
w6q@(
V=Hyo
J[_'E
7N8S|
m-u-t
""WTQ#L
As1H)
ZTpP&
,KF*3
201023000000Z
4Z<BE
:EROlC
-\XYy
]S|6*i
4<h+CP@
Q)ppc3
S&0'd:
`ve#]
X0-j)1X
$GJQO
i@tV!
(LPA7
EhB/mJ
p259>]
tXhkK
:`hk4/
`/YE--/
;l<^g|@
s*h$;@Ps[#
PhM$-Z
E8[)3)
851%=
_G{/A
/Da,
1HIM1
:(q%E
En|r\
1+@[b%U
FileDescription
`F343
F`hY-!qK
qh~Ek=
15QmJXx]Y
9nE40DbA
Bv2ELPZ
2^Esp
(8MgAU
https://sectigo.com/CPS0C
pD%Ji`
irBd/b/a
58[hCqjmlo9
mD15Dc
~)(P("
ZLnpq&`[
+X[Xk$n
8D5nE5[
!^t[vhC
JR^G>
1bJ:V
,E/PiYD
@- hC
H B!BOO
0974*x
78#e,
*E9\8
Ve)E`u
[n(mnC+6
0E7Fe
&f/mR
P(-Xa
X.(XPH
.FrGPL
Zx(E-
dJ/56F
tDPEP
WZ-44
DemV0
Za9#1+
@ozNky
'L<nJ
Ho+>R
NIG<k{
Nq@`b
c5{SZ
r}YBCh
9$o%89P
tCK4XUTm
`X0FD
` %(%
BC%OZ
3Eu:g
qzRDE
CdC2qYO
F+DG-
+|8CEP
_0keH
f"+wI
FbH(0
qETu6
avNI5
fE*DE
D2F5Y
BI|J
;$f,t
RgiSh
OsGi@b
WD!cI
JA),#
PiE6.
SEUIC
-hu/D!M
"pD5G
RN+AL,}
eBkD`
O$0(G[
XXb\6\Y
yeeU
GhBBS
(z.s.p
0z*PW
:#QACv
-{HRCP
hFSun
d|J#.
GaPebsy)
)|ecQ}
fmmun
Z3;P5
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><asmv3:application>
i=GPw
oqStd
6sd|P
-fBi4h-
&sRZK
vS_7eh
hK5)V
DBTTQ
3-`e5
+ OH8]*
ya6ju
YM7"Dc
RTzpD
kxalP
Ax"%:>:
ican M
@GEXx_T6
2ASo4U5C
94a!]
\+9=i
Y)-5TioD
{2VI7
9BA#5
iB>[3B
c-LB;
!F| g<@
g2i1[
,L,'!]
*5Bcj
ba(Rx
=6ts:@Px<Al
zzMut
)C2D!Z+&
0Qt4D
bvCB)
v*$9v
l5an'LWC
RUIQ9
6E=`6`
:i(cc
YD PrN
^G61V
[KBBMC;
-L qb
iCJnsh
p2ME6,
bG!%`
L-g5d`H
6Mw<a
`U)6CDF
q$ctE[*x
LDGTA
E1hx[
#Rt7#
r/DBEJ
{w5XhQ
Gt $P
V`xGL)
Xt75&L
VzTCL
FC:C3
Greater Manchester1
V/hUC
!(%7(,
oE6B}
#}tI[
o@n`l
uA$z=D
4Pk61``
&eiz'B
S2nNj/
hj/|3C
?4THQxE
\nYi|
3057(
(IGHa
gp6vP
7HlV9
#B-uHX
C<=amj
yzyjnejNG
l%q%j
B:sk{
lXPX(
Y0QH:
6Yhyl
*Ml>GW8
5-u1D
nl_4&
FG7F;
%myqH
LoJsh
6peXB
**N!o
J)4fK
N.XUBg
bS/B;vC8
umw7sO
IT"eU%
{U>*A
#R!0"4X
@6D=X
BG=wDS
FBY$h
Zt"~{V8uA
>I$A`
F8]:X
`iiQAm
2x%AX
#~.^
;1'%`
(c%*jA
FADU1
75;Cz
@D#C)Z
JyVde
a@?8c
P"1-#B
!lkAN
ujFaN
Mm*M_N
o}% &C9=
|07D9%
8]_X
|XEal4
vQBt=%
nT!)qD
` S&&^Z
(D`lbR
'%`8e8
Y/*DE
SESym
A/S50
oa+kaq]
Bh^0d
k13@K
UJRI'
;%,pm
VV"Kp
([gCF
cP$OC
`%<P'TWM;
>BF6^
R3]1
XpY^F
1'R;x[
mE]7n
yq4Rdr
JE$;K
zM|LV7
s0e&#q
pA^cD_
9f2Wp
CJ1/AzM
mQX1LI[Q
rulaHaE0/
pse,:
GD,kSD\
3BzgQ
XK\fC
+ZFku%h
;Z(JI
3A5y7
J#7M`u
GA%432l$
EVnZu
KKO3B
ic3JQBk
,.LTD
_873UnB`
ebQAg
ntD.iL=
.}tq-
VFS96
Zegna
ziU2w
3$V{y
[C]e=P
JlPom
O49fRk
SaW0E!Q
U*xg5K
#E_N<
EcHqxu
F'/j7dl
fvwh
:K#(G
POAXM
Mw7$\
c&dL8
F5Pxl
5E9%'
<j8d
)z8L|
E7_lteB
@=5TX
-4<d=
51A@}
0}AoKq@K:CP
fuDXH
q6'M|
Cdh"JU9@
;?AKqi
b-6jJ
.rsrc
%bs;V
BB:8a
'pR)%dH ;
(<-hf
EAK@)
Tf530
M4?ake
'K<n2
:qa98
QF}[G6u
U/7eh
$\ Tj
q5E5M
QPCCIB
0n/(!
)5A(0
",& %
8TC)
OttoQ
JDSUe`'6
2bTIu
02&E"0b
NW4HTP
%73V/A-
QAPD)R
FXFLSKGRj
;"06K
OriginalFilename
a`3K(
3Nod/&:
4n5-<
C<b,;
)J!`;3
/IHRya
F:BSPK]
Tj-Ahe/
1-HDSg
cx(,l
*,hXO*
Eb-hp
A+A{q
V(0i3T
%<`=q
VOtSI
$60Fc
']MCX
uCnE+
47D'Pb-
CfUW^
Iot'F
t@$k^
pdk7j
~!fVg!
E#771
q:zel
f]9]
O8JjR
-SBD;&
kFFCg:
WjFgik
XUzBM
t+O:C
VVDNW
L`D5B0
LGOU)
6F[TM!
wr<{lM
+dBDb
vZgKe
e|o`ra
7lw:bu
X`LWB
;31}d
%@(qC|Y
PJLGe,(
fByH$
f;4R|
7jC%:
@@(^U
V*F1+
AU)Al
=T%7V
[h$};D/bc
&bYAS
gKygo1pB
gXNo,
B7.P`
<b{AS
8U2UZ-^
j8Eep
8\4)m
q:)"P
hYw79
Kqa\F
'&XXH
MK-M5C
B97jV `/
dnFBh
TZ-KLK
JnC]S
<9J@"%5vE%f
o-QP\
EQ{@;
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
)J3,*dk|
$frj'
0pmTR
+&Ku3
&!9?eA
3p8O-i
{/^@Ah
1)ASV
+2b%~
A8v-o
sETki
#Sectigo RSA Time Stamping Signer #20
Gd.;3
8mY[N
#=8Fn
DM8.0
3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
E|'vi!H
[WEs\
bum09:
$qGeQ
!8exR
8d5UJ
VirtualProtect
5,1?75
gyu1a
p%/c{
9x577
4ea#%
97sJr
M<U_l
+PIY}
1'NSb
*>DK;
Ah,0S
2,/Pa%
87)BB
ECY43
-U)I-"Yp+a
i0Xot
IkQ-=
0wBDxh,
n1m#N
u1P+
ObjeX-
\597a
I5GCI
8p6NTD3
(8qiY
ALuh]
swq:QF
\yj{:
:mCi!
XHPBv
^w$p#
B`1Zw
RCY)j
v-uB$
</application>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
bF0EZ
*p-%3W
ADGIb
/,/E5
},IFT'3
E0=AF
CuRzD
MAQNq
`kk5a
I-7H!
w}'d4
X.E(t(
;Ld\uE
N!2M0
91#1(
OT]23
AXI-L
DisablemS
.59'`Q
PZMZC[*E
s-WX0
j0h0?
GOJ0hLp
IIQ5A_`
NCFGAp
te4b6h
12Sid+42XF
JR3ix
S47wA2
BC}LM
YE[jD
lc)57
:gwX 6,
*zPFUZ
O.TLJFP
26XwhO
83I,:h
8V675j
Y'FnHW
*{M6Z)J
XtY0k
11 .D
#-;!}
Xt@x$]
2kZt[[
5vilK}aI
vLxY,
@:ua]
IT,.=8*
#16t4.G
^X?aiB
-l;/7
1E}B"
ZTy82
h]1gB
&aIke
'!#Amf
bfpp-
"UUM5
b,tsU4a
5w{Ai
+T%]L
H\#uE
BETjQ
a'`GU
-lmKY
A=RHEW.
85BdZ
=0;09
G_f;:
I+A4mP
O1p5&
WpjXpLv
ljiCc
aR099+
]PK<TY
C.3( 0
'06/ADD
8-61-95 RockH
p#DReD
^6)`p@
eDZD'
\9+36
Db,q-e
BXB@a@@s
jR(\L
khjWi
3H+C>
FySCVL
?1722Bb
019D5
Zh}*@
_Fbc^g/
EIi-*I\
A8BLU
YSkH>F$)q
CIPN9E<
8JIK;F
oiTBj1q
K7/us
4Q`W1
^Wt^u
yO^BIG
J3aDP
QBf6b%
@ &qV-
'/28Iji
zVZY88
-!DS8
$KRAE0
_@/YN
G t4B
AFXXZ
&.L8O8
A5#yc
zdzNj`D
@oM0W7.N
F}a129
M/>JFE
hAH!H
VERSION.dll
x[xhHdXEL
_/AP#
v^cip4F
%mE eun
%-jpih
C)JlEb
zAqA+(
KnNW)
LA{E$#
IS_5E
SPvZx.O
'`59>
Z$Tai(
Vi2`}`
GjEDhr<
P6|A=
}IEE=3',:
,b8Q5
01a,9j
VK?N6
#C'HB"
3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
D`mE@2
?JK1/G
COMCTL32.dll
+0'`5
zrDm:a!
w8USD
U7F4B0
eB3XU
{S)U
c-hX*
=DEMd
PJop.
CW);@
<Eu/L
WOO8+W(
$Ab@,
>XTSB
3?Qc1
NirSoft
754o6
]@1q:R
B'RGMZ
Ks31C
~.(Ca
V0JhJ'!3Q\w
aJieaI
C%KYB
lPPhOBI
P)}Ua/9
#jYhRB_
HO]pJ
&),pm
/,Ai3
l-Itz'9F
7@:i@
O pEG[+
RhhzSZU
EWoHau
BV%To
b/AL6
Y#?6F 0
RFVWb
ex1uFBt
FE'H,
2&-jWp
!DE@k0
rf3-t
jVi37
LFYB1
c`,3)93
jX|jZ
XxWD*
CHDP*DLP
t8jya{
(kMl\
P@XBt-
SDMC5
1S9c
?CM@j`
tO-`d
nsdVpW
z!kU3D
7[CaD
0)U@A
zTaMh
4C6I"
\b#''
SSS^(((
Q=%2G
-TLYZ5
@>!^7
<92+
D0ai@%s
;fXT_
B!Z'S
$_9Q
K,APp
{1^NTC-
:cd3o
T%xl)K
6_VZp
/LChT"F
-B%k)
A, l(
=H9PO
Be+X&
LF!)<
kCtzDx
,|^J-M
Aa9F41
\GIe,%
kkAS@
1hM^1
l*_,)
]RJ&M
!'-I
W&WoF
]G'65
viO,H
@mSSm$&
<Sj8zE
X+Cnu
oxi"^E
dcA(C
if*4X~
K.rKBScE
E/a$:n
27EDo
k2&1#SP
e\{u$
L7B4\
G4lTd
?{_nx_=4|_hsr3#L
Q'(TkB!
)8B&\7
%USERTrust RSA Certification Authority0
--Ws7T
H#i3A
aAe@Z%\
HUCVR
T\KiT% ch
XDw(*
pso"1
ISA31
X1'I,_
"ya,
u@DG22:
xFD#`j
FsRedirectix?"v
BO/8Fj
XF=!L
Pj3Sn
I:K553
H]'Hs6
~wsmA
[ApL)OC
4eVe{
l1J0\
u8u')}
Ki1A`
C{dao
3+56a
97-pP
AzD-#(T
B_X14
Ge-Tv
?.4<08[
LtAHt7
mLsa0
995s5p
6&k "L
1a27W
@AX8;
qn3(X
DGHOF
P_r"E
?%cnCI
D{33p1L
)d780
UaO]i
>AnJuTM
xaoy=Bx
'FDbz4d
?Z(Yc
[0;<yu
Lytxl
*uv-G8
yu%%9
K4X0n
AOrtV
TpV$7
p.$09U
vDEOR
IOlymQ73
&>qC0'
24lFw8
k'5ji
.BIRD
")v2T
?)ctFD
3a7G(
W%.*i
lY;D7
C@tX1
ooj$-
W*<~h
YHDFHb
RWcQ-
>0CI&
& Kjal
36Bu6Zt
pQS5sQh
PcAFN+U
&P&18d)O!
BR!N+
64xHo
C~fDD
*Z\iu
a}|I=
?3-B#
2x!5Q
KSCKB
^7{ak@h
E3h2Z
+EA,j
PY<-HW
NKY HO
o4'4@y`,
12 5y8
AZKhP
[ljQD
vju4f$
DXkd"'
?Fe46
HA0,J
8{DF`
a2dQT
d/()<D@
vNRGE
o5'8lLYYVC
h}Zs6:,L
Kit1X2
1RAA<i
5D0nzlyA
</asmv3:application><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
H2w%(
wJV:E
PG-US
|6%5QHU7k
&b UE
Ajak*A5Ys
ttR|r
+oC"Z
4H Dx
4RFck
jNXqG
?AG',*
k0cuR
Burly
af|um6
[,<$*,
=X@.br-
;D-@H
@i+s+
eEOY2
[Kys\
T'6KG[
}=C?EP
)]^0o1
]9OBAH
zA$l5
3gvo)
6E?Da
t.90t);
V({M/
1DFie
aLZG=
FYI46[
.V#b%
Oe@`Zpt
dIo/2I
rRZ/e
l($BoW
jIAYT
JMP+H}!C}KH
C=f3-
%PcPvx|
PNsFo
ah$,l
EN-RIc7M
BI-Um
kzeug,s
!@1"^d
BCA4S
1@LY8
H(X7`
T-GMTi
oC5!Q
+!fasb
O0M2c
V;)B<-
NuH!u_
c*S[0
HbB'/Ea
<ly4Cj
QEchh
i]9[pd
14)CH
f95*$
EVICE,;2b
Hb<H@
Tsw'e
#S1EPk
ky"Q`u
wIkop
LegalCopyright
uh>NT
-&!0B
'FLON
;0FTK
WNetWatcher.exe
*t1vXt
BIhX%
_Zr7P_2VM
tn)8UX
ywG86
TFt1b
J)1BY
&.AM4
0ksAY
=pPi%4
a`5RUZ
1S3E5A
#@XW,
4^4U48
;P5EOU
SO_40
i(,Zh
iD^#'!A
esQM"Q
Xn(n\Sj
ipIps
CW{j)
+:L4Z*f
>k?)l]+J3HO
E8QPR<
UX-RCM
ftuhl)
/B[9Ecdb
VM\?dc\GHM
\YUNY
RBURG
qF88IX7Q*
'#0fc
977nV
h(R`/1
86`QmB
ceEK&
x-!n{
D'i5Z
$OH,K,)
Cb@+A
-t-\X
?EcC2
8bv#)
h9\:H
3T%Pn
j(.31
ohp3z
x-x6&b
3TVI2j
K<Ll*),
0:Yy`
8p*!31
oAZC+
O9M|3
ubtV6
w)kXE
?,'90
;814XFu
uH0kB
1kyHawke{1
DwxiE
G7d)UW<4
%#4S,.=
A)<MpYA
#Txr`M!
vm-& uP
pberr
amHepE@@V
`L56,S
RMntLC
-I#fJ
f+ PC
8Z*Tg
HtYO"V
iC{1k
ZueP8x
E33bM
2^T;B83
<Z8OfO
1T1pH1
<7BCC
{-,G7
5CBHj
)+!3I
8?P"p
A"ev$B
VBnhp=
bXJ2l
XKSY1(
8XIZw\
R'DnuC+W
Sectigo RSA Code Signing CA
GSfNB
Ruf7Ll
62oi(
@PKCFplQgZ;
VA133
-VpS(%3#
ec[-~b
M%.BCZ(
8^Nokia
GmSuq
&oC8A
@A*JR
40XLoU
u"T&_R
6p%#K
4UKUC
.xKY
/k"9-
U@2V~FB
ouZM6E
d+.da
4ZIEHL+
85AMLL
PE3^$
E2p!1i8
`LZuC
779')2Z
Ah'L-
AA/)m
sDx1k
wJ4oI
NuQXI
UAWKFa
CHP*b
t=87{
=wHo#
uc0Zbl
jA[Bg
n)y3g
%hgAq,
;Y&Y:
ExRWLO
.F2"tud
%KN-BK!NE
QII%;J
dM32YX@ }
V*&p+
Z;Ap6
DRDc3S
Nx5Db
*o9F/BJ
CH\Z=
`$C%e|#t7E
New Jersey1
p5B &
SF;f`3
3Q+hI
y#GTl/J
EDOR0
,?5Fl
0C7I}
A1sScaa
;NRx@
jkkC(5
m1p8C
4&k0-4B5AS
dC't`
CZOON
HSI}89C
SL.8B9X
AM&`A
\va0>T4
()O%8
(EFYxb
Dz111
H_6J3
KbQ$)
Pk0!z2
I`KS
Ct4WC
-$SGK^
EjTQdi
dR56p
j_93,$
nA7QTU
+ZX!.
aGIoaD
Bvo;s
320122235959Z0
ZGot#
=D<SPj0h
ytyc51;B`
/2>@`I
ZJ)Z6
b+'B_
D\BG\
k`U0p0
v+&!4
@c0[M!
0^AB55
(H.K)
rF `Q
EUKREc
]40O!"I
^[ry^s
2Bh@1
bbby,,,)
,>Wo6
@x%3gK$
75%FKZ
\I8iIc}q
s:s,C
4Rnj4
f$r|I
b41S;C
@tS6eCD
HOP4v'
Q,j ?eD
A:HVP=
JFNra
VmYFUS
tu&p-=vC
3Y44R:
F&!dEi KE
()g8%
De6D-
iBM!9
/<IZv
@\A{5
FAhLa
P5@du
190502000000Z
6J1HV
%RAIGU
BJ"VC
36v{A,
gX#B?zp
,{FU"
NGoj+lW
f'#ti`
D uto0
y}wE99
s4^M9
'+S7D
?u@j8P
X`-pC
2tU7M
JX$G7
@,uH(
EJQAz
xO1I6D
)bGWc
mOvUA
"^YQ'v
TA`ey!
!*pcL
Q+D`AIK
Q2M P
0fJR$
-&piz#-
SXQS?J
0ok/A6
m%A7+%
38foA`
-,*)I0
/6V)63
X1%id(<o
-7apK7
19JQ(
F4-BD8Episco Systems,{k
,1YIu3%
HkqGHaly
g_U2k
220228120518Z0?
"OGwp
Gi"A4C2%6F
k+F!8
$M%{6#B5
:??5n|B
R8wsb%vd
_-RJB
(Dw)/
7BhTX
@.(9C`
rR-I@
7mfy-
ZcB}K0d
ubAAP
EQQ90
FD~nf
,e=1\T
+KUr!j
nHUEP0
Wulff)u](
A&VU a
BziQM
8@y-YR
D?U!Z
RqKDfQ
<7LfZ
"4$)/X
YPo.'
CGdXL,:l_h
x|&W7[
U2uV1
Be6@^PSQ7E
pU P)D
KEFz`t
DLIA3
n. Z$O
WddKX~
ZB;9P40
94`q:
{CDC)yE{
&f [6j
=5$k5H
>K)1{p:d#U
2O3%%bA
PG0E9
fzugsw
M\7ue
KTx_X8<S
C\xWN
D8r3t
i|=Hj!
~6#ly.)\
t9Ea<
h@.f3
-9a7A
c9 UR
[O85/l
C n#0u
;E,j-t
mL<^C
gpA`R
g3wid#V
)ubk31
OZiUBU
yOJLB
ro-Fuel Dev
.C2c@1
ztzt4
vL!W2v
`2xL|
,7^;-
`p!w,8A
I-EKB]4
85BF~
I2851
RCKC9
zxp4&
sPdXx{s
7!!=%
c5%\:
06#lF
55aJ,
RXg[IWNt
E[l|\
SXCk-q
+_@@!(LE-`4^
%3htZ?
@@]*A
`L&p]
^DDm
t$haX1p1
W)q5r
#a)`BS
8BFaXT
JkRD4
Hns_8
U[g4A
$Y--X
S4jba
4lp95
YAZAKI
[UY=9~p
V1D?t
%K(}+d
L}GD8(7
+mMzl
ipB%a,H
.Ua/6
m?0s|A
JNA{b
E3[0@
B$0E3
m%6y9
A2V 5jKq
8Xits
*(\A5
S-2HQX
Ok:Oy
vGB`HOV2
hXC'"
)(+A@YH
!Ke-1
F3zS)f
;}LEXnK^(
HDB&S
E&E/X7
\LU:-
8jN5C
&c2#8@
E 3ve[)
%1iC8!
0Q)4(1
'y":"
KgcbQ-
r%*'F
fA8q/
%++s\
8BR!9Z;
wx"6Jn
AcjqSSL
?BCS|m
i!%m`
9=6K)T
s1o1p
4U/5;l
@ZaCl
q$ihH
SHELL32.dll
u]oMD
rh$V8
`&ux`Q(
/5$V4
wub0qp
E5%w5
iWEE0
7FTjRj]i
zi{tK
Qi3]&
y%"R1c1T
P!94&
/66Wip@
r{1,0Q}G8}
??2@Y=
!9b5a%A
OktotF
habT<
0Vrg2
5P*tI
YABA_
?<o[.
'FB/45
4P.tv
OBAOAN+
19.BX]
JJ/B0
C6,Da
QEP8D1
\dw3c
IP!.%
.`E~X
IzRn%
an-+m
ntrolsE,
H]c4A
;`v9Z(
j6-li
Ja(t0D)8
,D!u[
v`sDrcOrg4
WYMAdR)
BbCRya
@<DxH
8A]46E
GPg_H-
8DDIL
Jz47V~V
lH:PU
N8">pu5
|jDGE
O=dZd
FIrgqdh
fo54X
N_=Bj
.Kyd)P
q#CS<
-3X#D
ShellExecuteW
iTic%&
Q04QB
]HLc[
J/H7=I
Ey(eZx
CSU4v
{(5fZ
G2SK{
Mb"ZX'
CoFFO
F3wK2
2FR016
Pt*81
a;!fR
2<qlf
ZKf&I
N|U.G
RDu36J
96L~6
ABDDA
R;4`x
c6%%$
ke-QO
|/!A)
E<I}1
dK=Aq
.qvat)
?DCX
M/F48
8lasF
61T1,
ADVAPI32.dll
lEL~8
HE/]k
BSxQiiQ
WO`l
3;CC{
JoDwaej
Copyright
Rn.6$b[(
90705
I'tUP
%uQG3
M6B~C
eWc27
"I*AE
<18;,k
SSEGI`
GJ+UB
FMM$HSZ
!NX+C`R
@80m18
,*_CE
z-WI}
TzhcQ
Ru#/p
j;J4Y
F94IP
u%Q}p
[0c68D
FindTextW
80mZx
p!HWn
('ia+
q671c[M
N1)aDA
gZfL#Mm
O98c]
B)UG9T
`0bpXD
mhIDka
lIKJe
)[2Id
(A9U(
<application>
CompanyName
Q-[<-]
ZK^V`
XJ.z"
b 89UBP
a(ii7M
2s:$qREc?
268'p[
JjO[$T
M(mPk
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
~I9Eu!
JW=f
/4FDEk
"j{GbRI
:TM+O
*@}mDz
N3U$&
#F TS
8&JUB!BYW\
u5e<89
(`Hiq
e;2L/k
Xez)+"=
(||Lo
G2pJ=
LS,AE
nlC(2
PT.@N;
=&CPe
.107mbT
GmMy;
@)8Hb
2OYAEh
(Z$:}
ak'<b1
0-_mZ#>;
CI6N/6
FKMRV
H `5)=)
B<%=pU
@P*\O
QLpCrj
H4zdb
Mp,ks
GE- 0x[opTh
(Z@F>
tEAE,
0FH8
pdbaB'#D
x5AY"
zS@)a
?RSDS
2HS),d
J~y]
p[CD!
+KD+oM
xRUBE
IPD7B
;N5zk*x
kVD_WY
s!aP6>d
E"@OA
TDG4`
,T{I2l
gUZ23E
HV:h3&
'18uo
82X@h
niMT&Ml9
28gt#;
iulHV
NiPOX
HFPLA,
<^tOb(
\6_#b]
Y.w Jm
+$d76
1dTVRO
giK?f0
"R)WBUI
F4U(J
ChlE:~
'9}jV
kl+Fu
GTV!4@
C.K_+A
*eK|E-z
H`D5+
SPOTMAU
Eh]1Z
kz3,|
4nM.Tt.emx
e4bA
V00Mj
https://sectigo.com/CPS0D
FSVEX
y]b46
715OQ
Z"{27
A0B@N
A7}L7
U:JDW7
zb[SX!H
!aSLi
Y5$h"
JGXf@XR
E<0Z8ID
C1@(!
WUpKN
g11/41o,
e/e@`
34a@ntX
)f+"/,
<KE-F
V.T.kAh0
B?>pq
:0a80
http://ocsp.sectigo.com0
#ZElHe
64A5EL
ppr$Uwlo5
r@j$u
lk.KisH
QTzM%
4(Y-0j
%h4L-
I(:;E
rCK9q
Y'RWG
M<#FC
4s5`y
,__U8p
e%pa2
/ftU[~
Bo2oTY
1CH#q
PW:(G
y9=a\Htc
SRhcQ
73%$8O
2C/DQ
dlExM
K~@805
D:"2X;
9lfa$q
BADk9D
J4S44BD+,E
J1iqun
X303%
+I4QuY
F2Dgb
{M5E-l5Y
1DJTV
5F~II
Y9!)'$
BRJ0!
d%?$!
{x.Om
LAM-R
423Po
1H<2-
x$C0@
XBq$^
+k-\N9,
PCI U:=
.V.m0V37
EBS^N
awTIkH!5?
XM+J1
8A)dB
-LGYh
Eidsvo
=5Ca%S
oB0XY"
t(esR.h
EOmcG
c0`QM
:aDBl
`|BZJ
l?9i/
<5?l\
K.BaF
tD#S
xcj'h
OCA1%c'
2D5IX
H187C
tmjh8
fC.by
4K3 L
hA0Dhx(G
wdAXX
G)Bg-B
IL'E4
)(1986)
DP=RSD
Bq8qzK
&nq,A
#1TF.
D.ce!]
7B8xA]
YS*DN$$
wZ0lX
HK@*"
*jNE0m 0
SOKUKI
_My-pI
:0-f9
4BRY=tD2
TI;97@
FV@41I3I
%6,D-
mV4LZ
skiAF
:BeDVBF
%c+sX
WIFwD'
),.B1H[
pxWb)
.E.Mpw
,E[V4
iM8BO"M
;51lYT
n` <H
"Egl[7l
\P/;h#
E)]Y5C
D_+FQ
} 6WaT :T
011Bc
A2`Q(
2B/4}
]l(F)
P:a mF
Zqtal
z-Hak
&NOOc
+)c71
9pealm
MB]G!
G5OhM
6RISg
Zu`Eg
/a46I$f
R+-<43
o;CSH!
p44NF]3-h
]AADo
21168u7
10jMIS
I"'f=
,ayg@
nmwGS
j@MAmG
jaMva$E
uPZTGaXqa
FAivJ
)92E
B~9i8
X4@oB
i8Y6:!
y6tF$
{{5W s9
QEI%Ro
UXOTU
/*!?49
B*Yu:
F%}44
2$dotRA
iS^ka
eVFDA
FlushIpNet!
1CCcjX
s0'-\\
jcket
f"Pv2
!5TG4
Z4Y5E
<dpiAware>true</dpiAware>
As?P&
rD7T,SB
zDloB
DY7X$"
B5,\P
](72%
0NtL|
8(xidWa
3&Rd0p
;aMtM
l`KEHj
s@sC,t
/I@E~
iEKbXE
Qixli
a_ZG>,varz.
-'wUSD
(VPXA"iM
@f?30
E)Ke(
d(vCJ-$
j3|SL
ULfD/ 5
8VO:g1
UQA9K-H7
V@ofg
uBKi"
RG'DT!A
v4nui
fc'j"_x./
>"5ox
{IEk[3E3
,=?ZO
T|BO
V5D|S5
mI#J]
pL OUP
MC9F7`M:`Ta1I9
MRS&W
\F@0-
wZAEQ)_
JB8<_N
Kyokkjsu
}9jk1
DS?(a
`*FY6
n"pRD
6Fxj\\
6O&3a$F
88X,F
AoU#9A4* 4xPq
10ELU
nYKBD
hLS/rA
c61\`
4Pe`[R
Y&:E&C
34Cn,i
eSpL.t
26b:E3
3*E,a
g%"u
MXaQL
nA!(
CVKGGk
;04SP
v=,3AX
m?I62.E
w][>l
&V((0)C"R8=
YIBDA
#9YPW
"F~v2
z-:@'
4lMDx
VarFileInfo
L#@CDd
'Q?z!
8ccQ-
lC)]4
]6F$"[
' <-K
cC'B<R
'7)RC-
PxE`Z
-twAc*
W@OHo
tjP1Aeh!
.P=a(
N-NMP
O0'68X0"4x
XH9'XK
QCeZ`
230909235959Z0q1
4DC,Y
X0o-2F
o/lfF
Da(A-
ERaBu
7q0%KH`m(F%pR
U2&j(
J'F(B
Gl3(a{
)A`S(,l
0;D=06c0
dFp>|Zk
)<Z(,
-BeL_R
SA(l6
@(XIM
Y8geX
-=-zbP
]D""I
sYd2^"
3#VB#
$lDEZP}
a<t3i
OMOhD
Be>3N[q%
zzSgt(
*6a1pi
NcCNB
&~44F
0ED\%
6*dU)
~YI-K1D
u]Y0
)*ppX
ql`@1
JKyi#@
ha} *
O5)eTe
lhJ`lX8w]
fH!X86H
[!8)'
0a]0`nH
wimQn
Ke<ly\
:X'h*
5@f7D
lopCp
Oh0b4
FwuS7n
xrA}KxI
1"V@4
o5_IX
#I'~.
2w#V'
UR8B
iN**e
Jersey City1
HPyi,X
$\@iT
Q4sG-
G]?A`
yUrIW
s.r.l
Aa#ETb
ZaC1+
H@IlA#)U!
<jJ)7m1E
rhU_SH\
1.8%/a
aalSsA
4FHX!
D PMd1
?A4O]Q
RTzukk
b75,^
-p#d\0eDO
pZTIWE
L>4fi
-.Mq4
Ik7xxG
]Iv@6a
z Q5T
h.m;}4
Ly@#u
ORHj hp
5%`_"V
KKqiO@/
&BQA;n
:+#21
HTvK)4o
iz-2`
z.SQ`k
6tb;q,
D5(0b
2q6?C:K8
^f,P$:
'i0'~l
AXH%i
w]9LWO
A}* -
4k25i
!C_y/hU
FR4^2V
,((]
]?67v
K0KFXS:@Y
pZeQ3
0zzJS~
[4(rI
,wH"n
['X_0!
Mi[8A
Y9WMC
@q:p3
'1v`m
CR!.w
.:L;A
2c%P4
G)Module&First
ya-$;[
Hl5nSM
PymtGu
t(v (Sh
BTh[xR
0J\FE
:XQ;z
&2;SC&}@
51)!j
``[#4Q
e Corp.
*ESFlo
akMK"
Kh"K[0
O2L<"%
+=SgT
LBT/E
u^$zC
#`34Lk
938s,
(uA|m7C
P Ckp
&AKm,
Gl<5A
UUk,Xp
37.QJ
S2}\0
w@8odnU
3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
\ACBM
DS$Rp
oulc*
2KP977
xQL{#
]^7}!
;jY46YN^$pEO-
@Kqca,F
-h)Veh
5!C] 7
PIXIE3
#Moq39
EHAP>
CAd5
>53)"vH
LI*l{
:VUq~
}?>h#
,UKACC
! 3%SI
=6"Mi
nB]C3V
OWmoGAi
:0PLUMg
9[XC:
@/)Mb
"%XBG
su31%
m84LpZ
&<pez
XX7o2
380118235959Z0}1
B4nw \M
9:Q@E
5i}4E5%O
JA%b!
$8|d$O
A>OERE
%jW-`
_Xr2pq1
^.,f`I~
ep6Pl[(-
%e+AQLIQ]
dtFZ&
u@b;BoCV
tZxY&
?xvuk0
AGQFXO
q)kGXb'
/419Hm
R7/9B
oE<d&<-
q(!On
!:iR,
DO&du
njoyx
Kebod
$;(WS
SC3Q6V
lE}/Z
\|jph
0H&|2H
Dza/s
E$`vN"
\ _[0
$,\.S
I&9aQ
2 7[t
8_FEI
~EWPEk%
g0HATD5
S1!@@
Rl9`|
XtS8DEQ
LL+BK
1"fSEF
XHIJK
XmDEq`
Z+7$e2v!O
h+6:$
#Fpo".
J0lL"
E)AD?
1ghaqH
#j%<I
Sectigo RSA Time Stamping CA
4PIGL|
D&p:,pVx3
eQo12
lR!6^
J")}ZY
;H/Ab
B{j(2X1
B5ScIN
r$hBK
2v+VWe
e)5*-
/#2Qd!p
PH@U_
=Cs\J
iHTk0PgH
71351171
9BX1B
-0`0M
"LYDX
gj1B|
ms+Cc
`ay=A
u*vYH
IRAC
Sectigo RSA Code Signing CA0
l2288`
L}^3M<O8kPTli
x,xZR
u`:pa3F
h5Ca&
"E3%D
#2yfNwy
4/02D
W2Q.Ua
IZQEJ
78B_rb0
"e63#x
2#ATR
sgBO
(3,aS
FaAnN@
p6LtY
LEQGP
;nG2L
NV/S1E
$Lc}6E
86rJP
FW4#C
,4EB$
gMnB@i
BlbDAa
MV6b@
GTixu
ci(yi
NHATO
H\'o7
OojI
Xdo99
FJFFFF
WWK7P
5DH*QiZ
0J>@P
6DB;$
p5AC#
qIAAT
NoBxH
R soc
ESCYb
sB> s
H/tY9
~H,4'
8-DTS
I,Z-/{
3AEMC
J02Gt
@3,`A
Z4jP/
H{`L&x
o2+37
&U\RY
W2)S
hlVpfX
BtBVMqv
h USAAF
xkCPCj
1#EaI}
5,4p8
'PV^IxX5
p1&"PE
msvcrt.dll
1s:X30
caA9lc
{Rgb4[
ya0lqKC;7dk
HWpXg7!
h[WPo`
1D[:J
Jd=+5
dDARGOU
StringFileInfo
i%jwu
:dx@/'ZU
QPfM%@-
B!:>%
AcpR/!1R
Yuz(V
vyaz)
U*DQb7
WXchf\R
nA+AX
b-Bjx
bvbaQG
ZCa/1
QsP4>
bwK!D!
77FE@
fd8\N
M\NA7"8
PAz0}
iO"1~0
`NF(b
tux>HJ
%!5qj
^]qCbs1
<LevP
3BoaQ%}J
$fIDo
d1a#i
E|ZL"
L]6>K
kK_a0NC
FadYZ?
2ZZI<
Z1i)Vi\
8K<")
YVE%V
6i4&.
` nmm
?A9yux
&$GWU
#o)Sk*
BO~`h"A=
]T4al
;5i5\I
Wn<Hp
,TS)OV
[%9<a
ak+;D
Sn;9~
7pyuh-=
2:Ez`
$S+B.
28K !
&sBPFf
KCxIkY
ZNEfssqBX
EC3@t
'e}Iw
A`UF0
#BwZA,
0^Wtr
A.#Bc
}25iL
U;RG)
F@W)'
r8}xDo
|9A Y
Y8) 4B
2IHju
b57}D
{0*$,
AVI&wE!
s.#UB
T{E|le
l!7Dr
Q-FKEW!6
uXQ@'
oY{Bv
uZF{!Z"
9DkZ$
m|LC'
/+A,C
K^I86
%\RTk
ambUPr8
@Kj43Fy
% Psb
rXS/^
aIBH|
)bQ7`bbK
-9BF=B)
R/a5AlV)
l(izY=
CmEyaT
CGR*FF
00I1`Lw
z4FGl
35;1f
D'=09
haj i
:qdR-
~hb$98
RZ9'J
I,-Em%hQJS
PI;i}
'39E^
laX;1C
wzp@dC7B
iC\B
hTVIZE'
Ch3<H)1
aQMBX
eEaAx
y!6A@CC%P,
DqcYughm07e
</asmv3:windowsSettings>
EEABk
*X-`k
@4(&mM8
c-,( A
aTSiey
h0f0?
png -a
!$Rui
nNHeP
|dGMJUG
!Mb5yB
Z]E/:
*;A}P
[3sO+
NC7OD
,?s;4
*.e[8
/Vk,!
:CV~l
@I1"!
7C30K
nfpE#
+41gL
Yj>UVhWt
Or"PQ
@4="V
@$mIx
Salford1
KG!Q$/
.V=6P
B* #*A
!WyreS
#vb@]
m8Kc"
;0reA5
V1-#mp
Omjpa
2g08}
VWUPS
::CJEHZ
E JeB1e
^^[ouL
?18-G
ITUdBhxu)
t4~{G
X+}\Cb
KGQ_
1k"cQ
ytBI8
BW0S)
Lpy2f
9jG(qk
QDgwe-
-`+]B
rlw5$3B
MV@~+
'`wfzx=
K-4&>
<QurcaAH
AQD<c
?;lY%SK
`UoR*4
#B|{8
jS`E6/
]#-PI
-Cr!I
XdA-p
@(<,~
(cfid
6B$K5
ZWXH!o163
Bj&-/
Ng .6?l].
_6uY(1I
hOgAC
#Koepo
8z TD7h
D0(, k
VXAo]/P;81@
Rk-RLa,6
1foD-
?'A2O)i
\HurY
AFCn%
R1I9f
X2fZp%
V7>P/
b6Joy
#_6Ji
`!e1%\S
4Lw3VD@
0215a
4*DV$
SKKu4
CEbD)
qIkU1
EAJ[U
&iDod
ISBaa
J7GC`r
z#m2G
{1;e8N
Xoh@7
Q#H2f
nS&a@
z?zldc0i
6$hALMP
-*1K}[
GXAul
c6aVk
iGDR80QK8"
QxuZTN
L|,CA
aAB0b
9w2BY`
Ai4tY
=%@@8
VO;cG-
.DV|K
~RUKAWAE
(|!9g
K!n?vQst4!
9.ZMb
"YBBC
HqzFkV:p
*8VoTTVV
86p%kVi
e9]0)E3&
support@nirsoft.net0
6!qGk&R
^a}s(
RLXyc6*l
t/t)^
g]4+6
*,+I,
CreateToolhelp32Snapsho
#h#;:
~B%*H
@wJNC
W{258
7!CpZ
?83\,T
7yGF+z[
vf(L_/T
1xHLe
&b%05
AYB M
nE:3=
kABXj
NBD3F
T+A2bP8,
%~E1A
VS_VERSION_INFO
5b9dc
NV:9*W
{E+Z`
V5OXo
Q%}SL
6#155b
j)~ADVALY
tZiF)
QfB/*Z
01A94
#Sectigo RSA Time Stamping Signer #2
1pHjX8
&5!%%`A
hL#xwN
`cB+i(
F'$2i
94EHb&
aLIIZ
@SuZP
Q)[)3
a5m]N
MqcNSL
-RGB=K
AYVarpy
b* 0<
$%bCYk
JiQi"
S69%}
s b-K
xaB;2%Cld
:2lCd
7,L(G)(
[$6JJ
-L\Ky
}9'DO&E
wiftT
;0A2@/j
RSC)Gi
kVUmeD
QA`%<
e9nN`D
fy| HW
DQ6Cb
TU5)B,
NOTg"*x
El{_ 5
A12!`
N<2$XS
ZYm%*
GetPixel
-/Qm$
Nir Sofer0
FPCS%
02A]4
)tC)W0
UaTjn
XziI9S
8-`Mz
5(7\*E4
KH1p`x
Y:?V Ct
RIGI79
pl['Gz
BOT[1
4Dml0
10!"i
Q)v55=`&2
(H98}
e8-1F&
-numQ
9EP1H{
2*-V34S
a.QU0
-q195
zND%FHM
3qA+@
G o_44
3AT)i
(`bdemx
?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
QM_RY
HPoUc
#Q3ZT!6wL
YC`b<
9(8Q7
DOWIl(ph
%1SoU
LxEY
K77}A+(
<zE-cM
XJeffq
'yBehS
Go=EiAi
j;{2Z-T
D153K
D9d00a
"$8ie
3lMBkpb
%7Naj
oTXI!i
Sectigo Limited1%0#
Zp-#-
EK5Cm
,up2^
];48.YE)l#&
-zV<@*H
@Cj3;G
WZ=R6<!
[+\Lk0
E8-71
R$-932
OQ!dl
My&kJ
GetProcAddress
10-ay
]YMBE08"T8QA
-\3UF`T
8M{E53
F"MsM&
Rvivx
V-+7{
JA9HG
._7Hp
VD t.]@
ProductName
0{KnU
`9_Am0
9n2ERZ
&\7w&
+c&Z)1
,(u4V
^t+31o
&dMjb
WhPh'B
.6Rr.
krKLF1Q2
LxC0SLb%(
fKkXU@
+T3ia"!
MhHyQz
h4DIu
bdBF2
g*v?m
6.*k5
6E1d(K
8kymB
uU) u
%Q'RLI ;J
VSTGBX
BjJE'
Cw4CU
!gSgM3EK
+F'aEy)
\S.xu
D5zFT0
3}md)
56AKA
BG/T
ExitProcess
^ka k=
63Jj7
7MUa%
/+W%J
G8SW4ViwX
*pK58XW
MF%`,
FEDfY_
~U*R-,
7olpf$
F3$|R
tyh6|
a"5cAEJ
i/,&c
96=5p
1T^>{
DcU8Q
%E,-Q]4
BiNZi
}gbluek
WE1a9
HW-0%k
Lebvo
?XUN(Z
B\)!JH
FZk B
4zil3m`M]\M
\6J@z0
6y#19
P[DTX2
ABS5cp
Es8%(\
Rx,!H
Gg8f\m<p(
=`)]1+F
MgM2Lj
#R @+
%Q8K6
Cy+ l
LB+<L
?EYXi
d(oCEp\
Kk[e+!
;HOnb
S5e%f
pu[A_
FPpiT@
)FE`V
2KLY|
I0d*a/s)
oOaXq##Sm
qRVK:
&5XKo
]IMrV
3F#TD
U8hEX
jkE*QH
~GetAdapts
Bl)q[
T-6s*6
2(E)8
k8mF#
D(LG)y
8E9];
FileVersion
8KUBu
@k"PZ
2UF1C
ZFG__RU*%
I1!8k
l[-4AZP
e5CqR
`+*YR
@o!28
1^"YK.Sk
R_P5\
^T~Xf
Y4Ofx
kMjnI
$DXQk8
r~fvB
10>,h
ZXC:Ea
YTfI0QGT
hLAaFMc
%u+"YeN;
bQZ]2r
17b92
EF0HV
Awq#CD&D
WN'S6
v]7!L
6[H|@
BmIjJ
NC-FH
kXuCBA-u
+eqHIY
1[E2q
ec"zt?
ZHxZ)
MPwBla
W70}
3edk`.cG
( $=
C!#E-+E
;6pnC
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
@/a%5#d
)"P16
MjjE`eB
u_4$H
C5HTvS8
&Hda)
#pei!c
k40sk
)Fl(\5
:|LOA
)<k$3
4XnKWW
mJm@-cJb0
\]76`K
BHY5@K
J3 /=
yz0BS
20]~T
3t0!i
UrZY+
b 2?fBpO
wS`QA
%uHLI
8@hf>
Y$^[5Z
VCa4]1
/%-9w
<s7iUX
V&F#/
t &CGPMS
fe,Cc
A;E!I
47+Rn
i@mcQ
351|<mcQ
CeL7iH
Bm{ic
-uQqXTI
nJ)u8e
CkaM&=9R
kAKi?
bguKe
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
xR=~~
J#aDB4
Rvx<\
85AK\!
Jal0,
^I1F9p
?:T~3!]
DO\K1D:
ud[u}
mT3Lz;
0kRLkQ
uP`|&
q@eW1*
v59#4
EKI[XW
ORTHO
\1I]A
qEcSe|
tDExi
)GC3F
p%p[A(
]h&$+
FiSlh
cJDM!8
QM`(ax"q
qV 30
XR5AIq
IVIZEO
QVRPj
dW.c!-
)DeF&
Ae,,p
hDW$B
6N"0$
M A)!(
k@z[Z>
=ly%z
VerQueryValueW
CK10b
ii@JTd8
FBf<M
[>=EJ
8BKJT
KB*&{*.
=8JN9H7
(6|SE
O$2BA
- cIv
TOZED
a1Hct
<QCU3[-c
K"|a7
O=51h
.1E)9
[CASD
K;Dw3
G1Czaa
^-Ov
N92D <BF_M,a'
tKSWU
;kOpu
\0Z@n
GDI32.dll
,3k3pm
*a Yk
Hyd)k8$
$*0sjt
rB7G88P
">EgKx
P-dCx
6DE"uI
*@XTP
#98{?(
TG-UB
6&uzw
rRj;B7|
PXutRtK`
{06P:M
4*|S#h
:7HH9
EMqC5
2q`<~
uZ^ka
V-E=6
OkX}R#)
MW&8x
SpecialF
4+z8-xJ
RgAP6
.Ia8W/V
"p5D)
w85F6
.ht8XO
L)tO=c
{gPJRC
Ashy[
0CNG$
8`'5q
zB2C2
WV8y;
2;2pECt
,0(L
02_E3h,
I.5Pz
iD8,h
oPVHT
XAglTlB"
L( )s
wW3Eu!
D7]v+0
v0&tA1Y
A|5A!!4
;Be2x
?!#K3D}
20220228120518Z
2http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
iJBy2"
AIh0l
6RF3#1
-;4K8
`EM9>
)%MIMOWAVE
QW9-l#
V$C:c
Dakar 21, Unit 821
Nir Sofer1
=9tx`h
InternalName
e3B=o*
0B$sN
P}TmY
994.h#%(d
VI-r_
:4k33/
^9RNC
zi/F1F
XCGEB
sEZE3
XUk74@`/4
0Yum4Pq
\D48X8
WINMM.dll
AYHMS
q6K.!4
XA.Bc
AbBzmiB
Ar4v-*
uE902
p`@"D
.,7n7jQ
T`G64
Mk]"A4VH
apBO^Q
Ao2uz
chDPF
p}I(H
pm?|8J@
U*EAlh
wXkM.
jXnzb
A)aM$
iLZn|
6nqOC
5N*9FYS
|???;
457Q+
DEFw^
trdLJ
O6P+b
C4,-)#
N:60B
P"kTC
GetDC
E+NYx,}k
kW`3%
@2_EE
bk}Zx
X^uc+
K"RW(
-M5!t
X-u>rzX
GaRuM
"R1WE
4aD91
LEKtKX
S2S1apY
%98Z0
QK,pM(N\
5A)A_
q5_F8C
e!A%EO5a
D\v1V
\wg&b7_^_.'
C53e,
LL#N[
+j'2suYi
V3=ZHC
&F5cx
a".yt
BnM5K
}6MEL
Et=4@
pAYLY
m*3C(E
5&Vxv
00-22-72 Amer
~E22|<l
yfVH8,
jSLyl
EGNj\
9l%bK
WZFrW
CQ!8N
X4KD3
M73hp
dPjpX
AUD`V
T'W[k
X@9Nr-
5)74!
:JQH5Bnb
66$cP
b+K0
{rAP>
&XE,8
CBkbM
G<laQ
2.D'06
JXsS'
C$SBJJ
|[6UA
z B39
Mk8aK
O1nQj}Ec
K0@)6k
85PT'C2,
#Pi%6Fk
6F`cH#
#tqua
cF~SG
Li2kv
bs dG
QJ;u\
EY@1d
J-{&'
70 FOXWhO
ukALEOg
QIYI%
1zk(!
nitCommon
9THGJ
ss;%3[
+ GC!,
~qE!-p
B@q"~H
[3R -
-.)y4I
94]0}7_1
D"8`TZ
Limi`
%"|:I
Ea#?<
c5A7Fyle
6myKZs
x5s_h
5Y)gC
65`)}5!
84gew
LtRYB"
s\VS2005\W
G4i-E^
ma,4I
%ywQ:
_9tE.F.D
8~phi
n-Ktm
Wa#`Ja5
KXF7p
_0OXMDb
Tc6@P
Ge)Aofd
D%/DBHE(
uN8sh
#C5Mh0
pU@?L
i-C4Q
'BMEYEK
"`(_mm
:$[>vd
<0:08
_Gq1B
BASEM(
k7%9BK
#T,I_
=QBA=
E!]2\
5wAu1
09gi[
FX#!u
qSqN,i
99/SJ
<& OQ
CUVE!iqcc
za{17
z`G&@
E476t&@OFC
Yo(hB9
]l='R
AJFABRIK
khf?A
t=5+HAKK
0b\:M>!{
jhd.ll"
[E4)d|k
>O4FT
b-d2o)
DBWnxa4
V#h<85
Bck7V
73pcA
q@XZ1V$<
lc&TJ $N+GU
Px(:fi
863ieP
k3#a
&(A-4
Z[Bp'
@Ke/8
y zHi51
TxY@\U
/,zhu
V:B/1
!13;D
?%%(d
Yf3uR
WD<Big
`iug6@{
i$On)
:8,%74
A2ZIG3
R<7sy
`2u:A
zMN#4
&;Ie`
itE-\4
}]5CE
XP<sI
3K`@5L
X:C\{5)
N)ik^
]88)3t
R+$3%<#U'v6
u.{qe
`(MoMR
4X[IX
8P:tI
Sectigo Limited1$0"
!VY.D.
Tib+?
!This program cannot be run in DOS mode.
zD8y)=H
)pxiOyj
TUO"F
TA-bk1
oZ%pb
-18kCQRFq
zQ?H)
QTONa
.,HOW
3<R[_
aPMKVVC
-%2.U
5.A@O7
rG<Li
zD5IG
9w-,=
X__:9
wHqL$sA
9s]8E
aakk!
HJ0B?
U_"q!F]6
#>G[?,
Ib,@I
av{k7
074scr
%`3EI
PxsT*
agb5-h$
hruV%
L%aT{
59C0lHq4
!M(Ay
q4oY#J
/.byd:Q
1/1cj
$^atU
!A0+i
-L =G@
K?:W8
vo!1F
u(seF
Y@uaA
ddduz06
~o&Bp;
UDNzYx
uA/ 7
USER32.dll
*a{&9
}^CBb
E.!vG
5k\K0
C@WXO
t+DSS
P6aDe
A=$o%Q
#X;Pmht
~#3c$(
E(M5`
xi\NY
%6?C`6
CUec#
o1.tvI
)/aZzR)
QIDB+7F
JFw~gw
VGUd&b aa
XpW{:
!%OGD
F35A:
1AzJH
t!v[5A
_~FTtk
3G&Gm
a`m`!
874ga
0Q"AZd5
G 1E?A
d}3Y!
fO]s<P
qb;FF
8G?e@8J
n!rmK
-7LzB
h%8%;"
>Ha4B1C
4G8XcQ
;RkJ=
Numh1
&f)@C
`1PAH
+-+!!
I*id-
c&?08z
fzzas
I4V_F
TC@+Z
%1FQ`
-AAK@
@xRC0X
m0o!9
$>bDmmCj
l#E-J
-OaU+
ush's
cDXxB
h_ORg
G)!m3RA
&R\V}
dE|9=
[X62$X
[3+GE
nhum+M
_JP)U39QX
7zYV'
oAMH4qx@
_QMND
:>wKR~P
ztzczyk@
k`m.)
FUfhk9[
*1S`eH
D{EP3
[jq0R
D1$79
R`EC$
FUGUI
B^hDou@7bbAA%
=(A)!
T"Gw[%I
;wpwCb
$U984
9pS)F
'Kft-T
_0R&:k
pjPObs
5ui-D,
Q7gt/W
bBO`@7
V9B `
$acXP
R:RCG/
6cubH+
kXTV[
dAV#maH
U5N78
0c0E0
+3=a@
ild@48p
jQKud
UBuC#R+
A4YKfhk%
[} El
117MD
17M}+
Xj5Y.
XdZ0(!c
9`+aB*
hPA%;
1M5u g
w7N02
+REky
a}siX
=+nO-B
`-L8o
-c6D!a
;2S>M
lm3\3
F#@WDF
D#Th 1
Ec]B^B2
)[F%d
7@eMi
B K-K
Translation
BUFFALL
7~ykR
A}hb9
4E%!A
,G.%%f
`7sEE!
`|MA
[<0ejA Dahua
aauO
0IQ`4
[B.R#5
Se$B4fF
Cx*EeYj#5=
S42^G
bW$nMA
M9-03
,}Al16
vNiX'3"p
+G;x"
MC090J
tA5PH
/S19;
\ju'A<J+
OmaTz0
%=h`&
cu-^oi
ShPV N
-Tl|Da
7ILS"
mbH=DF
^=pmI81C8
?YOW+
y_CwY
d(1p3
t1KW:
</compatibility></assembly>PAD
2FM#@o
}{^H,
pMl,4FA8:*
ProductVersion
E\T_5
_I'cu5
g0e0>
435qZ
9^RGc,
L sCG
Qu3pG8
QvZp-*
DyKL0
kGMcM
(|.O{
HUTTL
ok^s*`0
L%eti
aA6#A
A5>F!H
S;7Df,
No.Ay
c|ztJ
plhJH
`luouO
!@jOz
4Q`x)9Y
%_1{+L1
3Bp:1
,CZS{
%4 CQ|
u C8C
/Gau
*BII4
RO33<I
`A!AGA.
[KOrP
6NZC_H
AMSUNGLZ
The USERTRUST Network1.0,
~ki@!
H'V)=v
e/mD,B
1Qdns
D6k00
j79%%
ya-OP
h![]yO
Hu!`i
hm].UZE
34R!l
fPA)'3
(,yMp
EuHAG+
#2Lcw/
oh1CDL
BBI)Z3
ZQG$-*L
(Er4".QGkL
uY[XE
EJE X{
5qW8*QB
5PWxd
PMOlxK8
DFA3i
T~h6H
s_&z;l`
/RWI/
EF IGT
XD1ZUz
>&k16y$
ETjkVM#
s0AiY'F
AN@aB*8-
!@+Mq
)Koy`
696D23
FS`p@
/cf4,
B rJ2B
Xnye(Y
."mFH*b{
_J7O&
zD{sp
qax}p
B1b5C
X-0GY
7'E\L
3p>d@$
5%+amL
oKA`Dd
B$ka5
d2oY$
BPJ]D
Wireless Network Watcher
@phufac
Fixa$Bu
ac*@oKWE
axSTB
hI)M8
amYD;,
2@4F}H
{yBxk
<4!!a
MwBWUe
lB/k;v2
.VE#q
WV\0R/
=B9ju=
. RuE-N
%<CyoF
kE16--n
=`z!P
oss2I
E3Lc6t
S3A!c
Fs`PK
EOOua`
C+3!c`1
;dpi@
);]H=
hj.We
=,UK&
pszy^
OJA*,
lSDw/,
z;p~+&-
S%E5Sv
17#NIV0
&>QWD
5l9EBmpi#Hc
3EB*l
,AI9|"
bpP'l
H =dbI
8UGDdZ
cW5i4
3 \uZ
%2&6.
@rK86
HA6tQ
HaVVo
-(Qor
cVxv2>YM
jm$vP
5)VXp
4Bx3D
biS( /
WSBCF1
h}u&\
nG4"A6
F*@72
2TV!C.
ar5lMp=4|
Mz$-7
aHPPC
5DL^ruK
`|)01OT
;[l/-
5FaCck+}$PF&)
n\Iq=
7AW3:5k
3L50L
lXY+ ;Z
oYEm'xv`
FRM"5
6AJ`CV
2eC)$
aqg9j
/uHzA
K`DalqFn5
uD6%Z)NGa
camM6
e6'%"$
%EYXQl
[5a@OE3
i(Ykw
9QTC[
J,-JaegFp
UAWEI
SIFRd
2,x8F
1;6)0`
!pYc8
)q-2-a
,S@D9
;3V#e8U
LNY-/
hZWPVT
LJ`G7
on|xw
3?L[*G
*E$X[NH=
f@zX(y;P
PNnDI
$t+K55n
TX8ky
BZUxUX
P-IA^E
)pFKD
0<p^Z
3$43p
5$ytmi
fY0%G
SFtiv
9 mW-c
h`gqi
yRtLAP
E#a2_jR
$k/ME
b)EX!
AWhG&P
%-CDEx
Sectigo Limited1,0*
GWK](|l
LK7-]
Z`=h4o
qp4u6J&^
a `b57?
YLQU
LZU[p&
JE?Yd
{a@48
-(H+o
`5HGA
F>(hUK
G]BVS%
mTXqA
n8,9<
wSAdp4
nX)d=
'`i7p
S08aQM
22d!D
d,ELe
lgCrID
i1?`d
6rFY(
6zd.,5J
Q#l_nS
WM B\
UP+d
PCoBb
xKS#79
!>,yju
&nZyx<B"
L+F5{-
D8Ck_K
X^X0C3
FhQf@F"5"
7llgH
_%(R,
c-71#
/Yo]$ke
_a;3FK
}^p6[
]60gdx
7KBZa
K`%2\
=6+(,t+
E4w!B
rlu+A
BT[fI
-A!yC
ZKpXOVY$
L;IBz
Mrcess
iDiy)8
pAGC+
P)A&a
XPTPSW
Hem^0
|a,vi
Kihdg
P78Z
OPhEK)
0$kPJ
6|aI`Q
;,N41p8
37808V
a34_iG
63)re
kpL]'4
jN_G>
"`UnW`
ea }"
5B%3Z
zzF2`
7o72[
y65*z
Cor)CRN
6KLZJ
IDAE%X
,k-kQPp
`eE%,`
`)%0F
C2A-DZ(
="5rH2<
Hn@:2,
eA5Xu
8J^9[i+
,vTl+
CCHah
pd8^-(|w
u|6K4
d4~b%*
_Auto
A[F`+
1(JI>
YeSWH
P,EtP
=+LLBI
?1Lq.
Q]eBg
2http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|Pt3/
>FSNrS0
(QS396
'>%N)
t5Og12
90F{`
ZV.`_T`@
;9@K\k
C1RMK
kZjSP
pnMOOF
1fL)M
-`0[2
3#1+X
JVLQS
m-(``
RegCloseKey
)a\Lj
w2(4!tVH
`$k0@F"
:t42I
X!g75D
*x N-
A<vQ^
Biwi0
#d!8T
A~E21zTj
iJ.I0
P#0"F
4'&RL
'Q:93
D#n_@
*HS<1@t
?~`<r
:DhEm4"R
PE Information
| Image Base | Entry Point | Reported Checksum | Actual Checksum | Minimum OS Version | Compile Time | Import Hash | Icon | Icon Exact Hash | Icon Similarity Hash | Icon DHash |
|---|---|---|---|---|---|---|---|---|---|---|
| 0x00400000 | 0x00113660 | 0x00067c97 | 0x00067c97 | 4.0 | 2022-02-28 11:58:40 | f4a5b0f6e5c7b89ab6c39d4e22d0a185 |  |
104e65a16f1432aa96d047cfc2b6c90a | ac3f470296e8341c43cf8b2d16aba00a | 28cc4c6ce097d820 |
Version Infos
| CompanyName | NirSoft |
|---|---|
| FileDescription | Wireless Network Watcher |
| FileVersion | 2.30 |
| InternalName | Wireless Network Watcher |
| LegalCopyright | Copyright รยฉ 2011 - 2022 Nir Sofer |
| OriginalFilename | WNetWatcher.exe |
| ProductName | Wireless Network Watcher |
| ProductVersion | 2.30 |
| Translation | 0x0409 0x04b0 |
Sections
| Name | RAW Address | Virtual Address | Virtual Size | Size of Raw Data | Characteristics | Entropy |
|---|---|---|---|---|---|---|
| UPX0 | 0x00000400 | 0x00001000 | 0x000b4000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| UPX1 | 0x00000400 | 0x000b5000 | 0x0005f000 | 0x0005ea00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.87 |
| .rsrc | 0x0005ee00 | 0x00114000 | 0x00004000 | 0x00003a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.75 |
Overlay
| Offset | 0x00062800 |
| Size | 0x00002178 |
| Name | Offset | Size | Language | Sub-language | Entropy | File type |
|---|---|---|---|---|---|---|
| BIN | 0x00018888 | 0x000f23d7 | LANG_HEBREW | SUBLANG_DEFAULT | 0.00 | None |
| RT_CURSOR | 0x0010ac60 | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.13 | None |
| RT_BITMAP | 0x0010ad94 | 0x00000468 | LANG_HEBREW | SUBLANG_DEFAULT | 7.66 | None |
| RT_BITMAP | 0x0010b1fc | 0x000000d8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.89 | None |
| RT_BITMAP | 0x0010b2d4 | 0x000000d8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | None |
| RT_ICON | 0x0011488c | 0x000010a8 | LANG_HEBREW | SUBLANG_DEFAULT | 3.64 | None |
| RT_ICON | 0x00115938 | 0x00000468 | LANG_HEBREW | SUBLANG_DEFAULT | 4.87 | None |
| RT_ICON | 0x00115da4 | 0x00000468 | LANG_HEBREW | SUBLANG_DEFAULT | 3.58 | None |
| RT_ICON | 0x00116210 | 0x00000468 | LANG_HEBREW | SUBLANG_DEFAULT | 5.13 | None |
| RT_ICON | 0x0011667c | 0x00000468 | LANG_HEBREW | SUBLANG_DEFAULT | 4.22 | None |
| RT_ICON | 0x00116ae8 | 0x00000468 | LANG_HEBREW | SUBLANG_DEFAULT | 3.27 | None |
| RT_MENU | 0x0010da5c | 0x00000a16 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.77 | None |
| RT_MENU | 0x0010e474 | 0x000001c4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | None |
| RT_MENU | 0x0010e638 | 0x000000c6 | LANG_HEBREW | SUBLANG_DEFAULT | 6.86 | None |
| RT_DIALOG | 0x0010e700 | 0x000000ea | LANG_HEBREW | SUBLANG_DEFAULT | 7.05 | None |
| RT_DIALOG | 0x0010e7ec | 0x00000296 | LANG_HEBREW | SUBLANG_DEFAULT | 7.55 | None |
| RT_DIALOG | 0x0010ea84 | 0x000000fa | LANG_HEBREW | SUBLANG_DEFAULT | 7.09 | None |
| RT_DIALOG | 0x0010eb80 | 0x00000a0c | LANG_HEBREW | SUBLANG_DEFAULT | 7.78 | None |
| RT_DIALOG | 0x0010f58c | 0x00000248 | LANG_HEBREW | SUBLANG_DEFAULT | 7.51 | None |
| RT_DIALOG | 0x0010f7d4 | 0x00000336 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.67 | None |
| RT_STRING | 0x0010fb0c | 0x00000194 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.37 | None |
| RT_STRING | 0x0010fca0 | 0x0000018c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.22 | None |
| RT_STRING | 0x0010fe2c | 0x00000118 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.09 | None |
| RT_STRING | 0x0010ff44 | 0x00000046 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.79 | None |
| RT_STRING | 0x0010ff8c | 0x000000d2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.91 | None |
| RT_STRING | 0x00110060 | 0x000000b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.81 | None |
| RT_STRING | 0x00110110 | 0x00000172 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.30 | None |
| RT_STRING | 0x00110284 | 0x000000e6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.88 | None |
| RT_STRING | 0x0011036c | 0x0000006a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.32 | None |
| RT_STRING | 0x001103d8 | 0x00000050 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.78 | None |
| RT_ACCELERATOR | 0x00110428 | 0x00000090 | LANG_HEBREW | SUBLANG_DEFAULT | 6.58 | None |
| RT_GROUP_CURSOR | 0x001104b8 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.32 | None |
| RT_GROUP_ICON | 0x00116f54 | 0x00000022 | LANG_HEBREW | SUBLANG_DEFAULT | 2.31 | None |
| RT_GROUP_ICON | 0x00116f7c | 0x00000014 | LANG_HEBREW | SUBLANG_DEFAULT | 1.98 | None |
| RT_GROUP_ICON | 0x00116f94 | 0x00000014 | LANG_HEBREW | SUBLANG_DEFAULT | 2.08 | None |
| RT_GROUP_ICON | 0x00116fac | 0x00000014 | LANG_HEBREW | SUBLANG_DEFAULT | 2.08 | None |
| RT_GROUP_ICON | 0x00116fc4 | 0x00000014 | LANG_HEBREW | SUBLANG_DEFAULT | 2.08 | None |
| RT_VERSION | 0x00116fdc | 0x0000031c | LANG_HEBREW | SUBLANG_DEFAULT | 3.36 | None |
| RT_MANIFEST | 0x001172fc | 0x00000445 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.40 | None |
Imports
| Name | Address |
|---|---|
| RegCloseKey | 0x517834 |
| Name | Address |
|---|---|
| FindTextW | 0x517844 |
| Name | Address |
|---|---|
| GetPixel | 0x51784c |
| Name | Address |
|---|---|
| LoadLibraryA | 0x517854 |
| ExitProcess | 0x517858 |
| GetProcAddress | 0x51785c |
| VirtualProtect | 0x517860 |
| Name | Address |
|---|---|
| free | 0x517868 |
| Name | Address |
|---|---|
| ShellExecuteW | 0x517870 |
| Name | Address |
|---|---|
| GetDC | 0x517878 |
| Name | Address |
|---|---|
| VerQueryValueW | 0x517880 |
| Name | Address |
|---|---|
| mciSendStringW | 0x517888 |
| Name | Address |
|---|---|
| WSACleanup | 0x517890 |
Usage
Processing ( 38.65 seconds )
- 31.086 ProcessMemory
- 5.108 BehaviorAnalysis
- 2.447 CAPE
- 0.008 AnalysisInfo
- 0.001 Debug
Signatures ( 0.07 seconds )
- 0.011 ransomware_files
- 0.009 antiav_detectreg
- 0.006 ransomware_extensions
- 0.005 antianalysis_detectfile
- 0.004 infostealer_ftp
- 0.004 territorial_disputes_sigs
- 0.003 antiav_detectfile
- 0.003 ursnif_behavior
- 0.002 antianalysis_detectreg
- 0.002 infostealer_bitcoin
- 0.002 infostealer_im
- 0.002 infostealer_mail
- 0.002 poullight_files
- 0.001 antivm_generic_diskreg
- 0.001 antivm_parallels_keys
- 0.001 antivm_vbox_files
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_keys
- 0.001 geodo_banking_trojan
- 0.001 browser_security
- 0.001 disables_backups
- 0.001 disables_browser_warn
- 0.001 disables_power_options
- 0.001 azorult_mutexes
- 0.001 cryptbot_files
- 0.001 echelon_files
- 0.001 masquerade_process_name
- 0.001 revil_mutexes
- 0.001 modirat_behavior
- 0.001 recon_fingerprint
- 0.001 lokibot_mutexes
Reporting ( 2.48 seconds )
- 2.277 CAPASummary
- 0.204 JsonDump
Signatures
Queries the keyboard layout
A process attempted to delay the analysis task.
note: WNetWatcher.exe tried to sleep 480.41 seconds, actually delayed analysis time by 0.0 seconds
Resumed a thread in another process
thread_resumed: Process wnetwatcher.exe with process ID 4800 resumed a thread in another process with the process ID 4800
The binary contains an unknown PE section name indicative of packing
unknown section: {'name': 'UPX0', 'raw_address': '0x00000400', 'virtual_address': '0x00001000', 'virtual_size': '0x000b4000', 'size_of_data': '0x00000000', 'characteristics': 'IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xe0000080', 'entropy': '0.00'}
unknown section: {'name': 'UPX1', 'raw_address': '0x00000400', 'virtual_address': '0x000b5000', 'virtual_size': '0x0005f000', 'size_of_data': '0x0005ea00', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xe0000040', 'entropy': '7.87'}
The binary likely contains encrypted or compressed data
section: {'name': 'UPX1', 'raw_address': '0x00000400', 'virtual_address': '0x000b5000', 'virtual_size': '0x0005f000', 'size_of_data': '0x0005ea00', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xe0000040', 'entropy': '7.87'}
Yara detections observed in process dumps, payloads or dropped files
Hit: PID 4800 triggered the Yara rule 'vmdetect' with data '['VMware', '00-05-69', '00-50-56', '00-0C-29', '00-1C-14', '08-00-27']'
Hit: PID 4800 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'
Hit: PID 4800 triggered the Yara rule 'vmdetect' with data '['VMware', '00-05-69', '00-50-56', '00-0C-29', '00-1C-14', '08-00-27']'
Screenshots
No screenshots available.Hosts
No hosts contacted.
DNS
No domains contacted.
Summary
C:\Users\Packager\AppData\Local\Temp\oui.txt
C:\Users\Packager\AppData\Local\SystemResources\WNetWatcher.exe.mun
C:\Users\Packager\AppData\Local\Temp\WNetWatcher_lng.ini
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Packager\AppData\Local\Temp\WNetWatcher.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Users\Packager\AppData\Local\Temp\WNetWatcher.cfg
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Users\Packager\AppData\Local\Temp
\Device\RasAcd
C:\Users\Packager\AppData\Local\SystemResources\WNetWatcher.exe.mun
C:\Users\Packager\AppData\Local\Temp\WNetWatcher_lng.ini
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Users\Packager\AppData\Local\Temp\WNetWatcher.exe.Local\
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984
C:\Users\Packager\AppData\Local\Temp\WNetWatcher.cfg
C:\Windows\System32\kernel.appcore.dll
\Device\CNG
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Users\Packager\AppData\Local\Temp
\Device\RasAcd
C:\Users\Packager\AppData\Local\Temp\WNetWatcher.cfg
\Device\RasAcd
\Device\RasAcd
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\WNetWatcher.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Arial
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\WNetWatcher.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Arial
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DnsClient
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableAdapterDomainName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UseDomainNameDevolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DomainNameDevolutionLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PrioritizeRecordData
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\AllowUnqualifiedQuery
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AppendToMultiLabelName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenBadTlds
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenUnreachableServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ScreenDefaultServers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DynamicServerQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterClusterIp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\WaitForNameErrorOnAll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseEdns
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsSecureNameQueryFallback
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableDAForAllNetworks
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessQueryOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryIpMatching
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseHostsFile
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AddrConfigControl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartNameResolution
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\PreferLocalOverLowerBindingDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\QueryNetBTFQDN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableSmartProtocolReordering
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UdpRecvBufferSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableParallelAandAAAA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableCoalescing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\FilterVPNTrigger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMultiHomedRouteConflicts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ForceQueriesOverTcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShareTcpConnections
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationEnabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterPrimaryName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterAdapterName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterReverseLookup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableReverseAddressRegistrations
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegisterWanAdapters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DisableWanDynamicUpdate
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationTTL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationMaxAddressCount
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\UpdateSecurityLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UpdateTopLevelDomainZones
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\RegistrationOverwrite
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxNegativeCacheTtl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\AdapterTimeoutLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ServerPriorityTimeLimit
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MaxCachedSockets
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableServerUnreachability
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMulticast
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastResponderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\MulticastSenderMaxTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableMDNS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsTest
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\CacheAllCompartments
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\UseNewRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ResolverRegistrationOnly
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\NewDhcpSrvRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DirectAccessPreferLocal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableIdnEncoding
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\EnableIdnMapping
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\ShortnameProxyDefault
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DisableNRPTForAdapterRegistration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutHistoryLength
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\TestMode_AdaptiveTimeoutRecalculationInterval
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DnsQuickQueryTimeouts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
Local\SM0:4800:168:WilStaging_02
Local\SM0:4800:64:WilError_03
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
Local\SM0:4800:64:WilError_03
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
Sorry! No behavior.
Sorry! No strace.
Sorry! No tracee.
No hosts contacted.
No TCP connections recorded.
No UDP connections recorded.
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP traffic
No SMTP traffic performed.
IRC traffic
No IRC requests performed.
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.
Sorry! No process dumps.