AutoRuns v13.71

[OmenScan]

Utilty Version:
Autoruns v13.71


Utility Source:
https://download.sysinternals.com/files/Autoruns.zip


Utility Hash:
Autorunsc Hash MD5 - fb77774ec3d188767856a3bb8e2888eb
Autorunsc Hash Sha1 - a3f323d390619443987bd26088d0b8f60a276e5d


Utility Command line:
Autorunsc.exe /accepteula -a * -c -h > D:\AutoRun.dat


Artifact Identification Process:

• Install All Current Windows Updates on the VM 
  
• Reboot VM Twice 
• Create Snapshot 
• Reboot VM 
• Login To VM 
  
• Start Windows Explorer 
  
• Copy program to Root of D: 
• Start Elevated Command Prompt 
  
• Select D: drive by typing in: D: 
• Start Regshot-x64-ANSI 
  
• Leave Max Data to Show 256 (Limits the Data Displayed) 
• Set Output Directory to D:\ 
• Uncheck – Don't show files with same old/new size 
• Uncheck – Do not process registry, only dirs 
• Uncheck – Replace HKEY_USERS\sid in output file 
• Do First Shot and Save 
  
• Run Utility program from Command Prompt 
  
• Autorunsc.exe /accepteula -a * -c -h > D:\AutoRun.dat 
• Run Second Shot And Save 
  
• Compare And Output 
  
• Notate Differences from Baseline. 
  

Unique Changes Results:

Unique Registry Key Additions (Not in snapshot baseline)
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Sysinternals
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Sysinternals\AutoRuns


Unique Registry Values Added (Not in snapshot baseline)
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\aelupsvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\Alg.exe,-113
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\appidsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\appinfo.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\audiosrv.dll,-205
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\audiosrv.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\AxInstSV.dll,-104
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\bdesvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\bfe.dll,-1002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\qmgr.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\browser.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\bthserv.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\certprop.dll,-12
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-948
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\cryptsvc.dll,-1002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@oleres.dll,-5013
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\defragsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\dhcpcore.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\UtcResources.dll,-3002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\dnsapi.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\dot3svc.dll,-1103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\dps.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\eapsvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\efssvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\ehome\ehrecvr.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\ehome\ehsched.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wevtsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-2451
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\fxsresm.dll,-122
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\fdPHost.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\fdrespub.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\FntCache.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\PresentationHost.exe,-3310
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@gpapi.dll,-113
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\hidserv.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\kmsvc.dll,-7
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\ListSvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\provsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\ieetwcollectorres.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\ikeext.dll,-502
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\IPBusEnum.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\iphlpsvc.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@keyiso.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-2947
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\srvsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\lltdres.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\lmhsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\mmcss.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\FirewallAPI.dll,-23091
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-2798
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\iscsidsc.dll,-5001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\msimsg.dll,-32
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-7
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\netlogon.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\netman.dll,-110
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\netprofm.dll,-203
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\nlasvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\nsisvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pnrpsvc.dll,-8005
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\p2psvc.dll,-8007
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pcasvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\SysWow64\perfhost.exe,-1
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\pla.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\umpnpmgr.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pnrpauto.dll,-8003
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pnrpsvc.dll,-8001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\polstore.dll,-5011
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\umpo.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\profsvc.dll,-301
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\psbase.dll,-301
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\qwave.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\rasauto.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\rasmans.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@regsvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%windir%\system32\RpcEpMap.dll,-1002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\Locator.exe,-3
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@oleres.dll,-5011
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\samsrv.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\SCardSvr.dll,-5
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\schedsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\certprop.dll,-14
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sdrsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\seclogon.dll,-7000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\Sens.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\sensrsvc.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\SessEnv.dll,-1027
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\shsvcs.dll,-12289
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\snmptrap.exe,-4
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\spoolsv.exe,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sppsvc.exe,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sppuinotify.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\ssdpsrv.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sstpsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wiaservc.dll,-10
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\swprv.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sysmain.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\TabSvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tapisrv.dll,-10101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tbssvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\termsrv.dll,-267
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\themeservice.dll,-8193
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\mmcss.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\trkwks.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\servicing\TrustedInstaller.exe,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\ui0detect.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\upnphost.dll,-214
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\dwm.exe,-2001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\vaultsvc.dll,-1004
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\vds.exe,-112
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\vssvc.exe,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\w32time.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\Wat\WatUX.exe,-602
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wbengine.exe,-105
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wbiosrvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wcncsvc.dll,-4
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\WcsPlugInService.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wdi.dll,-503
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wdi.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\webclnt.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wecsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wercplsupport.dll,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wersvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\winhttp.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\wbem\wmisvc.dll,-204
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\wsmsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wlansvc.dll,-258
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\wbem\wmiapsrv.exe,-111
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wpcsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wpdbusenum.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wscsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\SearchIndexer.exe,-104
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wuaueng.dll,-106
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wudfsvc.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wwansvc.dll,-258
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\afd.sys,-1000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\appidsvc.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\browser.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\clfs.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\dfsc.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\discache.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fileinfo.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\filetrace.sys,-10000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fltmgr.sys,-10000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fsdepends.sys,-10000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fvevol.sys,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\http.sys,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\hwpolicy.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32013
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\irenum.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\luafv.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\mountmgr.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\FirewallAPI.dll,-23093
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\webclnt.dll,-105
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1003
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1005
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1007
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\mup.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\ndis.sys,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\netbt.sys,-1
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\nsiproxy.sys,-1
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\partmgr.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32006
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\drivers\pacer.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\qwavedrv.sys,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32005
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32007
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\sstpsvc.dll,-202
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\RDPENCDD.sys,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\RdpRefMp.sys,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\drivers\scfilter.sys,-12
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tcpipcfg.dll,-50006
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\srvsvc.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\srvsvc.dll,-105
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tcpipcfg.dll,-50003
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tcpipcfg.dll,-50004
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\volmgrx.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\drivers\vwifibus.sys,-258
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32011
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32012
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Sysinternals\AutoRuns\EulaAccepted
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\aelupsvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\Alg.exe,-113
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\appidsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\appinfo.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\audiosrv.dll,-205
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\audiosrv.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\AxInstSV.dll,-104
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\bdesvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\bfe.dll,-1002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\qmgr.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\browser.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\bthserv.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\certprop.dll,-12
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-948
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\cryptsvc.dll,-1002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@oleres.dll,-5013
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\defragsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\dhcpcore.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\UtcResources.dll,-3002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\dnsapi.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\dot3svc.dll,-1103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\dps.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\eapsvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\efssvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\ehome\ehrecvr.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\ehome\ehsched.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wevtsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-2451
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\fxsresm.dll,-122
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\fdPHost.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\fdrespub.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\FntCache.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\PresentationHost.exe,-3310
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@gpapi.dll,-113
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\hidserv.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\kmsvc.dll,-7
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\ListSvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\provsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\ieetwcollectorres.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\ikeext.dll,-502
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\IPBusEnum.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\iphlpsvc.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@keyiso.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-2947
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\srvsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\lltdres.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\lmhsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\mmcss.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\FirewallAPI.dll,-23091
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@comres.dll,-2798
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\iscsidsc.dll,-5001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\msimsg.dll,-32
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-7
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\netlogon.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\netman.dll,-110
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\netprofm.dll,-203
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\nlasvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\nsisvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pnrpsvc.dll,-8005
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\p2psvc.dll,-8007
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pcasvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\SysWow64\perfhost.exe,-1
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\pla.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\umpnpmgr.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pnrpauto.dll,-8003
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\pnrpsvc.dll,-8001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\polstore.dll,-5011
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\umpo.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\profsvc.dll,-301
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\psbase.dll,-301
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\qwave.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\rasauto.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\rasmans.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@regsvc.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%windir%\system32\RpcEpMap.dll,-1002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\Locator.exe,-3
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@oleres.dll,-5011
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\samsrv.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\SCardSvr.dll,-5
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\schedsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\certprop.dll,-14
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sdrsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\seclogon.dll,-7000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\Sens.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\sensrsvc.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\SessEnv.dll,-1027
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\shsvcs.dll,-12289
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\snmptrap.exe,-4
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\spoolsv.exe,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sppsvc.exe,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sppuinotify.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\ssdpsrv.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sstpsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wiaservc.dll,-10
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\swprv.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\sysmain.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\TabSvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tapisrv.dll,-10101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tbssvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\termsrv.dll,-267
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\themeservice.dll,-8193
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\mmcss.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\trkwks.dll,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\servicing\TrustedInstaller.exe,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\ui0detect.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\upnphost.dll,-214
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\dwm.exe,-2001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\vaultsvc.dll,-1004
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\vds.exe,-112
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\vssvc.exe,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\w32time.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\Wat\WatUX.exe,-602
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wbengine.exe,-105
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wbiosrvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wcncsvc.dll,-4
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\WcsPlugInService.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wdi.dll,-503
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wdi.dll,-501
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\webclnt.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wecsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wercplsupport.dll,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wersvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\winhttp.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\wbem\wmisvc.dll,-204
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\wsmsvc.dll,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wlansvc.dll,-258
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%Systemroot%\system32\wbem\wmiapsrv.exe,-111
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wpcsvc.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wpdbusenum.dll,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wscsvc.dll,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\SearchIndexer.exe,-104
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wuaueng.dll,-106
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\wudfsvc.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\wwansvc.dll,-258
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\afd.sys,-1000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\appidsvc.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\browser.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\clfs.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\dfsc.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\discache.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fileinfo.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\filetrace.sys,-10000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fltmgr.sys,-10000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fsdepends.sys,-10000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\fvevol.sys,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\http.sys,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\hwpolicy.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32013
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\irenum.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\luafv.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\mountmgr.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\FirewallAPI.dll,-23093
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\webclnt.dll,-105
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1003
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1005
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1007
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\mup.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\ndis.sys,-201
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32002
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\netbt.sys,-1
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\nsiproxy.sys,-1
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\partmgr.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32006
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\drivers\pacer.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\qwavedrv.sys,-2
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32005
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32007
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\sstpsvc.dll,-202
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\wkssvc.dll,-1001
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\RDPENCDD.sys,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\drivers\RdpRefMp.sys,-100
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\drivers\scfilter.sys,-12
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tcpipcfg.dll,-50006
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\srvsvc.dll,-103
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\srvsvc.dll,-105
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tcpipcfg.dll,-50003
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\tcpipcfg.dll,-50004
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\system32\drivers\volmgrx.sys,-101
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%SystemRoot%\System32\drivers\vwifibus.sys,-258
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32011
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\MuiCache\1\52C64B7E\@%systemroot%\system32\rascfg.dll,-32012


Unique registry Value Modifications (Not in snapshot Baseline)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Reliability Analysis\RAC\WmiLastTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Data
HKEY_LOCAL_MACHINE\SYSTEM\RNG\Seed


Unique File Folder Additions (Not in snapshot baseline)
None


Unique File Deletions (Not in snapshot baseline)
C:\ProgramData\Microsoft\RAC\Temp\sql54B8.tmp
C:\ProgramData\Microsoft\RAC\Temp\sql5C2C.tmp
C:\Users\All Users\Microsoft\RAC\Temp\sql54B8.tmp
C:\Users\All Users\Microsoft\RAC\Temp\sql5C2C.tmp
C:\Windows\Temp\TMP6AF63214599F1FEA


Unique File Additions (Not in snapshot baseline)
C:\Users\4n6Test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1D6F23D99D44085244DB44686B5A2A59
C:\Users\4n6Test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD
C:\Users\4n6Test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6
C:\Users\4n6Test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1D6F23D99D44085244DB44686B5A2A59
C:\Users\4n6Test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD
C:\Users\4n6Test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6


Unique File Attribute Modifications (Not in snapshot baseline)
C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf
C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat
C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat
C:\Users\4n6Test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\All Users\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf
C:\Users\All Users\Microsoft\RAC\StateData\RacDatabase.sdf
C:\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat
C:\Users\All Users\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat
C:\Users\All Users\Microsoft\RAC\StateData\RacWmiEventData.dat
C:\Windows\inf\WmiApRpl\0009\WmiApRpl.ini
C:\Windows\inf\WmiApRpl\WmiApRpl.h
C:\Windows\System32\perfc009.dat
C:\Windows\System32\perfh009.dat
C:\Windows\System32\PerfStringBackup.INI
C:\Windows\System32\wbem\Performance\WmiApRpl.h
C:\Windows\System32\wbem\Performance\WmiApRpl.ini
C:\Windows\System32\wbem\Repository\INDEX.BTR
C:\Windows\System32\wbem\Repository\MAPPING2.MAP
C:\Windows\System32\wbem\Repository\OBJECTS.DATA
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx


Non-Unique Changes Results:

Non-Unique Registry Key Additions (Generated by the snapshot process)
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv\OpenWithList
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.hiv
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\hiv
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017120920171210
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}



Non-Unique Registry Value Additions (Generated by the snapshot process)
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\1
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.hiv\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner\ProperTreeModuleInner
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\FirstFolder\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\hiv\0
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017120920171210\CachePrefix
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017120920171210\CachePath
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017120920171210\CacheOptions
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017120920171210\CacheRepair
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017120920171210\CacheLimit
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0xFFFF
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection



Non-Unique Registry Value Modifications (Generated by the snapshot process)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\59860043-8A6D-490B-9BF1-96876CD05743\IPAddress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\netgear.com\Failures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{42FDCFCA-E135-4493-A1CA-F191D7D20544}\DateLastConnected
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch\Epoch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch2\Epoch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\DhcpInterfaceOptions
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch\Epoch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2\Epoch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\T1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\T2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{915F6FF2-13BF-4DA2-88B1-C49CB2ECDF69}\DhcpInterfaceOptions
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\pzq.rkr
HKEY_USERS\S-1-5-21-1543496532-2964303708-3078955209-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Q


Non-Unique Folder Addition (Generated by the snapshot process)
C:\Users\4n6Test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017120920171210


Non-Unique File Deletion (Generated by the snapshot process)
None


Non-Unique File Addition (Generated by the snapshot process)
C:\Users\4n6Test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017120920171210\container.dat
C:\Users\4n6Test\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
C:\Users\4n6Test\AppData\Roaming\Microsoft\Windows\Recent\Baseline1.hiv.lnk
C:\Users\4n6Test\AppData\Roaming\Microsoft\Windows\Recent\Data Volume (D).lnk


Non-Unique File Attribute Modification (Generated by the snapshot process)
C:\Users\4n6Test\AppData\Local\Microsoft\Windows\WebCache\V01.log
C:\Users\4n6Test\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
C:\Users\4n6Test\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-19\7e22207fe9846926e18c29d3e675240e_ee6b9496-87b9-409e-9e2c-ca6e508e8f4a
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\fc4fd75c3476eb3515b1b8f1527e6f8f050ce26f.HomeGroupClassifier\b7d61386755f412165a3621b4362a30b\grouping\db.mdb
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\fc4fd75c3476eb3515b1b8f1527e6f8f050ce26f.HomeGroupClassifier\b7d61386755f412165a3621b4362a30b\grouping\edb.chk
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\fc4fd75c3476eb3515b1b8f1527e6f8f050ce26f.HomeGroupClassifier\b7d61386755f412165a3621b4362a30b\grouping\edb.log
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\fc4fd75c3476eb3515b1b8f1527e6f8f050ce26f.HomeGroupClassifier\b7d61386755f412165a3621b4362a30b\grouping\tmp.edb
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\Icon Files\59860043-8a6d-490b-9bf1-96876cd05743.png
C:\Windows\System32\config\SYSTEM
C:\Windows\System32\config\SYSTEM.LOG1