Panel here :
http://92.241.190.128/coder/main/main/
DNS Lookup
Host Name IP Address
92.241.190.128 92.241.190.128
www.database-upgrade.net
www.database-upgrade.net 92.241.190.128
Download URLs
http://92.241.190.128/coder/main/main/gate.php?guid=Administrator!DELL-D3E62F7E26!ACE1A30C&ver=10280&stat=ONLINE&ie=7.0.5730.13&os=5.1.2600&ut=Admin&plg=socks5&cpu=59&ccrc=C29B5CAA&md5=f672ad03ad2c5a83878fa59055edaa98 (92.241.190.128)
http://92.241.190.128/coder/main/main/bin/crypted.exe (92.241.190.128)
http://92.241.190.128/coder/main/main/gate.php?guid=Administrator!DELL-D3E62F7E26!ACE1A30C&ver=10280&stat=ONLINE&ie=7.0.5730.13&os=5.1.2600&ut=Admin&plg=socks5&cpu=69&ccrc=C29B5CAA&md5=deb097c6dee4df1b6ee1b6874d0bc676 (92.241.190.128)
http://92.241.190.128/coder/main/main/bin/upload/crypted.exe (92.241.190.128)
Outgoing connection to remote server: 92.241.190.128 TCP port 80
Outgoing connection to remote server: 92.241.190.128 TCP port 80
Outgoing connection to remote server: 92.241.190.128 TCP port 80
Outgoing connection to remote server: 92.241.190.128 TCP port 80
Registry Changes by all processes
Create or Open
Changes
Reads HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9 “Serial_Access_Num”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9 “Next_Catalog_Entry_ID”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9 “Num_Catalog_Entries”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000001 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000002 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000003 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000004 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000005 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000006 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000007 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000008 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000009 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000010 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000011 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000012 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000013 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000014 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000015 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000016 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000017 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000018 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000019 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000020 “PackedCatalogItem”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9Catalog_Entries�00000000021 “PackedCatalogItem”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2Parameters “WinSock_Registry_Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWinSock2Parameters “AutodialDLL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStart”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStartAtJit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DisableConfigCache”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “CacheLocation”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DownloadCacheQuotaInKB”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “EnableLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LoggingLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “ForceLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogFailures”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogResourceBinds”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “UseLegacyIdentityFormat”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DisableMSIPeek”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32 “LatestIndex”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “NIUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “ILUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “Latest”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “index1”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “LegacyPolicyTimeStamp”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Xml,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “InstallRoot”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “CLRLoadLogDir”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “OnlyUseLatestCLR”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStart”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “GCStressStartAtJit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework “DisableConfigCache”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “CacheLocation”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DownloadCacheQuotaInKB”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “EnableLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LoggingLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “ForceLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogFailures”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “LogResourceBinds”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “UseLegacyIdentityFormat”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusion “DisableMSIPeek”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32 “LatestIndex”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “NIUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32index39 “ILUsageMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a91 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL7950e2c56caaf4531 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “Latest”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “index1”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionPublisherPolicyDefault “LegacyPolicyTimeStamp”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e32 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILc991064b94a1613 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL6dc7d4c0c6e51992 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3ced59c5731552299 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32ILf6e8397746fdbb814 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2b1a4e41d99584f35 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL24bf93f6497ba02516 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL4f99a7c914e3164a40 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI30bc7c4f1d4982328 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL424bd4d855c8d3736 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL19ab8d575922aa8b7 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL3f50fe4f68d6da4e8 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Xml,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db67485 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL475dce4052a70309f “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL2dd6ac5065313f894 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “Modules”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “SIG”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32IL41c04c7e32fcddb010 “LastModTime”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “DisplayName”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigMask”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ConfigString”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MVID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “EvalationData”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “Status”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “ILDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “NIDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI3cca06a031de29a46 “MissingDependencies”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionGACChangeNotificationDefault “System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL”
Enums HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyOID
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyOIDEncodingType 0CertDllOpenStoreProv
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSets
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsInternet
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsLocalIntranet
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a9
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db6748
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSets
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsInternet
HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkSecurityPolicyExtensionsNamedPermissionSetsLocalIntranet
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI181938c63c74e9a9
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI1c22df2f52628d2e
HKEY_LOCAL_MACHINESOFTWAREMicrosoftFusionNativeImagesIndexv2.0.50727_32NI61e7e66669db6748
File Changes by all processes
New Files C:Hellomotoo.exeHellomotoo.exe
C:Hellomotoo.execonfig.bin
DeviceRasAcd
C:Hellomotoo.execleansweepupd.exe
.pipeglobpluginsuninstallpipe
C:Hellomotoo.exeHellomotoo.exe
DeviceRasAcd
Opened Files C:WINDOWSsystem32ntdll.dll
C:Hellomotoo.exe
C:Hellomotoo.exe
C:Hellomotoo.exeHellomotoo.exe
C:Hellomotoo.execonfig.bin
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:Hellomotoo.exe
C:Hellomotoo.execonfig.bin
systemrootsystem32wtsapi32.dll
C:Hellomotoo.exeHellomotoo.exe
systemrootsystem32wininet.dll
C:Hellomotoo.exe
C:Hellomotoo.exe
C:Hellomotoo.execleansweepupd.exe
c:autoexec.bat
C:Hellomotoo.execonfig.bin
.pipeglobpluginsuninstallpipe
C:Hellomotoo.execonfig.bin
systemrootsystem32wtsapi32.dll
.pipeglobpluginspipe
systemrootsystem32ws2_32.dll
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execonfig.bin
.pipeglobpluginspipe
C:Hellomotoo.execleansweepupd.exe.config
C:Hellomotoo.execleansweepupd.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch
C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat
C:WINDOWSsystem32l_intl.nls
C:WINDOWSassemblypubpol1.dat
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
.PIPElsarpc
C:Hellomotoo.exeHellomotoo.exe.config
C:Hellomotoo.exeHellomotoo.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch
C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat
C:WINDOWSsystem32l_intl.nls
C:WINDOWSassemblypubpol1.dat
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp
C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp
.PIPElsarpc
C:Hellomotoo.execonfig.bin
.pipeglobpluginsuninstallpipe
Deleted Files c:build.exe
C:Hellomotoo.execleansweepupd.exe
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.2156.1146921
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.2156.1146937
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.2156.1147000
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.2240.1153468
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.2240.1153468
C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.2240.1153593
Chronological Order Set File Attributes: C:Hellomotoo.exe Flags: (FILE_ATTRIBUTE_HIDDEN SECURITY_ANONYMOUS)
Open File: C:WINDOWSsystem32ntdll.dll (OPEN_EXISTING)
Open File: C:Hellomotoo.exe (OPEN_EXISTING)
Open File: C:Hellomotoo.exe (OPEN_EXISTING)
Set File Time: C:Hellomotoo.exe
Copy File: c:build.exe to C:Hellomotoo.exeHellomotoo.exe
Delete File: c:build.exe
Move File: c:build.exe to
Open File: C:Hellomotoo.exeHellomotoo.exe (OPEN_EXISTING)
Set File Time: C:Hellomotoo.exeHellomotoo.exe
Get File Attributes: C:Hellomotoo.execonfig.bin Flags: (SECURITY_ANONYMOUS)
Create File: C:Hellomotoo.execonfig.bin
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Set File Time: C:Hellomotoo.execonfig.bin
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:Hellomotoo.exe ()
Find File: C:Hellomotoo.exeHellomotoo.exe
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: systemrootsystem32wtsapi32.dll ()
Open File: C:Hellomotoo.exeHellomotoo.exe (OPEN_EXISTING)
Open File: systemrootsystem32wininet.dll ()
Open File: C:Hellomotoo.exe (OPEN_EXISTING)
Open File: C:Hellomotoo.exe (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Get File Attributes: C:Hellomotoo.execleansweepupd.exe Flags: (SECURITY_ANONYMOUS)
Create File: C:Hellomotoo.execleansweepupd.exe
Open File: C:Hellomotoo.execleansweepupd.exe (OPEN_EXISTING)
Set File Time: C:Hellomotoo.execleansweepupd.exe
Find File: C:Hellomotoo.execleansweepupd.exe
Create NamedPipe: .pipeglobpluginsuninstallpipe
Copy File: C:Hellomotoo.execleansweepupd.exe to C:Hellomotoo.exeHellomotoo.exe
Delete File: C:Hellomotoo.execleansweepupd.exe
Move File: C:Hellomotoo.execleansweepupd.exe to
Set File Attributes: C:Hellomotoo.execonfig.bin Flags: (FILE_ATTRIBUTE_ARCHIVE FILE_ATTRIBUTE_COMPRESSED FILE_ATTRIBUTE_COMPRESSED SECURITY_ANONYMOUS)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und Einstellungen
Find File: C:Dokumente und EinstellungenAdministrator
Find File: C:Dokumente und EinstellungenAdministratorLokale Einstellungen
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftSystemCertificatesMyCertificates*
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftSystemCertificatesMyCRLs*
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftSystemCertificatesMyCTLs*
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginsuninstallpipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: systemrootsystem32wtsapi32.dll ()
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: systemrootsystem32ws2_32.dll ()
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginspipe (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: C:Hellomotoo.execleansweepupd.exe.config (OPEN_EXISTING)
Open File: C:Hellomotoo.execleansweepupd.exe (OPEN_EXISTING)
Find File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727fusion.localgac Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.INI
Open File: C:WINDOWSsystem32l_intl.nls (OPEN_EXISTING)
Get File Attributes: C:Hellomotoo.execleansweepupd.exe.config Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.execleansweepupd.exe Flags: (SECURITY_ANONYMOUS)
Find File: C:Hellomotoo.execleansweepupd.INI
Open File: C:WINDOWSassemblypubpol1.dat (OPEN_EXISTING)
Get File Attributes: C:WINDOWSassemblyGACPublisherPolicy.tme Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.INI
Get File Attributes: C:WINDOWSGlobalizationde-de.nlp Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp (OPEN_EXISTING)
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp (OPEN_EXISTING)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resourcesNøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resourcesNøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSGlobalizationde.nlp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resourcesNøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resourcesNøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.2156.1146921
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.2156.1146937
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.2156.1147000
Get File Attributes: C:WINDOWSsystem32mscoree.dll.local Flags: (SECURITY_ANONYMOUS)
Open File: C:Hellomotoo.exeHellomotoo.exe.config (OPEN_EXISTING)
Open File: C:Hellomotoo.exeHellomotoo.exe (OPEN_EXISTING)
Find File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorwks.dll
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727fusion.localgac Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config (OPEN_EXISTING)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch (OPEN_EXISTING)
Open File: C:WINDOWSassemblyNativeImages_v2.0.50727_32index39.dat (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089mscorlib.INI
Open File: C:WINDOWSsystem32l_intl.nls (OPEN_EXISTING)
Get File Attributes: C:Hellomotoo.exeHellomotoo.exe.config Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exeHellomotoo.exe Flags: (SECURITY_ANONYMOUS)
Find File: C:Hellomotoo.exeHellomotoo.INI
Open File: C:WINDOWSassemblypubpol1.dat (OPEN_EXISTING)
Get File Attributes: C:WINDOWSassemblyGACPublisherPolicy.tme Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configmachine.config (OPEN_EXISTING)
Find File: C:WINDOWSassemblyGAC_MSILMicrosoft.VisualBasic8.0.0.0__b03f5f7f11d50a3aMicrosoft.VisualBasic.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem2.0.0.0__b77a5c561934e089System.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Windows.Forms2.0.0.0__b77a5c561934e089System.Windows.Forms.INI
Find File: C:WINDOWSassemblyGAC_MSILSystem.Drawing2.0.0.0__b03f5f7f11d50a3aSystem.Drawing.INI
Get File Attributes: C:WINDOWSGlobalizationde-de.nlp Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sorttbls.nlp (OPEN_EXISTING)
Open File: C:WINDOWSassemblyGAC_32mscorlib2.0.0.0__b77a5c561934e089sortkey.nlp (OPEN_EXISTING)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resourcesNøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exede-DENøÆa0ª.resourcesNøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSGlobalizationde.nlp Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resourcesNøÆa0ª.resources.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Hellomotoo.exedeNøÆa0ª.resourcesNøÆa0ª.resources.exe Flags: (SECURITY_ANONYMOUS)
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configsecurity.config.cch.2240.1153468
Delete File: C:WINDOWSMicrosoft.NETFrameworkv2.0.50727configenterprisesec.config.cch.2240.1153468
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftCLR Security Configv2.0.50727.42security.config.cch.2240.1153593
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:Hellomotoo.execonfig.bin (OPEN_EXISTING)
Open File: .pipeglobpluginsuninstallpipe (OPEN_EXISTING)