What is BMSetup.exe?
BMSetup.exe is digitally signed by DeskSoft.
BMSetup.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected BMSetup.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Digital signatures [?]
BMSetup.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | DeskSoft |
| Certificate issuer name | COMODO RSA Code Signing CA |
| Certificate serial number | 299297752347281526ae1b143a143a3b |
VirusTotal report
1 of the 65 anti-virus programs at VirusTotal detected the BMSetup.exe file. That's a 2% detection rate.
| Scanner | Detection Name |
|---|---|
| VBA32 | BScope.TrojanBanker.IcedID |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Program Files (x86)\\BWMeter\\ExportStats.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.chm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Program Files (x86)\\BWMeter\\Alert.wav",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Program Files (x86)\\BWMeter\\ExportStats.exe",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"\\Device\\KsecDD",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.chm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"\\??\\NDIS",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Program Files (x86)\\BWMeter\\Alert.wav",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"\\??\\Nsi"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\Linkage\\Bind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\InfSection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\ComponentId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dsnpfd\\Parameters\\NdisImPlatformBindingOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\InstallTimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SetupapiLogStatus\\setupapi.dev.log",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\Linkage\\Route",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Characteristics",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\Config",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\MHDSYS32\\069157D68",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\HelpText",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\InfPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SetupapiLogStatus\\setupapi.app.log",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\GroupOrderList\\NDIS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\DeskSoft\\BWMeter",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\NetCfgLockHolder\\(Default)"
],
"dll_loaded": [
"ext-ms-win-kernel32-package-current-l1-1-0",
"COMCTL32.dll",
"kernel32",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"MSWSOCK.dll",
"api-ms-win-core-sysinfo-l1-2-1",
"CRYPT32.dll",
"KERNEL32.DLL",
"kernel32.dll",
"UxTheme.dll",
"CRYPTBASE.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"C:\\Windows\\system32\\ole32.dll",
"RPCRT4.dll",
"dwmapi.dll",
"api-ms-win-core-localization-l1-2-1",
"USER32.dll",
"api-ms-win-core-synch-l1-2-0",
"C:\\Windows\\system32\\uxtheme.dll",
"ncrypt.dll",
"API-MS-WIN-Service-Management-L2-1-0.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"cryptnet.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"cfgmgr32.dll",
"api-ms-win-appmodel-runtime-l1-1-1",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"OLEAUT32.DLL",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"SPFILEQ.dll",
"ole32.dll",
"SHLWAPI.dll",
"CRYPTSP.dll",
"C:\\Windows\\system32\\bcryptprimitives.dll",
"Shcore.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"IMM32.dll",
"WINTRUST.dll",
"GDI32.dll",
"C:\\Windows\\system32\\CRYPT32.dll",
"OLEAUT32.dll",
"profapi.dll",
"comctl32",
"SHELL32.dll",
"SPINF.dll",
"comctl32.dll",
"USERENV.dll",
"setupapi.dll",
"drvstore.dll",
"api-ms-win-core-fibers-l1-1-1",
"WINTRUST.DLL",
"C:\\Windows\\system32\\cryptnet.dll",
"MSVCRT.dll",
"DEVRTL.dll",
"ADVAPI32.dll",
"rpcrt4.dll",
"SETUPAPI.dll",
"Cabinet.dll"
],
"file_opened": [
"C:\\Windows\\inf\\ServiceModelOperation 3.0.0.0\\",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\Windows\\inf\\netserv.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Windows\\inf\\TermService\\0000\\",
"C:\\Windows\\inf\\MSDTC\\",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\Windows\\System32\\WSHTCPIP.DLL",
"C:\\Windows\\inf\\netsstpt.inf",
"C:\\Windows\\inf\\Windows Workflow Foundation 3.0.0.0\\",
"C:\\Windows\\inf\\.NET CLR Data\\0000\\",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd.cat",
"C:\\Windows\\inf\\en-US\\",
"C:\\Windows\\inf\\wsearchidxpi\\",
"C:\\Windows\\inf\\RemoteAccess\\",
"C:\\Windows\\inf\\nettcpip.inf",
"C:\\Windows\\inf\\TermService\\0409\\",
"C:\\Windows\\inf\\fontsetup.inf",
"C:\\Windows\\inf\\MSDTC Bridge 3.0.0.0\\0000\\",
"C:\\Windows\\inf\\netrast.PNF",
"C:\\Windows\\inf\\IEM\\0409\\",
"C:\\Windows\\inf\\ESENT\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Windows\\inf\\netserv.PNF",
"C:\\Windows\\inf\\ndiscap.inf",
"C:\\Windows\\inf\\ServiceModelOperation 3.0.0.0\\0000\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.1",
"C:\\Windows\\inf\\ServiceModelEndpoint 3.0.0.0\\0000\\",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Windows\\inf\\usbhub\\",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Windows\\inf\\.NET Data Provider for Oracle\\",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Windows\\inf\\wsearchidxpi\\0409\\",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\inf\\UGTHRSVC\\0409\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Windows\\inf\\.NET CLR Networking\\0000\\",
"C:\\Windows\\inf\\TAPISRV\\0000\\",
"C:\\Windows\\inf\\netavpnt.PNF",
"C:\\Windows\\inf\\lltdio.inf",
"C:\\Windows\\inf\\netsstpt.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp",
"C:\\Windows\\inf\\PNRPSvc\\",
"C:\\Windows\\inf\\ServiceModelService 3.0.0.0\\",
"C:\\Windows\\inf\\.NET CLR Networking\\",
"C:\\Windows\\inf\\oem2.inf",
"C:\\Windows\\inf\\netnb.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\63da64290957af1f67f9b0048e1a8da92979a99717811b337725c8a369787b00.bin",
"C:\\Windows\\inf\\ServiceModelService 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\IEM\\",
"C:\\Windows\\inf\\MSDTC\\0409\\",
"C:\\Windows\\inf\\ESENT\\0000\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Windows\\inf\\rdyboost\\0000\\",
"C:\\Windows\\inf\\netvwififlt.inf",
"C:\\Windows\\System32\\catroot2\\dberr.txt",
"C:\\Windows\\inf\\ServiceModelEndpoint 3.0.0.0\\",
"C:\\Windows\\inf\\ServiceModelService 3.0.0.0\\0000\\",
"C:\\Windows\\inf\\.NETFramework\\",
"C:\\Windows\\inf\\PNRPSvc\\0409\\",
"C:\\Windows\\inf\\netavpnt.inf",
"C:\\Windows\\inf\\netmscli.PNF",
"C:\\Windows\\inf\\wfplwf.PNF",
"C:\\Windows\\inf\\netpacer.PNF",
"C:\\Windows\\System32\\drivers\\",
"C:\\Windows\\System32\\DriverStore\\infstor.dat",
"C:\\Windows\\inf\\netnwifi.inf",
"C:\\Windows\\inf\\.NETFramework\\0000\\",
"C:\\Windows\\inf\\netrast.inf",
"C:\\Windows\\inf\\netbrdgm.inf",
"C:\\Windows\\inf\\BITS\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Windows\\inf\\UGTHRSVC\\0000\\",
"C:\\Windows\\inf\\MSDTC Bridge 3.0.0.0\\",
"C:\\Windows\\inf\\netpgm.inf",
"C:\\Windows\\inf\\TAPISRV\\0409\\",
"C:\\Windows\\inf\\RemoteAccess\\0000\\",
"C:\\Windows\\inf\\defltwk.inf",
"C:\\Windows\\inf\\.NET CLR Networking\\0409\\",
"C:\\Windows\\inf\\rdyboost\\",
"C:\\Windows\\System32\\rsaenh.dll",
"C:\\Windows\\inf\\PERFLIB\\",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\",
"C:\\Windows\\inf\\netrass.PNF",
"C:\\Windows\\inf\\netbrdgs.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Windows\\System32\\DriverStore\\infpub.dat",
"C:\\Windows\\inf\\.NET Data Provider for SqlServer\\0409\\",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Windows\\inf\\SMSvcHost 3.0.0.0\\0000\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\",
"C:\\Windows\\inf\\netrasa.inf",
"C:\\Windows\\inf\\UGatherer\\0409\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\",
"C:\\Windows\\System32\\DriverStore\\infstrng.dat",
"C:\\Windows\\inf\\lltdio.PNF",
"C:\\Windows\\inf\\Windows Workflow Foundation 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\rspndr.PNF",
"C:\\Windows\\inf\\netpacer.inf",
"C:\\Windows\\inf\\SMSvcHost 3.0.0.0\\",
"C:\\Windows\\inf\\wfplwf.inf",
"C:\\Windows\\inf\\.NET CLR Data\\0409\\",
"C:\\Windows\\inf\\ServiceModelEndpoint 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\netmscli.inf",
"C:\\Windows\\inf\\BITS\\0409\\",
"C:\\Windows\\inf\\.NET Data Provider for SqlServer\\0000\\",
"C:\\Windows\\inf\\netip6.PNF",
"C:\\Windows\\inf\\UGatherer\\0000\\",
"C:\\Windows\\inf\\WmiApRpl\\",
"C:\\Windows\\inf\\TAPISRV\\",
"C:\\Windows\\inf\\netvwifimp.inf",
"C:\\Windows\\inf\\ESENT\\0409\\",
"C:\\Windows\\inf\\errata.inf",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Windows\\inf\\MSDTC\\0000\\",
"C:\\Windows\\inf\\.NETFramework\\0409\\",
"C:\\Windows\\inf\\ndisuio.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Windows\\inf\\rspndr.inf",
"C:\\Windows\\inf\\printupg.inf",
"C:\\Windows\\System32\\catroot",
"C:\\Windows\\inf\\.NET CLR Data\\",
"C:\\Windows\\System32\\catroot2",
"C:\\Windows\\inf\\PERFLIB\\0000\\",
"C:\\Windows\\inf\\TermService\\",
"C:\\Windows\\inf\\secrecs.inf",
"C:\\Windows\\inf\\PNRPSvc\\0000\\",
"C:\\Windows\\inf\\dwup.inf",
"C:\\Program Files (x86)\\BWMeter\\",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd_lwf.inf",
"C:\\Windows\\inf\\setupapi.dev.log",
"C:\\Windows\\inf\\netsstpa.inf",
"C:\\Windows\\inf\\usbhub\\0409\\",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Windows\\inf\\puwk.inf",
"C:\\Windows\\inf\\SMSvcHost 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\MSDTC Bridge 3.0.0.0\\0409\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\",
"c:\\Windows\\System32\\driverstore\\filerepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\",
"c:\\program files (x86)\\BWMeter\\",
"C:\\Windows\\inf\\netrass.inf",
"C:\\Windows\\inf\\Windows Workflow Foundation 3.0.0.0\\0000\\",
"c:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd_lwf.PNF",
"C:\\Windows\\inf\\netip6.inf",
"C:\\Windows\\inf\\UGTHRSVC\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Windows\\inf\\UGatherer\\",
"C:\\Windows\\inf\\BITS\\0000\\",
"C:\\Windows\\inf\\apps.inf",
"C:\\Windows\\inf\\PERFLIB\\0409\\",
"C:\\Windows\\inf\\nettcpip.PNF",
"C:\\Windows\\inf\\setupapi.app.log",
"C:\\Windows\\inf\\.NET Data Provider for SqlServer\\",
"C:\\Windows\\inf\\",
"C:\\Windows\\inf\\rdyboost\\0409\\",
"C:\\Windows\\inf\\ndiscap.PNF",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Windows\\inf\\usbhub\\0000\\",
"C:\\Windows\\inf\\wsearchidxpi\\0000\\",
"C:\\Windows\\inf\\dshowext.inf",
"C:\\Windows\\inf\\.NET Data Provider for Oracle\\0000\\",
"C:\\Windows\\inf\\defltbase.inf",
"C:\\Windows\\inf\\sceregvl.inf",
"C:\\Windows\\inf\\netavpna.inf",
"C:\\Windows\\inf\\netnwifi.PNF",
"C:\\Windows\\inf\\netnb.PNF",
"C:\\Windows\\inf\\ndisuio.inf",
"C:\\Windows\\inf\\WmiApRpl\\0009\\",
"C:\\Windows\\inf\\RemoteAccess\\0409\\",
"C:\\Windows\\inf\\.NET Data Provider for Oracle\\0409\\",
"c:\\program files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Windows\\System32\\DriverStore\\en-US\\",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\",
"C:\\Windows\\inf\\ServiceModelOperation 3.0.0.0\\0409\\"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\DeviceClasses",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\DeskSoft",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CoDeviceInstallers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\PerHwIdStorage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0010",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0011",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\BMSetup.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\MHDSYS32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Enum\\ROOT",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0005",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0004",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0007",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0006",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0001",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0003",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0002",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0009",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0008"
],
"command_line": [
"\"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe\" -u nt_dsnpfd",
"\"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe\" -l dsnpfd_lwf.inf -c s -i nt_dsnpfd",
"BMSetup.exe -WORKDIR=\"C:\\Users\\cuck\\AppData\\Local\\Temp\"",
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe\" -WORKDIR=\"C:\\Users\\cuck\\AppData\\Local\\Temp\""
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Program Files (x86)\\BWMeter\\ExportStats.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Windows\\System32\\catroot2\\dberr.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.chm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Program Files (x86)\\BWMeter\\Alert.wav",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\NetCfgLockHolder"
],
"file_deleted": [
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\BWMeter.chm",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd_lwf.inf",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\",
"C:\\Windows\\inf\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup.dis",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\w7lw64dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter",
"C:\\Windows\\System32\\DriverStore",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000",
"C:\\Windows\\System32\\drivers\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Alert.wav",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\64snetcfg.exe",
"C:\\Windows\\inf\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\w7lw64dsnpfd.sys",
"C:\\Windows\\System32\\fveui.dll",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Windows\\System32\\drivers\\dsnpfd.sys",
"C:\\Windows\\System32\\QAGENTRT.DLL",
"C:\\Windows\\System32\\dnsapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.cat",
"C:\\Windows\\System32\\p2pcollab.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\w7lw64dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}",
"C:\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\ExportStats.exe",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\BWMeter.exe",
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft\\BWMeter",
"C:\\Windows\\System32\\drivers"
],
"file_moved": [
[
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe"
],
[
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe"
],
[
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe"
]
],
"mutex": [
"Global\\NetCfgWriteLock",
"Global\\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\2659C1A560AB92C9C29D4B2B25815AE8",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8890A77645B73478F5B1DED18ACBF795_DEE69D93E594A5FDFDC011ECAA8298A2",
"C:\\Windows\\System32\\DriverStore\\infpub.dat",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A6D8662C7600817D67B3C1A03BC53A1B",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3342430143A0BE2B139C3444FED0820",
"C:\\Windows\\System32\\drivers\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3781B4A3713292956206932165FA4132_6001B43704283F776FFB54EAF68477D2",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C8E7EC0C85688F4738F3BE49B104BA67",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.2",
"C:\\Windows\\System32\\DriverStore\\infstrng.dat",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.0",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.1",
"C:\\Windows\\System32\\DriverStore\\infstor.dat",
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0270780F846F08BEFE0DD8112D932FEF",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3781B4A3713292956206932165FA4132_0C8F3D6C7AE841C33DC67B1D37B3158A",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8890A77645B73478F5B1DED18ACBF795_E1EDEF0C21AE75D448F7327475DF4C9E",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5781E92BE36651A8ED64685F2F3CF507",
"C:\\Windows\\System32\\DriverStore\\drvindex.dat"
],
"guid": [
"{d212b88e-8365-4ca9-bc4e-cfa4251f6b5f}",
"{0c41d1e6-9d16-41ed-9cdd-d0665039857b}",
"{6e65cbc5-926d-11d0-8e27-00c04fc99dcf}",
"{6e65cbc3-926d-11d0-8e27-00c04fc99dcf}",
"{0f0c09c5-601e-4396-bcd0-cdb343d7f657}",
"{57c06eaa-8784-11d0-83d4-00a0c911e5df}",
"{a907657f-6fdf-11d0-8efb-00c04fd912b2}",
"{6e65cbc6-926d-11d0-8e27-00c04fc99dcf}",
"{7f368827-9516-11d0-83d9-00a0c911e5df}",
"{7177c4bd-e20a-4140-ad8a-998e7a2d18c0}",
"{c0e8ae93-306e-11d1-aacf-00805fc1270e}",
"{e949da38-c39d-4460-8ea7-a39152c56836}",
"{6e65cbc1-926d-11d0-8e27-00c04fc99dcf}",
"{6e65cbc4-926d-11d0-8e27-00c04fc99dcf}",
"{5b035261-40f9-11d1-aaec-00805fc1270e}",
"{932238df-bea1-11d0-9298-00c04fc99dcf}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"c:\\program files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\63da64290957af1f67f9b0048e1a8da92979a99717811b337725c8a369787b00.bin",
"c:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NetbiosOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagMatchAnyMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\RegistrationEnabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\EnableDHCP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\HelpText",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\tcpipcfg.dll,-50001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\EnableLMHOSTS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\LowerRange",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetCachedOcspSwitchToCrlCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Safety Warning Level",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileChunkSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SetupapiLogStatus\\setupapi.app.log",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Provider List",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\p2pcollab.dll,-8042",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\FilterInfId",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Interfaces\\{46c6ad23-cfc8-4177-b38f-6c28f239eb0d}\\NameServer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagLevel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCachePurgeIntervalSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.44.3.4!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileOverlappedCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\97817950D81C9670CC34D809CF794431367EF474\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\ActiveConfigurations",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\MaxNumFilters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\UseDomainNameDevolution",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\DisableDecoratedModelsRequirement",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\RegisterAdapterName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\OtherDomains",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\666C0510",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\FilterClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\\State",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\EnableDHCP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\NV Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileBufferedSynchronousIo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\MEMORY MANAGEMENT\\LargeSystemCache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Service",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@tcpipcfg.dll,-50002",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\EnableICMPRedirect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Setup Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServerList",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\DeadGWDetectDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\LowerRange",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\Config",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\FilterRunType",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\sstpsvc.dll,-203",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\BindForm",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\rascfg.dll,-32010",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Parameters\\Transports",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\IPEnableRouter",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\qagentrt.dll,-10",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\Parameters\\Lmannounce",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\BindForm",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SafeProcessSearchMode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\RegistrationEnabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Psched\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\RegisterAdapterName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\DontAddDefaultGatewayDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\RequiredAll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.2!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\MHDSYS32\\069157D68",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\FilterRunType",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-844",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-843",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Service",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@netcfgx.dll,-50003",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@netcfgx.dll,-50002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\ActiveConfigurations",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCacheMaxItems",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\drivers\\pacer.sys,-100",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\NetCfgLockHolder\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\TimeStamp",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\rascfg.dll,-32008",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\rascfg.dll,-32009",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.47.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\7D7F4414CCEF168ADF6BF40753B5BECD78375931\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\SearchList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Known Static Providers",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServerList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\DeskSoft\\BWMeter",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivateKeyLifetimeSeconds",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetMaxCachedOcspPerCrlCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip6\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\133121",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NetbiosOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\DisableDhcpOnConnect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\FilterInfId",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\GroupOrderList\\NDIS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\DisableDhcpOnConnect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\lltdres.dll,-4",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\lltdres.dll,-3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\Installation Sources",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\Parameters\\Size",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\HelpText",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\ComponentDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\FilterRunType"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft\\BWMeter",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000",
"C:\\Windows\\System32\\catroot",
"C:\\Windows\\System32\\catroot2",
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft",
"C:\\Program Files (x86)\\BWMeter"
]
}Dropped
[
{
"yara": [],
"sha1": "fee165091d5388fa932a56026d901d4f1d6e0455",
"name": "903876efe30d76c6_dsnpfd_lwf.inf",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd_lwf.inf",
"type": "Windows setup INFormation, ASCII text, with CRLF line terminators",
"sha256": "903876efe30d76c64042b0e6e90db5aa1b004b2e6ac03225954f160a8c42669c",
"urls": [],
"crc32": "17131701",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/903876efe30d76c6_dsnpfd_lwf.inf",
"ssdeep": null,
"size": 2694,
"sha512": "0b9e772f6b5d150e78a05dbaef8462ef9d396e6e47412566d987dc5791db41ec9e4869c6cb3acf9d0726ea22ca730a843bf06c980da5a658a0f00360fa4c595e",
"pids": [
2964
],
"md5": "c84c75d434fc870ba0c833d78e3dba79"
},
{
"yara": [],
"sha1": "095e3635c5812285cae9d9ad7158200d846cfe40",
"name": "067c978552676010_uninstall.exe",
"filepath": "C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "067c978552676010833d4524b10fb815e86e7089c8691b48a005e65fd0b8d8e1",
"urls": [
"http:\/\/www.desksoft.com"
],
"crc32": "1BAF0451",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/067c978552676010_uninstall.exe",
"ssdeep": null,
"size": 242169,
"sha512": "9f1b581d73a04c2d9489c27081a9db066fe9254243a063556173603d68055628f85ef3a11cc8279c594e777db0f937f845bcd33a255c603eda52d9a855f0c736",
"pids": [
460
],
"md5": "89cb3a17e9ab6135991ff97d709357d5"
},
{
"yara": [],
"sha1": "725bacdd8087235e95b91781b90abb01c10f91b3",
"name": "0f8980e6180de1a4_bwmeter.chm",
"filepath": "C:\\Program Files (x86)\\BWMeter\\BWMeter.chm",
"type": "MS Windows HtmlHelp Data",
"sha256": "0f8980e6180de1a49ce31498b673252643ebf155ba4c634cf4486c530e829510",
"urls": [],
"crc32": "B84CA9CE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/0f8980e6180de1a4_bwmeter.chm",
"ssdeep": null,
"size": 90581,
"sha512": "f68fe432debbe2d63ae76227e3f95279e343d8ec292a15ee50f75124d6d03b4047d82e80d8536027ed16813d14ed6bd1d8d02fcd576de677c2ecaa2a7c67c110",
"pids": [
460
],
"md5": "22a6726481dcf278d674a7914f6336ff"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14_SET18.tmp",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/e3b0c44298fc1c14_SET18.tmp",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "c64ad224b877cd5bbdcdb1799b71f3682602d231",
"name": "b0a39e28d93f7822_TarB182.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp",
"type": "data",
"sha256": "b0a39e28d93f7822fe6cac1e082c7adc581dcd2b61eb9f536e74bd14a75b27bc",
"urls": [
"http:\/\/www.microsoft.com\/pkiops\/certs\/Microsoft%20Certificate%20Trust%20List%20PCA(3).crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut_2010-06-23.crt07",
"http:\/\/www.microsoft.com\/pki\/certs\/MicCerLisCA2011_2011-03-29.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftRootCert.crt0",
"http:\/\/www.microsoft.com\/pkiops\/crl\/Microsoft%20Certificate%20Trust%20List%20PCA(3).crl0u"
],
"crc32": "B495BE07",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/b0a39e28d93f7822_TarB182.tmp",
"ssdeep": null,
"size": 138525,
"sha512": "0663fb22bcefd0ac5f090104322a8c0dc1ceb77a168b589d7dbb9a74d109daf38beac97dab715220abab08c355496f5719159e17995248caa19eff45bc2a5d46",
"pids": [
2964
],
"md5": "0e34ebf89b843b303f0fb5f194be9d28"
},
{
"yara": [],
"sha1": "4c3461e4f636e6273e8be8e3013b057d11f4f22a",
"name": "847f66975d78aa3f_oem2.pnf",
"filepath": "C:\\Windows\\inf\\oem2.PNF",
"type": "data",
"sha256": "847f66975d78aa3f83670dcb6841ea13c0553bab75c7c6591c86ddb9be445848",
"urls": [],
"crc32": "CDCF272E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/847f66975d78aa3f_oem2.pnf",
"ssdeep": null,
"size": 8176,
"sha512": "61bfa618c9e8b262f9698d1393ea478dcafd61d97c08216ce3f6e09e22a115e72965f93e474e0d3d20ffa9f9d8a91603f1d13ff83ddfdf25a4d211be349bd144",
"pids": [
2964
],
"md5": "5acd686d2b1c8e272f7762ee5d4acc95"
},
{
"yara": [],
"sha1": "0d75a9df7ca6afe6fc25cdea4b2dbe722f896432",
"name": "f0879f3b13b3393d_dberr.txt",
"filepath": "C:\\Windows\\System32\\catroot2\\dberr.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "f0879f3b13b3393d6e99c44d9e523d9a38777824d43f67a5d05d7c8c7d4daa03",
"urls": [],
"crc32": "AB778592",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/f0879f3b13b3393d_dberr.txt",
"ssdeep": null,
"size": 129850,
"sha512": "0efbd0609bf77e93281e6aa7b62c7ae469e55f6a29982569e3e43b13045814737b001f4e53147d284fffd61f1beb1fa9f99ae89f5e08c0de7bfa80fb17e21162",
"pids": [
2964
],
"md5": "5bdcfbfb607c06e167d8ffd0814289aa"
},
{
"yara": [],
"sha1": "ddd53b5cc357a69e97a07d16fb6683bc2a81c1cf",
"name": "e1ae5293857f9083_rcxc8b6.tmp",
"filepath": "C:\\Program Files (x86)\\BWMeter\\RCXC8B6.tmp",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "e1ae5293857f90832b0eaabc0a1d1acb7e34513add22538c700cb72dad2122d6",
"urls": [],
"crc32": "4315F938",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/e1ae5293857f9083_rcxc8b6.tmp",
"ssdeep": null,
"size": 5120,
"sha512": "1aa103f414334c626529ec4f9910bcd6c1fb784dce02f375487eea013468a320869648e7cd1554f5bc01039df02c4a4b9453da18f3cf16bded557eac3d9d62de",
"pids": [
460
],
"md5": "0059e4044c14cfc3e0c400e2972e0f48"
},
{
"yara": [],
"sha1": "cf925fc512b936fe7d44ceb6e999e4a020ed6ff0",
"name": "4c9c4d831d61c8c3_CabB171.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"type": "Microsoft Cabinet archive data, 56952 bytes, 1 file",
"sha256": "4c9c4d831d61c8c38b2513f9b431ef4f4cf6af9fb18a2317cd2178d6e0997822",
"urls": [],
"crc32": "5168F337",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/4c9c4d831d61c8c3_CabB171.tmp",
"ssdeep": null,
"size": 56952,
"sha512": "65dc435f6d3e1afd347ba1617a3eee59c6660f221faa36456a09e307d434d7276e8095e8aa34d59933e685a9f84564ec783e59ae9658791f7ebdbbc2eda32f7a",
"pids": [
2964
],
"md5": "04d79a0dc77a8f449cbff6252862d398"
},
{
"yara": [],
"sha1": "a396e740a34da1112621efca0b7309dba9706cf5",
"name": "c80d994761ec106e_snetcfg.exe",
"filepath": "C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"type": "PE32+ executable (console) x86-64, for MS Windows",
"sha256": "c80d994761ec106e15232ca38aeda7e673d82888644fc8e71d6943c2af26f3e7",
"urls": [],
"crc32": "8A516DEE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/c80d994761ec106e_snetcfg.exe",
"ssdeep": null,
"size": 15360,
"sha512": "4e448d4d2b10d44f09e337856c3e133e99a41448fb132fb675805c140d22bd85602ee130b6204a6a17f5391946156c133a975e0f411dd1f38abd30cd53635d2d",
"pids": [
460
],
"md5": "3b646b9d750aadd3dc5e26d08ea5b285"
},
{
"yara": [],
"sha1": "03ec4cecf2ef503948368049c5a96df0399b3ae8",
"name": "f1ce806325470c0e_bwmeter.exe",
"filepath": "C:\\Program Files (x86)\\BWMeter\\BWMeter.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "f1ce806325470c0efefbd6bdbc67250ec23d43802010157f308b36fc9471ccfe",
"urls": [
"http:\/\/ocsp.comodoca.com0",
"http:\/\/crl.comodoca.com\/COMODORSACertificationAuthority.crl0q",
"http:\/\/crl.comodoca.com\/COMODORSACodeSigningCA.crl0t",
"http:\/\/www.openssl.org\/support\/faq.html",
"https:\/\/secure.comodo.net\/CPS0C",
"http:\/\/crt.comodoca.com\/COMODORSACodeSigningCA.crt0",
"http:\/\/www.desksoft.com",
"http:\/\/crt.comodoca.com\/COMODORSAAddTrustCA.crt0"
],
"crc32": "6DA18C65",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/f1ce806325470c0e_bwmeter.exe",
"ssdeep": null,
"size": 1805792,
"sha512": "68943d60d9e218b3e7aff2dbd180b18afce79421216412e4569061986e04dfea4dcc544ebf66079af9b2d8b6b6af30c5a10f5954c4522b40fcea85bc5fb21868",
"pids": [
460
],
"md5": "26c02eb3c519b1200172001b2b1e8613"
},
{
"yara": [],
"sha1": "a9906d6f320539a91c2f104a2808060b8203402a",
"name": "95a1aae806c5b646_dsnpfd.sys",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.sys",
"type": "PE32+ executable (native) x86-64, for MS Windows",
"sha256": "95a1aae806c5b646fc535bd87759b91cfb201f45c72a3f4798e470d3fd7bb102",
"urls": [
"http:\/\/crl4.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceEVRootCA.crt0",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceCodeSigningCA-1.crt0",
"https:\/\/www.globalsign.com\/repository\/0",
"https:\/\/www.digicert.com\/CPS0",
"http:\/\/secure.globalsign.com\/cacert\/gstimestampingg2.crt0",
"http:\/\/ocsp.digicert.com0I",
"http:\/\/ocsp.digicert.com0P",
"http:\/\/crl.globalsign.com\/gs\/gstimestampingg2.crl0T",
"https:\/\/www.globalsign.com\/repository\/03",
"http:\/\/crl.globalsign.net\/root.crl0",
"http:\/\/crl4.digicert.com\/ha-cs-2011a.crl0K",
"http:\/\/crl3.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"http:\/\/crl3.digicert.com\/ha-cs-2011a.crl0.",
"http:\/\/www.digicert.com\/ssl-cps-repository.htm0"
],
"crc32": "9046714A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/95a1aae806c5b646_dsnpfd.sys",
"ssdeep": null,
"size": 38600,
"sha512": "c6f1448af799c9706023fd67a75c60935628e948346ca82b059b3a2aaedba3520b9425fac93b5aafcf0b9404690d9c15ad089d32608b4f36b73f3cb9dca1a972",
"pids": [
2964
],
"md5": "f038eee9967f7038dc231c7b27776f23"
},
{
"yara": [],
"sha1": "3af64a53632544f13c012a8102978cef702741d8",
"name": "da9a3876dc029f10_bmsetup.exe",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "da9a3876dc029f100887b7aad4e4a9aecb9374fd21784784b12c1b06b7da1e04",
"urls": [
"http:\/\/crl3.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"https:\/\/www.globalsign.com\/repository\/03",
"https:\/\/www.globalsign.com\/repository\/0",
"http:\/\/crt.comodoca.com\/COMODORSACodeSigningCA.crt0",
"http:\/\/crl4.digicert.com\/EVCodeSigningSHA2-g1.crl0K",
"http:\/\/www.microsoft.com\/pki\/certs\/MicTimStaPCA_2010-07-01.crt0",
"http:\/\/ocsp.comodoca.com0",
"http:\/\/crl3.digicert.com\/ha-cs-2011a.crl0.",
"http:\/\/crt.comodoca.com\/COMODORSAAddTrustCA.crt0",
"http:\/\/crl4.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"http:\/\/crl3.digicert.com\/EVCodeSigningSHA2-g1.crl07",
"http:\/\/www.desksoft.com\/PAD\/BM_VER.TXT",
"http:\/\/crl.globalsign.net\/root.crl0",
"http:\/\/www.desksoft.com",
"http:\/\/www.microsoft.com\/PKI\/docs\/CPS\/default.htm0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut_2010-06-23.crt0",
"http:\/\/crl.comodoca.com\/COMODORSACertificationAuthority.crl0q",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceEVRootCA.crt0",
"https:\/\/www.microsoft.com\/en-us\/windows",
"http:\/\/www.microsoft.com\/pkiops\/Docs\/Repository.htm0",
"http:\/\/ocsp.digicert.com0I",
"http:\/\/www.microsoft.com\/pkiops\/crl\/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crl0",
"http:\/\/www.microsoft.com\/pkiops\/certs\/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crt0",
"https:\/\/secure.comodo.net\/CPS0C",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceCodeSigningCA-1.crt0",
"http:\/\/ocsp.digicert.com0P",
"http:\/\/crl4.digicert.com\/ha-cs-2011a.crl0K",
"http:\/\/ocsp.digicert.com0H",
"http:\/\/secure.globalsign.com\/cacert\/gstimestampingg2.crt0",
"http:\/\/crl.comodoca.com\/COMODORSACodeSigningCA.crl0t",
"http:\/\/www.openssl.org\/support\/faq.html",
"http:\/\/cacerts.digicert.com\/DigiCertEVCodeSigningCA-SHA2.crt0",
"http:\/\/crl.globalsign.com\/gs\/gstimestampingg2.crl0T",
"http:\/\/www.desksoft.com\/",
"https:\/\/www.digicert.com\/CPS0",
"http:\/\/www.digicert.com\/ssl-cps-repository.htm0"
],
"crc32": "2A976F83",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/da9a3876dc029f10_bmsetup.exe",
"ssdeep": null,
"size": 2792727,
"sha512": "f138f64f1bf591785f5e01ceb86c457328acecf13fa8ef91f2187024fda6c7791b04a44b17e8b36742322a1f7a66a10f7315aa30dd1a7e4c43046488acd2db20",
"pids": [
2460
],
"md5": "4272a015cb4bfb5b42a3d4791e932cba"
},
{
"yara": [],
"sha1": "fce574113d8b2243df00a3259a6af0aec81689aa",
"name": "bb11dc2559d92892_alert.wav",
"filepath": "C:\\Program Files (x86)\\BWMeter\\Alert.wav",
"type": "RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 8000 Hz",
"sha256": "bb11dc2559d9289268e8ed99ff01cfc2b53a43b59b8feab2c384443953768f2c",
"urls": [],
"crc32": "AAD51797",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/bb11dc2559d92892_alert.wav",
"ssdeep": null,
"size": 12814,
"sha512": "815dee317b198ca9e2ea925661afbf859d537fe6c1023c04bdb0c6dd76e165754d0d59255f1ee59821812025cc3a4e266e44e299d6955f988782bea72a8c34b4",
"pids": [
460
],
"md5": "e3c5ac2a7e13201766899edb6c41f9b0"
},
{
"yara": [],
"sha1": "4cbe53ff80bf59a9b8a53cce1ac695213180c7b1",
"name": "207933db2eaacbd0_dsnpfd.cat",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.cat",
"type": "data",
"sha256": "207933db2eaacbd0b46224cb1fc57eef9fa816f169b57967a80b56f15db0b1b7",
"urls": [
"http:\/\/crl4.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceEVRootCA.crt0",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceCodeSigningCA-1.crt0",
"https:\/\/www.globalsign.com\/repository\/0",
"https:\/\/www.digicert.com\/CPS0",
"http:\/\/secure.globalsign.com\/cacert\/gstimestampingg2.crt0",
"http:\/\/ocsp.digicert.com0I",
"http:\/\/ocsp.digicert.com0P",
"http:\/\/crl.globalsign.com\/gs\/gstimestampingg2.crl0T",
"https:\/\/www.globalsign.com\/repository\/03",
"http:\/\/crl.globalsign.net\/root.crl0",
"http:\/\/crl4.digicert.com\/ha-cs-2011a.crl0K",
"http:\/\/crl3.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"http:\/\/crl3.digicert.com\/ha-cs-2011a.crl0.",
"http:\/\/www.digicert.com\/ssl-cps-repository.htm0"
],
"crc32": "B1AECF35",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/207933db2eaacbd0_dsnpfd.cat",
"ssdeep": null,
"size": 8880,
"sha512": "297c2b6247b50145ede129b1678037cfaba92f9b4a2befff4072a8aac50e2db2a16322e34a01ed9a479e194f21a65ca55c2707ee074b8b327d249d2e40887ef8",
"pids": [
2964
],
"md5": "fa482cbb5d755bd9804481cd3eb52721"
},
{
"yara": [],
"sha1": "6574ac6493dafbaf25b421412c44554238ac2a63",
"name": "83f241c5fafd31a7_exportstats.exe",
"filepath": "C:\\Program Files (x86)\\BWMeter\\ExportStats.exe",
"type": "PE32 executable (console) Intel 80386, for MS Windows",
"sha256": "83f241c5fafd31a7379ba418bcb30b77b17ff3f99d5ebbecaae9faf95ea8f092",
"urls": [],
"crc32": "A356E6E8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10016\/files\/83f241c5fafd31a7_exportstats.exe",
"ssdeep": null,
"size": 106496,
"sha512": "e3c8c56cbfb33a0bfa796b54486b94b4f73464feb2a2f6f98b88144d895093e44957662a87e6875ac89d7a290d6640c6a2ec2d13032246c3ff53e2a8f70794ac",
"pids": [
460
],
"md5": "0dd485b1acb2e8c7653b2f7bc1478b4c"
}
]Generic
[
{
"process_path": "C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"process_name": "snetcfg.exe",
"pid": 2824,
"summary": {
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\NetCfgLockHolder\\(Default)"
],
"dll_loaded": [
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"SETUPAPI.dll"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\NetCfgLockHolder"
],
"file_exists": [
"C:\\Windows\\inf\\"
],
"mutex": [
"Global\\NetCfgWriteLock",
"Global\\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc"
],
"guid": [
"{c0e8ae93-306e-11d1-aacf-00805fc1270e}",
"{5b035261-40f9-11d1-aaec-00805fc1270e}"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\Config",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\NetCfgLockHolder\\(Default)"
]
},
"first_seen": 1602464000.234125,
"ppid": 460
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\63da64290957af1f67f9b0048e1a8da92979a99717811b337725c8a369787b00.bin",
"process_name": "63da64290957af1f67f9b0048e1a8da92979a99717811b337725c8a369787b00.bin",
"pid": 2460,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000"
],
"dll_loaded": [
"SETUPAPI.dll",
"GDI32.dll",
"dwmapi.dll",
"KERNEL32.DLL",
"MSVCRT.dll",
"OLEAUT32.dll",
"SHELL32.dll",
"ole32.dll",
"C:\\Windows\\system32\\uxtheme.dll",
"USER32.dll",
"COMCTL32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\63da64290957af1f67f9b0048e1a8da92979a99717811b337725c8a369787b00.bin"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000"
],
"command_line": [
"BMSetup.exe -WORKDIR=\"C:\\Users\\cuck\\AppData\\Local\\Temp\"",
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe\" -WORKDIR=\"C:\\Users\\cuck\\AppData\\Local\\Temp\""
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\63da64290957af1f67f9b0048e1a8da92979a99717811b337725c8a369787b00.bin"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data"
]
},
"first_seen": 1602463989.84375,
"ppid": 2924
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"process_name": "BMSetup.exe",
"pid": 460,
"summary": {
"file_created": [
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"C:\\Program Files (x86)\\BWMeter\\ExportStats.exe",
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\Alert.wav",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.chm",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.exe"
],
"file_recreated": [
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Program Files (x86)\\BWMeter\\ExportStats.exe",
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\Alert.wav",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.chm",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.exe"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft\\BWMeter",
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft",
"C:\\Program Files (x86)\\BWMeter"
],
"dll_loaded": [
"ext-ms-win-kernel32-package-current-l1-1-0",
"IMM32.dll",
"kernel32",
"C:\\Windows\\syswow64\\MSCTF.dll",
"api-ms-win-core-fibers-l1-1-1",
"api-ms-win-core-localization-l1-2-1",
"api-ms-win-core-sysinfo-l1-2-1",
"api-ms-win-appmodel-runtime-l1-1-1",
"UxTheme.dll",
"OLEAUT32.DLL",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"comctl32",
"ole32.dll",
"SETUPAPI.dll",
"Shcore.dll",
"api-ms-win-core-synch-l1-2-0",
"comctl32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\DeskSoft",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\BMSetup.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\MHDSYS32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}"
],
"file_moved": [
[
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe"
],
[
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe"
],
[
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe"
]
],
"file_written": [
"C:\\Program Files (x86)\\BWMeter\\RCXA4B1.tmp",
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"C:\\Program Files (x86)\\BWMeter\\ExportStats.exe",
"C:\\Program Files (x86)\\BWMeter\\RCXB905.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\RCX7FA3.tmp",
"C:\\Program Files (x86)\\BWMeter\\Alert.wav",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.chm",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Program Files (x86)\\BWMeter\\BWMeter.exe"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\w7lw64dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Alert.wav",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup.dis",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\BWMeter.chm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\64snetcfg.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\w7lw64dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\ExportStats.exe",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\BWMeter.exe",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft",
"C:\\Users\\cuck\\AppData\\Roaming\\DeskSoft\\BWMeter",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\w7lw64dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter"
],
"file_failed": [
"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe"
],
"command_line": [
"\"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe\" -u nt_dsnpfd",
"\"C:\\Program Files (x86)\\BWMeter\\snetcfg.exe\" -l dsnpfd_lwf.inf -c s -i nt_dsnpfd"
],
"file_read": [
"C:\\Program Files (x86)\\BWMeter\\Uninstall.exe"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\DeskSoft\\BWMeter",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\MHDSYS32\\069157D68"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\DeskSoft\\BWMeter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\MHDSYS32\\069157D68"
]
},
"first_seen": 1602463990.25,
"ppid": 2460
},
{
"process_path": "C:\\Program Files (x86)\\BWMeter\\snetcfg.exe",
"process_name": "snetcfg.exe",
"pid": 2964,
"summary": {
"file_created": [
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp"
],
"file_recreated": [
"\\??\\NDIS",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"\\Device\\KsecDD",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"\\??\\Nsi",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\Linkage\\Bind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\InfSection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\ComponentId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dsnpfd\\Parameters\\NdisImPlatformBindingOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\InstallTimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SetupapiLogStatus\\setupapi.dev.log",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\Linkage\\Route",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Characteristics",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\Config",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\HelpText",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\InfPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\NetCfgInstanceId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\RootDevice",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SetupapiLogStatus\\setupapi.app.log",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\GroupOrderList\\NDIS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\UpperBind",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\Export",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\NetCfgLockHolder\\(Default)"
],
"dll_loaded": [
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"MSWSOCK.dll",
"CRYPT32.dll",
"kernel32.dll",
"UxTheme.dll",
"CRYPTBASE.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"C:\\Windows\\system32\\ole32.dll",
"RPCRT4.dll",
"dwmapi.dll",
"USER32.dll",
"ncrypt.dll",
"API-MS-WIN-Service-Management-L2-1-0.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"cryptnet.dll",
"cfgmgr32.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"SPFILEQ.dll",
"ole32.dll",
"SHLWAPI.dll",
"CRYPTSP.dll",
"C:\\Windows\\system32\\bcryptprimitives.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"WINTRUST.dll",
"C:\\Windows\\system32\\CRYPT32.dll",
"profapi.dll",
"SHELL32.dll",
"SPINF.dll",
"comctl32.dll",
"USERENV.dll",
"setupapi.dll",
"drvstore.dll",
"WINTRUST.DLL",
"C:\\Windows\\system32\\cryptnet.dll",
"DEVRTL.dll",
"ADVAPI32.dll",
"rpcrt4.dll",
"SETUPAPI.dll",
"Cabinet.dll"
],
"file_opened": [
"C:\\Windows\\inf\\ServiceModelOperation 3.0.0.0\\",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\Windows\\inf\\netserv.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Windows\\inf\\TermService\\0000\\",
"C:\\Windows\\inf\\MSDTC\\",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\Windows\\System32\\WSHTCPIP.DLL",
"C:\\Windows\\inf\\netsstpt.inf",
"C:\\Windows\\inf\\Windows Workflow Foundation 3.0.0.0\\",
"C:\\Windows\\inf\\.NET CLR Data\\0000\\",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd.cat",
"C:\\Windows\\inf\\en-US\\",
"C:\\Windows\\inf\\wsearchidxpi\\",
"C:\\Windows\\inf\\RemoteAccess\\",
"C:\\Windows\\inf\\nettcpip.inf",
"C:\\Windows\\inf\\TermService\\0409\\",
"C:\\Windows\\inf\\fontsetup.inf",
"C:\\Windows\\inf\\MSDTC Bridge 3.0.0.0\\0000\\",
"C:\\Windows\\inf\\netrast.PNF",
"C:\\Windows\\inf\\IEM\\0409\\",
"C:\\Windows\\inf\\ESENT\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Windows\\inf\\netserv.PNF",
"C:\\Windows\\inf\\ndiscap.inf",
"C:\\Windows\\inf\\ServiceModelOperation 3.0.0.0\\0000\\",
"C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.1",
"C:\\Windows\\inf\\ServiceModelEndpoint 3.0.0.0\\0000\\",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Windows\\inf\\usbhub\\",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Windows\\inf\\.NET Data Provider for Oracle\\",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Windows\\inf\\wsearchidxpi\\0409\\",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\inf\\UGTHRSVC\\0409\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Windows\\inf\\.NET CLR Networking\\0000\\",
"C:\\Windows\\inf\\TAPISRV\\0000\\",
"C:\\Windows\\inf\\netavpnt.PNF",
"C:\\Windows\\inf\\lltdio.inf",
"C:\\Windows\\inf\\netsstpt.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp",
"C:\\Windows\\inf\\PNRPSvc\\",
"C:\\Windows\\inf\\ServiceModelService 3.0.0.0\\",
"C:\\Windows\\inf\\.NET CLR Networking\\",
"C:\\Windows\\inf\\oem2.inf",
"C:\\Windows\\inf\\netnb.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Windows\\inf\\ServiceModelService 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\IEM\\",
"C:\\Windows\\inf\\MSDTC\\0409\\",
"C:\\Windows\\inf\\ESENT\\0000\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Windows\\inf\\rdyboost\\0000\\",
"C:\\Windows\\inf\\netvwififlt.inf",
"C:\\Windows\\System32\\catroot2\\dberr.txt",
"C:\\Windows\\inf\\ServiceModelEndpoint 3.0.0.0\\",
"C:\\Windows\\inf\\ServiceModelService 3.0.0.0\\0000\\",
"C:\\Windows\\inf\\.NETFramework\\",
"C:\\Windows\\inf\\PNRPSvc\\0409\\",
"C:\\Windows\\inf\\netavpnt.inf",
"C:\\Windows\\inf\\netmscli.PNF",
"C:\\Windows\\inf\\wfplwf.PNF",
"C:\\Windows\\inf\\netpacer.PNF",
"C:\\Windows\\System32\\drivers\\",
"C:\\Windows\\System32\\DriverStore\\infstor.dat",
"C:\\Windows\\inf\\netnwifi.inf",
"C:\\Windows\\inf\\.NETFramework\\0000\\",
"C:\\Windows\\inf\\netrast.inf",
"C:\\Windows\\inf\\netbrdgm.inf",
"C:\\Windows\\inf\\BITS\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Windows\\inf\\UGTHRSVC\\0000\\",
"C:\\Windows\\inf\\MSDTC Bridge 3.0.0.0\\",
"C:\\Windows\\inf\\netpgm.inf",
"C:\\Windows\\inf\\TAPISRV\\0409\\",
"C:\\Windows\\inf\\RemoteAccess\\0000\\",
"C:\\Windows\\inf\\defltwk.inf",
"C:\\Windows\\inf\\.NET CLR Networking\\0409\\",
"C:\\Windows\\inf\\rdyboost\\",
"C:\\Windows\\System32\\rsaenh.dll",
"C:\\Windows\\inf\\PERFLIB\\",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\",
"C:\\Windows\\inf\\netrass.PNF",
"C:\\Windows\\inf\\netbrdgs.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Windows\\System32\\DriverStore\\infpub.dat",
"C:\\Windows\\inf\\.NET Data Provider for SqlServer\\0409\\",
"C:\\Windows\\inf\\SMSvcHost 3.0.0.0\\0000\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\",
"C:\\Windows\\inf\\netrasa.inf",
"C:\\Windows\\inf\\UGatherer\\0409\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\",
"C:\\Windows\\System32\\DriverStore\\infstrng.dat",
"C:\\Windows\\inf\\lltdio.PNF",
"C:\\Windows\\inf\\Windows Workflow Foundation 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\rspndr.PNF",
"C:\\Windows\\inf\\netpacer.inf",
"C:\\Windows\\inf\\SMSvcHost 3.0.0.0\\",
"C:\\Windows\\inf\\wfplwf.inf",
"C:\\Windows\\inf\\.NET CLR Data\\0409\\",
"C:\\Windows\\inf\\ServiceModelEndpoint 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\netmscli.inf",
"C:\\Windows\\inf\\BITS\\0409\\",
"C:\\Windows\\inf\\.NET Data Provider for SqlServer\\0000\\",
"C:\\Windows\\inf\\netip6.PNF",
"C:\\Windows\\inf\\UGatherer\\0000\\",
"C:\\Windows\\inf\\WmiApRpl\\",
"C:\\Windows\\inf\\TAPISRV\\",
"C:\\Windows\\inf\\netvwifimp.inf",
"C:\\Windows\\inf\\ESENT\\0409\\",
"C:\\Windows\\inf\\errata.inf",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Windows\\inf\\MSDTC\\0000\\",
"C:\\Windows\\inf\\.NETFramework\\0409\\",
"C:\\Windows\\inf\\ndisuio.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Windows\\inf\\rspndr.inf",
"C:\\Windows\\inf\\printupg.inf",
"C:\\Windows\\System32\\catroot",
"C:\\Windows\\inf\\.NET CLR Data\\",
"C:\\Windows\\System32\\catroot2",
"C:\\Windows\\inf\\PERFLIB\\0000\\",
"C:\\Windows\\inf\\TermService\\",
"C:\\Windows\\inf\\secrecs.inf",
"C:\\Windows\\inf\\PNRPSvc\\0000\\",
"C:\\Windows\\inf\\dwup.inf",
"C:\\Program Files (x86)\\BWMeter\\",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd_lwf.inf",
"C:\\Windows\\inf\\setupapi.dev.log",
"C:\\Windows\\inf\\netsstpa.inf",
"C:\\Windows\\inf\\usbhub\\0409\\",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Windows\\inf\\puwk.inf",
"C:\\Windows\\inf\\SMSvcHost 3.0.0.0\\0409\\",
"C:\\Windows\\inf\\MSDTC Bridge 3.0.0.0\\0409\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\",
"c:\\Windows\\System32\\driverstore\\filerepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\",
"c:\\program files (x86)\\BWMeter\\",
"C:\\Windows\\inf\\netrass.inf",
"C:\\Windows\\inf\\Windows Workflow Foundation 3.0.0.0\\0000\\",
"c:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd_lwf.PNF",
"C:\\Windows\\inf\\netip6.inf",
"C:\\Windows\\inf\\UGTHRSVC\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Windows\\inf\\UGatherer\\",
"C:\\Windows\\inf\\BITS\\0000\\",
"C:\\Windows\\inf\\apps.inf",
"C:\\Windows\\inf\\PERFLIB\\0409\\",
"C:\\Windows\\inf\\nettcpip.PNF",
"C:\\Windows\\inf\\setupapi.app.log",
"C:\\Windows\\inf\\.NET Data Provider for SqlServer\\",
"C:\\Windows\\inf\\",
"C:\\Windows\\inf\\rdyboost\\0409\\",
"C:\\Windows\\inf\\ndiscap.PNF",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Windows\\inf\\usbhub\\0000\\",
"C:\\Windows\\inf\\wsearchidxpi\\0000\\",
"C:\\Windows\\inf\\dshowext.inf",
"C:\\Windows\\inf\\.NET Data Provider for Oracle\\0000\\",
"C:\\Windows\\inf\\defltbase.inf",
"C:\\Windows\\inf\\sceregvl.inf",
"C:\\Windows\\inf\\netavpna.inf",
"C:\\Windows\\inf\\netnwifi.PNF",
"C:\\Windows\\inf\\netnb.PNF",
"C:\\Windows\\inf\\ndisuio.inf",
"C:\\Windows\\inf\\WmiApRpl\\0009\\",
"C:\\Windows\\inf\\RemoteAccess\\0409\\",
"C:\\Windows\\inf\\.NET Data Provider for Oracle\\0409\\",
"c:\\program files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Windows\\System32\\DriverStore\\en-US\\",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\",
"C:\\Windows\\inf\\ServiceModelOperation 3.0.0.0\\0409\\"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\DeviceClasses",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CoDeviceInstallers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\PerHwIdStorage",
"HKEY_LOCAL_MACHINE\\SYSTEM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0010",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0011",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Enum\\ROOT",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0005",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0004",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0007",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0006",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0001",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0003",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0002",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0009",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}\\0008"
],
"file_written": [
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Windows\\System32\\catroot2\\dberr.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp"
],
"file_deleted": [
"C:\\Windows\\System32\\drivers\\SET3E2B.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SETC6.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET18.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\SET77.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd_lwf.inf",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\",
"C:\\Windows\\inf\\dsnpfd_lwf.inf",
"C:\\Windows\\System32\\DriverStore",
"C:\\Windows\\System32\\DriverStore\\FileRepository\\dsnpfd_lwf.inf_amd64_neutral_db82b12a38f808c5\\dsnpfd.cat",
"C:\\Windows\\System32\\drivers\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\inf\\",
"C:\\Windows\\System32\\fveui.dll",
"C:\\Windows\\System32\\drivers\\dsnpfd.sys",
"C:\\Windows\\System32\\QAGENTRT.DLL",
"C:\\Windows\\System32\\dnsapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}\\dsnpfd.cat",
"C:\\Windows\\System32\\p2pcollab.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}",
"C:\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Windows\\System32\\drivers"
],
"mutex": [
"Global\\NetCfgWriteLock",
"Global\\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\2659C1A560AB92C9C29D4B2B25815AE8",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8890A77645B73478F5B1DED18ACBF795_DEE69D93E594A5FDFDC011ECAA8298A2",
"C:\\Windows\\System32\\DriverStore\\infpub.dat",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A6D8662C7600817D67B3C1A03BC53A1B",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3342430143A0BE2B139C3444FED0820",
"C:\\Windows\\System32\\drivers\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3781B4A3713292956206932165FA4132_6001B43704283F776FFB54EAF68477D2",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C8E7EC0C85688F4738F3BE49B104BA67",
"C:\\Windows\\inf\\oem2.PNF",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.2",
"C:\\Windows\\System32\\DriverStore\\infstrng.dat",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.0",
"C:\\Windows\\System32\\DriverStore\\INFCACHE.1",
"C:\\Windows\\System32\\DriverStore\\infstor.dat",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0270780F846F08BEFE0DD8112D932FEF",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3781B4A3713292956206932165FA4132_0C8F3D6C7AE841C33DC67B1D37B3158A",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8890A77645B73478F5B1DED18ACBF795_E1EDEF0C21AE75D448F7327475DF4C9E",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5781E92BE36651A8ED64685F2F3CF507",
"C:\\Windows\\System32\\DriverStore\\drvindex.dat"
],
"guid": [
"{d212b88e-8365-4ca9-bc4e-cfa4251f6b5f}",
"{0c41d1e6-9d16-41ed-9cdd-d0665039857b}",
"{6e65cbc5-926d-11d0-8e27-00c04fc99dcf}",
"{6e65cbc3-926d-11d0-8e27-00c04fc99dcf}",
"{0f0c09c5-601e-4396-bcd0-cdb343d7f657}",
"{57c06eaa-8784-11d0-83d4-00a0c911e5df}",
"{a907657f-6fdf-11d0-8efb-00c04fd912b2}",
"{6e65cbc6-926d-11d0-8e27-00c04fc99dcf}",
"{7f368827-9516-11d0-83d9-00a0c911e5df}",
"{7177c4bd-e20a-4140-ad8a-998e7a2d18c0}",
"{c0e8ae93-306e-11d1-aacf-00805fc1270e}",
"{e949da38-c39d-4460-8ea7-a39152c56836}",
"{6e65cbc1-926d-11d0-8e27-00c04fc99dcf}",
"{6e65cbc4-926d-11d0-8e27-00c04fc99dcf}",
"{5b035261-40f9-11d1-aaec-00805fc1270e}",
"{932238df-bea1-11d0-9298-00c04fc99dcf}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB88D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB171.tmp",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"c:\\program files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB56E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB26E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB88C.tmp",
"c:\\Program Files (x86)\\BWMeter\\dsnpfd.sys",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd.cat",
"C:\\Program Files (x86)\\BWMeter\\dsnpfd_lwf.inf",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabB25E.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarB182.tmp"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NetbiosOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagMatchAnyMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\RegistrationEnabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\EnableDHCP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\HelpText",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\tcpipcfg.dll,-50001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\EnableLMHOSTS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetCachedOcspSwitchToCrlCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Safety Warning Level",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileChunkSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SetupapiLogStatus\\setupapi.app.log",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Provider List",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\p2pcollab.dll,-8042",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Interfaces\\{46c6ad23-cfc8-4177-b38f-6c28f239eb0d}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagLevel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCachePurgeIntervalSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.44.3.4!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileOverlappedCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\97817950D81C9670CC34D809CF794431367EF474\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\ActiveConfigurations",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\MaxNumFilters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\UseDomainNameDevolution",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\DisableDecoratedModelsRequirement",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\RegisterAdapterName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\OtherDomains",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\666C0510",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\FilterClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\\State",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\EnableDHCP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\NV Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\CopyFileBufferedSynchronousIo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\MEMORY MANAGEMENT\\LargeSystemCache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Service",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@tcpipcfg.dll,-50002",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\EnableICMPRedirect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Setup Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServerList",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\DeadGWDetectDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\LowerRange",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\Config",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\FilterRunType",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\sstpsvc.dll,-203",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\BindForm",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\rascfg.dll,-32010",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Parameters\\Transports",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\IPEnableRouter",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\qagentrt.dll,-10",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\Parameters\\Lmannounce",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\BindForm",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SafeProcessSearchMode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\RegistrationEnabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Psched\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\RegisterAdapterName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B4683A7-F97E-478E-BBD6-34EDF0D9DEA8}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\DontAddDefaultGatewayDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\RequiredAll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.2!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\FilterRunType",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-844",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-843",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\Service",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@netcfgx.dll,-50003",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@netcfgx.dll,-50002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\ActiveConfigurations",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B70D6460-3635-4D42-B866-B8AB1A24454C}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCacheMaxItems",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\drivers\\pacer.sys,-100",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2FF8F288-20AD-41F8-A181-321D0659CA4D}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\TimeStamp",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\rascfg.dll,-32008",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%systemroot%\\system32\\rascfg.dll,-32009",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.47.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0007\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{12F2EEA2-EE86-4933-8C0B-346E5E57F332}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\7D7F4414CCEF168ADF6BF40753B5BECD78375931\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\SearchList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0004\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{F27D2AC4-396D-442D-9FD8-05AEF1E98AAB}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7F218BFD-64B7-4786-8302-9D8A2704B0E2}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Known Static Providers",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServerList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\B1BC968BD4F49D622AA89A81F2150152A41D829C\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivateKeyLifetimeSeconds",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2BE5AF45-DD00-422F-8484-8370DD108A53}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{EA24CD6C-D17A-4348-9190-09F0D5BE83DD}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0010\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{6B7E8FF8-E9A2-46EB-A4EA-42CCA2D43C96}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetMaxCachedOcspPerCrlCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip6\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{C9548B78-5743-4E64-9BA1-CD4D974A329F}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\133121",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\Parameters\\Interfaces\\Tcpip_{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NetbiosOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0000\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{24AB3BC7-8C0C-4389-A4D4-8B8FD6ADEA7A}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{32345029-1B7D-43AF-B504-E71E5660B2F0}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e973-e325-11ce-bfc1-08002be10318}\\{821D3398-F04E-471E-8D8C-27EE3F5EB428}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{B5F4D659-7DAA-4565-8E41-BE220ED60542}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{E475CF9A-60CD-4439-A75F-0079CE0E18A1}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\DisableDhcpOnConnect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{6D9E377D-E19D-47CF-BE5F-D2DA5F99318A}\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\CoServices",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{F5658C39-CD0D-45B5-A342-E2C037714CE4}\\Ndi\\FilterType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{69E184C5-2F7C-45D0-8C56-85097BA63C11}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\FilterInfId",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0003\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{27EE12EA-A6B3-4E15-AF2B-D4B9D989EDFB}\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\GroupOrderList\\NDIS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{7D857581-4BD0-44AB-B87C-921422A69D39}\\Ndi\\TimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\LocDescription",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{5D9F4D1D-F5B3-48BA-85AD-9B44176DD0C8}\\Ndi\\BindForm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\DisableDhcpOnConnect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\lltdres.dll,-4",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\lltdres.dll,-3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{E7AC61F5-4BFE-4254-8889-98A990D174D5}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\Installation Sources",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{234991D1-04CC-47F5-A4A9-29808D68765F}\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Linkage\\FilterList",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\Parameters\\Size",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0008\\Ndi\\Interfaces\\FilterMediaTypes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{56494156-6C00-4B77-90D7-A4A435088232}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\\Ndi\\HelpText",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{633F880E-FFD2-484F-A4CA-EB724F8BC057}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0009\\FilterInfId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\FilterClass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0002\\Ndi\\Interfaces\\LowerRange",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0001\\Ndi\\Interfaces\\LowerExclude",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\ComponentDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{3956A8BD-EF23-4220-A01B-40BD1BD8FF53}\\Ndi\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0006\\Ndi\\Interfaces\\UpperRange",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\{0EFE03B2-EA87-44C1-B825-9BBEA54F37B4}\\Ndi\\HelpText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0011\\Ndi\\Service",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0005\\Ndi\\FilterRunType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\{4d36e975-e325-11ce-bfc1-08002be10318}\\{92356401-DAAE-49DA-8D29-5B023CCF4CD9}\\Ndi\\FilterRunType"
],
"directory_created": [
"C:\\Windows\\System32\\catroot2",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\{49abe707-68d3-19bb-9e23-a12856b6681d}",
"C:\\Windows\\System32\\catroot"
]
},
"first_seen": 1602464000.609125,
"ppid": 460
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1602463989.53125,
"ppid": 376
}
]Signatures
[
{
"markcount": 2,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1602464011.547125,
"tid": 264,
"flags": {}
},
"pid": 2964,
"type": "call",
"cid": 4884
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1602464011.703125,
"tid": 264,
"flags": {}
},
"pid": 2964,
"type": "call",
"cid": 5001
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741515,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1602463989.95275,
"tid": 2888,
"flags": {}
},
"pid": 2460,
"type": "call",
"cid": 201
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 1,
"families": [],
"description": "Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)",
"severity": 1,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "recon_fingerprint"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1602463989.99975,
"tid": 2588,
"flags": {}
},
"pid": 2460,
"type": "call",
"cid": 633
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 3,
"families": [],
"description": "Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation",
"severity": 2,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000",
"free_bytes_available": 23514464256,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 0
},
"time": 1602463989.99975,
"tid": 2588,
"flags": {}
},
"pid": 2460,
"type": "call",
"cid": 632
},
{
"call": {
"category": "misc",
"status": 0,
"stacktrace": [],
"last_error": 3,
"nt_status": -1073741772,
"api": "GetDiskFreeSpaceExW",
"return_value": 0,
"arguments": {
"root_path": "C:\\Program Files (x86)\\BWMeter",
"free_bytes_available": 0,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 18106929286542100
},
"time": 1602464000.031,
"tid": 2204,
"flags": {}
},
"pid": 460,
"type": "call",
"cid": 1650
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\Program Files (x86)\\BWMeter",
"free_bytes_available": 23503544320,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 34252779520
},
"time": 1602464009.531,
"tid": 2204,
"flags": {}
},
"pid": 460,
"type": "call",
"cid": 3553
}
],
"references": [],
"name": "antivm_disk_size"
},
{
"markcount": 1,
"families": [],
"description": "Drops a binary and executes it",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "dropper"
},
{
"markcount": 1,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\7ZipSfx.000\\BMSetup.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 1,
"families": [],
"description": "Checks adapter addresses which can be used to detect virtual network interfaces",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "GetAdaptersAddresses",
"return_value": 111,
"arguments": {
"flags": 54,
"family": 23
},
"time": 1602464011.563125,
"tid": 264,
"flags": {}
},
"pid": 2964,
"type": "call",
"cid": 4921
}
],
"references": [],
"name": "antivm_network_adapters"
},
{
"markcount": 2,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.903997804028888,
"section": {
"size_of_data": "0x0000b200",
"virtual_address": "0x00015000",
"entropy": 7.903997804028888,
"name": "UPX1",
"virtual_size": "0x0000c000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.7416666666666667,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 4,
"families": [],
"description": "Queries for potentially installed applications",
"severity": 2,
"marks": [
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"options": 0
},
"time": 1602463991.719,
"tid": 2204,
"flags": {}
},
"pid": 460,
"type": "call",
"cid": 431
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"options": 0
},
"time": 1602463993.813,
"tid": 2204,
"flags": {}
},
"pid": 460,
"type": "call",
"cid": 587
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"options": 0
},
"time": 1602463996.938,
"tid": 2204,
"flags": {}
},
"pid": 460,
"type": "call",
"cid": 910
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00020019",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BWMeter",
"options": 0
},
"time": 1602464006.344,
"tid": 2204,
"flags": {}
},
"pid": 460,
"type": "call",
"cid": 2620
}
],
"references": [],
"name": "queries_programs"
},
{
"markcount": 2,
"families": [],
"description": "The executable is compressed using UPX",
"severity": 2,
"marks": [
{
"section": "UPX0",
"type": "generic",
"description": "Section name indicates UPX"
},
{
"section": "UPX1",
"type": "generic",
"description": "Section name indicates UPX"
}
],
"references": [],
"name": "packer_upx"
},
{
"markcount": 1,
"families": [],
"description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x00000000000001cc",
"value": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00bd\u00a8V9#\u00ef B\u00a0\u001b@\u00bd\u001b\u00d8\u00ffS\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000n\u0000t\u0000_\u0000d\u0000s\u0000n\u0000p\u0000f\u0000d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u009a\u00cfu\u00e4\u00cd`9D\u00a7_\u0000y\u00ce\u000e\u0018\u00a1\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0004\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000a\u0000t\u0000i\u0000v\u0000e\u0000w\u0000i\u0000f\u0000i\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000l\u00cd$\u00eaz\u00d1HC\u0091\u0090\t\u00f0\u00d5\u00be\u0083\u00dd\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u00008\u0000\u0004\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000d\u0000i\u0000s\u0000c\u0000a\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000Y\u00d6\u00f4\u00b5\u00aa}eE\u008eA\u00be\"\u000e\u00d6\u0005B\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000p\u0000a\u0000c\u0000e\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00f8\u008f~k\u00a2\u00e9\u00ebF\u00a4\u00eaB\u00cc\u00a2\u00d4<\u0096\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000s\u0000e\u0000r\u0000v\u0000e\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000VAIV\u0000lwK\u0090\u00d7\u00a4\u00a45\b\u00822\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000e\u0000t\u0000b\u0000i\u0000o\u0000s\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000`d\r\u00b756BM\u00b8f\u00b8\u00ab\u001a$EL\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0004\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000w\u0000f\u0000p\u0000l\u0000w\u0000f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00b2\u0003\u00fe\u000e\u0087\u00ea\u00c1D\u00b8%\u009b\u00be\u00a5O7\u00b4\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000s\u0000t\u0000e\u0000e\u0000l\u0000h\u0000e\u0000a\u0000d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000x\u008bT\u00c9CWdN\u009b\u00a1\u00cdM\u0097J2\u009f\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u00008\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000r\u0000a\u0000s\u0000s\u0000r\u0000v\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00009\u008ce\u00f5\r\u00cd\u00b5E\u00a3B\u00e2\u00c07qL\u00e4\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000r\u0000a\u0000s\u0000m\u0000a\u0000n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00983\u001d\u0082N\u00f0\u001eG\u008d\u008c'\u00ee?^\u00b4(\u0003\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0080\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000m\u0000s\u0000c\u0000l\u0000i\u0000e\u0000n\u0000t\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00fd\u008b!\u00b7d\u0086G\u0083\u0002\u009d\u008a'\u0004\u00b0\u00e2\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u00008\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000a\u0000g\u0000i\u0000l\u0000e\u0000v\u0000p\u0000n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00a1\u00fa\u0007+\u0017\u00820N\u00b5\u00ec\u00fdE\u0001\u00e7s\u00bb\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000t\u0000c\u0000p\u0000i\u0000p\u00006\u0000_\u0000t\u0000u\u0000n\u0000n\u0000e\u0000l\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00ea\u0012\u00ee'\u00b3\u00a6\u0015N\u00af+\u00d4\u00b9\u00d9\u0089\u00ed\u00fb\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000t\u0000c\u0000p\u0000i\u0000p\u0000_\u0000t\u0000u\u0000n\u0000n\u0000e\u0000l\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001d5\u0092\u00ae\u00da\u00daI\u008d)[\u0002<\u00cfL\u00d9\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000s\u0000m\u0000b\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0081u\u0085}\u00d0K\u00abD\u00b8|\u0092\u0014\"\u00a6\u009d9\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000w\u0000a\u0000n\u0000a\u0000r\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00a7\u0083F+~\u00f9\u008eG\u00bb\u00d64\u00ed\u00f0\u00d9\u00de\u00a8\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u00008\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000e\u0000t\u0000b\u0000t\u0000_\u0000s\u0000m\u0000b\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00d1\u0091I#\u00cc\u0004\u00f5G\u00a4\u00a9)\u0080\u008dhv_\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000e\u0000t\u0000b\u0000t\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)P42}\u001b\u00afC\u00b5\u0004\u00e7\u001eV`\u00b2\u00f0\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00a0\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000t\u0000c\u0000p\u0000i\u0000p\u00006\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001dM\u009f]\u00b3\u00f5\u00baH\u0085\u00ad\u009bD\u0017m\u00d0\u00c8\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00a0\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000t\u0000c\u0000p\u0000i\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000e\u0088?c\u00d2\u00ffOH\u00a4\u00ca\u00ebrO\u008b\u00c0W\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000l\u0000l\u0000t\u0000d\u0000i\u0000o\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0088\u00f2\u00f8\/\u00ad \u00f8A\u00a1\u00812\u001d\u0006Y\u00caM\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000r\u0000s\u0000p\u0000n\u0000d\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00c4*}\u00f2m9-D\u009f\u00d8\u0005\u00ae\u00f1\u00e9\u008a\u00ab\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000w\u0000a\u0000n\u0000a\u0000r\u0000p\u0000v\u00006\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00a2\u00ee\u00f2\u0012\u0086\u00ee3I\u008c\u000b4n^W\u00f32\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000p\u0000p\u0000p\u0000o\u0000e\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00c7;\u00ab$\f\u008c\u0089C\u00a4\u00d4\u008b\u008f\u00d6\u00ad\u00eaz\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u00008\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000p\u0000p\u0000t\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00f5a\u00ac\u00e7\u00feKTB\u0088\u0089\u0098\u00a9\u0090\u00d1t\u00d5\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u00008\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000l\u00002\u0000t\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00c5\u0084\u00e1i|\/\u00d0E\u008cV\u0085\t{\u00a6<\u0011\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000d\u0000i\u0000s\u0000w\u0000a\u0000n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000}7\u009em\u009d\u00e1\u00cfG\u00be_\u00d2\u00da_\u00991\u008a\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u00008\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000s\u0000s\u0000t\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000E\u00af\u00e5+\u0000\u00dd\/B\u0084\u0084\u0083p\u00dd\u0010\u008aS\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000(\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000d\u0000i\u0000s\u0000u\u0000i\u0000o\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00a0\u001e8\u00ef\u0007M\u008dA\u00a4\u0090h\u00afg\u00ce\u0094\u008b\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0084\u0000\u0000\u0000\u0000\u0000\u0000\u0000p\u0000c\u0000i\u0000\\\u0000v\u0000e\u0000n\u0000_\u00008\u00000\u00008\u00006\u0000&\u0000d\u0000e\u0000v\u0000_\u00001\u00000\u00000\u0000e\u0000&\u0000s\u0000u\u0000b\u0000s\u0000y\u0000s\u0000_\u00000\u00000\u00001\u0000e\u00008\u00000\u00008\u00006\u0000\u0000\u0000\u0000\u0000\u0000\u0000P\u0000C\u0000I\u0000\\\u0000V\u0000E\u0000N\u0000_\u00008\u00000\u00008\u00006\u0000&\u0000D\u0000E\u0000V\u0000_\u00001\u00000\u00000\u0000E\u0000&\u0000S\u0000U\u0000B\u0000S\u0000Y\u0000S\u0000_\u00000\u00000\u00001\u0000E\u00008\u00000\u00008\u00006\u0000&\u0000R\u0000E\u0000V\u0000_\u00000\u00002\u0000\\\u00003\u0000&\u00002\u00006\u00007\u0000A\u00006\u00001\u00006\u0000A\u0000&\u00000\u0000&\u00004\u00000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000#\u00ad\u00c6F\u00c8\u00cfwA\u00b3\u008fl(\u00f29\u00eb\r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\t\u0000\u0000\u0000\u0000\u0000\u0000\u0000*\u0000i\u0000s\u0000a\u0000t\u0000a\u0000p\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000*\u0000I\u0000S\u0000A\u0000T\u0000A\u0000P\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00f33\u00fd\u00aes\u00cc!H\u00adDi\u0015\u0006>\u00b1\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0084\u0000\u0000\u0000\u0000\u0000\u0000\u0000p\u0000c\u0000i\u0000\\\u0000v\u0000e\u0000n\u0000_\u00008\u00000\u00008\u00006\u0000&\u0000d\u0000e\u0000v\u0000_\u00001\u00000\u00000\u0000e\u0000&\u0000s\u0000u\u0000b\u0000s\u0000y\u0000s\u0000_\u00000\u00000\u00001\u0000e\u00008\u00000\u00008\u00006\u0000\u0000\u0000\u0000\u0000\u0000\u0000P\u0000C\u0000I\u0000\\\u0000V\u0000E\u0000N\u0000_\u00008\u00000\u00008\u00006\u0000&\u0000D\u0000E\u0000V\u0000_\u00001\u00000\u00000\u0000E\u0000&\u0000S\u0000U\u0000B\u0000S\u0000Y\u0000S\u0000_\u00000\u00000\u00001\u0000E\u00008\u00000\u00008\u00006\u0000&\u0000R\u0000E\u0000V\u0000_\u00000\u00002\u0000\\\u00003\u0000&\u00002\u00006\u00007\u0000A\u00006\u00001\u00006\u0000A\u0000&\u00000\u0000&\u00001\u00008\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u009d\u008c\u0089)\u00a4\u00b0\u00efO\u00bd\u00b6W\u00a5b\u0002,\u00ee\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000a\u0000g\u0000i\u0000l\u0000e\u0000v\u0000p\u0000n\u0000m\u0000i\u0000n\u0000i\u0000p\u0000o\u0000r\u0000t\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000A\u0000G\u0000I\u0000L\u0000E\u0000V\u0000P\u0000N\u0000M\u0000I\u0000N\u0000I\u0000P\u0000O\u0000R\u0000T\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000\u0000\u0000~+\u0003xhI\u00d3B\u009f7(~\u00a8l\n\u00aa\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000*\u0000\u0000\u0000\u0000\u0000\u0000\u0000s\u0000w\u0000\\\u0000{\u0000e\u0000e\u0000a\u0000b\u00007\u00007\u00009\u00000\u0000-\u0000c\u00005\u00001\u00004\u0000-\u00001\u00001\u0000d\u00001\u0000-\u0000b\u00004\u00002\u0000b\u0000-\u00000\u00000\u00008\u00000\u00005\u0000f\u0000c\u00001\u00002\u00007\u00000\u0000e\u0000}\u0000\u0000\u0000\u0000\u0000\u0000\u0000S\u0000W\u0000\\\u0000{\u0000E\u0000E\u0000A\u0000B\u00007\u00007\u00009\u00000\u0000-\u0000C\u00005\u00001\u00004\u0000-\u00001\u00001\u0000D\u00001\u0000-\u0000B\u00004\u00002\u0000B\u0000-\u00000\u00000\u00008\u00000\u00005\u0000F\u0000C\u00001\u00002\u00007\u00000\u0000E\u0000}\u0000\\\u0000A\u0000S\u0000Y\u0000N\u0000C\u0000M\u0000A\u0000C\u0000\u0000\u0000\u0000\u0000\u00edd\u00aa,\u00a3\u00basD\u00b67\u00de\u00c6Z\u0014\u00c8\u00aa\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000d\u0000i\u0000s\u0000w\u0000a\u0000n\u0000i\u0000p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000N\u0000D\u0000I\u0000S\u0000W\u0000A\u0000N\u0000I\u0000P\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000~L\u00f5[\u00da\u0091}E\u0080\u00bf36w\u00d7\u00e3\u0016\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000d\u0000i\u0000s\u0000w\u0000a\u0000n\u0000b\u0000h\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000N\u0000D\u0000I\u0000S\u0000W\u0000A\u0000N\u0000B\u0000H\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000\u0081\u009d9\u009a\u00ad.#O\u00bc\u00ddc\u00c1=\u00cdQ\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000n\u0000d\u0000i\u0000s\u0000w\u0000a\u0000n\u0000i\u0000p\u0000v\u00006\u0000\u0000\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000N\u0000D\u0000I\u0000S\u0000W\u0000A\u0000N\u0000I\u0000P\u0000V\u00006\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000R\u001a0\u008e\u00fa\u00afIO\u00b9\u00ca\u00c7\u0090\u0096\u00a1\u00a0V\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000p\u0000p\u0000p\u0000o\u0000e\u0000m\u0000i\u0000n\u0000i\u0000p\u0000o\u0000r\u0000t\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000P\u0000P\u0000P\u0000O\u0000E\u0000M\u0000I\u0000N\u0000I\u0000P\u0000O\u0000R\u0000T\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000,\u009dJ\u00dfB\u0087\u00b1N\u0087\u0003\u00d3\u0095\u00c4\u0018?3\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000p\u0000p\u0000t\u0000p\u0000m\u0000i\u0000n\u0000i\u0000p\u0000o\u0000r\u0000t\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000P\u0000P\u0000T\u0000P\u0000M\u0000I\u0000N\u0000I\u0000P\u0000O\u0000R\u0000T\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000\u0000\u0000+$=\u00e4\u00ab\u009e&F\u00a9RFd\u009f\u00bb\u0093\u009a\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000l\u00002\u0000t\u0000p\u0000m\u0000i\u0000n\u0000i\u0000p\u0000o\u0000r\u0000t\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000L\u00002\u0000T\u0000P\u0000M\u0000I\u0000N\u0000I\u0000P\u0000O\u0000R\u0000T\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00d7\u0097\u00f8q|\u00eb\u008dM\u0089\u00db\u00ac\u0080\u00d9\u00dd\"p\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000)\u0000\u0000\u0000\u0000\u0000\u0000\u0000m\u0000s\u0000_\u0000s\u0000s\u0000t\u0000p\u0000m\u0000i\u0000n\u0000i\u0000p\u0000o\u0000r\u0000t\u0000\u0000\u0000R\u0000O\u0000O\u0000T\u0000\\\u0000M\u0000S\u0000_\u0000S\u0000S\u0000T\u0000P\u0000M\u0000I\u0000N\u0000I\u0000P\u0000O\u0000R\u0000T\u0000\\\u00000\u00000\u00000\u00000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00003\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\"\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000#\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000$\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0006\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0006\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003\u0000\u0000\u0000\u0000\u0000\u0000\u0000\"\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003\u0000\u0000\u0000\u0000\u0000\u0000\u0000#\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0003\u0000\u0000\u0000\u0000\u0000\u0000\u0000$\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000e\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0013\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0004\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0011\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0005\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0011\u0000\u0000\u0000\u0000\u0000\u0000\u0000\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000e\u0000\u0000\u0000\u0000\u0000\u0000\u0000\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0013\u0000\u0000\u0000\u0000\u0000\u0000\u0000\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0012\u0000\u0000\u0000\u0000\u0000\u0000\u0000\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0000\u0000\u0000\u0000\u0000\u0000\u0000\n\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0011\u0000\u0000\u0000\u0000\u0000\u0000\u0000\f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001e\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u001d\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Network\\Config"
},
"time": 1602464017.344125,
"tid": 264,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 2964,
"type": "call",
"cid": 12688
}
],
"references": [],
"name": "creates_largekey"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 952,
"time": 3.0784080028533936,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 11608,
"time": 9.078148126602173,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 15016,
"time": 3.011937141418457,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 15344,
"time": 1.0408871173858643,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 15672,
"time": 3.0193769931793213,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 16000,
"time": 40.143117904663086,
"dport": 5355,
"sport": 54237
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 16328,
"time": 1.680176019668579,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 16656,
"time": -0.08649802207946777,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 16984,
"time": 37.58391213417053,
"dport": 5355,
"sport": 58989
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 17312,
"time": 35.017544984817505,
"dport": 5355,
"sport": 59548
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 17640,
"time": 1.6097149848937988,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 56460,
"time": 1.059926986694336,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 64844,
"time": 3.0940589904785156,
"dport": 1900,
"sport": 53598
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 68974,
"time": 36.76703190803528,
"dport": 1900,
"sport": 59551
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "8122b5b38f95f85ae5852fc884f238b6904fbbb0587008c67607d2d80864800c",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "9a6c5aa4f799c1187d7bb8d2dce48af88b812c33c5b50cdfcdd288574d1f0b68",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 6e1d1a8dcf54f4b349eacce0076085f2 |
| SHA256 | 63da64290957af1f67f9b0048e1a8da92979a99717811b337725c8a369787b00 |
Error Messages
These are some of the error messages that can appear related to bmsetup.exe:
bmsetup.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
bmsetup.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
bmsetup.exe has stopped working.
End Program - bmsetup.exe. This program is not responding.
bmsetup.exe is not a valid Win32 application.
bmsetup.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with BMSetup.exe?
To help other users, please let us know what you will do with BMSetup.exe:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.