- \Device\KsecDD
- C:\Windows\System32\tzres.dll
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Program Files\Common Files\System\symsrv.dll
- C:\Users\user\AppData\Local\Temp\A1D26E2
-
- C:\Program Files\Common Files\System\symsrv.dll.dat
- C:\Program Files\Common Files\System\symsrv.dll.000
- Show More 2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
-
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\BD5F5ADB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
- Show More 9
- kernel32.dll.InitializeCriticalSectionEx
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsSetValue
- kernel32.dll.FlsGetValue
- kernel32.dll.LCMapStringEx
-
- api-ms-win-core-synch-l1-2-0.dll.InitializeConditionVariable
- api-ms-win-core-synch-l1-2-0.dll.SleepConditionVariableCS
- api-ms-win-core-synch-l1-2-0.dll.WakeAllConditionVariable
- cryptbase.dll.SystemFunction036
- ole32.dll.CLSIDFromOle1Class
- clbcatq.dll.GetCatalogObject
- clbcatq.dll.GetCatalogObject2
- kernel32.dll.OpenProcess
- kernel32.dll.TerminateProcess
- kernel32.dll.WriteProcessMemory
- kernel32.dll.VirtualAllocEx
- sechost.dll.LookupAccountNameLocalW
- advapi32.dll.AdjustTokenPrivileges
- user32.dll.MessageBoxTimeoutW
- wintrust.dll.WinVerifyTrust
- kernel32.dll.CreateProcessInternalW
- kernel32.dll.SortGetHandle
- kernel32.dll.SortCloseHandle
- ws2help.dll.WahReferenceContextByHandle
- ntdll.dll.KiUserExceptionDispatcher
- advapi32.dll.LookupAccountSidW
- sechost.dll.LookupAccountSidLocalW
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptGenRandom
- ole32.dll.NdrOleInitializeExtension
- ole32.dll.CoGetClassObject
- ole32.dll.CoGetMarshalSizeMax
- ole32.dll.CoMarshalInterface
- ole32.dll.CoUnmarshalInterface
- ole32.dll.StringFromIID
- ole32.dll.CoGetPSClsid
- ole32.dll.CoTaskMemAlloc
- ole32.dll.CoTaskMemFree
- ole32.dll.CoCreateInstance
- ole32.dll.CoReleaseMarshalData
- ole32.dll.DcomChannelSetHResult
- rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
- wininet.dll.InternetOpenA
- wininet.dll.InternetOpenUrlA
- rasapi32.dll.RasConnectionNotificationW
- sechost.dll.NotifyServiceStatusChangeA
- ole32.dll.CoInitializeEx
- advapi32.dll.RegDeleteTreeA
- advapi32.dll.RegDeleteTreeW
- wininet.dll.InternetCloseHandle
- wininet.dll.InternetReadFile
- ws2_32.dll.connect
- ole32.dll.CoUninitialize
- oleaut32.dll.#500
- Show More 49
- HKEY_CURRENT_USER\Software\Classes
- HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
- HKEY_CURRENT_USER\Software\Classes\CLSID\{E895F6DF-5FE2-4029-950F-359E556C1221}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
-
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
- HKEY_CURRENT_USER\Software\Classes\AppID\607a45a0d2ba7e53249570ec9b1acada710aafd9.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
- HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\BD5F5ADB
- HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
- HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaxSxSHashCount
- HKEY_CURRENT_USER\Software\Classes\CLSID\{9EF91B74-82BB-42B4-8C6A-4837200020B3}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{8C3EDBE5-AC14-4E5C-B10A-CA0764261365}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{142DE38F-16F5-4DE7-8D66-EEC56738446C}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{F6A711DA-46F1-4086-8DC2-9A2FD56A8E5E}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{2CD257FE-A9BA-4C39-9817-FD00B2FE4882}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{2B8BC88C-28AE-4D68-A583-A53677678741}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{AC1B4665-674E-4646-B42B-22713CB4D1F4}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{8A3FE424-D9E7-4D7E-A3F2-1CE0666FB589}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{4675F3AB-682A-4DCB-B448-BA5FF29FC5FA}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{B6B899EF-5338-44CE-9C05-41E61140C2E9}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{F3DB2FAC-AE70-49E9-A02A-FC9A7078DA97}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{EB357C55-ED0F-4F81-98A1-03C01251C1A7}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{B2412A08-204D-4AEE-9F30-D4D856497C6D}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{3CFE6C77-4C1C-4280-88DA-A5A843443B9C}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{6E8D13C2-83BD-489C-841C-C4FCA5700D24}
- Show More 41
- \Device\KsecDD
- C:\Windows\System32\tzres.dll
- C:\Windows\Globalization\Sorting\sortdefault.nls
- C:\Program Files\Common Files\System\symsrv.dll