Worm.Win32.AutoItGen_158327b644

by malwarelabrobot on September 28th, 2015 in Malware Descriptions.

Trojan.Win32.Qhost.ajpm (Kaspersky), Trojan.Win32.Alureon.FD, Worm.Win32.AutoIt.FD, WormAutoItGen.YR (Lavasoft MAS)
Behaviour: Trojan, Worm


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 158327b6444cfc75a8a70198f214e666
SHA1: a6d32aeb3099ae32fe20679de412186e41612022
SHA256: 470f7ef3d28213998f07e273e16a484de601911940e8bb5777fbdb097e06c9f4
SSDeep: 393216:gj8K9E WCUgFdO57JaUrX/YBcOU1JzsAnqWRqvfAu3O9W:a8K9E WC6J8UrXwBmxzRqvfX3mW
Size: 19608346 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2010-04-16 10:47:33
Analyzed on: WindowsXP SP3 32-bit


Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

No specific payload has been found.

Process activity

The Worm creates the following process(es):

nsverctl.exe:552
dneinst.exe:1536
dneinst.exe:2644
dne2000.exe:2696
nsload.exe:2600
concentr.exe:1976
wfcrun32.exe:1240
wfcrun32.exe:1452
CitrixOnlinePluginWeb12144.exe:1264
icaconf.exe:636
ipconfig.exe:1028
rundll32.exe:1716
runonce.exe:3612
runonce.exe:3660
runonce.exe:3492
runonce.exe:552
runonce.exe:544
runonce.exe:3700
runonce.exe:332
runonce.exe:3528
usbinst.exe:1472
usbinst.exe:1104
TrolleyExpress.exe:1988
grpconv.exe:1252
MsiExec.exe:1164
MsiExec.exe:1632
MsiExec.exe:852
MsiExec.exe:1840
MsiExec.exe:1680
MsiExec.exe:1500
MsiExec.exe:1408
MsiExec.exe:376

The Worm injects its code into the following process(es):

%original file name%.exe:1932

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1932 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Desktop\4 Corners Pro.url (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2E.tmp (36 bytes)
%WinDir%\Temp\4CornersProInstaller\agee.msi (24303 bytes)
%System%\drivers\etc\hosts (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (17713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut44.tmp (118 bytes)
%WinDir%\Temp\4CornersProInstaller\CitrixOnlinePluginWeb12144.exe (107168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (112834 bytes)
%Documents and Settings%\%current user%\Application Data\ICAClient\webica.ini (36 bytes)

The Worm deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut44.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (0 bytes)

The process nsverctl.exe:552 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Citrix\AGEE\nsverctl.txt (1670 bytes)

The process dneinst.exe:1536 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%WinDir%\Temp\dneinst.log (11598 bytes)

The process dneinst.exe:2644 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%WinDir%\Temp\dneinst.log (72730 bytes)

The process dne2000.exe:2696 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%System%\drivers\SET3D.tmp (673 bytes)
%System%\config\SYSTEM.LOG (16225 bytes)
%WinDir%\inf\INFCACHE.0 (17864 bytes)
%WinDir%\setupapi.log (61904 bytes)
%WinDir%\inf\oem14.inf (1 bytes)
%System%\CatRoot2\dberr.txt (1198 bytes)
%System%\SET3C.tmp (601 bytes)
%WinDir%\inf\oem13.inf (3 bytes)
%System%\config (200 bytes)
%System%\config\system (11579 bytes)
%WinDir%\inf\oem13.PNF (14632 bytes)
%WinDir%\inf\oem14.PNF (11004 bytes)
%WinDir%\Temp\dneinst.log (388946 bytes)

The Worm deletes the following file(s):

%System%\drivers\SET3D.tmp (0 bytes)
%System%\SET3C.tmp (0 bytes)

The process nsload.exe:2600 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Citrix\AGEE\nssslvpn.txt (1830 bytes)

The process wfcrun32.exe:1240 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\ICAClient\APPSRV.INI (7903 bytes)

The process wfcrun32.exe:1452 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\ICAClient\WFCLIENT.INI (597 bytes)

The process CitrixOnlinePluginWeb12144.exe:1264 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_en.rtf (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_de.dll (1235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\CTX_UPDATE_PACKAGE (100429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\GenericUSB.msi (50780 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ru.rtf (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\HeaderLogo.bmp (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_en.dll (1540 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_zh-TW.rtf (1886 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_fr.dll (1957 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_fr.rtf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_fr.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\SideBarBackground.bmp (790 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\ICAWebWrapper.msi (148728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_es.rtf (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\dualpk.cab (1378 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_zh-TW.xml (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ja.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ko.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ru.dll (1264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ko.rtf (1369 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpress.exe (17495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_de.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_zh-TW.dll (2479 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\DesktopViewer.msi (16674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_zh-CN.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ja.rtf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_zh-CN.dll (2725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ru.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ko.dll (1176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_zh-CN.rtf (703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_es.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ja.dll (1419 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Global.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_en.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_de.rtf (502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_es.dll (2495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\CitrixHDXMediaStreamForFlash-ClientInstall.msi (20805 bytes)

The Worm deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_en.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_de.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_zh-CN.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\CTX_UPDATE_PACKAGE (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\GenericUSB.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ru.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\HeaderLogo.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_en.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_zh-TW.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_fr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_fr.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_fr.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\SideBarBackground.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\ICAWebWrapper.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_es.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\dualpk.cab (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_zh-TW.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ja.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ko.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ru.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ko.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpress.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_de.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ru.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ja.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\DesktopViewer.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_zh-CN.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_zh-TW.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ko.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_zh-CN.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_es.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ja.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Global.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_en.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_de.rtf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_es.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\CitrixHDXMediaStreamForFlash-ClientInstall.msi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377 (0 bytes)

The process usbinst.exe:1472 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%WinDir%\inf\oem10.PNF (7393 bytes)
%System%\drivers\SET1F.tmp (601 bytes)
%WinDir%\inf\oem10.inf (6 bytes)
%System%\CatRoot2\dberr.txt (376 bytes)
%WinDir%\setupapi.log (680 bytes)

The Worm deletes the following file(s):

%System%\drivers\SET1F.tmp (0 bytes)

The process usbinst.exe:1104 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%WinDir%\inf\oem11.PNF (7028 bytes)
%System%\CatRoot2\dberr.txt (650 bytes)
%WinDir%\setupapi.log (952 bytes)
%WinDir%\inf\oem11.inf (11 bytes)

The process TrolleyExpress.exe:1988 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_es.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpress.exe (7433 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_fr.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-ICAWebWrapper.log (185796 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\dualpk.cab (689 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-CitrixHDXMediaStreamForFlash-ClientInstall.log (85068 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ru.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_ru.rtf (16 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_ru.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TrolleyExpress-20150927-212002.log (107892 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\CitrixHDXMediaStreamForFlash-ClientInstall.msi (8281 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_en.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\HeaderLogo.bmp (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-GenericUSB.log (95774 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\DesktopViewer.msi (6841 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ko.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-DesktopViewer.log (83736 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-CN.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_zh-TW.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ja.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_en.rtf (9 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_de.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\ICAWebWrapper.msi (70216 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-TW.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_de.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_es.rtf (6 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_fr.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_en.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_ja.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_es.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_ko.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_zh-CN.rtf (703 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_de.rtf (502 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\GenericUSB.msi (23062 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\SideBarBackground.bmp (54 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Global.xml (2 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_ja.rtf (1 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_ko.rtf (24 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_zh-TW.rtf (14 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_fr.rtf (1 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_zh-CN.xml (3 bytes)

The Worm deletes the following file(s):

%Documents and Settings%\%current user%\My Documents\My Pictures (0 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Administrative Tools (0 bytes)

The process MsiExec.exe:1632 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%WinDir%\Temp\dneca.log (59412 bytes)
%System%\config\SYSTEM.LOG (5097 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\AGEE\nsinst.txt (3585 bytes)
%System%\drivers\SET38.tmp (41 bytes)
%WinDir%\inf\oem12.inf (3 bytes)
%WinDir%\setupapi.log (13304 bytes)
%System%\config (288 bytes)
%System%\config\system (2916 bytes)
%WinDir%\inf\oem12.PNF (31402 bytes)
%System%\CatRoot2\dberr.txt (924 bytes)

The Worm deletes the following file(s):

%System%\drivers\SET38.tmp (0 bytes)

The process MsiExec.exe:1680 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%WinDir%\Temp\dneca.log (18819 bytes)
%Documents and Settings%\All Users\Application Data\Citrix\AGEE\nsinst2.txt (265 bytes)

The process MsiExec.exe:1408 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files%\Citrix\ICA Client\wfcwin32.log (54 bytes)

Registry activity

The process %original file name%.exe:1932 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E 67 DF A7 3B 26 29 93 68 AF 94 77 48 5E 50 9F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\clevelandclinic.org]
"(Default)" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EnableAutoTray" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"SearchList" = "ccf.org"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cchs.net]
"(Default)" = "1"

[HKCU\Software\Citrix\Secure Access Client]
"lasturl" = "https://4cornerspro.ccf.org"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ccf.org]
"(Default)" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process nsverctl.exe:552 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A CE 64 72 B5 46 D3 78 77 43 56 60 B4 C8 FB D3"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"Characteristics" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The process dneinst.exe:1536 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E EB BA E3 D4 68 71 9D 92 90 3C 76 CA 65 5A F0"

[HKLM\SOFTWARE\DeterministicNetworks\DNE\Plugins\cag]
"InstallPath" = "C:\PROGRA~1\COMMON~1\DETERM~1\COMMON~1"
"Description" = "Citrix cag plugin for Access Gateway"

The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DeterministicNetworks\DNE\Plugins\cag]
"SysDriver"
"ShimLoad"
"EarlyLoad"
"DependOn"

The process dneinst.exe:2644 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 C1 CD A8 32 DC 03 C2 85 B4 72 51 DA E6 4F FA"

[HKLM\SOFTWARE\DeterministicNetworks\DNE]
"Version" = "3.22.4.17992"
"LastInstallStatus" = "0"

The process dne2000.exe:2696 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\CLSID\{988248f3-a1ad-49bf-9170-676cbbc36ba3}\InProcServer32]
"(Default)" = "C:\PROGRA~1\COMMON~1\DETERM~1\DNE\dneinobj.dll"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"NetCfgInstanceId" = "{4BC9000D-2ABB-491A-8AC1-19CD6BF746B0}"

[HKLM\System\CurrentControlSet\Control\Network\NetCfgLockHolder]
"(Default)" = "DNE Network Config"

[HKLM\System\CurrentControlSet\Services\NdisWan\Linkage]
"Bind" = "\Device\{3635C772-8EF0-4818-A01C-52FE4DB122FF}, \Device\{2CF2F1D8-545F-4F60-B31D-6D865337C377}, \Device\{300FB798-68EC-4E97-B4D2-512532E41B45}, \Device\{6B50964A-1B6D-4176-83E3-F338965F9E4A}, \Device\{761F89C5-B85F-469A-B4BE-7DFCD43FB019}"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"UpperBindings" = "\Device\{AB8B4D61-CE70-4A9E-ADB3-1F4D5C5C3BF2}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage]
"UpperBind" = "Tcpip"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"UpperBind" = "Tcpip"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"DriverDateData" = "00 80 CD 1E 90 38 C9 01"

[HKLM\System\CurrentControlSet\Enum\Root\DNI_DNEMP\0000\Device Parameters]
"InstanceIndex" = "1"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"MatchingDeviceId" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"DriverDateData" = "00 80 CD 1E 90 38 C9 01"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"ProviderName" = "Deterministic Networks"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}\Control]
"ReferenceCount" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"DriverDesc" = "Deterministic Network Enhancer Miniport"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"DriverDesc" = "Deterministic Network Enhancer Miniport"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019\Linkage]
"RootDevice" = "{29A9DF2C-5F56-4F9D-AE06-4CC6B8D3A843}, NdisWanIp"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"UpperBindings" = "\Device\{9C172CAF-27E0-43F0-A801-58F2412927BC}"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"IMOrder" = "PSched, DNE, VMXNET"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019\Linkage]
"Export" = "\Device\{29A9DF2C-5F56-4F9D-AE06-4CC6B8D3A843}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage]
"Export" = "\Device\NdisWanBh"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}\Control]
"ReferenceCount" = "0"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"UpperBindings" = "\Device\{375E9F9F-F389-4FFD-9241-3C39BD89F981}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"MatchingDeviceId" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"InfSection" = "DneMP.ndi.NT"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"DriverVersion" = "3.22.4.17992"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016\Linkage]
"Export" = "\Device\{A05E26E6-4A51-41A2-A62E-22092F37DD86}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"InfSection" = "DneMP.ndi.NT"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"IMOrder" = "PSched, DNE, ctxva51"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"ComponentID" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\Control]
"ReferenceCount" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"InfPath" = "oem14.inf"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"Export" = "\Device\{375E9F9F-F389-4FFD-9241-3C39BD89F981}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"DriverVersion" = "3.22.4.17992"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\NdisWanIp]
"IMOrder" = "PSched, DNE, NdisWanIp"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\NdisWanBh]
"UpperBindings" = "\Device\{4BC9000D-2ABB-491A-8AC1-19CD6BF746B0}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}]
"Description" = "Deterministic Network Enhancer"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"NetCfgInstanceId" = "{6969205F-3AEB-4428-8F07-C4B1BC3B92C1}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"Export" = "\Device\{B1220093-1C55-4F19-922D-0575645635C4}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"ComponentID" = "dni_dnemp"
"MatchingDeviceId" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"DriverDate" = "10-28-2008"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}]
"InfSection" = "Dne.ndi.NT"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage]
"RootDevice" = "NdisWanIp"

[HKLM\System\CurrentControlSet\Enum\Root\DNI_DNEMP\0002\Device Parameters]
"InstanceIndex" = "3"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi\Interfaces]
"UpperRange" = "noupper"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"InfPath" = "oem14.inf"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"DriverVersion" = "3.22.4.17992"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"IMOrder" = "PSched, DNE, VMXNET"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"ProviderName" = "Deterministic Networks"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"NTEContextList" = ""

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"Export" = "\Device\{224F868A-38BE-4281-8624-D3E1624C32C7}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"ProviderName" = "Deterministic Networks"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"RootDevice" = "{9C172CAF-27E0-43F0-A801-58F2412927BC}, {6969205F-3AEB-4428-8F07-C4B1BC3B92C1}, {E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"DriverDesc" = "Deterministic Network Enhancer Miniport"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi]
"CLSID" = "{988248f3-a1ad-49bf-9170-676cbbc36ba3}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"InfPath" = "oem14.inf"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"Characteristics" = "41"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001\Linkage]
"Export" = "\Device\{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010]
"NetCfgInstanceId" = "{6E169948-4E95-4857-82AA-EC14E716D9C7}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016\Linkage]
"RootDevice" = "{A05E26E6-4A51-41A2-A62E-22092F37DD86}, {C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"RootDevice" = "{224F868A-38BE-4281-8624-D3E1624C32C7}, {4BC9000D-2ABB-491A-8AC1-19CD6BF746B0}, NdisWanBh"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"Export" = "\Device\{A507E01F-371D-4E52-B129-38B8FAE3A0EA}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]
"Export" = "\Device\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi]
"FilterDeviceInfFile" = "dne2000m.inf"
"HelpText" = "Deterministic Network Enhancer"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"ProviderName" = "Deterministic Networks"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"PNP_TDI" = "08 00 00 00 05 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"Characteristics" = "41"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"RootDevice" = "{B1220093-1C55-4F19-922D-0575645635C4}, {A05E26E6-4A51-41A2-A62E-22092F37DD86}, {C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF C6 29 EF 2D 1F 1A 2E 1C 7D B8 EC 1C 3E 99 64"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage]
"UpperBind" = "NM"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"MatchingDeviceId" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{224F868A-38BE-4281-8624-D3E1624C32C7}\Control]
"Linked" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"FilterInfId" = "dni_dne"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage]
"RootDevice" = "{EEEE69B8-2C42-4825-B8E6-9597957D672B}"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi\Interfaces]
"LowerExclude" = "ndisatm, ndiscowan, ndiswan, ndiswanasync, ndiswanipx, ndiswannbf, ndiswanipv6"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage]
"RootDevice" = "NdisWanBh"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\NdisWanBh]
"UpperBindings" = "\Device\{224F868A-38BE-4281-8624-D3E1624C32C7}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"DriverDesc" = "Deterministic Network Enhancer Miniport"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{B1220093-1C55-4F19-922D-0575645635C4}\Control]
"Linked" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"Characteristics" = "41"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi\Interfaces]
"FilterMediaTypes" = "ethernet, tokenring, fddi, wan, jnprncva"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\NdisWanIp]
"UpperBindings" = "\Device\{29A9DF2C-5F56-4F9D-AE06-4CC6B8D3A843}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"RootDevice" = "{A507E01F-371D-4E52-B129-38B8FAE3A0EA}, {29A9DF2C-5F56-4F9D-AE06-4CC6B8D3A843}, NdisWanIp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]
"RootDevice" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Enum\Root\DNI_DNEMP\0003\Device Parameters]
"InstanceIndex" = "4"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}\Control]
"ReferenceCount" = "0"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem14.PNF" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"InfSection" = "DneMP.ndi.NT"

[HKLM\System\CurrentControlSet\Services\NdisWan\Linkage]
"Export" = "\Device\NdisWan_{3635C772-8EF0-4818-A01C-52FE4DB122FF}, \Device\NdisWan_{2CF2F1D8-545F-4F60-B31D-6D865337C377}, \Device\NdisWan_{300FB798-68EC-4E97-B4D2-512532E41B45}, \Device\NdisWan_{6B50964A-1B6D-4176-83E3-F338965F9E4A}, \Device\NdisWan_{761F89C5-B85F-469A-B4BE-7DFCD43FB019}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"FilterInfId" = "dni_dne"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{375E9F9F-F389-4FFD-9241-3C39BD89F981}\Control]
"Linked" = "0"

[HKLM\System\CurrentControlSet\Enum\Root\DNI_DNEMP\0004\Device Parameters]
"InstanceIndex" = "5"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\NdisWanIp]
"UpperBindings" = "\Device\{A507E01F-371D-4E52-B129-38B8FAE3A0EA}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"NetCfgInstanceId" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKCR\CLSID\{988248f3-a1ad-49bf-9170-676cbbc36ba3}\InProcServer32]
"ThreadingModel" = "Apartment"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"ComponentID" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008]
"NetCfgInstanceId" = "{5A5B504D-9B16-4132-90B6-D0063FDDF604}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"DriverDateData" = "00 80 CD 1E 90 38 C9 01"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem13.inf" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"DriverDateData" = "00 80 CD 1E 90 38 C9 01"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}]
"InfPath" = "c:\windows\inf\oem13.inf"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020\Linkage]
"RootDevice" = "{6969205F-3AEB-4428-8F07-C4B1BC3B92C1}, {E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"DriverVersion" = "3.22.4.17992"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage]
"Export" = "\Device\NdisWanIp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"Characteristics" = "41"

[HKCR\CLSID\{988248f3-a1ad-49bf-9170-676cbbc36ba3}]
"(Default)" = "DNE Filter Configuration Notify Object"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"NetCfgInstanceId" = "{29A9DF2C-5F56-4F9D-AE06-4CC6B8D3A843}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId" = "{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"Deterministic Network Enhancer Miniport" = "1"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018\Linkage]
"RootDevice" = "{4BC9000D-2ABB-491A-8AC1-19CD6BF746B0}, NdisWanBh"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"DriverVersion" = "3.22.4.17992"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"NetCfgInstanceId" = "{A05E26E6-4A51-41A2-A62E-22092F37DD86}"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi]
"FilterClass" = "failover"
"ComponentDll" = "dneinobj.dll"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"DriverDate" = "10-28-2008"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem13.PNF" = "1"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}]
"ComponentID" = "dni_dne"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"UpperBindings" = "\Device\{6969205F-3AEB-4428-8F07-C4B1BC3B92C1}"

[HKLM\System\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{A507E01F-371D-4E52-B129-38B8FAE3A0EA}\Control]
"Linked" = "0"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi]
"Service" = "DNE"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"DriverDate" = "10-28-2008"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"DriverDate" = "10-28-2008"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"FilterInfId" = "dni_dne"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"UpperBindings" = "\Device\{A05E26E6-4A51-41A2-A62E-22092F37DD86}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"ProviderName" = "Deterministic Networks"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi]
"FilterDeviceInfId" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"UpperBindings" = "\Device\{B1220093-1C55-4F19-922D-0575645635C4}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"DriverDesc" = "Deterministic Network Enhancer Miniport"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}\Ndi\Interfaces]
"LowerRange" = "nolower"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"DriverDate" = "10-28-2008"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"FilterInfId" = "dni_dne"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012]
"NetCfgInstanceId" = "{EEEE69B8-2C42-4825-B8E6-9597957D672B}"

[HKLM\System\CurrentControlSet\Enum\Root\DNI_DNEMP\0001\Device Parameters]
"InstanceIndex" = "2"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem14.inf" = "1"

[HKLM\System\CurrentControlSet\Control\Network]
"Config" = "00 00 00 00 21 00 00 00 B7 55 42 20 1B 27 DF 44"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001\Linkage]
"RootDevice" = "{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"InfSection" = "DneMP.ndi.NT"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"FilterInfId" = "dni_dne"
"InfPath" = "oem14.inf"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"NTEContextList" = ""

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"ComponentID" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017\Linkage]
"Export" = "\Device\{AB8B4D61-CE70-4A9E-ADB3-1F4D5C5C3BF2}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"MatchingDeviceId" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"UpperBind" = "NM"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"NetCfgInstanceId" = "{AB8B4D61-CE70-4A9E-ADB3-1F4D5C5C3BF2}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"Characteristics" = "41"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"InfPath" = "oem14.inf"
"ComponentID" = "dni_dnemp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020\Linkage]
"Export" = "\Device\{6969205F-3AEB-4428-8F07-C4B1BC3B92C1}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018\Linkage]
"Export" = "\Device\{4BC9000D-2ABB-491A-8AC1-19CD6BF746B0}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage]
"Export" = "\Device\{EEEE69B8-2C42-4825-B8E6-9597957D672B}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"Export" = "\Device\{9C172CAF-27E0-43F0-A801-58F2412927BC}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017\Linkage]
"RootDevice" = "{AB8B4D61-CE70-4A9E-ADB3-1F4D5C5C3BF2}, {EEEE69B8-2C42-4825-B8E6-9597957D672B}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"InfSection" = "DneMP.ndi.NT"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"RootDevice" = "{375E9F9F-F389-4FFD-9241-3C39BD89F981}, {AB8B4D61-CE70-4A9E-ADB3-1F4D5C5C3BF2}, {EEEE69B8-2C42-4825-B8E6-9597957D672B}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"DriverDateData" = "00 80 CD 1E 90 38 C9 01"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{204255B7-271B-44DF-B8BF-13F3C9A2D676}]
"Characteristics" = "17424"

[HKLM\System\CurrentControlSet\Services\NdisWan\Linkage]
"Route" = "{3635C772-8EF0-4818-A01C-52FE4DB122FF}, {2CF2F1D8-545F-4F60-B31D-6D865337C377}, {300FB798-68EC-4E97-B4D2-512532E41B45}, {6B50964A-1B6D-4176-83E3-F338965F9E4A}, {761F89C5-B85F-469A-B4BE-7DFCD43FB019}"

The Worm deletes the following registry key(s):

[HKLM\System\CurrentControlSet\Services\DNE\CheckBindLoop]
[HKLM\System\CurrentControlSet\Control\Network\NetCfgLockHolder]

The Worm deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\NdisWanBh]
"IMOrder"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"IMOrder"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"IMOrder"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016]
"InfSectionExt"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020]
"InfSectionExt"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"IMOrder"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019]
"InfSectionExt"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020\Linkage]
"Bind"
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018]
"InfSectionExt"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0019\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Services\DNE\Parameters\Adapters\NdisWanIp]
"IMOrder"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0017]
"InfSectionExt"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0020\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"BindPath"
"Bind"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0018\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0016\Linkage]
"BindPath"

The process nsload.exe:2600 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1609" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1609" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 27 9F 39 A2 EA B1 FD 83 04 FE 19 31 8E 12 95"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process concentr.exe:1976 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 51 6D 73 BF 67 22 EB 28 F6 8B 07 D0 DD 32 2A"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process wfcrun32.exe:1240 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 63 44 DA C1 E9 D6 6C 4D 03 83 C1 7B CA F1 BB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process wfcrun32.exe:1452 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\Interface\{FEF88E72-BA7D-4F09-8A14-816D8EB39987}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCR\Interface\{FEF88E72-BA7D-4F09-8A14-816D8EB39987}]
"(Default)" = "IEvents_ConnectionCtrl"

[HKCR\Interface\{C45B7921-9578-4E38-92B1-18346DA5B84B}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCR\CLSID\{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}\LocalServer32]
"(Default)" = "%Program Files%\Citrix\ICA Client\wfcrun32.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D6E2AD-7673-4742-8B34-6D327771A66D}]
"AppName" = "wfcrun32.exe"

[HKCR\Interface\{91602FD4-080E-44E5-BC6C-7AEBB7C36F2D}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D6E2AD-7673-4742-8B34-6D327771A66D}]
"Policy" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98D6E2AD-7673-4742-8B34-6D327771A66D}]
"AppPath" = "%Program Files%\Citrix\ICA Client"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCR\Interface\{CBACA88C-FA22-4B27-9F2A-7A0517227FE3}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCR\Interface\{2356A355-6B99-4BA0-9CBF-6C13789A9887}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{ABCAD60C-D071-4683-AC98-50AEB736B2A2}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCR\Interface\{68A8653F-5787-48E3-A0D9-B2C33FAC824A}]
"(Default)" = "IEvents_SessionError"

[HKCR\Interface\{DAE32A9F-DC07-4EE1-8EB1-944E060694F4}]
"(Default)" = "IConnectionCtrl_PrivateICO"

[HKCR\CCMLib.CCM.1\CLSID]
"(Default)" = "{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}"

[HKCR\CLSID\{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}\ProgID]
"(Default)" = "CCMLib.CCM.1"

[HKCR\Interface\{239D08F9-0EC1-43F1-96D9-D11C3FB10A8E}]
"(Default)" = "IConnectionCtrl"

[HKCR\CLSID\{D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}]
"(Default)" = "CCM"

[HKCR\Interface\{239D08F9-0EC1-43F1-96D9-D11C3FB10A8E}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCR\CLSID\{1EFF7739-9BDA-4295-BC07-383554CAAC84}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{1EFF7739-9BDA-4295-BC07-383554CAAC84}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{5F6A8DB8-51DF-413D-946C-F424A3168C35}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 F8 0E 8B 9B 2F 23 A6 8A CD 2F 56 8E 14 E8 F9"

[HKCR\Interface\{DAE32A9F-DC07-4EE1-8EB1-944E060694F4}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCR\CCMLib.CCM.1]
"(Default)" = "CCM"

[HKCR\Interface\{91602FD4-080E-44E5-BC6C-7AEBB7C36F2D}]
"(Default)" = "IEvents_VirtualChannel"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{2356A355-6B99-4BA0-9CBF-6C13789A9887}]
"(Default)" = "IEvents_Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{C45B7921-9578-4E38-92B1-18346DA5B84B}]
"(Default)" = "IEvents_SessionSharing"

[HKCR\Interface\{ABCAD60C-D071-4683-AC98-50AEB736B2A2}]
"(Default)" = "IEvents_PrivateICO"

[HKCR\Interface\{68A8653F-5787-48E3-A0D9-B2C33FAC824A}\ProxyStubClsid32]
"(Default)" = "{1EFF7739-9BDA-4295-BC07-383554CAAC84}"

[HKCR\Interface\{CBACA88C-FA22-4B27-9F2A-7A0517227FE3}]
"(Default)" = "IEvents_SessionState"

[HKCR\Interface\{5F6A8DB8-51DF-413D-946C-F424A3168C35}]
"(Default)" = "ICCMCtrl"

[HKCR\CLSID\{1EFF7739-9BDA-4295-BC07-383554CAAC84}\InprocServer32]
"(Default)" = "%Program Files%\Citrix\ICA Client\CCMProxy.dll"

The process CitrixOnlinePluginWeb12144.exe:1264 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 EF 89 D2 95 88 91 7C 54 27 00 7C BA E1 E7 D7"

The process icaconf.exe:636 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCACert1" = ""
"SSLCACert0" = ""
"SSLCACert3" = ""
"SSLCACert2" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-56]
"DriverNameWin32" = "PDC56N.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCACert4" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyHost" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Image Capture]
"TwainAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCACert5" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"DisableMMMaximizeSupport" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"WindowSize2" = "4102"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingLaunchOnly" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"ForceLVBMode" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"driverName" = "WDICA30.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSProxyPortNumber" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"CommPollWaitInc" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection]
"TransportReconnectRetries" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"COMAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection]
"TransportReconnectRetries" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort]
"DriverNameWin32" = "VDCPM30N.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLPolicyExtensionOID" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"Compress" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZLC]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredVRES" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"ICAPortNumber" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort28" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"TcpBrowserAddress2" = ""
"TcpBrowserAddress3" = ""
"TcpBrowserAddress4" = ""
"TcpBrowserAddress5" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"EncRC5-56" = "EncRC5-56"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter]
"ConverterSection" = "AudioConverterList"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\LicenseHandler]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SSPI]
"driverName" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"ClientDrive" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"EnableLockdown" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"CacheTimeoutHigh" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransparentKeyPassthrough]
"FullScreenOnly" = "3"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"TransparentKeyPassthrough" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLClientCertificate" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"Encrypt" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyTimeout" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWIShrinkWorkArea" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"DisableCtrlAltDel" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardSendLocale" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey2Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM3IRQ" = "4"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey12Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAuthenticationPrompt" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"NRWD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"ICAPortNumber" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"TwainRdr" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"SetTWIFocusOnTitled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter]
"AudioHWSection" = "AudioHardware"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress12" = ""
"HttpBrowserAddress13" = ""
"HttpBrowserAddress10" = ""
"HttpBrowserAddress11" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ClientAudio" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress14" = ""
"HttpBrowserAddress15" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"EncRC5-40" = "EncRC5-40"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVCAdapter]
"DriverNameWin32" = "VDDVC0N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"SetTWIFocusOnTitled" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine013" = ""
"LongCommandLine012" = ""
"LongCommandLine011" = ""
"LongCommandLine010" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"Password" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine015" = ""
"LongCommandLine014" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"ClientAudio" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Parity]
"Odd" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"MouseTimer" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"ClientPrinterList" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"MINUS" = "74"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"deu" = "0x00000407"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort]
"PrinterResetTime" = "1100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"MaxWindowSize" = "8650"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"UserName" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdno.dll" = "0x00000414"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"NameResolverWeb16" = "NRHTTPW.DLL"
"Compress" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"BufferLength" = "2048"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"ProtocolSupport" = "RFrame, Encrypt, Compress"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Encryption]
"EncryptionLevelSession" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyAutoConfigURL" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAMaxBufferThreshold" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"startSCD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAMaximumBufferSize" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyPort" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMASecondsToBuffer" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey12Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdla.dll" = "0x0000080A"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"BrowserRetry" = "3"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"NEC PC-9800 Windows 95 and 98 (Japanese)" = "0x830F0007"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_128]
"RC5 (128 bit)" = "EncRC5-128"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAutoConfigURL" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"driverName" = "TDTCPNOV.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"EnableOSS" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"SessionReliabilityTTL" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathP" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"ClientNameInSerialNumber" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"TRWD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathU" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"MaxWindowSize2" = "62500"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PersistentCacheEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"CGPSecurityTicket" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyPassword" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"DisableAudioQueuing" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSTimeout" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress7" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"IBM PC/XT or compatible keyboard" = "0x000C0004"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey13Char" = ""
"Hotkey3Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"CommPollWaitMin" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"DefaultPrinterDriver" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCACert3" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"AllowConnection" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"Plus" = "78"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"COMAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"NameEnumeratorWeb16" = "NEHTTPW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\IO Addresses]
"0x03F8" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region]
"Description" = "This region maps the Internet Explorer Trusted Zone"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey7Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-128]
"DriverNameWin32" = "PDC128N.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\XenDesktop]
"DesktopRestartAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"DesiredVRES" = "480"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"CacheTransferSize" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress3" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredWinType" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates]
"57600" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"EnableOssOnWin9xMe" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"OutBufCountClient2" = "44"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"VirtualCOMPortEmulation" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_40]
"RC5 (40 bit)" = "EncRC5-40"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"LastComPortNum" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"SmartCardAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ClientDrive" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingName" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"SmartCardAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\LocalIME]
"0" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"OutBufCountClient2" = "44"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWIMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey10Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates]
"230400" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"(Server Default)" = "0xFFFFFFFF"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"AlwaysSendPrintScreen" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SmartCard]
"DriverNameWin16" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyBypassList" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Czech" = "0x00000405"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort31" = ""
"ComPort30" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyPort" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Frame]
"DriverNameWin16" = "PDFRAMEW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLNoCACerts" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"SmartCard" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"ProtocolSupport" = "RFrame, Encrypt, Compress"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X 1.71\DEFAULT]
"drv" = "546X.drv"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyFallback" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging]
"LogConnectionAuthorisation" = "false"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"German" = "0x00000407"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyType" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioHardware]
"DriverNameWin16" = "AUDHALW.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLProxyHost" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"BUCC" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"EncRC5-40" = "EncRC5-40"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMASecondsToBuffer" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Spanish variation" = "0x0001040A"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"DriverNameWin16" = "WDICA30W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"ClearPassword" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"AllowUnrecognisedICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"DriverNameWin32" = "VDCOM30N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"NoSavePwordOption" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\All Regions]
"Description" = "This is the parent of all Regions."

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"UseAreaAndCountry" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates]
"9600" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbduk.dll" = "0x00000809"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Danish" = "0x00000406"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"NumMicBuffers" = "64"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"EncRC5-128" = "EncRC5-128"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"PreferTw1" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"MouseSendsControlV" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TWIFullScreenMode" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"MissedKeepaliveWarningMsg" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"driverName" = "TDTCPFTP.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"DriverNameWin16" = "VDCDM30W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"ptg" = "0x00000816"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"UseSSPIOnly" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey3Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"PersistentCacheMinBitmap" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"CDMReadOnly" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"UseAlternateAddress" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"AckDelayThresh" = "50"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"ProtocolSupport" = "RFrame, Encrypt, Compress"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredHPos" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransportDriver]
"TCP/IP - Microsoft" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"PhoneNumber" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates - WIN16]
"57600" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress15" = ""
"HttpBrowserAddress14" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Port Numbers]
"10" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress11" = ""
"HttpBrowserAddress10" = ""
"HttpBrowserAddress13" = ""
"HttpBrowserAddress12" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"DisableMMMaximizeSupport" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"NameResolver" = "NRTCPFTP.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"SavePnPassword" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"AllowConnection" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates]
"19200" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"MissedKeepaliveWarningMsg" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\DVC_PlugAndPlay]
"POSDeviceAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"BufferLength2" = "5000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\DVC_PlugAndPlay]
"PNPDeviceAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAPlaybackPercent" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_40]
"basic" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Spanish" = "0x0000040A"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"UIDomain" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region\Lockdown\Network\Proxy]
"AltProxyType" = "Auto"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"LPWD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"ScancodeEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAVideoEnabled" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"UseLocalUserAndPassword" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"AdaptiveBuffering" = "TRUE"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey5Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Parity]
"none" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey8Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"EncRC5-40" = "EncRC5-40"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Canadian French" = "0x00001009"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"AllowConnection" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort24" = ""
"ComPort25" = ""
"ComPort26" = ""
"ComPort27" = ""
"ComPort20" = ""
"ComPort21" = ""
"ComPort22" = ""
"ComPort23" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress10" = ""
"LocHttpBrowserAddress11" = ""
"LocHttpBrowserAddress12" = ""
"LocHttpBrowserAddress13" = ""
"LocHttpBrowserAddress14" = ""
"LocHttpBrowserAddress15" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TWIFullScreenMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableSessionSharing" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"VDTUI" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SSPIRealm" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encrypt]
"DriverNameWin32" = "PDCRYPTN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWITaskbarGroupingMode" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency]
"ZLMouseMode" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathZ" = ""
"DrivePathY" = ""
"DrivePathX" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TW2StopwatchMinimum" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathS" = ""
"DrivePathR" = ""
"DrivePathQ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVCAdapter]
"DriverNameWin16" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathW" = ""
"DrivePathV" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_128]
"RC5 (128 bit - Login Only)" = "EncRC5-0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter]
"driverName" = "AUDCVT.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathK" = ""
"DrivePathJ" = ""
"DrivePathI" = ""
"DrivePathH" = ""
"DrivePathO" = ""
"DrivePathN" = ""
"DrivePathM" = ""
"DrivePathL" = ""
"DrivePathC" = ""
"DrivePathB" = ""
"DrivePathA" = ""
"DrivePathG" = ""
"DrivePathF" = ""
"DrivePathE" = ""
"DrivePathD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency]
"ZLMouseMode" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"ContinueWithoutPDALockFile" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"EnableAudioInput" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"DoNotUseDefaultCSL" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredColor" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"driverName" = "TDTCPMS.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\UserExperience]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort]
"WindowSize" = "1024"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM1IOP" = "0x3f8"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyUsername" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Unknown Region]
"Sandbox" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"TWIFullScreenMode" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCertificateRevocationCheckPolicy" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort9" = ""
"ComPort8" = ""
"ComPort5" = ""
"ComPort4" = ""
"ComPort7" = ""
"ComPort6" = ""
"ComPort1" = ""
"ComPort3" = ""
"ComPort2" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing]
"CPMAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Parity]
"Even" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"DriverNameWin16" = "TDWSTCPW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyPassword" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey13Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress4" = ""
"HttpBrowserAddress5" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledZ" = ""
"DriveEnabledX" = ""
"DriveEnabledY" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"LegacyLocalUserNameAndPassword" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledR" = ""
"DriveEnabledS" = ""
"DriveEnabledP" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress7" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledV" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TwainRdr]
"DriverNameWin32" = "VDTWN.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledT" = ""
"DriveEnabledU" = ""
"DriveEnabledJ" = ""
"DriveEnabledK" = ""
"DriveEnabledH" = ""
"DriveEnabledI" = ""
"DriveEnabledN" = ""
"DriveEnabledO" = ""
"DriveEnabledL" = ""
"DriveEnabledM" = ""
"DriveEnabledB" = ""
"DriveEnabledC" = ""
"DriveEnabledA" = ""
"DriveEnabledF" = ""
"DriveEnabledG" = ""
"DriveEnabledD" = ""
"DriveEnabledE" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey14Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessR" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"DoNotUseDefaultCSL" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"MouseWheelMapping" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region\Evidence]
"InternetExplorerZone" = "Trusted,Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates - WIN16]
"38400" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLClientAuthentication" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\LocalIME]
"1" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSProtocolVersion" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"AppendUsername" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"NameEnumeratorWeb32" = "NEHTTPN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredHPos" = ""
"PersistentCachePath" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"Encrypt" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"UseFullScreen" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ProtocolDriver]
"RFrame" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing]
"Win32FavorRetainedPrinterSettings" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"EncRC5-56" = "EncRC5-56"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZL_FONT]
"DriverNameWin16" = "VDFON30W.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"OutputMode" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWITaskbarGroupingMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-128]
"DriverNameWin16" = "PDC128W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBACompressionEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"ICAPortNumber" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWIMode" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine016" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledQ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"isl" = "0x0000040F"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledW" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket]
"LogonTicket" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"Encrypt" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioHardware]
"driverName" = "SB16.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"TW2StopwatchMinimum" = "TW2StopwatchMinimum"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAPlaybackPercent" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterVorbis]
"DriverNameWin32" = "CTXVORBIS.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"AudioBandwidthLimit" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey10Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SmartCard]
"DriverNameWin32" = "VDSCARDN.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey4Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"UseAlternateAddress" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine005" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"NRDomain" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Swiss French" = "0x0000100C"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioHardware]
"DriverNameWin32" = "AUDHALN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessY" = ""
"DriveReadAccessX" = ""
"DriveReadAccessZ" = ""
"DriveReadAccessQ" = ""
"DriveReadAccessP" = ""
"DriveReadAccessS" = ""
"DriveReadAccessR" = ""
"DriveReadAccessU" = ""
"DriveReadAccessT" = ""
"DriveReadAccessW" = ""
"DriveReadAccessV" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"ResMngrRunningPollPeriod" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessH" = ""
"DriveReadAccessK" = ""
"DriveReadAccessJ" = ""
"DriveReadAccessM" = ""
"DriveReadAccessL" = ""
"DriveReadAccessO" = ""
"DriveReadAccessN" = ""
"DriveReadAccessA" = ""
"DriveReadAccessC" = ""
"DriveReadAccessB" = ""
"DriveReadAccessE" = ""
"DriveReadAccessD" = ""
"DriveReadAccessG" = ""
"DriveReadAccessF" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Croatian" = "0x0000041A"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCiphers" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region]
"EnableRegion" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAMaximumBufferSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"WindowsCache" = "3072"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress9" = ""
"HttpBrowserAddress8" = ""
"HttpBrowserAddress5" = ""
"HttpBrowserAddress4" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VDTUI]
"DriverNameWin32" = "VDTUIN.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress6" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingName" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress2" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"TcpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration]
"Version Minimum" = "10000"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"UnixPrintCommand" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"TcpBrowserAddress5" = ""
"TcpBrowserAddress4" = ""
"TcpBrowserAddress3" = ""
"TcpBrowserAddress2" = ""
"UseAlternateAddress" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey3Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"Address" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"ScreenPercent" = "ScreenPercent"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"US-Dvorak" = "0x00010409"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"PrinterResetTime" = "1100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\IO Addresses]
"0x03E8" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Italian" = "0x00000410"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCommonName" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort18" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAAudioEnabled" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"LPWD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort11" = ""
"ComPort10" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"EncRC5-0" = "EncRC5-0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingKey" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort15" = ""
"ComPort14" = ""
"ComPort17" = ""
"ComPort16" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM4IOP" = "0x2e8"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey7Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\All Regions]
"EnableRegion" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"ContinueWithoutPDALockFile" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"UseSDLVB" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_128]
"basic" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encrypt]
"driverName" = "PDCRYPT.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Interrupts]
"3" = ""
"2" = ""
"5" = ""
"4" = ""
"7" = ""
"6" = ""
"9" = ""
"8" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterADPCM]
"driverName" = "ADPCM.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSrfc1929Password" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdsw.dll" = "0x0000041D"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey6Char" = ""
"Hotkey10Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdne.dll" = "0x00000413"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey15Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"ICAPortNumber" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TWIDesiredIconColor" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey11Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region\Evidence]
"EffectiveAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"DriverNameWin16" = "VDCAMW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort10" = ""
"ComPort11" = ""
"ComPort12" = ""
"ComPort13" = ""
"ComPort14" = ""
"ComPort15" = ""
"ComPort16" = ""
"ComPort17" = ""
"ComPort18" = ""
"ComPort19" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredHRES" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Turkish (Q)" = "0x0000041F"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PersistentCacheMinBitmap" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Clipboard]
"ClipboardAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection]
"TransportReconnectEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"TransportDriver" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSProxyHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"PlaybackDelayThresh" = "250"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyPort" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"VirtualCOMPortEmulation" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Delegation]
"RegionIdentification" = "administrator"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"Address" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\All Regions]
"Priority" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdda.dll" = "0x00000406"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSrfc1929Username" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"RC5 (56 bit)" = "EncRC5-56"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"Multimedia" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBADecompressedCacheSize" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Image Capture]
"TwainAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PersistentCachePath" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"EchoShiftKeys" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress4" = ""
"LocHttpBrowserAddress7" = ""
"LocHttpBrowserAddress6" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encrypt]
"DriverNameWin16" = "PDCRYPTW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X 1.71]
"ProviderName" = "Cirrus Logic"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress2" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVCPlugin_PNPRedirection]
"DvcNames" = "PlugAndPlay"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress8" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Untrusted Region]
"Sandbox" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathN" = ""
"DrivePathO" = ""
"DrivePathL" = ""
"DrivePathM" = ""
"DrivePathJ" = ""
"DrivePathK" = ""
"DrivePathH" = ""
"DrivePathI" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"MaxDataBufferSize" = "2048"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathG" = ""
"DrivePathD" = ""
"DrivePathE" = ""
"DrivePathB" = ""
"DrivePathC" = ""
"DrivePathA" = ""
"DrivePathZ" = ""
"DrivePathX" = ""
"DrivePathY" = ""
"DrivePathV" = ""
"DrivePathW" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"Encrypt" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathU" = ""
"DrivePathR" = ""
"DrivePathS" = ""
"DrivePathP" = ""
"DrivePathQ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"F1" = "98"
"F2" = "99"
"F3" = "100"
"F4" = "101"
"F5" = "102"
"F6" = "103"
"F7" = "104"
"F8" = "105"
"F9" = "106"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"Encrypt" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"RC5 (40 bit)" = "EncRC5-40"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Control]
"CREnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Untrusted Region]
"TransitionTo" = "Untrusted Region,Trusted Region"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TwRedundantImageItems" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdic.dll" = "0x0000040F"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\IO Addresses]
"Default" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Shift States]
"(none)" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing]
"CPMAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"SVGACapability" = "Off"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Untrusted Region]
"EnableRegion" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"AllowUnrecognisedICAParameters" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"driverName" = "VDTW30.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"ScreenPercent" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"driverName" = "VDSPL30.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBAMaximumCompressionLevel" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region\Lockdown\Network\Proxy]
"proxytype" = "Auto"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey1Char" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"DefaultPrinter" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"proxytype" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing]
"VSLAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey4Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\RFrame]
"DriverNameWin16" = "PDRFRAMW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"DriverNameWin32" = "TDWSTCPN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"PersistentCacheSize" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardType" = ""
"UnicodeKeyboard" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Compress]
"DriverNameWin16" = "PDCOMPW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey14Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort25" = ""
"ComPort24" = ""
"ComPort27" = ""
"ComPort26" = ""
"ComPort21" = ""
"ComPort20" = ""
"ComPort23" = ""
"ComPort22" = ""
"ComPort29" = ""
"ComPort28" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"GraphicCacheSize" = "GraphicCacheSize"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Italian (142)" = "0x00010410"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey9Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"GraphicCacheSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyFallback" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"DefaultHttpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"DisableAudioQueuing" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Swiss German" = "0x00000807"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"IgnoreErrors" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"MouseSendsControlV" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"DriverNameWin16" = "VDSPL30W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"fin" = "0x0000040B"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyUseFQDN" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"NRDomain" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"CFDCD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"tab" = "15"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"DataAckThresh" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Japanese MS-IME98" = "0xe0010411"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"UseSSPIOnly" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"OverrideInvalidICAParameters" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"UpdateTime" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransportDriver]
"TCP/IP - VSL" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessU" = ""
"DriveWriteAccessT" = ""
"DriveWriteAccessW" = ""
"DriveWriteAccessV" = ""
"DriveWriteAccessQ" = ""
"DriveWriteAccessP" = ""
"DriveWriteAccessS" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSProxyHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransportDriver]
"TCP/IP - FTP" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessY" = ""
"DriveWriteAccessX" = ""
"DriveWriteAccessZ" = ""
"DriveWriteAccessE" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey2Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessG" = ""
"DriveWriteAccessF" = ""
"DriveWriteAccessA" = ""
"DriveWriteAccessC" = ""
"DriveWriteAccessB" = ""
"DriveWriteAccessM" = ""
"DriveWriteAccessL" = ""
"DriveWriteAccessO" = ""
"DriveWriteAccessN" = ""
"DriveWriteAccessI" = ""
"DriveWriteAccessH" = ""
"DriveWriteAccessK" = ""
"DriveWriteAccessJ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLPolicyExtensionOID" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Unknown Region]
"LockdownProfile" = "Unknown Region"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SSPIEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection]
"TransportReconnectDelay" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region\Lockdown\Network\Proxy]
"WinStationDriver" = "ICA 3.0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"CGPSecurityTicket" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"PersistentCacheEnabled" = "Off"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"EnableSSOnThruICAFile" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"UseFullScreen" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCiphers" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"OutBufCountHost" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Clipboard]
"driverName" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"ClientMouseDoubleClickDetect" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"RC5 (128 bit)" = "EncRC5-128"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TW2StopwatchMinimum" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"NameEnumerator" = "NETCPNOV.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBACompressedCacheSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region\Lockdown\Network\Proxy]
"proxytype" = "Auto"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLClientAuthentication" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZL_FONT]
"DriverNameWin32" = "VDFON30N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey2Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"DesiredHRES" = "DesiredHRES"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"WinStationDriver" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterVorbis]
"driverName" = "CTXVORBIS.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VDTUI]
"DriverNameWin16" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"ConnectionBar" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"Encrypt" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"startIFDCD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"PrinterQueryRefreshTime" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ClientPrinterQueue" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"UpdateTime" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File]
"RemoveICAFile" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"NEC PC-9800 Windows NT (Japanese)" = "0x840F0007"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredHRES" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Shift States]
"shift" = "3"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing]
"BrowserRetry" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"TWIFullScreenMode" = "TWIFullScreenMode"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"ClearPassword" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"DesiredColor" = "8"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"HttpBrowserAddress" = ""
"OutBufCountClient2" = "44"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region\Lockdown\Network\Proxy]
"WinStationDriver" = "ICA 3.0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"InitialProgram" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates - WIN16]
"19200" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"PersistentCacheMinBitmap" = "PersistentCacheMinBitmap"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"Version" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"DefaultPrinter" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"WindowSize" = "1440"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSProtocolVersion" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine010" = ""
"LongCommandLine011" = ""
"LongCommandLine012" = ""
"LongCommandLine013" = ""
"LongCommandLine014" = ""
"LongCommandLine015" = ""
"LongCommandLine016" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVCAdapter]
"(Default)" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"OutBufLength" = "1460"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"DesiredHRES" = "640"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"MouseWheelMapping" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"SessionReliabilityTTL" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenIA" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\RFrame]
"driverName" = "PDRFRAM.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"(none)" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"GenericUSB" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Romanian" = "0x00000418"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TwRedundantImageItems" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TwainRdr]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_56]
"basic" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"BrowserTimeout" = "1000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X 1.71g]
"ProviderName" = "Cirrus Logic"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyUseDefault" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region]
"Priority" = "3"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"UIDomain" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SSPI]
"DriverNameWin16" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAVideoEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_128]
"RC5 (40 bit)" = "EncRC5-40"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"OverrideInvalidICAParameters" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"Password" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"NameResolver" = "NRTCVSL.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyBypassList" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"DriverNameWin32" = "VDCAMN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"AllowUnrecognisedICAParameters" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"DEC LK411-JJ Keyboard (Japanese)" = "0x850C0007"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey5Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenIA" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort32" = ""
"ComPort30" = ""
"ComPort31" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"MaxRequestSize" = "1440"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"CursorStipple" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive]
"DisableDrives" = "DisableDrives"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM2IRQ" = "3"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransparentKeyPassthrough]
"Remote" = "2"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"LicenseHandler" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon]
"SSOnDetected" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"ClientDrive" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyPassword" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"UserName" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"TcpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"basic" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region\Lockdown\Network\Proxy]
"TransportDriver" = "TCP/IP"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"RC5 (56 bit)" = "EncRC5-56"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PreferredLaunchMonitor" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"NativeDriveMapping" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"SSOnCredentialType" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"DefaultPrinterDriver" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Encryption]
"EncryptionDLL" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SingleSignonDetected" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"UseAlternateAddress" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive]
"NativeDriveMapping" = "NativeDriveMapping"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"ReadersStatusPollPeriod" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"CDMReadOnly" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"WorkDirectory" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"NativeDriveMapping" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"UnixPrintCommand" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"sve" = "0x0000041D"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection]
"TransportReconnectEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"AllowConnection" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathT" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket]
"LogonTicketType" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"BUCC" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"CDMReadOnly" = "FALSE"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Multimedia]
"DriverNameWin32" = "VDMMN.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyTimeout" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey11Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP]
"HttpBrowserAddress3" = "HttpBrowserAddress3"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"Title" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"TransparentKeyPassthrough" = ""
"KeyboardMappingFile" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort]
"WindowsPrinter" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingLoose" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"AppendUsername" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey2Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort1" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"SSOnUserSetting" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"AllowConnection" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"CursorStipple" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"endIFDCD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientComm]
"MaxPort" = "MaxPort"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"LastComPortNum" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAMinBufferThreshold" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PreferredLaunchMonitor" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAuthenticationBasic" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"MaxMemoryCache" = "8192"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_40]
"RC5 (128 bit - Login Only)" = "EncRC5-0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"SSOnCredentialType" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\GenericUSB]
"driverName" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"FontSmoothingType" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAuthenticationBasic" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Compress]
"MaxCompressDisable" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey5Char" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey12Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransportDriver]
"TCP/IP - Novell Lan WorkPlace" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"TcpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSrfc1929Password" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"MFPrintCommand" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"CDMAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"OutBufLength" = "1460"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessI" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"AllowUnrecognisedICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_128]
"RC5 (56 bit)" = "EncRC5-56"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"(User Profile)" = "0x00000000"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"NRWD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SecureChannelProtocol" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVCAdapter]
"DvcPlugins" = "PNPRedirection"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAuthenticationNTLM" = "*"
"ProxyUsername" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"OutBufCountHost" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket]
"LogonTicketType" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"DriverNameWin32" = "VDSPL30N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Unknown Region]
"Priority" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdusx.dll" = "0x00020409"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"OutBufCountHost2" = "44"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardTimer" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"COCD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VDTUI]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"ClickTicks" = "5"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"RFrame" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"DisableDrives" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAMaxBufferThreshold" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"(none)" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransparentKeyPassthrough]
"Local" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCACert4" = ""
"SSLCACert5" = ""
"SSLCACert2" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"SessionReliabilityTTL" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCACert0" = ""
"SSLCACert1" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Compress]
"DriverNameWin32" = "PDCOMPN.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Reconnection]
"TransportReconnectDelay" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyUseFQDN" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"Address" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine003" = ""
"LongCommandLine002" = ""
"LongCommandLine001" = ""
"LongCommandLine000" = ""
"LongCommandLine007" = ""
"LongCommandLine006" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSTimeout" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine004" = ""
"LongCommandLine009" = ""
"LongCommandLine008" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessR" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyFavorIEConnectionSetting" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ProtocolDriver]
"Compress" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessW" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging]
"LogFile" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"US" = "0x00000409"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey7Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region]
"TransitionTo" = "Trusted Region,Untrusted Region"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"MaxPort" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingKey" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"MaxMicBufferSize" = "2000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey5Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"F9" = "67"
"F8" = "66"
"F3" = "61"
"F2" = "60"
"F1" = "59"
"F7" = "65"
"F6" = "64"
"F5" = "63"
"F4" = "62"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessF" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Control]
"CREnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"British" = "0x00000809"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"EnableLockdown" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress2" = ""
"HttpBrowserAddress3" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdgr.dll" = "0x00000407"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey9Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress6" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"OutBufCountClient" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress8" = ""
"HttpBrowserAddress9" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessJ" = ""
"DriveReadAccessK" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Shift States]
"ctrl" = "4"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"OutBufCountClient2" = "44"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DefaultMaximizedPos" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessM" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\IO Addresses]
"0x02E8" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBA" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessO" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"NameEnumerator" = "NETCPFTP.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"UseAlternateAddress" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"SavePnPassword" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"DisableCtrlAltDel" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\ClientSelectiveTrust]
"EnableClientSelectiveTrust" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hardware Transmit Flow Control]
"DSR" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Clipboard]
"DriverNameWin16" = "VDCLIPW.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableIPCSessionControl" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZLC]
"DriverNameWin16" = "VDZLCW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"PersistentCachePath" = "PersistentCachePath"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardLayout" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"AllowConnection" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Encryption]
"EncryptionDLL" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"MissedKeepaliveWarningTime" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Server]
"*" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PersistentCacheSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging]
"LogStartup" = "false"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBACompressionEnabled" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port]
"MaxPort" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"ScancodeEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"OutBufCountHost" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region\Lockdown\Network\Proxy]
"TransportDriver" = "TCP/IP"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"EnableLockdown" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"RC5 (40 bit)" = "EncRC5-40"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"WinStationDriver" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"NEC PC-9800 on PC98-NX 2 (Japanese)" = "0x820F0007"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"TWIDesiredIconColor" = "TWIDesiredIconColor"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey13Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"CGPAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"DisableUPDOptimizationFlag" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ClientComm" = ""
"Thinwire3.0" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"OutBufCountClient" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"ScreenPercent" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdpo.dll" = "0x00000816"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"driverName" = "VDCDM30.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SSPI]
"DriverNameWin32" = "VDSSPIN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\All Regions]
"TransitionTo" = "Trusted Region,Untrusted Region"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey11Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredVPos" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey1Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdus.dll" = "0x00000409"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"VirtualDriverEx" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"DriverNameWin16" = "VDCOM30W.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"GraphicCacheSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"Compress" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"MaxCache16Color" = "8192"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"AllowConnection" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging]
"LogEvidence" = "false"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"ConnectionFriendlyName" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"MFPrintCommand" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort2" = ""
"ComPort3" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Hungarian" = "0x0000040E"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort6" = ""
"ComPort7" = ""
"ComPort4" = ""
"ComPort5" = ""
"ComPort8" = ""
"ComPort9" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PersistentCacheSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"CacheWriteAllocateDisable" = "FALSE"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"SSPI" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Client Update]
"UpdatesAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"TcpBrowserAddress3" = ""
"TcpBrowserAddress2" = ""
"TcpBrowserAddress5" = ""
"TcpBrowserAddress4" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdfr.dll" = "0x0000040C"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Portuguese" = "0x00000816"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyPassword" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"basic" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"PrinterQueryRefreshTime" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessP" = ""
"DriveReadAccessQ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"InitialProgram" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessS" = ""
"DriveReadAccessT" = ""
"DriveReadAccessU" = ""
"DriveReadAccessV" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"AECD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessX" = ""
"DriveReadAccessY" = ""
"DriveReadAccessZ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Unknown Region]
"Description" = "This region is used for any Citrix Presentation Server that cannot be classified into any of the other regions."

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"DynamicCDM" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessA" = ""
"DriveReadAccessB" = ""
"DriveReadAccessC" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"Compress" = "On"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessE" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"CommandAckThresh" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessG" = ""
"DriveReadAccessH" = ""
"DriveReadAccessI" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"EnableAudioInputMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"driverName" = "VDCAM.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessL" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-40]
"DriverNameWin32" = "PDC40N.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveReadAccessN" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyFavorIEConnectionSetting" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"MaxWindowSize" = "8650"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredVPos" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"ita" = "0x00000410"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"startSCD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Compression]
"Compress" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"ICASOCKSTimeout" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort19" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"NameEnumerator" = "NENUM.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing]
"BrowserTimeout" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Parity]
"Mark" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"Clipboard" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"XmlAddressResolutionType" = "DNS-Port"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-0]
"DriverNameWin32" = "PDC0N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey6Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Multimedia]
"DriverNameWin16" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"OutBufLength" = "1460"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMA" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon]
"SSOnDetected" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZL_FONT]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Norwegian" = "0x00000414"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"Encrypt" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"DisableDrives" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"Address" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"MouseTimer" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"SetTWIFocusOnTitled" = "SetTWIFocusOnTitled"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"TRWD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverterList]
"NumConverters" = "3"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"Esc" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"EnableSSOnThruICAFile" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICACTL]
"DriverNameWin16" = "VDCTLW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledN" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"AllowUnrecognisedICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DefaultMaximizedPos" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-0]
"driverName" = "PDC0.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"AudioBandwidthLimit" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort13" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"DriverVesa" = "VDTW30V.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort12" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"OutBufCountHost" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"F12" = "83"
"F10" = "107"
"F11" = "82"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"UseLocalUserAndPassword" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X - ISDCorp (c) v2.00\DEFAULT]
"drv" = "546X.drv"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Untrusted Region]
"Description" = "This region contains all untrusted Citrix Servers"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"EnableAudioInput" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Dutch" = "0x00000413"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"Encrypt" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Frame]
"driverName" = "PDFRAME.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"MinMemoryCache" = "750"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"UseEUKS" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey8Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbddv.dll" = "0x00010409"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyType" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"AllowUnrecognisedICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"CommPollWaitMax" = "500"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\XenDesktop]
"DesktopRestartAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"ConnectTTYDelay" = "1000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Shift States]
"alt" = "8"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"CacheDisable" = "FALSE"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"OutBufCountHost2" = "44"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates]
"38400" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"Plus" = "73"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"RC5 (56 bit)" = "EncRC5-56"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"TWIDesiredIconColor" = "32"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"RFrame" = "On"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"ConnectionFriendlyName" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableSessionSharingClient" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ZLC" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey6Shift" = ""
"Hotkey14Char" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"HttpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File]
"Launcher" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"DriverNameWin32" = "VDTW30N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"Address" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"RC5 (128 bit)" = "EncRC5-128"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"AudioHWSection" = "AudioConverter"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing]
"VSLAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\ClientSelectiveTrust]
"EnableClientSelectiveTrust" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"ConnectionBar" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"UserExperience" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLProxyHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdca.dll" = "0x00010C0C"
"kbdit.dll" = "0x00000410"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Mouse]
"ClientMouseDoubleClickDetect" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive]
"CDMReadOnly" = "CDMReadOnly"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"MinDiskLeft" = "2048"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Parity]
"space" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"AllowForeignIRQShare" = "No"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterSpeex]
"driverName" = "CTXSPEEX.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessV" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey4Shift" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessT" = ""
"DriveWriteAccessU" = ""
"DriveWriteAccessR" = ""
"DriveWriteAccessS" = ""
"DriveWriteAccessP" = ""
"DriveWriteAccessQ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party]
"AllowVirtualDriverExLegacy" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"Reducer" = "ICAREDU.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessX" = ""
"DriveWriteAccessY" = ""
"DriveWriteAccessF" = ""
"DriveWriteAccessG" = ""
"DriveWriteAccessD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM2IOP" = "0x2f8"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessB" = ""
"DriveWriteAccessC" = ""
"DriveWriteAccessA" = ""
"DriveWriteAccessN" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"Compress" = "On"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessL" = ""
"DriveWriteAccessM" = ""
"DriveWriteAccessJ" = ""
"DriveWriteAccessK" = ""
"DriveWriteAccessH" = ""
"DriveWriteAccessI" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"CFDCD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"OutBufCountHost2" = "44"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"EnableLockdown" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Slovenian" = "0x00000424"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X 1.71]
"ver" = "4.0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBADecompressedCacheSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdfi.dll" = "0x0000040B"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SSPIKeyDistributionCenter" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Untrusted Region]
"Priority" = "2"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"DiskCacheDirectory" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"MaxRequestSize2" = "4116"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Ticket]
"LogonTicket" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCertificateRevocationCheckPolicy" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"OverrideInvalidICAParameters" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAuthenticationNTLM" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey14Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"(Default)" = "0x00000000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"US-International" = "0x00020409"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_56]
"RC5 (56 bit)" = "EncRC5-56"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM3IOP" = "0x3e8"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"OutBufCountClient" = "6"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress2" = ""
"LocHttpBrowserAddress3" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"SFRAllowed" = "FALSE"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress6" = ""
"LocHttpBrowserAddress7" = ""
"LocHttpBrowserAddress4" = ""
"LocHttpBrowserAddress5" = ""
"LocHttpBrowserAddress8" = ""
"LocHttpBrowserAddress9" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Encryption]
"EncryptionLevelSession" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ICACTL" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TWI]
"driverName" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyBypassList" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"MissedKeepaliveWarningTime" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLEnable" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Clipboard]
"DriverNameWin32" = "VDCLIPN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Multimedia]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"OutBufCountHost" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ZLC]
"DriverNameWin32" = "VDZLCN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"ProtocolSupport" = "RFrame, Frame, Encrypt, Compress"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP]
"HttpBrowserAddress2" = "HttpBrowserAddress2"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"proxytype" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP]
"HttpBrowserAddress4" = "HttpBrowserAddress4"
"HttpBrowserAddress5" = "HttpBrowserAddress5"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"WpadHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\LicenseHandler]
"DriverNameWin16" = "VDLICW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"star" = "69"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SingleSignonDetected" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVCAdapter]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"EnableLockdown" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"IgnoreErrors" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"ClientAudio" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey9Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TWI]
"DriverNameWin32" = "VDTWIN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"CDMAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hardware Receive Flow Control]
"rTS" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X - ISDCorp (c) v2.00]
"ProviderName" = "Cirrus Logic"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"WinSetting" = "WinSetting"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLClientCertificate" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"UseSDLVB" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"CommPollWaitIncTime" = "20"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"NoWindowManager" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"Title" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress12" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"ResMngrRunningPollPeriod" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Greek" = "0x00000408"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"HttpBrowserAddress4" = ""
"HttpBrowserAddress5" = ""
"HttpBrowserAddress2" = ""
"HttpBrowserAddress3" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"TransportDriver" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Belgian French" = "0x0000080C"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"COCD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingLoose" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathF" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\ClientDrive]
"SFRAllowed" = "SFRAllowed"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"RC5 (40 bit)" = "EncRC5-40"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"EchoCancellation" = "TRUE"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\CGP]
"CGPAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"NumCommandBuffers" = "128"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey15Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"WindowSize" = "1024"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"NRUserName" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TwainRdr]
"DriverNameWin16" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Compress]
"driverName" = "PDCOMP.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"OutBufCountClient2" = "44"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpanMonitors" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"WinSetting" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PersistentCacheEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-40]
"DriverNameWin16" = "PDC40W.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"UseAreaAndCountry" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyTimeout" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"CacheTimeout" = "600"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates]
"115200" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"star" = "55"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"AllowUnrecognisedICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"OverrideInvalidICAParameters" = "1"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\DVC_PlugAndPlay]
"PNPDeviceAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency]
"ZLKeyboardMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter]
"DriverNameWin32" = "AUDCVTN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"TwTotalOssSizePowerOf2" = "24"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP]
"HttpBrowserAddress" = "HttpBrowserAddress"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"SFRAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-0]
"DriverNameWin16" = "PDC0W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Russian" = "0x00000419"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"REWD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"UseAlternateAddress" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\All Regions]
"LockdownProfile" = "All Regions"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"TcpBrowserAddress5" = ""
"TcpBrowserAddress4" = ""
"TcpBrowserAddress3" = ""
"TcpBrowserAddress2" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"UseIconWindow" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"driverName" = "TDTCPVSL.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"MaxSpecialCache16Color" = "32"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey8Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region]
"LockdownProfile" = "Trusted Region"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration]
"Version Maximum" = "12001"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"AllowUnrecognisedICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICACTL]
"DriverNameWin32" = "VDCTLN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"OutBufCountHost2" = "44"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"WinSetting" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"EnableLockdown" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"dan" = "0x00000406"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"RECD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSrfc1929Username" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"nor" = "0x00000414"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"French" = "0x0000040C"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_Basic]
"basic" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Slovak" = "0x0000041B"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SSPIRealm" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ClientPrinterPort" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyBypassList" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"OverrideInvalidICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"MinSpecialCache16Color" = "8"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\IO Addresses]
"0x02F8" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLEnable" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region\Lockdown\Network\Proxy]
"AltProxyType" = "Auto"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"ReducerWin32" = "ICAREDUN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"EnableOSS" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey15Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"MaxDiskCache" = "2048"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdsf.dll" = "0x0000100C"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"OverrideInvalidICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"SessionSharingLaunchOnly" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"UseEUKS" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Delegation]
"LockdownProfiles" = "administrator,user,grouppolicy_machine,grouppolicy_user"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort29" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"OutBufCountHost2" = "44"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Audio]
"EnableAudioInputMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey6Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X - ISDCorp (c) v2.00]
"ver" = "4.0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"EnableLockdown" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Finnish" = "0x0000040B"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"Address" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TransportDriver]
"TCP/IP" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"Clientname" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X 1.71g\DEFAULT]
"drv" = "546X.drv"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\DVCPlugin_PNPRedirection]
"PluginClassId" = "{A1230401-67a5-4df6-a730-dce8822c80c4}"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"DriverNameWin16" = "VDTW30W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\GenericUSB]
"DriverNameWin16" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"NumDataBuffers" = "64"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"AlwaysSendPrintScreen" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-40]
"driverName" = "PDC40.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"ProtocolSupport" = "RFrame, Encrypt, Compress"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Swedish" = "0x0000041D"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBA" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"WorkDirectory" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableSessionSharing" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"ICAPortNumber" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey3Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Untrusted Region]
"LockdownProfile" = "Untrusted Region"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"basic" = "Encrypt"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"CommPollModemStatus" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Cirrus Logic 546X 1.71g]
"ver" = "4.0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterADPCM]
"DriverNameWin32" = "ADPCM.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"CommPollSize" = "On"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"SFRAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"DEC LK411-AJ Keyboard (Japanese)" = "0x870C0007"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"RFrame" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"EncRC5-128" = "EncRC5-128"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"PersistentCacheSize" = "PersistentCacheSize"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"EchoShiftKeys" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"OutputMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterQueue]
"MaxWindowSize2" = "62500"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Bulgarian" = "0x00000402"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"ProtocolSupport" = "RFrame, Encrypt, Compress"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"Version" = "2"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"F12" = "88"
"F11" = "87"
"F10" = "68"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"SSOnUserSetting" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WFClient]
"PrinterFlowControl" = "FALSE"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableSessionSharingHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"SVGAPreference" = "Off"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Stop Bits]
"1" = ""
"2" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredColor" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_56]
"RC5 (40 bit)" = "EncRC5-40"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"106 Keyboard (Japanese)" = "0x020C0007"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hardware Transmit Flow Control]
"CTS" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey11Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardLayout" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"Version" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\GUI]
"UseIconWindow" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey15Shift" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpanMonitors" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Data Bits]
"4" = ""
"5" = ""
"6" = ""
"7" = ""
"8" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"ConnectTTY" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ProtocolDriver]
"Encrypt" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon]
"AutoLogonAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Serial Port\Device]
"ComPort32" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Canadian French (Legacy)" = "0x00000C0C"
"Belgian Dutch" = "0x00000813"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Unknown Region]
"EnableRegion" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyUseDefault" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"ICAPortNumber" = "1494"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\LicenseHandler]
"DriverNameWin32" = "VDLICN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TWI]
"DriverNameWin16" = "VDTWIW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdbr.dll" = "0x00000416"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWIIgnoreWorkArea" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"AllowConnection" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - VSL]
"UseAlternateAddress" = "0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"NativeDriveMapping" = "FALSE"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"TcpBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"101 Keyboard (Japanese)" = "0x000C0007"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"WpadHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAMinBufferThreshold" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession_56]
"RC5 (128 bit - Login Only)" = "EncRC5-0"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"NameResolverWeb32" = "NRHTTPN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Interrupts]
"Default" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"VirtualDriver" = "Thinwire3.0, ClientDrive, ClientPrinterQueue, ClientPrinterPort, Clipboard, ClientComm, ClientAudio, LicenseHandler, TWI,ZL_FONT,ZLC,SmartCard,Multimedia,ICACTL,SSPI,TwainRdr,UserExperience,VDTUI,DVCAdapter,GenericUSB"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SSPIEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBACompressedCacheSize" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\All Regions]
"Sandbox" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"ScreenPercent" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party]
"AllowVirtualDriverEx" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\UserExperience]
"DriverNameWin32" = "VDEUEMN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"OutBufCountClient" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Encryption Levels]
"RC5 (128 bit)" = "EncRC5-128"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLNoCACerts" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Polish (Programmers)" = "0x00000415"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyAutoConfigURL" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Zero Latency]
"ZLKeyboardMode" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM1IRQ" = "4"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Brazilian (ABNT)" = "0x00000416"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"driverName" = "VDCOM30.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Thinwire3.0]
"PersistentCachePath" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableSessionSharingClient" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"PersistentCacheEnabled" = "PersistentCacheEnabled"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWIIgnoreWorkArea" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"NameEnumerator" = "NETCPMS.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"LocalIME" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"DesiredColor" = "DesiredColor"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-56]
"DriverNameWin16" = "PDC56W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Smartcard]
"ReadersStatusPollPeriod" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Kerberos]
"SSPIKeyDistributionCenter" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party]
"AllowVirtualDriverExLegacy" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"NoSavePwordOption" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - FTP]
"OutBufCountClient" = "6"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"LowMemReserve" = "51200"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials]
"LegacyLocalUserNameAndPassword" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort]
"DriverNameWin16" = "VDCPM30W.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdsg.dll" = "0x00000807"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"NameResolver" = "NRTCPMS.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"LocalIME" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP]
"Address" = "Address"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Clipboard]
"ClipboardAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing]
"BrowserRetry" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdsp.dll" = "0x0000040A"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"Version Maximum" = "10100"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"enu" = "0x00000409"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Japanese ATOK11 Ver.1.0" = "0xe0020411"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverter]
"DriverNameWin16" = "AUDCVTW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Canadian Multilingual Standard" = "0x00011009"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"eng" = "0x00000809"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"XmsReserve" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine]
"Clientname" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing]
"BrowserTimeout" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMAAudioEnabled" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"OverrideInvalidICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdbe.dll" = "0x0000080C"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress5" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"NRUserName" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"startIFDCD" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Unknown Region]
"Version Minimum" = "10000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Stop Bits]
"1.5" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress3" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"EncRC5-128" = "EncRC5-128"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing\Device]
"ClientPrinterList" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"UseAlternateAddress" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress9" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"ZL_FONT" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-56]
"driverName" = "PDC56.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardMappingFile" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Port Numbers]
"1" = ""
"2" = ""
"3" = ""
"4" = ""
"5" = ""
"6" = ""
"7" = ""
"8" = ""
"9" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAuthenticationPrompt" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SSLCommonName" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Icelandic" = "0x0000040F"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredVRES" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"DisableDrives" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"RECD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"NameResolver" = "NRTCPNOV.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ProtocolDriver]
"Frame" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\AudioConverterList]
"Converter0" = "ConverterADPCM"
"Converter1" = "ConverterVorbis"
"Converter2" = "ConverterSpeex"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"ReducerWin16" = "ICAREDUW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\Thinwire3.0]
"DesiredVRES" = "DesiredVRES"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"TWI" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"ICAPortNumber" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing]
"ICAHTTPBrowserAddress" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyHost" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey9Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\WinStationDriver]
"ICA 3.0" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardSendLocale" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File]
"Launcher" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DrivePathT" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Baud Rates - WIN16]
"9600" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Keyboard Dll Codes]
"kbdfc.dll" = "0x00001009"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"COM4IRQ" = "3"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Client Update]
"UpdatesAllowed" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"REWD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Latin American" = "0x0000080A"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"PersistentCacheMinBitmap" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing]
"ICAHTTPBrowserAddress" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\WFClient]
"*" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Untrusted Region]
"EnableLockdown" = "0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey4Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyUsername" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Printing]
"Win32FavorRetainedPrinterSettings" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"esn" = "0x0000040A"
"esp" = "0x0000040A"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ICASOCKSProxyPortNumber" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"FontSmoothingType" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\GenericUSB]
"DriverNameWin32" = "VDGUSBN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"Esc" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\SSL]
"SecureChannelProtocol" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardTimer" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Unknown Region]
"TransitionTo" = "Unknown Region"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\Trusted Region]
"OverrideInvalidICAParameters" = "1"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardLayout]
"Turkish (F)" = "0x0001041F"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyAutoConfigURL" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"KeyboardType" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"Domain" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Delegation]
"AdvancedConfiguration" = "administrator"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey10Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterSpeex]
"DriverNameWin32" = "CTXSPEEX.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"Japanese Keyboard for 106n (Japanese)" = "0x860C0007"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICACTL]
"driverName" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"OutBufLength" = "1460"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyUsername" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Protocols]
"PhoneNumber" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"Address" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ConverterADPCM]
"DriverNameWin16" = "ADPCMW.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncRC5-128]
"driverName" = "PDC128.DDL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledM" = ""
"DriveEnabledL" = ""
"DriveEnabledO" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\KeyboardType]
"NEC PC-9800 on PC98-NX (Japanese)" = "0x810F0007"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveEnabledI" = ""
"DriveEnabledH" = ""
"DriveEnabledK" = ""
"DriveEnabledJ" = ""
"DriveEnabledE" = ""
"DriveEnabledD" = ""
"DriveEnabledG" = ""
"DriveEnabledF" = ""
"DriveEnabledA" = ""
"DriveEnabledC" = ""
"DriveEnabledB" = ""
"DriveEnabledY" = ""
"DriveEnabledX" = ""
"DriveEnabledZ" = ""
"DriveEnabledU" = ""
"DriveEnabledT" = ""
"DriveEnabledW" = ""
"DriveEnabledV" = ""
"DriveEnabledQ" = ""
"DriveEnabledP" = ""
"DriveEnabledS" = ""
"DriveEnabledR" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Interrupts]
"15" = ""
"14" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"NoWindowManager" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Interrupts]
"11" = ""
"10" = ""
"13" = ""
"12" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Application Browsing\HTTP Addresses]
"LocHttpBrowserAddress15" = ""
"LocHttpBrowserAddress14" = ""
"LocHttpBrowserAddress11" = ""
"LocHttpBrowserAddress10" = ""
"LocHttpBrowserAddress13" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging]
"LogICAFile" = "false"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Compression]
"Compress" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableSessionSharingHost" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\DVC_PlugAndPlay]
"POSDeviceAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelSession]
"RC5 (128 bit - Login Only)" = "EncRC5-0"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Seamless Windows]
"TWIShrinkWorkArea" = "*"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Saved Credentials]
"Domain" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives]
"DynamicCDM" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort]
"driverName" = "VDCPM30.DDL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey12Char" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard]
"UnicodeKeyboard" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessW" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Logging]
"LogConfigurationAccess" = "false"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"DesiredWinType" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Frame]
"DriverNameWin32" = "PDFRAMEN.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientPrinterPort]
"MaxWindowSize" = "2048"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP]
"RFrame" = "On"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Third Party]
"AllowVirtualDriverEx" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey13Char" = ""
"Hotkey8Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\VirtualDriver]
"DVCAdapter" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessZ" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LaunchReference" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"nld" = "0x00000413"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"DriverNameWin32" = "WDICA30N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\RFrame]
"DriverNameWin32" = "PDRFRAMN.DLL"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessE" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyPort" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hardware Receive Flow Control]
"DTR" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"TWIDesiredIconColor" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Canonicalization\TCP/IP]
"ICAPortNumber" = "ICAPortNumber"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"ProxyTimeout" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Session Sharing]
"EnableIPCSessionControl" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Region Identification\Trusted Region]
"Sandbox" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LaunchReference" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Drives\Device]
"DriveWriteAccessO" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\EncryptionLevelAuth]
"EncRC5-56" = "EncRC5-56"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Multimedia]
"SpeedScreenMMA" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys PC98]
"MINUS" = "64"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"AECD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Language IDs]
"fra" = "0x0000040C"
"frc" = "0x00000C0C"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File]
"RemoveICAFile" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientAudio]
"ControlPollTime" = "1000"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\UserExperience]
"DriverNameWin16" = "Unsupported"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey7Char" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive]
"DriverNameWin32" = "VDCDM30N.DLL"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\SmartCard]
"driverName" = "Unsupported"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\Proxy]
"AltProxyHost" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientComm]
"MaxPort" = "5"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics]
"SpeedScreenBAMaximumCompressionLevel" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Novell Lan WorkPlace]
"RFrame" = "On"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\End User Experience]
"endIFDCD" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey1Shift" = ""

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys]
"Hotkey1Shift" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\Hotkey Keys]
"tab" = "15"

[HKU\.DEFAULT\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Application Launching]
"LongCommandLine000" = ""
"LongCommandLine001" = ""
"LongCommandLine002" = ""
"LongCommandLine003" = ""
"LongCommandLine004" = ""
"LongCommandLine005" = ""
"LongCommandLine006" = ""
"LongCommandLine007" = ""
"LongCommandLine008" = ""
"LongCommandLine009" = ""

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon]
"AutoLogonAllowed" = "*"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\TCP/IP - Microsoft]
"OutBufLength" = "1460"

The process ipconfig.exe:1028 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 0F D3 ED 88 20 EF 24 17 C2 8B AC F1 16 B9 18"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

The process rundll32.exe:1716 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "33 6D 06 AB B4 C9 D0 F5 9D FC 99 E6 DF 7E C2 5D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Citrix\ICA Client]
"icaconf.exe" = "Citrix ICA Configuration Executable (Win32)"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The Worm modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Worm modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Worm modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process runonce.exe:3612 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 F8 EA 1A A7 E2 BC 81 70 65 55 52 E8 F0 90 BB"

The process runonce.exe:3660 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A 1D 8F D2 D8 B8 1B 51 A8 48 16 20 45 F3 E4 59"

The process runonce.exe:3492 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 85 5D 3D D5 F9 A7 7A EA AD EE 27 51 EE 9F 28"

The process runonce.exe:552 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 68 95 AA A3 4A CE 0C 10 66 98 9B D8 28 3E D4"

The process runonce.exe:544 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 65 2D DD C2 D9 6B 19 A4 B0 D3 73 3B EA 22 0B"

The process runonce.exe:3700 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 F0 1C 5A 51 F7 A7 94 B3 43 93 34 CF 8D F5 4B"

The process runonce.exe:332 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 78 29 BB 49 AD 9C F5 CD D6 2C A2 13 3E D8 FB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The Worm modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Worm modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Worm modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Worm deletes the following value(s) in system registry:
The Worm disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"

The process runonce.exe:3528 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 CC E8 D7 0C E1 CF 4F 7B F6 AF 42 5C C9 04 D3"

The process usbinst.exe:1472 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A D2 F1 22 1E C3 ED 87 29 4C 12 17 6B C7 6A 38"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem10.inf" = "1"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem10.PNF" = "1"

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" = "grpconv -o"

The process usbinst.exe:1104 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "05 0B F8 8A 3C D0 F1 E8 4F 4C 5C 60 ED 19 CF 1D"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem11.inf" = "1"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem11.PNF" = "1"

The process TrolleyExpress.exe:1988 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\Flash]
"ProductCode" = "{AE66F944-596A-4D09-9A1C-DAF3DE836991}"

[HKLM\SOFTWARE\Citrix\InstallDetect\{A9852000-047D-11DD-95FF-0800200C9A66}]
"DisplayVersion" = "12.1.44.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"URLInfoAbout" = "www.citrix.com"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\Flash]
"PackageType" = "MSI"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"Contact" = "Citrix Systems, Inc."

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\ICA_Client]
"PackageType" = "MSI"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"VersionMajor" = "12"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\Flash]
"Version" = "12.1.44.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\USB]
"Version" = "12.1.44.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Templates" = "%Documents and Settings%\All Users\Templates"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"DisplayIcon" = "%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpress.exe"
"DisplayName" = "Citrix online plug-in - web"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\DesktopViewer]
"Version" = "12.1.44.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"VersionMinor" = "1"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\DesktopViewer]
"PackageType" = "MSI"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"NoRepair" = "1"

[HKLM\SOFTWARE\Citrix\InstallDetect\{A9852000-047D-11DD-95FF-0800200C9A66}]
"DisplayName" = "Citrix online plug-in - web"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\DesktopViewer]
"ProductCode" = "{7170F93F-6B61-4DC1-A664-0E222744CEC7}"

[HKLM\SOFTWARE\Citrix\InstallDetect\{A9852000-047D-11DD-95FF-0800200C9A66}]
"Rule" = "reg:HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb\DisplayVersion"
"Type" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"UninstallString" = "%Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpress.exe /uninstall /cleanup"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\ICA_Client]
"ProductCode" = "{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 3F F3 D4 17 DE BC 73 2C C8 FB 0A D0 B4 3A 72"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\ICA_Client]
"Version" = "12.1.44.1"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\USB]
"PackageType" = "MSI"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"NoModify" = "1"
"Publisher" = "Citrix Systems, Inc."
"HelpTelephone" = "1-800-424-8749"

[HKLM\SOFTWARE\Citrix\PluginPackages\XenAppSuite\USB]
"ProductCode" = "{D641760F-FE66-4655-99B9-59A451F2FFAB}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CitrixOnlinePluginPackWeb]
"DisplayVersion" = "12.1.44.1"

The process grpconv.exe:1252 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 61 47 E8 B3 C6 77 81 B9 34 AD C2 33 94 89 93"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\GrpConv]
"Log" = "Init Application."

[HKCR\MSProgramGroup\Shell\Open\Command]
"(Default)" = "%System%\grpconv.exe %1"

[HKCR\MSProgramGroup]
"(Default)" = "Microsoft Program Group"

[HKCR\.grp]
"(Default)" = "MSProgramGroup"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The process MsiExec.exe:1164 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 6A 1B 31 89 D4 81 2B 8F 47 DA 19 A5 48 70 9D"

[HKLM\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ICA 3.0]
"VirtualDriver" = "Thinwire3.0,ClientDrive,ClientPrinterQueue,ClientPrinterPort,Clipboard,ClientComm,ClientAudio,LicenseHandler,TWI,ZL_FONT,ZLC,SmartCard,Multimedia,ICACTL,SSPI,TwainRdr,UserExperience,VDTUI,DVCAdapter,GenericUSB,Flash"

The process MsiExec.exe:1632 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"ProviderName" = "Citrix"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"EnableICMPRedirect" = "1"

[HKLM\System\CurrentControlSet\Services\NetBT\Linkage]
"Export" = "\Device\NetBT_Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\NetBT_Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\NetBT_Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NetBT_Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\NetBT_Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
"Num_Catalog_Entries" = "7"

[HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage]
"Export" = "\Device\NetBIOS_NetBT_Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\NetBIOS_NetBT_Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\NetBIOS_NetBT_Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NetBIOS_NetBT_Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\NetBIOS_NetBT_Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"ProviderName" = "Microsoft"

[HKCU\Software\DeterministicNetworks\InstalledProducts\DNE]
"InstallerRetcode" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"EnableDHCP" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\System\PSched]
"TypesSupported" = "7"

[HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\NetBIOS]
"WinSock 1.1 Provider Data" = "0E 10 00 00 11 00 00 00 14 00 00 00 14 00 00 00"

[HKLM\System\CurrentControlSet\Services\Eventlog\System\PSched]
"EventMessageFile" = "%SystemRoot%\System32\netevent.dll"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Ndi\Params\Medium]
"ParamDesc" = "Ethernet"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"Domain" = ""

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\4\Ip]
"InterfaceInfo" = "01 00 00 00 68 00 00 00 03 00 00 00 05 00 FF FF"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\System\CurrentControlSet\Services\nm\Linkage]
"Bind" = "\Device\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NdisWanBh"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MediaStatus]
"ParamDesc" = "Media Status"

[HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage]
"Route" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, {EEEE69B8-2C42-4825-B8E6-9597957D672B}, {E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MsiExec\DEBUG]
"Trace Level" = ""

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"UpperBindings" = "\Device\{9C172CAF-27E0-43F0-A801-58F2412927BC}"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"DefaultGateway" = ""

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MediaStatus]
"Optional" = "0"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"TCPAllowedPorts" = "0"
"NameServer" = ""

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"UpperBindings" = "\Device\{375E9F9F-F389-4FFD-9241-3C39BD89F981}"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"Citrix Virtual Adapter" = "1"

[HKLM\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"NetbiosOptions" = "0"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
"Next_Catalog_Entry_ID" = "1028"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Ndi\Interfaces]
"LowerRange" = "ethernet"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"RegisterAdapterName" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"RegistrationEnabled" = "1"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\Tcpip\Linkage]
"Route" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, {EEEE69B8-2C42-4825-B8E6-9597957D672B}, {E1070104-F404-44CE-B556-0622F9D63EE5}, NdisWanIp"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MAC]
"Type" = "edit"

[HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\NetBIOS]
"WinSock 2.0 Provider ID" = "30 18 5F 8D 73 C2 CF 11 95 C8 00 80 5F 48 A1 92"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"EnableSecurityFilters" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"SubnetMask" = "255.255.255.0"

[HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage]
"Route" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, {EEEE69B8-2C42-4825-B8E6-9597957D672B}, {E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"ComponentID" = "ms_pschedmp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Ndi]
"Service" = "ctxva51"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\4]
"Enabled" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"InfSection" = "PSchedMP.ndi"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"NetCfgInstanceId" = "{B1220093-1C55-4F19-922D-0575645635C4}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MTU]
"Default" = "1400"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"UDPAllowedPorts" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"Export" = "\Device\{B1220093-1C55-4F19-922D-0575645635C4}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Services\Tcpip\Linkage]
"Bind" = "\Device\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NdisWanIp"

[HKLM\System\CurrentControlSet\Services\{EEEE69B8-2C42-4825-B8E6-9597957D672B}\Parameters\Tcpip]
"DefaultGateway" = "192.168.11.2"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"IPAddress" = "192.168.11.128"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"DriverDate" = "1-26-2010"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MAC]
"ParamDesc" = "MAC Address"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010]
"NetCfgInstanceId" = "{6E169948-4E95-4857-82AA-EC14E716D9C7}"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"IPAddress" = "0.0.0.0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001]
"NetCfgInstanceId" = "{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9]
"Serial_Access_Num" = "14"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"DriverVersion" = "5.1.2535.0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"DriverVersion" = "1.0.0.3"
"ComponentID" = "ctxva51"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"DefaultGatewayMetric" = ""

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"MatchingDeviceId" = "ctxva51"

[HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration]
"Provider List" = "Tcpip, NetBIOS"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"IPEnableRouter" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"RawIPAllowedProtocols" = "0"

[HKLM\System\CurrentControlSet\Services\ctxva51]
"TextModeFlags" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0001\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"InfSection" = "ctxva51.ndi"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\1]
"Stamp" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"Characteristics" = "41"

[HKLM\System\CurrentControlSet\Services\Tcpip\Linkage]
"Export" = "\Device\Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Services\{E1070104-F404-44CE-B556-0622F9D63EE5}\Parameters\Tcpip]
"SubnetMask" = "0.0.0.0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"IPAddress" = "0.0.0.0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"RegistrationEnabled" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\4]
"InterfaceName" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"Export" = "\Device\{224F868A-38BE-4281-8624-D3E1624C32C7}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"RootDevice" = "{9C172CAF-27E0-43F0-A801-58F2412927BC}, {E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Ndi\Interfaces]
"DefUpper" = "ndis5"

[HKLM\System\CurrentControlSet\Services\{E1070104-F404-44CE-B556-0622F9D63EE5}\Parameters\Tcpip]
"DefaultGateway" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"MTU" = "1400"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem12.inf" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"UpperBind" = "NM"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces]
"Stamp" = "0"

[HKLM\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"NameServerList" = "192.168.11.2"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"RawIPAllowedProtocols" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"RootDevice" = "{224F868A-38BE-4281-8624-D3E1624C32C7}, NdisWanBh"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"DefaultGateway" = ""

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"NDIS" = "0E 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]
"Export" = "\Device\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MediaStatus]
"Default" = "0"

[HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage]
"Route" = "NetbiosSmb, NetBT Tcpip {C8A89E13-E469-4ED3-A845-C756BF28D9D3}, NetBT Tcpip {EEEE69B8-2C42-4825-B8E6-9597957D672B}, NetBT Tcpip {E1070104-F404-44CE-B556-0622F9D63EE5}, NetBT Tcpip NdisWanIp"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MAC]
"Optional" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012]
"NetCfgInstanceId" = "{EEEE69B8-2C42-4825-B8E6-9597957D672B}"

[HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage]
"Export" = "\Device\LanmanWorkstation_NetbiosSmb, \Device\LanmanWorkstation_NetBT_Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\LanmanWorkstation_NetBT_Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\LanmanWorkstation_NetBT_Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\LanmanWorkstation_NetBT_Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\LanmanWorkstation_NetBT_Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"Medium" = ""

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"Export" = "\Device\{375E9F9F-F389-4FFD-9241-3C39BD89F981}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"PNP_TDI" = "07 00 00 00 05 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\System\CurrentControlSet\Services\lanmanserver\Linkage]
"Route" = "NetbiosSmb, NetBT Tcpip {C8A89E13-E469-4ED3-A845-C756BF28D9D3}, NetBT Tcpip {EEEE69B8-2C42-4825-B8E6-9597957D672B}, NetBT Tcpip {E1070104-F404-44CE-B556-0622F9D63EE5}, NetBT Tcpip NdisWanIp"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"InfPath" = "oem12.inf"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"UDPAllowedPorts" = "0"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\{E1070104-F404-44CE-B556-0622F9D63EE5}\Parameters\Tcpip]
"IPAddress" = "0.0.0.0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E0 AA D5 9D 3D 73 C3 4B A3 38 5A 3F 8D 91 F2 D9"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\3]
"Stamp" = "0"

[HKLM\System\CurrentControlSet\Services\NetBT\Linkage]
"Route" = "Tcpip {C8A89E13-E469-4ED3-A845-C756BF28D9D3}, Tcpip {EEEE69B8-2C42-4825-B8E6-9597957D672B}, Tcpip {E1070104-F404-44CE-B556-0622F9D63EE5}, Tcpip NdisWanIp"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"RegisterAdapterName" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"BusNumber" = "0"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"EnableDHCP" = "1"

[HKLM\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}]
"NameServerList" = ""

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"LLInterface" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\NdisWanBh]
"UpperBindings" = "\Device\{224F868A-38BE-4281-8624-D3E1624C32C7}"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\4\Ip]
"ProtocolId" = "33"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"Domain" = ""

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"RootDevice" = "{B1220093-1C55-4F19-922D-0575645635C4}, {C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"MatchingDeviceId" = "ms_pschedmp"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MTU]
"Step" = "1"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\RouterManagers]
"Stamp" = "0"

[HKLM\System\CurrentControlSet\Services\nm\Linkage]
"Export" = "\Device\NM_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\NM_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\NM_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NM_NdisWanBh"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"RootDevice" = "{A507E01F-371D-4E52-B129-38B8FAE3A0EA}, NdisWanIp"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"DefaultGateway" = "192.168.11.2"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Linkage]
"RootDevice" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\2]
"Stamp" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MTU]
"Max" = "1500"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\{EEEE69B8-2C42-4825-B8E6-9597957D672B}\Parameters\Tcpip]
"EnableDHCP" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"DefaultGatewayMetric" = "0"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\NdisWanIp]
"UpperBindings" = "\Device\{A507E01F-371D-4E52-B129-38B8FAE3A0EA}"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SYSTEM\LastKnownGoodRecovery\LastGood]
"INF/oem12.PNF" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"Packet Scheduler Miniport" = "1, 2, 3, 4, 5"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\4]
"Stamp" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"NetCfgInstanceId" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"RegistrationEnabled" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008\Linkage]
"UpperBind" = "PSched"

[HKLM\System\CurrentControlSet\Services\{E1070104-F404-44CE-B556-0622F9D63EE5}\Parameters\Tcpip]
"EnableDHCP" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0008]
"NetCfgInstanceId" = "{5A5B504D-9B16-4132-90B6-D0063FDDF604}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"FilterInfId" = "ms_psched"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MTU]
"min" = "100"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MTU]
"ParamDesc" = "MTU"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"UpperBind" = "Tcpip"

[HKLM\System\CurrentControlSet\Services\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}\Parameters\Tcpip]
"DefaultGateway" = ""

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"SubnetMask" = "0.0.0.0"

[HKLM\System\CurrentControlSet\Services\lanmanworkstation\Linkage]
"Bind" = "\Device\NetbiosSmb, \Device\NetBT_Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\NetBT_Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\NetBT_Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NetBT_Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\NetBT_Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Services\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}\Parameters\Tcpip]
"IPAddress" = "0.0.0.0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"EnableDHCP" = "0"

[HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage]
"LanaMap" = "01 04 01 03 01 00 00 01 00 02"

[HKLM\System\CurrentControlSet\Enum\Root\CTXVA51\0000\Device Parameters]
"InstanceIndex" = "1"

[HKLM\System\CurrentControlSet\Services\NetBT\Parameters]
"EnableLMHOSTS" = "1"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"TCPAllowedPorts" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"SubnetMask" = "0.0.0.0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"NameServer" = ""

[HKLM\System\CurrentControlSet\Services\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}\Parameters\Tcpip]
"EnableDHCP" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"DriverDesc" = "Citrix Virtual Adapter"
"DriverDateData" = "00 C0 C1 80 1A 9E CA 01"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"Export" = "\Device\{A507E01F-371D-4E52-B129-38B8FAE3A0EA}"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"UDPAllowedPorts" = "0"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"RawIPAllowedProtocols" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\System\CurrentControlSet\Services\NetBT\Linkage]
"Bind" = "\Device\Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"MediaStatus" = "0"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\4]
"Type" = "3"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"EnableDeadGWDetect" = "1"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Ndi\Interfaces]
"UpperRange" = "ndis5"

[HKLM\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"NameServerList" = ""

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"UseZeroBroadcast" = "0"

[HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage]
"Bind" = "\Device\NetBT_Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\NetBT_Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\NetBT_Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NetBT_Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\NetBT_Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MTU]
"Type" = "int"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MediaStatus\enum]
"1" = "Always Connected"
"0" = "Application Controlled"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\PSched\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"UpperBindings" = "\Device\{B1220093-1C55-4F19-922D-0575645635C4}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"DriverDesc" = "Packet Scheduler Miniport"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"TCPAllowedPorts" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"IpConfig" = "Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}"

[HKLM\System\CurrentControlSet\Control\Network\NetCfgLockHolder]
"(Default)" = "INetCfg Installer Interface"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"Characteristics" = "137"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Control\Network]
"Config" = "00 00 00 00 20 00 00 00 48 24 FA EB BA 71 FF 4B"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"RegisterAdapterName" = "0"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MediaStatus]
"Type" = "enum"

[HKLM\System\CurrentControlSet\Services\lanmanserver\Linkage]
"Export" = "\Device\LanmanServer_NetbiosSmb, \Device\LanmanServer_NetBT_Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\LanmanServer_NetBT_Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\LanmanServer_NetBT_Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\LanmanServer_NetBT_Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\LanmanServer_NetBT_Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"UseDomainNameDevolution" = "1"

[HKLM\System\CurrentControlSet\Services\RemoteAccess\Interfaces\0]
"Stamp" = "0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"DriverDate" = "7-1-2001"

[HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage]
"Export" = "\Device\RasPppoe_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\RasPppoe_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\RasPppoe_{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"InfPath" = "netpsa.inf"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\System\CurrentControlSet\Services\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}\Parameters\Tcpip]
"SubnetMask" = "0.0.0.0"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"UpperBind" = "NM, Ndisuio, RasPppoe, Tcpip"

[HKLM\System\CurrentControlSet\Enum\Root\MS_PSCHEDMP\0004\Device Parameters]
"InstanceIndex" = "5"

[HKLM\System\CurrentControlSet\Services\nm\Linkage]
"Route" = "{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, {EEEE69B8-2C42-4825-B8E6-9597957D672B}, {E1070104-F404-44CE-B556-0622F9D63EE5}, NdisWanBh"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"DriverDateData" = "00 80 62 C5 C0 01 C1 01"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014\Ndi\Interfaces]
"DefLower" = "ethernet"

[HKLM\System\CurrentControlSet\Services\lanmanserver\Linkage]
"Bind" = "\Device\NetbiosSmb, \Device\NetBT_Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\NetBT_Tcpip_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\NetBT_Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}, \Device\NetBT_Tcpip_{BF770B77-F559-4142-BC28-45811EFECA81}, \Device\NetBT_Tcpip_{FA3B3797-8A29-4E30-9B14-9ECEA8F69703}"

[HKLM\System\CurrentControlSet\Services\NetBIOS\Parameters]
"MaxLana" = "4"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"Export" = "\Device\{9C172CAF-27E0-43F0-A801-58F2412927BC}"

[HKLM\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{E1070104-F404-44CE-B556-0622F9D63EE5}]
"NetbiosOptions" = "0"

[HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage]
"Bind" = "\Device\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Services\RasPppoe\Linkage]
"Bind" = "\Device\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Control\CLASS\{4D36E972-E325-11CE-BFC1-08002BE10318}\0014\Ndi\params\MTU]
"Optional" = "0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"DefaultGatewayMetric" = ""

[HKLM\System\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"NetbiosOptions" = "0"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\NetBIOS\Linkage]
"Route" = "NetBT Tcpip {C8A89E13-E469-4ED3-A845-C756BF28D9D3}, NetBT Tcpip {EEEE69B8-2C42-4825-B8E6-9597957D672B}, NetBT Tcpip {E1070104-F404-44CE-B556-0622F9D63EE5}, NetBT Tcpip NdisWanIp"

[HKLM\System\CurrentControlSet\Services\Ndisuio\Linkage]
"Export" = "\Device\Ndisuio_{C8A89E13-E469-4ED3-A845-C756BF28D9D3}, \Device\Ndisuio_{EEEE69B8-2C42-4825-B8E6-9597957D672B}, \Device\Ndisuio_{E1070104-F404-44CE-B556-0622F9D63EE5}"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"DontAddDefaultGatewayDefault" = "0"
"SearchList" = "ccf.org"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\Dhcp\Configurations]
"Options" = "32 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"RootDevice" = "{375E9F9F-F389-4FFD-9241-3C39BD89F981}, {EEEE69B8-2C42-4825-B8E6-9597957D672B}"

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]
"PackedCatalogItem" = "25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"Domain" = ""

[HKLM\System\CurrentControlSet\Services\{EEEE69B8-2C42-4825-B8E6-9597957D672B}\Parameters\Tcpip]
"SubnetMask" = "255.255.255.0"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"DeadGWDetectDefault" = "1"

[HKLM\System\CurrentControlSet\Services\{EEEE69B8-2C42-4825-B8E6-9597957D672B}\Parameters\Tcpip]
"IPAddress" = "192.168.11.128"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"NameServer" = "192.168.11.2"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Citrix\Secure Access Client]
"nsload.exe" = "%Program Files%\Citrix\Secure Access Client\nsload.exe:*:Enabled:Citrix Access Gateway Plug-in"

"nsepa.exe" = "%Program Files%\Citrix\Secure Access Client\nsepa.exe:*:Enabled:Citrix Access Gateway Endpoint Analysis"

The Worm adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Citrix\Secure Access Client]
"nsepa.exe" = "%Program Files%\Citrix\Secure Access Client\nsepa.exe:*:Enabled:Citrix Access Gateway Endpoint Analysis"

"nsload.exe" = "%Program Files%\Citrix\Secure Access Client\nsload.exe:*:Enabled:Citrix Access Gateway Plug-in"

The Worm deletes the following registry key(s):

[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\0000000E]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\0000000D]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008]
[HKLM\System\CurrentControlSet\Services\Winsock\Setup Migration\Providers\NetBIOS]
[HKLM\System\CurrentControlSet\Control\Network\NetCfgLockHolder]
[HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011]

The Worm deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Citrix\Secure Access Client]
"nsload.exe"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"NumInterfaces"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"ActiveConfigurations"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"ActiveConfigurations"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Citrix\Secure Access Client]
"nsepa.exe"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"Bind"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\MsiExec\DEBUG]
"Trace Level"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015]
"InfSectionExt"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"Bind"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"Route"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage]
"Bind"
"Route"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C8A89E13-E469-4ED3-A845-C756BF28D9D3}]
"InterfaceMetric"
"ActiveConfigurations"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0015\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage]
"BindPath"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014]
"InfSectionExt"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEEE69B8-2C42-4825-B8E6-9597957D672B}]
"InterfaceMetric"

[HKLM\System\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage]
"BindPath"
"Bind"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E1070104-F404-44CE-B556-0622F9D63EE5}]
"InterfaceMetric"

The process MsiExec.exe:852 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 F8 C5 A2 28 01 BB DF 46 CE 0F 17 16 20 79 CA"

The process MsiExec.exe:1840 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA F0 28 F7 BB 52 37 40 A3 07 0E 55 B0 0F 86 AE"

The process MsiExec.exe:1680 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 34 40 5E 50 F5 E7 25 61 C6 4A F0 A8 7A ED 46"

[HKCU\Software\Microsoft\Windows Script\Settings]
"JITDebug" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\DeterministicNetworks\InstalledProducts\DNE]
"UninstallOnUpgrade"

[HKCU\Software\DeterministicNetworks\InstalledProducts\DNE]
"InstallerRetcode"

[HKLM\SOFTWARE\DeterministicNetworks\InstalledProducts\DNE]
"UpgradingMSI"

The process MsiExec.exe:1500 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 6D 65 54 28 82 99 E7 CC A0 DE 30 B5 2C 07 48"

The process MsiExec.exe:1408 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 11 53 A4 05 55 E1 99 17 7C AD D4 A9 AA 08 61"

[HKLM\System\CurrentControlSet\Services\AFD\Parameters]
"CitrixBackupDefaultSendWindow" = "0"
"DefaultSendWindow" = "64512"

[HKLM\System\CurrentControlSet\Services\Tcpip\Parameters]
"TcpWindowSize" = "64512"
"CitrixBackupTcpWindowSize" = "64240"

The process MsiExec.exe:376 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A CA 67 D3 0C E8 49 FD 28 18 B7 63 FD 71 CD DE"

Dropped PE files

MD5 File path
bd6bcbb33c0b11a32f612d83831d13a6 c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpress.exe
e592a2de7ca94d791ab1a9c340a77d2c c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_de.dll
baeaaf46f60826962d063932edc67b99 c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_en.dll
96e9aba54a0d9c523d0322cde8ca7678 c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_es.dll
4e7b4a718f1ea888f58686acaf1f3783 c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_fr.dll
d188b64967223c425306981b7acf5d55 c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ja.dll
63b84af62dd2fcc18f8c9f7c3f11828e c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ko.dll
1958d1ec5793d710750c55e62bb6bfd8 c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ru.dll
3e26f8b5a2a9fe53a742103ac70331c5 c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-CN.dll
f06be894885f950953bede429400478c c:\Documents and Settings\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-TW.dll
6dd06a8ddcf1d2af4e24ebf5a0310468 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Mozilla\Plugins\npagee.dll
4e92feb82720d7217eaf90d6aacdc9cc c:\Program Files\Citrix\ICA Client\AxWfIcaLib.dll
a96d46f739a4c51e521833fb3f48a0fa c:\Program Files\Citrix\ICA Client\CCMProxy.dll
816302ceb82ab1946b6ff8f537e39d37 c:\Program Files\Citrix\ICA Client\CCMSDK.dll
e185bb2a9eb6e7bab31e74b395477513 c:\Program Files\Citrix\ICA Client\CDViewer.exe
403b3053bf3e182e724755bf1c9ff20a c:\Program Files\Citrix\ICA Client\CgpCore.dll
effdfb73e839219e498defc732b172ea c:\Program Files\Citrix\ICA Client\CtxDSSink.dll
80a77de101e6baad55796741ec6f5d56 c:\Program Files\Citrix\ICA Client\CtxTwnPA.exe
95fcdb5fa6030aead54213e69ce62336 c:\Program Files\Citrix\ICA Client\DVLauncher.dll
f187385c619fd555b7597411e193765e c:\Program Files\Citrix\ICA Client\DesktopViewer.dll
cb6ff7012bb5d59d7c12350db795ce1f c:\Program Files\Citrix\ICA Client\Drivers\ctxusbm\ctxusbm.sys
81d9bcceb78795cd0315b24960f2d130 c:\Program Files\Citrix\ICA Client\Drivers\ctxusbr\WdfCoInstaller01007.dll
ecbacb6cec57847e899c58454d8db9dc c:\Program Files\Citrix\ICA Client\Drivers\ctxusbr\ctxusbr.sys
5c39dec52ea1428d47320bcdf5034856 c:\Program Files\Citrix\ICA Client\Drivers\usbinst.exe
f442298479ae9940381e1c4ea57682f5 c:\Program Files\Citrix\ICA Client\HdxRTTheora.dll
ff46cbf50adef8e4763bda19e3ef24c6 c:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
afa7e91c8c9566e03fb1620f95230b93 c:\Program Files\Citrix\ICA Client\MFC80CHS.dll
2dca32742f80bb37e159b651f8eef44b c:\Program Files\Citrix\ICA Client\MFC80CHT.dll
1e6719ebeb1d368e09899a9d0ddfad70 c:\Program Files\Citrix\ICA Client\MFC80DEU.dll
9090454e6772f7cfbce240bf4dc5f7e8 c:\Program Files\Citrix\ICA Client\MFC80ENU.dll
d47599748b3ecf645c47caa0bc24a7cd c:\Program Files\Citrix\ICA Client\MFC80ESP.dll
eec2f9e4d790bccdbc542715ab613579 c:\Program Files\Citrix\ICA Client\MFC80FRA.dll
cb23b162ac655f24c6711a5f5df348c6 c:\Program Files\Citrix\ICA Client\MFC80ITA.dll
012031b19f0a9f6431997c79e1893822 c:\Program Files\Citrix\ICA Client\MFC80JPN.dll
fec4610f1174136b1d3db2ae37924ce8 c:\Program Files\Citrix\ICA Client\MFC80KOR.dll
c85c84a0a8dd1fb97a1ac18850754adb c:\Program Files\Citrix\ICA Client\ProgressNotificationCommon.dll
6ff99e0dded55c12e82366080a71eb87 c:\Program Files\Citrix\ICA Client\PseudoContainer.exe
78b5dadccd7e142154bcc70117ec2537 c:\Program Files\Citrix\ICA Client\RawPrintHelper.exe
76330c336f5855d570ed8e709834bf3f c:\Program Files\Citrix\ICA Client\SetIntegrityLevel.exe
e305099a3b226e20def2236a3877270a c:\Program Files\Citrix\ICA Client\TaskbarGrpWin7.dll
6a13c329583b0a45cc844973a05b7b24 c:\Program Files\Citrix\ICA Client\TaskbarGrpXpVista.dll
cbb4fa521506cc346b2d2b7e46dd2a13 c:\Program Files\Citrix\ICA Client\TcpPServ.dll
72dfd29a8f510cb1667741ce730f5a56 c:\Program Files\Citrix\ICA Client\WfIcaLib.dll
268b5971d6397b0f3ba893a66f298bbd c:\Program Files\Citrix\ICA Client\Wfica.ocx
90199b0b45387d1872ea26ba83145942 c:\Program Files\Citrix\ICA Client\XPSPrintHelper.exe
6dd4fdbf58755b1e6391fb6644aa112f c:\Program Files\Citrix\ICA Client\XpsNativePrintHelper.exe
23dd132eb3b74c796c7d8a9b36f6dbe0 c:\Program Files\Citrix\ICA Client\acrdlg.dll
f7c2dbdacfb80048ec5fb95a87818ae6 c:\Program Files\Citrix\ICA Client\adpcm.dll
d169dad38cbeee47a8fbe456645d5ced c:\Program Files\Citrix\ICA Client\audcvtN.dll
663cbd2ebafa1bb483ccc0f6fae71f84 c:\Program Files\Citrix\ICA Client\avcodec-52.dll
e8cf8a660147b0ae57c791b3c6669ed1 c:\Program Files\Citrix\ICA Client\avdevice-52.dll
c85b1c62404b43a1baf53f24165b2286 c:\Program Files\Citrix\ICA Client\avformat-52.dll
763397b408e9012e8c79bcc9d4231a1d c:\Program Files\Citrix\ICA Client\avutil-50.dll
3b8a1dfcd1cd9ad9ed0a8eb8afefe6b4 c:\Program Files\Citrix\ICA Client\cgpcfg.dll
6229e1291bb78816a45296882d9a12c6 c:\Program Files\Citrix\ICA Client\concentr.exe
cea218c62769f248e42cb0be920eaaad c:\Program Files\Citrix\ICA Client\confmgr.dll
3d1e32a83abf5c65e17b4930bbfa1186 c:\Program Files\Citrix\ICA Client\cpviewer.exe
b8c8745e44387cc0c2c198c2ecbbc101 c:\Program Files\Citrix\ICA Client\cst.dll
d8750c31fded1233dc0c7ca9ddde152b c:\Program Files\Citrix\ICA Client\ctxlogging.dll
41124d72de99d9c18477de81ca2ffcda c:\Program Files\Citrix\ICA Client\ctxmui.dll
0a6b91311fcbe3d65c50cc1063067145 c:\Program Files\Citrix\ICA Client\ctxspeex.dll
8a60e0f338d05f2d99e51b94942aee63 c:\Program Files\Citrix\ICA Client\ctxvorbis.dll
25fd646f7a8bcc1439148a62c19aa4a4 c:\Program Files\Citrix\ICA Client\de\DesktopViewer.resources.dll
e7a53fdd40d1f250122f1bf0be1e0ddc c:\Program Files\Citrix\ICA Client\emfrendr.dll
c081d65d9962c3cdeeb62c451fda0db4 c:\Program Files\Citrix\ICA Client\es\DesktopViewer.resources.dll
5fc9d801f40da96f487988bcf7a860e3 c:\Program Files\Citrix\ICA Client\fr\DesktopViewer.resources.dll
42022acc0bcd41da0e9e5b52fb8ad474 c:\Program Files\Citrix\ICA Client\icaconf.exe
24b8d8e5aa9ec387f4b2fd7a0a37464c c:\Program Files\Citrix\ICA Client\icaconfs.dll
c225419a3ca923aaa59933571ad8c5c0 c:\Program Files\Citrix\ICA Client\icadlgn.dll
8e6dfb62228784fb9fe65454e4c02b50 c:\Program Files\Citrix\ICA Client\icafile.dll
515b1d918f69a23f0d015b7f4cd1129b c:\Program Files\Citrix\ICA Client\icalogon.dll
9189db5f180d9f09f78bd6d601fdf1a8 c:\Program Files\Citrix\ICA Client\icavern.dll
dcc8c664b4d4fedfb48a10ccc4d78d6a c:\Program Files\Citrix\ICA Client\ja\DesktopViewer.resources.dll
12058d91a62f105e226a8ab70751c0f9 c:\Program Files\Citrix\ICA Client\ko\DesktopViewer.resources.dll
1b7524806d0270b81360c63a2fa047cb c:\Program Files\Citrix\ICA Client\mfc80.dll
ccc2e312486ae6b80970211da472268b c:\Program Files\Citrix\ICA Client\mfc80u.dll
c84e4ece0d210489738b2f0adb2723e8 c:\Program Files\Citrix\ICA Client\mfcm80.dll
ddad68e160c58d22b49ff039bb9b6751 c:\Program Files\Citrix\ICA Client\mfcm80u.dll
f8b487b7571a3ec3bb82817d224b8347 c:\Program Files\Citrix\ICA Client\migrateN.exe
cae6861b19a2a7e5d42fefc4dfdf5ccf c:\Program Files\Citrix\ICA Client\msvcm80.dll
4c8a880eabc0b4d462cc4b2472116ea1 c:\Program Files\Citrix\ICA Client\msvcp80.dll
e4fece18310e23b1d8fee993e35e7a6f c:\Program Files\Citrix\ICA Client\msvcr80.dll
99fb6b5d0b03de395e5dcc69d9d47973 c:\Program Files\Citrix\ICA Client\neHttpN.dll
7870a297ddccec8eee15c8f7818ef64f c:\Program Files\Citrix\ICA Client\nenumn.dll
7cb37138be66c0c99eae57a725927079 c:\Program Files\Citrix\ICA Client\npicaN.dll
6f7fe92bc53369647f08a159cd171561 c:\Program Files\Citrix\ICA Client\nrhttpn.dll
3de6b74ac0a3d09a8d50ed5d5c31fcce c:\Program Files\Citrix\ICA Client\pcl2bmp.exe
6fee17b01c96535ba27e5c4be3d813b4 c:\Program Files\Citrix\ICA Client\pcl4rast.dll
9688d55e63dca894a3e44498c1cc5a19 c:\Program Files\Citrix\ICA Client\pdc128N.dll
94512a9fec3477ced6e3a4950f5b393f c:\Program Files\Citrix\ICA Client\pdcompN.dll
0f5ce07dfef377ec860651cbb5490e3e c:\Program Files\Citrix\ICA Client\pdframeN.dll
4de37f5337701d724434dcc494fdfeeb c:\Program Files\Citrix\ICA Client\reducv3.dll
54a0b5d162573860866de8b1c942509b c:\Program Files\Citrix\ICA Client\resource\de\CPViewUI.dll
707c21e9b7bf49d3594438f0eaf98c80 c:\Program Files\Citrix\ICA Client\resource\de\DVLaunUI.dll
d664c774b9dd9d9cd15580af56b35dde c:\Program Files\Citrix\ICA Client\resource\de\ProgressNotificationCommonUI.dll
cb0cde99a40119f21f967f6d8f4e3863 c:\Program Files\Citrix\ICA Client\resource\de\acrdlgUI.dll
652c273e75cd1ac370410100ac6cbeda c:\Program Files\Citrix\ICA Client\resource\de\concenUI.dll
bae5141150385b78dca66cc8ea73aa64 c:\Program Files\Citrix\ICA Client\resource\de\cstUI.dll
6615e6af8e3e452235c39ce69452685c c:\Program Files\Citrix\ICA Client\resource\de\ctxlogUI.dll
2f485777f9999173a3e5c8ad22bfd591 c:\Program Files\Citrix\ICA Client\resource\de\ctxmuiUI.dll
9393e6451062585766932ba48a24f422 c:\Program Files\Citrix\ICA Client\resource\de\icadlgUI.dll
61da3bb8ae05053b15d690dbb935c22f c:\Program Files\Citrix\ICA Client\resource\de\icafilesigningUI.dll
95a140c73bc9113d203737c45ee86323 c:\Program Files\Citrix\ICA Client\resource\de\icalogUI.dll
42ba467ed3b7c2d630cff5e57890f71b c:\Program Files\Citrix\ICA Client\resource\de\migratUI.dll
5908c797ed535790032ee2d09e2db9f5 c:\Program Files\Citrix\ICA Client\resource\de\npicanUI.dll
5dcd3e2e575fa517662f4aa43cef5856 c:\Program Files\Citrix\ICA Client\resource\de\nrhttpUI.dll
26147c6267a51e00a3c9e76055fdb837 c:\Program Files\Citrix\ICA Client\resource\de\sslsdkUI.dll
c97c37e33d5569a53c0c63aac1d91a9e c:\Program Files\Citrix\ICA Client\resource\de\statuiUI.dll
a8b17d8aa2b04ed7f8c51f98b97a235c c:\Program Files\Citrix\ICA Client\resource\de\vdcdm3UI.dll
ee49ca0638ffe8aa610c27180502e610 c:\Program Files\Citrix\ICA Client\resource\de\vdflasUI.dll
e9114e9d41dbfc9c5588b391af73615b c:\Program Files\Citrix\ICA Client\resource\de\vdzlcnUI.dll
34d0e3ee2f2650785fa399a57e4ef04a c:\Program Files\Citrix\ICA Client\resource\de\wfcrunUI.dll
fc7b8d3b142da604a3e2c56f68f87edb c:\Program Files\Citrix\ICA Client\resource\de\wfica3UI.dll
b878b9b2811d07f67a93b876a2adafa9 c:\Program Files\Citrix\ICA Client\resource\de\wficaUI.dll
f50977e068a6aefdce945add11c8c92a c:\Program Files\Citrix\ICA Client\resource\en\CPViewUI.dll
13ed8b2c47037f75518aa50f82428017 c:\Program Files\Citrix\ICA Client\resource\en\DVLaunUI.dll
504d9c55c6252ae98b484a0b1accff41 c:\Program Files\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll
87df97f192dabc134217ddb17eb46eef c:\Program Files\Citrix\ICA Client\resource\en\acrdlgUI.dll
afa2adf20a1c8741dcb49931087fae63 c:\Program Files\Citrix\ICA Client\resource\en\concenUI.dll
ee7145b3687bbde3e0d5511a2e54fcab c:\Program Files\Citrix\ICA Client\resource\en\cstUI.dll
4107cb8acd32cded1af63a4448662687 c:\Program Files\Citrix\ICA Client\resource\en\ctxlogUI.dll
5d60b71f5445398c4fa5feb0d0d7218f c:\Program Files\Citrix\ICA Client\resource\en\ctxmuiUI.dll
8085f3f2266e2c969d5d3605ca128f1a c:\Program Files\Citrix\ICA Client\resource\en\icadlgUI.dll
c6fcb354f3aeede4511f5f62e9837e16 c:\Program Files\Citrix\ICA Client\resource\en\icafilesigningUI.dll
c4a429549ee9d1333c7a1103475f27a9 c:\Program Files\Citrix\ICA Client\resource\en\icalogUI.dll
f68c7006eaeea992c374114cdff60a60 c:\Program Files\Citrix\ICA Client\resource\en\migratUI.dll
780260ee76373f17268d4dc2a7abcb74 c:\Program Files\Citrix\ICA Client\resource\en\npicanUI.dll
a77613b22e7a0bb6a790fcd7d2cfc2dd c:\Program Files\Citrix\ICA Client\resource\en\nrhttpUI.dll
a3c60ae653c097267acff81291d5240f c:\Program Files\Citrix\ICA Client\resource\en\sslsdkUI.dll
c3a3dad23ede43cb680c65aa3f445ddb c:\Program Files\Citrix\ICA Client\resource\en\statuiUI.dll
048f0c2e87ea613423ca4f23e5e94c05 c:\Program Files\Citrix\ICA Client\resource\en\vdcdm3UI.dll
c81a0c68d534ef8ccd7583f186c5a30b c:\Program Files\Citrix\ICA Client\resource\en\vdflasUI.dll
b1dc0b1af601f448e8f5842692119b52 c:\Program Files\Citrix\ICA Client\resource\en\vdzlcnUI.dll
2a94c72936494a365f67fd6c1d41e678 c:\Program Files\Citrix\ICA Client\resource\en\wfcrunUI.dll
429271bdf3cdde36af64bdee6091b825 c:\Program Files\Citrix\ICA Client\resource\en\wfica3UI.dll
8c9568bd8a679a0a5136555de803d38c c:\Program Files\Citrix\ICA Client\resource\en\wficaUI.dll
dde41ef64d1309aaf487766111f525c5 c:\Program Files\Citrix\ICA Client\resource\es\CPViewUI.dll
8d3b114c9c967631028b9d167d4803a1 c:\Program Files\Citrix\ICA Client\resource\es\DVLaunUI.dll
b00ee25f20f7fe9bcd8b369120c10edb c:\Program Files\Citrix\ICA Client\resource\es\ProgressNotificationCommonUI.dll
6106809df3b1cdd180603ff1035bedc9 c:\Program Files\Citrix\ICA Client\resource\es\acrdlgUI.dll
9ec551e2b1f3fb769fbb3c58fde5868e c:\Program Files\Citrix\ICA Client\resource\es\concenUI.dll
c6c97966931737733dc1092d015662b2 c:\Program Files\Citrix\ICA Client\resource\es\cstUI.dll
a34b350115a80261bde8196623f3c114 c:\Program Files\Citrix\ICA Client\resource\es\ctxlogUI.dll
2122e8c36ef415b1df4221b798c2e29a c:\Program Files\Citrix\ICA Client\resource\es\ctxmuiUI.dll
41bbe113ec957f106846e45fb8a83343 c:\Program Files\Citrix\ICA Client\resource\es\icadlgUI.dll
1974f17ef48cd4ae351094754f4ebc51 c:\Program Files\Citrix\ICA Client\resource\es\icafilesigningUI.dll
1e77eaa6dda818dcb8a99e1fa8be2bd5 c:\Program Files\Citrix\ICA Client\resource\es\icalogUI.dll
e5b45179ead3a188a22cc4061e624557 c:\Program Files\Citrix\ICA Client\resource\es\migratUI.dll
3c7c8ee72de0114902ca17972255ff24 c:\Program Files\Citrix\ICA Client\resource\es\npicanUI.dll
ef302ccef618f10a81a50f445ee2959c c:\Program Files\Citrix\ICA Client\resource\es\nrhttpUI.dll
9cdf55d2ced001603192e648022983b8 c:\Program Files\Citrix\ICA Client\resource\es\sslsdkUI.dll
9bc3c66b64ba74c14eab2ca502add8b7 c:\Program Files\Citrix\ICA Client\resource\es\statuiUI.dll
16f2745869c84ae983cf0deb1091071a c:\Program Files\Citrix\ICA Client\resource\es\vdcdm3UI.dll
2bdec4b5b49453cd5b178e0ffd72690c c:\Program Files\Citrix\ICA Client\resource\es\vdflasUI.dll
a7a42c85e8ae480d51263e998539c5fe c:\Program Files\Citrix\ICA Client\resource\es\vdzlcnUI.dll
cfc6553bc13d6daadb8811b48e23c7e7 c:\Program Files\Citrix\ICA Client\resource\es\wfcrunUI.dll
6cc8f266a022613160ebb63e8c695479 c:\Program Files\Citrix\ICA Client\resource\es\wfica3UI.dll
407af7f2523fcfcb109fac96653ea5fa c:\Program Files\Citrix\ICA Client\resource\es\wficaUI.dll
96329c2baf9fbb28ef53236a14bbc683 c:\Program Files\Citrix\ICA Client\resource\fr\CPViewUI.dll
36e7a55e6b3d6a24fbaea2f49d5b6e08 c:\Program Files\Citrix\ICA Client\resource\fr\DVLaunUI.dll
9920d4346261df2d78deefa0b22452a9 c:\Program Files\Citrix\ICA Client\resource\fr\ProgressNotificationCommonUI.dll
2b3dd4854393a37cf3921d2a80709a57 c:\Program Files\Citrix\ICA Client\resource\fr\acrdlgUI.dll
128078462f254a12960c2fd699ca32af c:\Program Files\Citrix\ICA Client\resource\fr\concenUI.dll
2f8d97a47b2cc6d203d34aea7c3c2f11 c:\Program Files\Citrix\ICA Client\resource\fr\cstUI.dll
c11880ce14faa2c1001b213d24cb01f9 c:\Program Files\Citrix\ICA Client\resource\fr\ctxlogUI.dll
1f36de3fd447da24777fae7679fcfbc5 c:\Program Files\Citrix\ICA Client\resource\fr\ctxmuiUI.dll
eacf14d9035f13c88967fdbc7b41bbd5 c:\Program Files\Citrix\ICA Client\resource\fr\icadlgUI.dll
c142a46ef33770de52aea630ee439ba7 c:\Program Files\Citrix\ICA Client\resource\fr\icafilesigningUI.dll
3e342d832d1f3078972309f6a7130b03 c:\Program Files\Citrix\ICA Client\resource\fr\icalogUI.dll
f9b6e3d0d523262351b47142cd3ea03f c:\Program Files\Citrix\ICA Client\resource\fr\migratUI.dll
2e50ccd72d01c290ebdb444247de222c c:\Program Files\Citrix\ICA Client\resource\fr\npicanUI.dll
2e2b385241ab66c89db3065b3fc72134 c:\Program Files\Citrix\ICA Client\resource\fr\nrhttpUI.dll
dd3ba828f543275fc2189f686f3dd335 c:\Program Files\Citrix\ICA Client\resource\fr\sslsdkUI.dll
54132e42cf69f7345e684513c7c48787 c:\Program Files\Citrix\ICA Client\resource\fr\statuiUI.dll
9c6d03f400c66591d74e920c968e3bd4 c:\Program Files\Citrix\ICA Client\resource\fr\vdcdm3UI.dll
6b5122dcbd173e75ea933bcfcbd191a6 c:\Program Files\Citrix\ICA Client\resource\fr\vdflasUI.dll
05e8bcf907e4341a5549dde6084071ce c:\Program Files\Citrix\ICA Client\resource\fr\vdzlcnUI.dll
9d838fdc24857de7df8df893a2d910e9 c:\Program Files\Citrix\ICA Client\resource\fr\wfcrunUI.dll
69b25980cc352c94c2cc8fe178d4ffec c:\Program Files\Citrix\ICA Client\resource\fr\wfica3UI.dll
f30dfecf6e9b9a78d397de34aa7468a5 c:\Program Files\Citrix\ICA Client\resource\fr\wficaUI.dll
ca8bb0b18e4ffa420745bfcff72ba4a0 c:\Program Files\Citrix\ICA Client\resource\ja\CPViewUI.dll
09f978d0625bf5e6395200baa34ba6d9 c:\Program Files\Citrix\ICA Client\resource\ja\DVLaunUI.dll
44a5b5d814de152c75dde7f5be3e3bbf c:\Program Files\Citrix\ICA Client\resource\ja\ProgressNotificationCommonUI.dll
75d628c74e86408ddcd426b69904a40a c:\Program Files\Citrix\ICA Client\resource\ja\acrdlgUI.dll
b32aa0b0b77d35443b6698a962732afc c:\Program Files\Citrix\ICA Client\resource\ja\concenUI.dll
c0b4c420d6adac905cc4f133a86773d5 c:\Program Files\Citrix\ICA Client\resource\ja\cstUI.dll
6193681054a4b7153178d49018893f9c c:\Program Files\Citrix\ICA Client\resource\ja\ctxlogUI.dll
75e241f1cbeb68213549fcf3b21d70b2 c:\Program Files\Citrix\ICA Client\resource\ja\ctxmuiUI.dll
84535f247a36bbfe795337d1ab12c73c c:\Program Files\Citrix\ICA Client\resource\ja\icadlgUI.dll
71da42132b6a24815687c95ea8cf9f4f c:\Program Files\Citrix\ICA Client\resource\ja\icafilesigningUI.dll
61033b19a30e692d4c66b165b5cc6878 c:\Program Files\Citrix\ICA Client\resource\ja\icalogUI.dll
1df8ec8b055f2db68cce75528c7427dc c:\Program Files\Citrix\ICA Client\resource\ja\migratUI.dll
dd5de130f8e1481b68e2dbfe922e2e2f c:\Program Files\Citrix\ICA Client\resource\ja\npicanUI.dll
b482b7282de6a9c66eb549145cc43142 c:\Program Files\Citrix\ICA Client\resource\ja\nrhttpUI.dll
eacdf8ab2c02d6b2876910cc8fb24694 c:\Program Files\Citrix\ICA Client\resource\ja\sslsdkUI.dll
117ba3d6289d16a13879992e40b88437 c:\Program Files\Citrix\ICA Client\resource\ja\statuiUI.dll
6382cf59f2a306343f6f695bb1516419 c:\Program Files\Citrix\ICA Client\resource\ja\vdcdm3UI.dll
83a4d912498e192d97e5d3597f688c1b c:\Program Files\Citrix\ICA Client\resource\ja\vdflasUI.dll
b370a6338aa46208fc96207429fa3d0a c:\Program Files\Citrix\ICA Client\resource\ja\vdzlcnUI.dll
7bf3a111e8525d7e34326fd85e127893 c:\Program Files\Citrix\ICA Client\resource\ja\wfcrunUI.dll
dc40dba3a2cb07623366c111597bb4ee c:\Program Files\Citrix\ICA Client\resource\ja\wfica3UI.dll
1808c7bc1752222e04f3935d81d28aa4 c:\Program Files\Citrix\ICA Client\resource\ja\wficaUI.dll
092e5de87ccfeab985b13d44741f5b1c c:\Program Files\Citrix\ICA Client\resource\ko\CPViewUI.dll
25721cf17700ec3ca3bb2c94cca3a848 c:\Program Files\Citrix\ICA Client\resource\ko\DVLaunUI.dll
4c9da30ef9a89c20da77d8001832618f c:\Program Files\Citrix\ICA Client\resource\ko\ProgressNotificationCommonUI.dll
78ba6ba7d9841f9b7b8ad1bb632bf947 c:\Program Files\Citrix\ICA Client\resource\ko\acrdlgUI.dll
c060c4bbb2b0b62dc6e8a0902abceec6 c:\Program Files\Citrix\ICA Client\resource\ko\concenUI.dll
be918d98bd5df4d31264ecbb26b5e96d c:\Program Files\Citrix\ICA Client\resource\ko\cstUI.dll
e08174f54e51b0aa02388300a7538cbc c:\Program Files\Citrix\ICA Client\resource\ko\ctxlogUI.dll
89a05e2bb7c6c6956a9ba913c59aa7fe c:\Program Files\Citrix\ICA Client\resource\ko\ctxmuiUI.dll
ab4d5b01651f37346584b6f5844e5362 c:\Program Files\Citrix\ICA Client\resource\ko\icadlgUI.dll
0455a0ad2f4a1238b3a03490341d9759 c:\Program Files\Citrix\ICA Client\resource\ko\icafilesigningUI.dll
f070744a3e7633e1e3c6a0d87e4ec7e6 c:\Program Files\Citrix\ICA Client\resource\ko\icalogUI.dll
a7d1f0868fb70d60238dedde10bcc718 c:\Program Files\Citrix\ICA Client\resource\ko\migratUI.dll
5b81cf4db442278a6dd8e42a0458a23b c:\Program Files\Citrix\ICA Client\resource\ko\npicanUI.dll
7f6960eedcac59fbb562aa7ba88b0288 c:\Program Files\Citrix\ICA Client\resource\ko\nrhttpUI.dll
f42029eb4b41846849d71cf3a0ae06b4 c:\Program Files\Citrix\ICA Client\resource\ko\sslsdkUI.dll
61ca0dfb67bdc23db5fae173853325b9 c:\Program Files\Citrix\ICA Client\resource\ko\statuiUI.dll
8a5f12ebd84b3b277981321d74a2abd2 c:\Program Files\Citrix\ICA Client\resource\ko\vdcdm3UI.dll
40d5bad3df96ced7aca101612dd769a0 c:\Program Files\Citrix\ICA Client\resource\ko\vdflasUI.dll
5e465088b7c21a287fdc2d9159c72995 c:\Program Files\Citrix\ICA Client\resource\ko\vdzlcnUI.dll
b382ee619e7fe631ddaef2a0fe0d06a8 c:\Program Files\Citrix\ICA Client\resource\ko\wfcrunUI.dll
36fa76e9d718012e0bc3e9e144b6ef94 c:\Program Files\Citrix\ICA Client\resource\ko\wfica3UI.dll
1c2767493e2c6c26f8ca3724af85d6d6 c:\Program Files\Citrix\ICA Client\resource\ko\wficaUI.dll
8eb137b2c4441d083c46ed4689cade77 c:\Program Files\Citrix\ICA Client\resource\ru\CPViewUI.dll
af18f7a254bb6a4363c9a71f731baaa8 c:\Program Files\Citrix\ICA Client\resource\ru\DVLaunUI.dll
166249a70e790ba768469c4cdb7bfc4c c:\Program Files\Citrix\ICA Client\resource\ru\ProgressNotificationCommonUI.dll
97dc0fffedd86dbb28236acab1276f08 c:\Program Files\Citrix\ICA Client\resource\ru\acrdlgUI.dll
b3583e2b9c901fc03eb1f7425997e035 c:\Program Files\Citrix\ICA Client\resource\ru\concenUI.dll
d1cdad104094d794041643283bcef342 c:\Program Files\Citrix\ICA Client\resource\ru\cstUI.dll
e65445bee8f2380a5f231ff47a7f19b1 c:\Program Files\Citrix\ICA Client\resource\ru\ctxlogUI.dll
3f9dcbe1206350258014fa06605223e8 c:\Program Files\Citrix\ICA Client\resource\ru\ctxmuiUI.dll
c11abab4d33236eb427218d08b0bbce5 c:\Program Files\Citrix\ICA Client\resource\ru\icadlgUI.dll
8b6451885857bebc1add7768c652b85b c:\Program Files\Citrix\ICA Client\resource\ru\icafilesigningUI.dll
30bf3a5e6b7b10367a1bd23aa6af9f6c c:\Program Files\Citrix\ICA Client\resource\ru\icalogUI.dll
b994130685b5565f04f22252fd02c692 c:\Program Files\Citrix\ICA Client\resource\ru\migratUI.dll
1531657affdeac36de1973f75c8c7bfe c:\Program Files\Citrix\ICA Client\resource\ru\npicanUI.dll
6fba2f7078a478c3028e6acb6fe09996 c:\Program Files\Citrix\ICA Client\resource\ru\nrhttpUI.dll
90efc652dac48443ca6d3fcf596f281e c:\Program Files\Citrix\ICA Client\resource\ru\sslsdkUI.dll
bc0dc4ca3b108b1ac965b84931352202 c:\Program Files\Citrix\ICA Client\resource\ru\statuiUI.dll
34c0a6aae666532b21f80a5fd420a9fe c:\Program Files\Citrix\ICA Client\resource\ru\vdcdm3UI.dll
62608d7013fffbb8d13d993d63ff7dc8 c:\Program Files\Citrix\ICA Client\resource\ru\vdflasUI.dll
56407b7ae6375c0a60c4798b35fd0cbe c:\Program Files\Citrix\ICA Client\resource\ru\vdzlcnUI.dll
004f4606dbb55675fd1021e96347fe1a c:\Program Files\Citrix\ICA Client\resource\ru\wfcrunUI.dll
972d5d7a9fee631a9f6aa6366c44e602 c:\Program Files\Citrix\ICA Client\resource\ru\wfica3UI.dll
0d26e31ce68a6263688e1bf95766bfdb c:\Program Files\Citrix\ICA Client\resource\ru\wficaUI.dll
bf0138f0a19f0589baa6aa37ef60227b c:\Program Files\Citrix\ICA Client\resource\zh-CN\CPViewUI.dll
e522313ca37fa4ad3c6ee597f12093d1 c:\Program Files\Citrix\ICA Client\resource\zh-CN\DVLaunUI.dll
24d5252738a1cd6ed72e913263a2a1c8 c:\Program Files\Citrix\ICA Client\resource\zh-CN\ProgressNotificationCommonUI.dll
3c6e9669409a9a3ebc7cc14dd1b2095f c:\Program Files\Citrix\ICA Client\resource\zh-CN\acrdlgUI.dll
16614c425a5922dc27f08a93e79437e1 c:\Program Files\Citrix\ICA Client\resource\zh-CN\concenUI.dll
329dc03bf36994c5893cf9d044c46263 c:\Program Files\Citrix\ICA Client\resource\zh-CN\cstUI.dll
1dbc8a5731c6d1f994747b9e005e6e3d c:\Program Files\Citrix\ICA Client\resource\zh-CN\ctxlogUI.dll
aabafcbe875966510135939f6bb9869b c:\Program Files\Citrix\ICA Client\resource\zh-CN\ctxmuiUI.dll
a76603e87e033e2ef078c9a3b651b688 c:\Program Files\Citrix\ICA Client\resource\zh-CN\icadlgUI.dll
d04401ff3ba090ae81fa6f040ee7c2f1 c:\Program Files\Citrix\ICA Client\resource\zh-CN\icafilesigningUI.dll
bfbe4ad056ca83f5ed9f6504a73e0b42 c:\Program Files\Citrix\ICA Client\resource\zh-CN\icalogUI.dll
af847d2cd4f7132311a0c20f5bb945f8 c:\Program Files\Citrix\ICA Client\resource\zh-CN\migratUI.dll
19f1387aeaf99850a3a4cbd2f1ae4e4c c:\Program Files\Citrix\ICA Client\resource\zh-CN\npicanUI.dll
7025aec3847358622e1f0be6946e3f72 c:\Program Files\Citrix\ICA Client\resource\zh-CN\nrhttpUI.dll
ec4da3916de45aa2c2869c1b03e9744f c:\Program Files\Citrix\ICA Client\resource\zh-CN\sslsdkUI.dll
b6a4242174c2ead35f2240853f7381f4 c:\Program Files\Citrix\ICA Client\resource\zh-CN\statuiUI.dll
1b7b2f2a30c6ab10c14cae7c0b09c149 c:\Program Files\Citrix\ICA Client\resource\zh-CN\vdcdm3UI.dll
ee15fcb148dac824b979b7d06f02cdab c:\Program Files\Citrix\ICA Client\resource\zh-CN\vdflasUI.dll
704b405ed0f07da316bc65ffabe6dd9d c:\Program Files\Citrix\ICA Client\resource\zh-CN\vdzlcnUI.dll
abeb40f568040a4efce67ad776edeb4c c:\Program Files\Citrix\ICA Client\resource\zh-CN\wfcrunUI.dll
1ad06f2c796d6b037cacddaf77c01956 c:\Program Files\Citrix\ICA Client\resource\zh-CN\wfica3UI.dll
ef67a595058024437339e7f97d82a13a c:\Program Files\Citrix\ICA Client\resource\zh-CN\wficaUI.dll
1cbf20dee5c7234e0e7227efcb5c2c32 c:\Program Files\Citrix\ICA Client\resource\zh-TW\CPViewUI.dll
c5bb338589cc650bcadefc270f01845a c:\Program Files\Citrix\ICA Client\resource\zh-TW\DVLaunUI.dll
cdbed2b5216e22ee4634c2e88b4c70bf c:\Program Files\Citrix\ICA Client\resource\zh-TW\ProgressNotificationCommonUI.dll
1b76245f1ec73cd6f8fa106b2d1799a0 c:\Program Files\Citrix\ICA Client\resource\zh-TW\acrdlgUI.dll
3f3310c12c8b4757b1db4f037fd45100 c:\Program Files\Citrix\ICA Client\resource\zh-TW\concenUI.dll
4328b574b62eeb13a75711a88d85e0c4 c:\Program Files\Citrix\ICA Client\resource\zh-TW\cstUI.dll
f1c8168cd731d157f16d39a87fd6e698 c:\Program Files\Citrix\ICA Client\resource\zh-TW\ctxlogUI.dll
6ecc670797d37948e089d064794ff811 c:\Program Files\Citrix\ICA Client\resource\zh-TW\ctxmuiUI.dll
e76832779f7e0418a5b5b197ce52c012 c:\Program Files\Citrix\ICA Client\resource\zh-TW\icadlgUI.dll
b61eb3dba1403f0c36983d9df0061a80 c:\Program Files\Citrix\ICA Client\resource\zh-TW\icafilesigningUI.dll
384947f2155004a659c4f6138c483396 c:\Program Files\Citrix\ICA Client\resource\zh-TW\icalogUI.dll
16fac75855ad1b9a6733e146d91820c8 c:\Program Files\Citrix\ICA Client\resource\zh-TW\migratUI.dll
b37d5cbe6a550569704976c058fe447c c:\Program Files\Citrix\ICA Client\resource\zh-TW\npicanUI.dll
36434a4fd2f37dda62195a56aca98d27 c:\Program Files\Citrix\ICA Client\resource\zh-TW\nrhttpUI.dll
15fb03b9ea5c6e27a83ce107390ec8c7 c:\Program Files\Citrix\ICA Client\resource\zh-TW\sslsdkUI.dll
3e3b7a170784f70336de8f09fdfcdaed c:\Program Files\Citrix\ICA Client\resource\zh-TW\statuiUI.dll
83cfcbd6c7593e26e44b6d5808482c4b c:\Program Files\Citrix\ICA Client\resource\zh-TW\vdcdm3UI.dll
57de0e5be674522a49f02f9ad89dd48c c:\Program Files\Citrix\ICA Client\resource\zh-TW\vdflasUI.dll
9c8c415f0e051afe0bad7ee51ed8652b c:\Program Files\Citrix\ICA Client\resource\zh-TW\vdzlcnUI.dll
33698a6dddb616c9640d4f83fdfe7f3d c:\Program Files\Citrix\ICA Client\resource\zh-TW\wfcrunUI.dll
e44caf0be2da5ba58ad185462afecb9e c:\Program Files\Citrix\ICA Client\resource\zh-TW\wfica3UI.dll
319e9306da62fbc21740162b20edc2bd c:\Program Files\Citrix\ICA Client\resource\zh-TW\wficaUI.dll
2b05c160bd0f891e5221a756c66a6b57 c:\Program Files\Citrix\ICA Client\ru\DesktopViewer.resources.dll
f795dcc5c8201da382f60a9b2fb28522 c:\Program Files\Citrix\ICA Client\srcflter.dll
fdd51e5162e76281d0a1801897c47db9 c:\Program Files\Citrix\ICA Client\sslsdk_b.dll
1eb4ef0b39a8e1063ac695fdd3ea3153 c:\Program Files\Citrix\ICA Client\statuin.dll
0a8312d87eb97ba76eb2441533cdcce0 c:\Program Files\Citrix\ICA Client\swscale-0.dll
190b4854d95193cb352a59559fa69dce c:\Program Files\Citrix\ICA Client\vdcamN.dll
2046b4203a8063b001c11879bbd1192c c:\Program Files\Citrix\ICA Client\vdcdm30n.dll
c32663241979c007a6e97aab52bd4f22 c:\Program Files\Citrix\ICA Client\vdcom30N.dll
bd8f8f5d29d9db48858ae07930da249e c:\Program Files\Citrix\ICA Client\vdcpm30N.dll
17230df051a6b7adf008fff83ee5e0c8 c:\Program Files\Citrix\ICA Client\vdctln.dll
08571a6f5c5c0cf0806da8c363e53b52 c:\Program Files\Citrix\ICA Client\vddvc0N.dll
3ccf3e92563aa3b70611c9badee06113 c:\Program Files\Citrix\ICA Client\vdeuemn.dll
d74feefa4e1da86cdd8a711eacd7579a c:\Program Files\Citrix\ICA Client\vdflash.dll
101d25822257bff07750e7687e1454d6 c:\Program Files\Citrix\ICA Client\vdfon30n.dll
7cabd4a1b1520b38cd8bf33e7b586ab6 c:\Program Files\Citrix\ICA Client\vdgusbn.dll
07154de5da5f8320a1225a8c05050911 c:\Program Files\Citrix\ICA Client\vdkbhook.dll
f9edb0a12d956b8dd84a466949a2d3d2 c:\Program Files\Citrix\ICA Client\vdmmn.dll
0f4fb6eac23cabf6200f9ad8c58fc567 c:\Program Files\Citrix\ICA Client\vdscardn.dll
08322ad3df17b766182d2532915a4b55 c:\Program Files\Citrix\ICA Client\vdspl30n.dll
db9b1604fc297cd830d7fafc7763036e c:\Program Files\Citrix\ICA Client\vdsspin.dll
18a484f0bed793c50bb4658c3dc5c5e0 c:\Program Files\Citrix\ICA Client\vdtuin.dll
0041361014dfb9c63ff48cac2cc774ac c:\Program Files\Citrix\ICA Client\vdtw30n.dll
f0ffeac4da231b60fb49aad4a58ff5ca c:\Program Files\Citrix\ICA Client\vdtwin.dll
5ff4e2c737d1db4086cb2053090588ce c:\Program Files\Citrix\ICA Client\vdtwn.dll
5fe87209351ab031d08f12a8ac328cc9 c:\Program Files\Citrix\ICA Client\vdzlcn.dll
c79ae9e8179337395320e0175eda7a4e c:\Program Files\Citrix\ICA Client\wfcrun32.exe
c5cd3f5da15c9327cfd37a6ce64a0f8b c:\Program Files\Citrix\ICA Client\wfcwinn.dll
97c1781d4ce2e0f7b97613d131534378 c:\Program Files\Citrix\ICA Client\wfica32.exe
056c112a71b99119971732fc272ae98b c:\Program Files\Citrix\ICA Client\zh-CN\DesktopViewer.resources.dll
3296751c74710fa14fd4011dd40d6344 c:\Program Files\Citrix\ICA Client\zh-TW\DesktopViewer.resources.dll
0a0af5490f101577cb66896d7e8d04b6 c:\Program Files\Citrix\Secure Access Client\ctxva51.sys
6dd06a8ddcf1d2af4e24ebf5a0310468 c:\Program Files\Citrix\Secure Access Client\npagee.dll
b5b7442e08071696a686d6badf9eed1c c:\Program Files\Citrix\Secure Access Client\nsauto.exe
f895db80297f0ba683f97994a1a33570 c:\Program Files\Citrix\Secure Access Client\nscltapi.dll
283723f2fea6535e253821a3563ebbdb c:\Program Files\Citrix\Secure Access Client\nsepa.exe
316c80963d7c35b3c6fe94bed31be6ab c:\Program Files\Citrix\Secure Access Client\nsinst.dll
666ed54386aeba9cacd7631f2660f6e8 c:\Program Files\Citrix\Secure Access Client\nsload.exe
96ee5e155f66883f9eecb0a14a97630c c:\Program Files\Citrix\Secure Access Client\nsload_ui_de.dll
775ebe3a11fa66cc6de82469c50621f5 c:\Program Files\Citrix\Secure Access Client\nsload_ui_es.dll
36f53a8f36822470deeab3fb52691ce0 c:\Program Files\Citrix\Secure Access Client\nsload_ui_fr.dll
b38cec98a09b4550d4b3ee57c3aed52c c:\Program Files\Citrix\Secure Access Client\nsload_ui_ja.dll
ce61d42018d8d1517c27c9b722a6d223 c:\Program Files\Citrix\Secure Access Client\nsnp.dll
277b7ddac69706a9ea2bef57d77acf9a c:\Program Files\Citrix\Secure Access Client\nsverctl.exe
50db927c4998b3d0bd6cf0415b51f418 c:\Program Files\Citrix\Secure Access Client\nswcc.exe
b74f143bbbe839538d9b2372598e4162 c:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
d60aff8fa73a7809a8e39ff13a224c58 c:\Program Files\Common Files\Deterministic Networks\Common Files\dneinst.exe
b5aa5aa5ac327bd7c1aec0c58f0c1144 c:\Program Files\Common Files\Deterministic Networks\DNE\DNE2000.sys
fef1ac9deab5b3d42852cc5cd51bb20e c:\Program Files\Common Files\Deterministic Networks\DNE\dne2000.exe
7c828c843898b7abc438da75e1cb64d0 c:\Program Files\Common Files\Deterministic Networks\DNE\dne32x.sys
84cf254012e72fc323c8d0d44e568aeb c:\Program Files\Common Files\Deterministic Networks\DNE\dneinobj.dll
176e3d65f8517c07d80aaef168de5a8c c:\WINDOWS\Installer\{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
63d02cba9dc3b08f06b4bc8a1ac94b37 c:\WINDOWS\Temp\4CornersProInstaller\CitrixOnlinePluginWeb12144.exe
84cf254012e72fc323c8d0d44e568aeb c:\WINDOWS\system32\dneinobj.dll
cb6ff7012bb5d59d7c12350db795ce1f c:\WINDOWS\system32\drivers\ctxusbm.sys
0a0af5490f101577cb66896d7e8d04b6 c:\WINDOWS\system32\drivers\ctxva51.sys
b5aa5aa5ac327bd7c1aec0c58f0c1144 c:\WINDOWS\system32\drivers\dne2000.sys

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3, 3, 6, 1
File Description:
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 483328 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 487424 270336 269824 5.49581 f0fe5b03621689cbf64c74409845b7b9
.rsrc 757760 32768 29696 4.09384 b9bb150fdedbb415b4948c63448124be

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 30
faf3e2b47c8027e371dc6a69cd5ce1fb
2bab76261b61de4e3cdda544c2761dc1
900b6cca4f4941a80fc2ade8ac5c2a7f
b9dc5738fc627c1bad3e7cc85310e4f2
191cfcab69998bad00eb427075aa807a
d86a7da54c150252b0c7d33d86dc3a20
a8c365a41ac32fe4f2105fef54226e2c
11b32dfb7edd8d4fc3057c3ffce7766b
d1a67e47c0da8fb7ad0a63b276c4962d
e40e98a2a4dd53c124a05335c1a5d8b7
c34891f9b8e8a43b999605568499711a
152f89db9d1bb814accadad58431dfb3
c921a5f6b8fbe94e46027c68e37cdeb3
1e1194231f4278945d6b12f8dae7aea9
59302957732cf30a766e0650159febaa
84e884e4bf013e5d6118d9d5d78880bc
a763ba37247e6ebd244602624093c857
e944cbe25648cc2f267c162da8308b36
3af08ab3d7dd372b8fb3d68fe6043d00
773066364b007d3e21ff84efc163f1ac
2f998de917229316d6931e409565bf46
d6a19ea1cb176d7207590ebde7c75c60
84c54da5a782e5228b312f4789c814be
08267603df5b9886d42e53d7c8384a92
675d490e98e32fb3bf43b6d460e4c4f3

URLs

URL IP
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl
hxxp://e6845.ce.akamaiedge.net/ThawteCodeSigningCA.crl
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl 23.43.133.163
hxxp://crl.verisign.com/pca3-g5.crl 23.43.133.163
hxxp://crl.thawte.com/ThawteCodeSigningCA.crl 23.43.133.163
hxxp://crl.thawte.com/ThawtePremiumServerCA.crl 23.43.133.163


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /ThawtePremiumServerCA.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.thawte.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "6810eefb3988709721592c8afc64e6c8:1443344768"
Last-Modified: Sun, 27 Sep 2015 09:06:08 GMT
Date: Sun, 27 Sep 2015 18:20:18 GMT
Content-Length: 481
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..F0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U.
...Cape Town1.0...U....Thawte Consulting cc1(0&..U....Certification Se
rvices Division1!0...U....Thawte Premium Server CA1(0&..*.H........pre
[email protected]!...!.n$....[J.
u.....130827094621Z0!.. >................081017123153Z0...*.H......
........ .. .j...w...../...|d/. ..T.L.. !..W.....A.&(.E.=_ "<J.;..W
.p ..=.k2>.......\F...;..........t[-.p.7..ta........).......*1."*o,
....


GET /ThawteCodeSigningCA.crl HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.thawte.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "46406c61dae9bd156223f8378ff59812:1443344764"
Last-Modified: Sun, 27 Sep 2015 09:06:04 GMT
Date: Sun, 27 Sep 2015 18:20:18 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0....0...*.H........0U1.0...U....ZA1%0#..U....Thawte Co
nsulting (Pty) Ltd.1.0...U....Thawte Code Signing CA..150927090046Z..1
51011090046Z0...h0!.......wk./.4...}E..070607153600Z0!................
.B..100722092135Z0!........>%.P.O..G...080409115154Z0!....&nffT....
.I.o...080208053445Z0!....wW.l.8.c3..B....081029125757Z0!.....r..4.i..
./..E..070117072710Z0!.....b.....:.....c..090610134606Z0!......6.J....
...b...090407060431Z0!........,=x....E.|..090319080000Z0!..."....Za...
.%.e...070604170321Z0!...%..I( .Pa.Q.V.B..060511212659Z0!...(....l.]..
-......090303160651Z0!...)......1c.w......091214033633Z0!...-"._......
`u..{..070410163559Z0!....S...YI..J..{[email protected]._s
~......080415142748Z0!...:k.o.O.5..\..Oq..070518084545Z0!...=Y..kq|...
j.Vg...090520122717Z0!...FlF...3..5.A.-h..090727163936Z0!...GH.o..N...
.Y!....090217130026Z0!...H3.Y^.6P..L..T...100216180048Z0!...H.d.......
.CE.|..081203095200Z0!...O.,.......v......100224002446Z0!...Tn..o.. . 
.......090715161809Z0!...\.{....D.q.%.*...080418180233Z0!...].. a..W3.
.p.....101216093719Z0!...cZ....M*.O.g.....070808022032Z0!...dr.....Y..
]Y6....100724081605Z0!...l.......y........100618145338Z0!...n.,UT|...l
..e....090205080000Z0!...wL.;^-.J.........080623180133Z0!...x.8....!}.
.;..<..080731080736Z0!...z.4O:..TK.j.3....091104080000Z0!...z.....V
.G....G...080909085024Z0!...|.:T..w.a.Z.&P...070425163505Z0!.....g....
.` ....'..080521225649Z0!.....1.d.f..!...e...070529110402Z0!....4g..0#
.~.?...,..100304161615Z0!....#A./`....3s.G...100105010745Z0!......
<<< skipped >>>


GET /CSC3-2010.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2010-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "5f1cc75e286bb367462f37ded690db17:1443344733"
Last-Modified: Sun, 27 Sep 2015 09:05:33 GMT
Date: Sun, 27 Sep 2015 18:20:03 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
[email protected]...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Sign
ing 2010 [email protected]
0730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&..
.130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s.
.130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9.
.130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H..
....120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......
0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v....
.w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...
iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M8
3...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID
{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........
'u..140521222808Z0!......0..........I..130912181631Z0!.....1.;C,.. L..
0...141111073655Z0!....6e...~..T.......130131012247Z0!.....|.....t.l.o
....140827175301Z0!.........bD#*u......130226223939Z0!.......@..'$.).;
}\..130121172259Z0!....7.v..........n..120724160733Z0!....n[..P..a.y..
.p..141121045513Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!
....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....
@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,
.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|.
<<< skipped >>>


GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "2235a72ff18d351e39c5c63221752775:1442874344"
Last-Modified: Mon, 21 Sep 2015 22:25:43 GMT
Date: Sun, 27 Sep 2015 18:20:02 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..150917000000Z..151231235959Z0...*.H.............
...v'....{....."W*<../w...Bj.....H......ll..%..Y&.HtQ...}...F.{>
..3.[..z.H...W../.3.Y.C.t....S{^.A.....G...^...YI.[..N.y..........p...
..;....x6z..i7..0...lS$..h.#.9%[.,.1..1....3.....h;<...........W%..
..doi~..e6G........w........{c..............j.Em.....i.HTTP/1.1 200 OK
..Server: Apache..ETag: "2235a72ff18d351e39c5c63221752775:1442874344".
.Last-Modified: Mon, 21 Sep 2015 22:25:43 GMT..Date: Sun, 27 Sep 2015 
18:20:02 GMT..Content-Length: 533..Connection: keep-alive..Content-Typ
e: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U
....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006
 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 
3 Public Primary Certification Authority - G5..150917000000Z..15123123
5959Z0...*.H................v'....{....."W*<../w...Bj.....H......ll
..%..Y&.HtQ...}...F.{>..3.[..z.H...W../.3.Y.C.t....S{^.A.....G...^.
..YI.[..N.y..........p.....;....x6z..i7..0...lS$..h.#.9%[.,.1..1....3.
....h;<...........W%....doi~..e6G........w........{c..............j
.Em.....i...
<<< skipped >>>

The Worm connects to the servers at the folowing location(s):

%original file name%.exe_1932:

`.rsrc
s%j.Zf
tGHt.Ht&
tCPh
SSSSh
\$%u#Sj
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
operator
This is a compiled AutoIt script. AV researchers please email [email protected] for support.
uxtheme.dll
kernel32.dll
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
erroffset passed as NULL
POSIX collating elements are not supported
this version of PCRE is not compiled with PCRE_UTF8 support
PCRE does not support \L, \l, \N, \U, or \u
support for \P, \p, and \X has not been compiled
(*VERB) with an argument is not supported
ICMP.DLL
advapi32.dll
RegDeleteKeyExW
zcÁ
GetProcessHeap
CreatePipe
GetWindowsDirectoryW
GetCPInfo
GetConsoleOutputCP
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
SetViewportOrgEx
ShellExecuteExW
SHFileOperationW
ShellExecuteW
RegisterHotKey
GetKeyboardLayoutNameW
ExitWindowsEx
EnumThreadWindows
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
EnumWindows
EnumChildWindows
MapVirtualKeyW
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
UnregisterHotKey
keybd_event
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
.text
`.rdata
@.data
.rsrc
.xSCc(Gd
h.Koc>
{~.VW
]aM#}.bod:o
Sub%CR
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"></assemblyIdentity>
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
GDI32.dll
MPR.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
SHELL32.dll
USER32.dll
USERENV.dll
VERSION.dll
WININET.dll
WINMM.dll
WSOCK32.dll
mscoree.dll
>>>AUTOIT NO CMDEXECUTE<<<
CMDLINERAW
CMDLINE
/AutoIt3ExecuteLine
/AutoIt3ExecuteScript
%s (%d) : ==> %s.:
Line %d:
Line %d (File "%s"):
%s (%d) : ==> %s:
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
All files (*.*)
#NoAutoIt3Execute
APPSKEY
04090000
%u.%u.%u.%u
0.0.0.0
Mddddd
%s (%d) : ==> %s:
UDPSTARTUP
UDPSHUTDOWN
UDPSEND
UDPRECV
UDPOPEN
UDPCLOSESOCKET
UDPBIND
TRAYGETMSG
TCPSTARTUP
TCPSHUTDOWN
TCPSEND
TCPRECV
TCPNAMETOIP
TCPLISTEN
TCPCONNECT
TCPCLOSESOCKET
TCPACCEPT
SHELLEXECUTEWAIT
SHELLEXECUTE
REGENUMKEY
MSGBOX
ISKEYWORD
HTTPSETUSERAGENT
HTTPSETPROXY
HOTKEYSET
GUIREGISTERMSG
GUIGETMSG
GUICTRLSENDMSG
GUICTRLRECVMSG
FTPSETPROXY
\??\%s
GUI_RUNDEFMSG
SendKeyDelay
SendKeyDownDelay
TCPTimeout
AUTOITCALLVARIABLE%d
255.255.255.255
Keyword
AutoIt.Error
Null Object assignment in FOR..IN loop
Incorrect Object type in FOR..IN loop
HOTKEYPRESSED
AUTOITEXE
WINDOWSDIR
3, 3, 6, 1
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_USERS
%d/d/d
c:\%original file name%.exe
:C:\%original file name%.exe
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
Missing operator in expression."Unbalanced brackets in expression.
Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.
3This keyword cannot be used after a "Then" keyword.
>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.
HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.

%original file name%.exe_1932_rwx_00401000_000B7000:

s%j.Zf
tGHt.Ht&
tCPh
SSSSh
\$%u#Sj
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
operator
This is a compiled AutoIt script. AV researchers please email [email protected] for support.
uxtheme.dll
kernel32.dll
operand of unlimited repeat could match the empty string
POSIX named classes are supported only within a class
erroffset passed as NULL
POSIX collating elements are not supported
this version of PCRE is not compiled with PCRE_UTF8 support
PCRE does not support \L, \l, \N, \U, or \u
support for \P, \p, and \X has not been compiled
(*VERB) with an argument is not supported
ICMP.DLL
advapi32.dll
RegDeleteKeyExW
zcÁ
GetProcessHeap
CreatePipe
GetWindowsDirectoryW
GetCPInfo
GetConsoleOutputCP
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
SetViewportOrgEx
ShellExecuteExW
SHFileOperationW
ShellExecuteW
RegisterHotKey
GetKeyboardLayoutNameW
ExitWindowsEx
EnumThreadWindows
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
EnumWindows
EnumChildWindows
MapVirtualKeyW
CloseWindowStation
SetProcessWindowStation
OpenWindowStationW
UnregisterHotKey
keybd_event
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
.text
`.rdata
@.data
.rsrc
.xSCc(Gd
h.Koc>
{~.VW
mscoree.dll
KERNEL32.DLL
>>>AUTOIT NO CMDEXECUTE<<<
CMDLINERAW
CMDLINE
/AutoIt3ExecuteLine
/AutoIt3ExecuteScript
%s (%d) : ==> %s.:
Line %d:
Line %d (File "%s"):
%s (%d) : ==> %s:
AutoIt script files (*.au3, *.a3x)
*.au3;*.a3x
All files (*.*)
#NoAutoIt3Execute
APPSKEY
04090000
%u.%u.%u.%u
0.0.0.0
Mddddd
%s (%d) : ==> %s:
UDPSTARTUP
UDPSHUTDOWN
UDPSEND
UDPRECV
UDPOPEN
UDPCLOSESOCKET
UDPBIND
TRAYGETMSG
TCPSTARTUP
TCPSHUTDOWN
TCPSEND
TCPRECV
TCPNAMETOIP
TCPLISTEN
TCPCONNECT
TCPCLOSESOCKET
TCPACCEPT
SHELLEXECUTEWAIT
SHELLEXECUTE
REGENUMKEY
MSGBOX
ISKEYWORD
HTTPSETUSERAGENT
HTTPSETPROXY
HOTKEYSET
GUIREGISTERMSG
GUIGETMSG
GUICTRLSENDMSG
GUICTRLRECVMSG
FTPSETPROXY
\??\%s
GUI_RUNDEFMSG
SendKeyDelay
SendKeyDownDelay
TCPTimeout
AUTOITCALLVARIABLE%d
255.255.255.255
Keyword
AutoIt.Error
Null Object assignment in FOR..IN loop
Incorrect Object type in FOR..IN loop
HOTKEYPRESSED
AUTOITEXE
WINDOWSDIR
3, 3, 6, 1
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_USERS
%d/d/d
c:\%original file name%.exe
:C:\%original file name%.exe
AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.
Missing operator in expression."Unbalanced brackets in expression.
Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.
Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.
Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.
3This keyword cannot be used after a "Then" keyword.
>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.
HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.
String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.

concentr.exe_1976:

.text
`.rdata
@.data
.rsrc
@.reloc
L$%SQ
SRSSh
ush4%C
hhctrl.ocx
CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32
%s: %s (%d)
ConvertMsgBoxBtnFlags: MB_DEFBUTTONx not supported!
ConvertMsgBoxBtnFlags: MB_CANCELTRYCONTINUE not supported!
ConvertMsgBoxBtnFlags: MB_HELP not supported!
ConvertMsgBoxUiFlags: MB_RTLREADING not supported!
ConvertMsgBoxUiFlags: MB_RIGHT not supported!
ConvertMsgBoxUiFlags: MB_DEFAULT_DESKTOP_ONLY not supported!
ConvertMsgBoxUiFlags: MB_TASKMODAL not supported!
ConvertMsgBoxUiFlags: MB_USERICON not supported!
ConvertMsgBoxUiFlags: MB_NOFOCUS not supported!
%f:_,
ConnectionUrl
Could not open subkey
because the handle to the target registry key is 0.
ISAXXMLReader::parseURL() returned error while parsing configuration object prototypes
ISAXXMLReader::parseURL() returned error while parsing the configuration
X:\src\ui\connectioncenter\ccdialog\win32\retail\dynamic\concentr.pdb
_amsg_exit
_acmdln
MSVCR80.dll
_crt_debugger_hook
KERNEL32.dll
USER32.dll
GDI32.dll
SHELL32.dll
ole32.dll
COMCTL32.dll
ctxmui.dll
CCMDisconnectSession
CCMSDK.dll
urlmon.dll
WinHttpCrackUrl
WINHTTP.dll
WS2_32.dll
MSVCP80.dll
GetProcessHeap
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
SHDeleteKeyW
SHLWAPI.dll
RegEnumKeyExW
.?AVUrlWhitelist@@
.?AVConnectionUrl@@
.?AVUrl@@
.?AVUrlPattern@@
.?AVPatternPort@@
.?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@
.?AVInetPort@@
.?AVUrlScheme@@
*#%%%&&&'(***   *
 ***%%%#""
%&'*  &&%#"
???#???'???,???/???/???,???'???#???
@@@ @@@,@@@5@@@<@@@?@@@<@@@5@@@*@@@
@@@^@@@%@@@
@@@{@@@1
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Concentr" type="win32"></assemblyIdentity><description>Citrix Connection Center</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
5d6F6L6R6]6
4 4,4044484<4@4
5 5$5(5,505
4 4$4(4,4044484<4@4
B%s\%s
CONCENTR.CHM
{8C92B884-C818-45d0-A757-7123B78AA247}
\Citrix\WindowsAppRHelper.dll
\WindowsAppRHelper_
048e6a9e-a722-489e-a4d7-8ad3a95a2e89
92B47D79-0F72-4ff3-BDA5-845078308BF2
1819bf96-fddc-489b-bff0-3ee2dd423b20
\Citrix\Receiver\Receiver.exe
Software\Citrix\Receiver\Inventory\%s
%s %s
IcaAuthorizationDecision::Deserialize:: Error due to throwing an Exception during deserialize operation
IcaAuthorizationDecision::Serialize:: Error due to throwing an Exception during Serialize operation
https
AERROR: Could not create key
MicrophoneAndWebcamSecurityPermission
UrlWhitelist
' does not appear to have UrlWhiteList.
.className
ERROR: Key for DbObject with oid
ERROR: Could not create key for DbObject with oid
ERROR: StartKey is not legal for
ERROR: Key for DbReference named
ERROR: Could not create key for the DbReference named
ERROR: Key for DbSequence named
ERROR: Could not create key for the DbSequence named
ERROR: Key for DbScalar named
ERROR: Could not create key for the DbScalar named
B</%s>
<%s stereotype="DbObject" oid="%s"%s>
B<%s stereotype="DbReference" oid="%s"/>
B<%s stereotype="DbSequence">
<%s stereotype="DbScalar">
%Program Files%\Citrix\ICA Client\resource\en\CONCENTR.CHM
12.1.44.1
CONCENTR.EXE
12.1.44

wfcrun32.exe_1240:

.text
`.rdata
@.data
.rsrc
@.reloc
;9u.SWj
QSSShd
D$ PSSht
RSShX
tCPh
E SShK
PSSSSSSh
|$.dt
L$%SQ
~if9.ur
0x%x: Conn. center queuing request
0x%x: Engine 0x%x launch %s (0x%x)
0x%x: LauncherStatusProc UnregisterCallback for engine 0x%x
0x%x: LauncherEnum UnregisterCallback for engine 0x%x
0x%x: CLIENT_ERROR_SEAMLESS_NOT_COMPATIBLE
0x%x: cSleeps >= 200 TIMEOUT!!!
********** 0x%x: TIMEOUT waiting for App Launch **********
0x%x: Engine 0x%x responded with %d
0x%x: Sending request to engine (twiSend) 0x%x
0x%x: Sending request to engine (ICAEngRequest) 0x%x
0x%x: Launch failed because of different audio bandwitdh
0x%x: Launch failed because of different audio setting
0x%x: Launch failed because of different encryption levels
0x%x: Launch failed because of different NR domain names
%s vs %s szNRUserPrincipleName = %s
0x%x: Launch failed because of different NR user names
0x%x: Launch failed because of different domain names
0x%x: Launch failed because of different user names
0x%x: Launch failed because of different colour depth
0x%x: Launch failed because of invalid session keys and domain names cannot be compared
0x%x: Session Key Match!!!
%s vs %s
0x%x: Launch failed because of different Session Key
0x%x: Launch failed because Session Key set to off.
0x%x: Session Key set
0x%x: LauncherEnum Eng Failed Connection Info, %d
0x%x: LauncherEnum about to talk to engine 0x%x
0x%x: Registry output:
TwiMode:%s
HttpBrowserAddress
LocHttpBrowserAddress
SessionSharingKey
0x%x: ProcessRequest: massaged request to request
0x%x: ProcessRequest got request
0x%x: ProcessRequest Abandoned launch request at time 0x%x
0x%x: ProcessRequest Started wait (%ld)ms at time 0x%x
******************* New LauncherActivate instance 0x%x
icalog.txt
CreateLaunchCommand(): Error: URL too long, ignoring URL.
wfcwin32.log
UsersShareIniFiles
APPSRV.INI
WFCLIENT.INI
MODULE.INI
/cmdline
/password
/condocurl
/icafileurl
"%s" %s %s
wfcmoven.exe
files.ex
files.mg
files.dl
files.mv
%s %d
Hotkey Keys
Hotkey Keys PC98
Hotkey%uChar
Hotkey Shift States
Hotkey%uShift
/iniwfclient:"%s"
%u.%u.%u.%u
\ICAClient\wfcwin32.log
\ICAClient\APPSRV.INI
c:\tmp\logit.txt
icaAuthTrustedLauncher: %d icafileurl: %S containerdocurl: %S allowconnect: %d isSessionSharedAppLaunch: %d
PerformCSTAuthorization: Error: URL too long, ignoring URL.
UseLocalUserAndPassword
Password
Organization name: %S
Certificate thumbprint:
sif.VerifyIcaFileSignature result: 0x%x
icafilename: %s m_icafileurl: %S signedicafilepath: %s PNAgent: %d FTA: %d ICO: %d trustedlauncher: %d
wfenghlp.cpp: UpdateIADFromWFICA(): Returned from WFEngQueryInformation(): result=%d
user32.dll
ICADLGN.DLL
MissedKeepaliveWarningMsg
TransportReconnectEnabled
SSLCertificateRevocationCheckPolicy
TransparentKeyPassthrough
%si
netwin32.dll
locwin32.dll
clxwin32.dll
calwin32.dll
\\.\pipe\SSONlX
pnsson.dll
\\.\pipe\SSONlXPC
\\.\pipe\SSON
IsSpecifiedLegacyLocalUserNameAndPasswordAtRegistryKey(): LegacyLocalUserNameAndPassword not set.
IsSpecifiedLegacyLocalUserNameAndPasswordAtRegistryKey(): LegacyLocalUserNameAndPassword!=true.
IsSpecifiedLegacyLocalUserNameAndPasswordAtRegistryKey(): LegacyLocalUserNameAndPassword==true.
LegacyLocalUserNameAndPassword
\LegacyLocalUserNameAndPassword.
IsSpecifiedLegacyLocalUserNameAndPasswordAtRegistryKey(): Checking value of
\CtxRpc.dll
wfica32.exe
PassThrough Path
SOFTWARE\Citrix\ICA Client\PASS THROUGH
crypt32.dll
CitrixDesktopPortalSystemTray
IsIcaFileFromPNAgent(): File URL is too long
wfshell.exe
CheckWfShellForPassThru
Wtsapi32.dll
wfapi.dll
\\.\DISPLAYV
wfclient.ini
module.ini
Keyboard Dll Codes
Standard COM Port
RC5 (128 bit - Login Only)
TCP/IP
%su
Unsupported
ClientPrinterPort
ProtocolSupport
TransportDriver
Assert: %s(%u), %s, %u
LogKeyboard
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
CDialingPropertiesSheet
%s (%s:%d)
H:\planb\tools\VisualStudio8\SP1\VC\atlmfc\include\afxwin2.inl
WFICA32.EXE
DefaultHttpBrowserAddress
NameEnumeratorWeb32
%d x %d%s
%s %s
0xx
KERNEL32.DLL
\/:*?"<>|,.()[];
unimdm.tsp
tapi32.dll
%s (%d)
PortName
KeyboardTimer
PASS THROUGH
SOFTWARE\Citrix\Cliente ICA\PASS THROUGH
SOFTWARE\Citrix\Client ICA\PASS THROUGH
SOFTWARE\Citrix\ICA-Client\PASS THROUGH
g\PASS THROUGH
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot
CDViewer.exe
PASSWORD
CON_DOC_URL
ICA_FILE_URL
%s:%ld %s:%ld
ConnectionUrl
%s: %s (%d)
ConvertMsgBoxBtnFlags: MB_DEFBUTTONx not supported!
ConvertMsgBoxBtnFlags: MB_CANCELTRYCONTINUE not supported!
ConvertMsgBoxBtnFlags: MB_HELP not supported!
ConvertMsgBoxUiFlags: MB_RTLREADING not supported!
ConvertMsgBoxUiFlags: MB_RIGHT not supported!
ConvertMsgBoxUiFlags: MB_DEFAULT_DESKTOP_ONLY not supported!
ConvertMsgBoxUiFlags: MB_TASKMODAL not supported!
ConvertMsgBoxUiFlags: MB_USERICON not supported!
ConvertMsgBoxUiFlags: MB_NOFOCUS not supported!
TaskDialogIndirect
2.16.840.1.101.3.4.2.1
Transport
ICAHttpBrowserAddress
kernel32.dll
wsock32.dll
ws2_32.dll
.PAC script
Secure (HTTP Connect method)
ICASOCKSrfc1929Password
ICASOCKSProxyPortNumber
ProxyPassword
ProxyAutoConfigURL
ProxyBypassList
X:\src\ui\windows\wfcrun\win32\retail\dynamic\wfcrun32.pdb
MFC80.DLL
_amsg_exit
_acmdln
MSVCR80.dll
_crt_debugger_hook
MSVCP80.dll
GetWindowsDirectoryA
GetProcessHeap
CreatePipe
KERNEL32.dll
MapVirtualKeyA
EnumThreadWindows
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegOpenKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
WINMM.dll
ProgressNotificationCommon.dll
WFCWINN.dll
VERSION.dll
acrdlg.dll
statuin.dll
ctxmui.dll
confmgr.dll
ctxlogging.dll
icafile.dll
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
WinHttpCrackUrl
WINHTTP.dll
urlmon.dll
WS2_32.dll
?IsShouldAllowUserSave@CstAuthorization@@MAE_NAAVClientEffectiveSecurityPolicy@@@Z
CST.dll
CertFreeCertificateChain
CertGetNameStringW
CertGetCertificateChain
CertGetCertificateContextProperty
CertCreateCertificateContext
CRYPTUI.dll
CRYPT32.dll
SetNamedPipeHandleState
GetKeyState
SHDeleteKeyW
SHLWAPI.dll
ShellExecuteA
wfcrun32.exe
.?AVCCmdTarget@@
DriverNameWin32=TDWSTCPN.DLL
ProtocolSupport=RFrame, Encrypt, Compress
NameEnumeratorWeb32=NEHTTPN.DLL
NameResolverWeb32=NRHTTPN.DLL
HttpBrowserAddress=
HttpBrowserAddress2=
HttpBrowserAddress3=
HttpBrowserAddress4=
HttpBrowserAddress5=
DefaultHttpBrowserAddress=
ICASOCKSProxyPortNumber=1080
SSLNoCACerts=0
DriverNameWin32=WDICA30N.DLL
ProtocolSupport=Modem, RFrame, Frame, Reliable, Encrypt
ReducerWin32=ICAREDUN.DLL
DriverNameWin32=PDRFRAMN.DLL
DriverNameWin32=PDCRYPTN.DLL
DriverNameWin32=PDC0N.DLL
DriverNameWin32=PDC40N.DLL
DriverNameWin32=PDC56N.DLL
DriverNameWin32=PDC128N.DLL
RC5 (128 bit - Login Only)=EncRC5-0
DriverNameWin32=PDCOMPN.DLL
DriverNameWin32=PDFRAMEN.DLL
DriverNameWin32=PDRELIN.DLL
DriverNameWin32=PDTAPIN.DLL
DriverNameWin32=TDCOMMN.DLL
ProtocolSupport=Modem, Frame, Reliable, Encrypt, Compress
DriverNameWin32=VDTW30N.DLL
WindowsCache=3072
DriverNameWin32=VDCDM30N.DLL
MaxWindowSize=6276
DriverNameWin32=VDSPL30N.DLL
WindowSize=1024
MaxWindowSize=2048
DriverNameWin32=VDCOM30N.DLL
DriverNameWin32=VDCLIPN.DLL
DriverName=Unsupported
DriverNameWin32=VDTWIN.DLL
DriverNameWin32=VDLICN.DLL
DriverNameWin32=VDSCARDC.DLL
DriverNameWin32=VDCTLC.DLL
kbdbe.dll=0x0000080C
kbdbr.dll=0x00000416
kbduk.dll=0x00000809
kbdfc.dll=0x00001009
kbdda.dll=0x00000406
kbdne.dll=0x00000413
kbdfi.dll=0x0000040B
kbdfr.dll=0x0000040C
kbdca.dll=0x00010C0C
kbdgr.dll=0x00000407
kbdic.dll=0x0000040F
kbdit.dll=0x00000410
kbdla.dll=0x0000080A
kbdno.dll=0x00000414
kbdpo.dll=0x00000816
kbdsp.dll=0x0000040A
kbdsw.dll=0x0000041D
kbdsf.dll=0x0000100C
kbdsg.dll=0x00000807
kbdus.dll=0x00000409
kbddv.dll=0x00010409
kbdusx.dll=0x00020409
.PAVCException@@
.?AVCDialingPropertiesSheet@@
.?AVConnectionUrl@@
.?AVUrl@@
.?AV?$CStringT@GV?$StrTraitATL@GV?$ChTraitsCRT@G@ATL@@@ATL@@@ATL@@
.?AVUrlScheme@@
.?AVUrl@IcaFileSigning@@
%Documents and Settings%\%current user%\Application Data\ICAClient\APPSRV.INI
%Documents and Settings%\%current user%\Application Data\ICAClient\WFCLIENT.INI
%Program Files%\Citrix\ICA Client\MODULE.INI
%Program Files%\Citrix\ICA Client\
%Documents and Settings%\%current user%\Application Data\ICAClient\wfcwin32.log
%Program Files%\Citrix\ICA Client\wfcrun32.exe
*#%%%&&&'(***   *
 ***%%%#""
%&'*  &&%#"
???#???'???,???/???/???,???'???#???
@@@ @@@,@@@5@@@<@@@?@@@<@@@5@@@*@@@
@@@^@@@%@@@
@@@{@@@1
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.MFC" version="8.0.50727.762" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><ms_asmv2:trustInfo xmlns:ms_asmv2="urn:schemas-microsoft-com:asm.v2"><ms_asmv2:security><ms_asmv2:requestedPrivileges><ms_asmv2:requestedExecutionLevel level="asInvoker" uiAccess="false">
</ms_asmv2:requestedExecutionLevel></ms_asmv2:requestedPrivileges></ms_asmv2:security></ms_asmv2:trustInfo></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
4]5
4"4*4/444:4
=!=&= =3===\={=
8-8A8m8r8w8}8
<"=*=3=<=
?#?7?<?\?
7'8-8f8l8}8
; ;$;(;,;0;
= =$=(=,=0=4=|=
= =$=(=,=0=
: :$:(:,:0:4:8:<:@:
7 7$7(7,7
8 8$8(8,8084888
@mainfrm.cpp unregistering with Receiver
%s:%s
%s:%s_INI
\DVLauncher.dll
{8C92B884-C818-45d0-A757-7123B78AA247}
{a9852000-047d-11dd-95ff-0800200c9a66}
CWFRunListObject::doIcaFileSigning: CreatePipe failed
Advapi32.dll
pnagent.exe
PSAPI.dll
CCMLib.CCM.1\CLSID
CCMLib.CCM.1
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers
CCMProxy.dll
//configuration/list[@name='trustedCertificates']/*
Failed to delete the IFS trusted certificates in the registry
Trusted Certificates
Failed to create Software\Citrix\ICA Client\ICA File Signing\Trusted Certificates
Software\Citrix\ICA Client\ICA File Signing\Trusted Certificates
SetIFSTrustedCertThumbprintInHKCU() called with NULL parameters
Failed to open Software\Citrix\ICA Client\ICA File Signing\Trusted Certificates
Failed to set IFS trusted certificate in registry
Certificate%d
Bad parameters passed to SetUnsignedParameter()
citrixparam%d
ReadSequnceOfParametersFromRegistry: Unable to open registry Key
LoadIFSPolicyFromRegistry: Failed to read Trusted Certificates from registry
IcaAuthorizationDecision::Deserialize:: Error due to throwing an Exception during deserialize operation
IcaAuthorizationDecision::Serialize:: Error due to throwing an Exception during Serialize operation
https
Software\Citrix\Receiver\Inventory\%s
\Citrix\WindowsAppRHelper.dll
\WindowsAppRHelper_
048e6a9e-a722-489e-a4d7-8ad3a95a2e89
92B47D79-0F72-4ff3-BDA5-845078308BF2
1819bf96-fddc-489b-bff0-3ee2dd423b20
\Citrix\Receiver\Receiver.exe
Ashowsecuritycertificate
ConnectionTaskDlg: TaskDlgCallback failed to display security certificate
ConnectionTaskDlg::LoadTaskDialogIndirect: LoadLibraryW failed
ConnectionTaskDlg::LoadTaskDialogIndirect: GetProcAddress failed
comctl32.dll
ConnectionTaskDlg::ShowConnectionDialog: TaskDialogIndirect failed
ConnectionTaskDlg::ShowConnectionDialog: TaskDialogIndirect could not be loaded
CryptRegisterOIDInfo %S failed: %u
SignedIcaFile::Deserialize: certification deserialization failed
Trusted cert, continue launch
IDispatch error #%d
FhXXps://
hXXp://
!"#$%&'()* 
12.1.44.1
WFCRUN32.EXE
12.1.44

nsverctl.exe_552:

.text
`.rdata
@.data
.rsrc
?%uQW
tGHt.Ht&
nsServer_HTTPrequest called
Result = %d
Call to GetIpAddrTable failed with error %d.
AddIPAddress failed with error: %d
DeleteIPAddress failed with error: %d
255.255.255.0
169.254.255.10
Failed restarting %s
Successfully restarted %s
Starting service %s
Stop %s failed, err %d
Start %s failed, err %d
Start %s successful
Stop %s successful
Error %lu stopping %s service
Stopping service %s
Enumerating dependant services failed %d
Open service failed %d
Error opening service manager %d
nsServer_RestartNLAService: CreateThread failed; Error %d
Failed to add PTR record; Error %d
Failed to add intranet IP record; Error %d
The intranet IP to be registered is %s
Registering A and PTR records on login
Failed to delete PTR record; Error %d
%d.%d.%d.%d.in-addr.arpa
Failed deleting Intranet IP A record; Error %d
Failed to get the domain name or this computer is not a part of domain. Error code = %d
Waiting on nsload.exe object
nsServer_notifyServiceOnLogin: CreateThread failed; Error %d
nsServer_notifyServiceOnLogin: OpenProcess nsload.exe failed
nsload.exe pid = %d
CRC mismatch, expected 0x%x but found 0x%x
Length mismatch, expected %d but found %d
AdjustTokenPrivileges error: %u
OpenProcessToken error: %u
LookupPrivilegeValue error: %u
nsServer_saveRegkey: Successfully backed-up registry key %s to file %s
nsServer_saveRegkey: Saving registry key %s to %s failed %d
nsServer_saveRegkey: Set backup privilege failed
nsServer_saveRegkey: Opening Key %s failed
nsServer_saveRegkey: Impersonate logged on user failed
nsServer_saveRegkey: Failed getting user token
ns_restoreRegkey: Successfully restored registry key from %s to %s
nsServer_restoreRegkey: Restore registry key from %s to %s failed %d
nsServer_restoreRegkey: Set restore privilege failed
nsServer_restoreRegkey: Set backup privilege failed
nsServer_restoreRegkey: Opening Key %s failed
nsServer_restoreRegkey: Impersonate logged on user failed
nsServer_restoreRegkey: Failed getting user token
ProviderOrder updated to: '%s'
Failed opening registry path, err=%d!
ProviderOrder: '%s'
Failed to start uninstaller, err %d
Software\Microsoft\Windows\CurrentVersion\Uninstall\%s
%s-%s
Failed to instantiate INetConnectionManager interface, hres=0x%x
Failed EnumConnections, hres=0x%x
%S not found
%s %S returned 0x%x
netshell.dll
Failed to open %s
Failed to start EPA uninstaller, err %d
EPA %s uninstalled
RegDeleteKeyExA
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
%s %s
HideAdapter %d
IpRenewAddress idx=%d
IpReleaseAddress idx=%d
SetIpInterfaceEntry DisableDefaultRoutes=%d WeakHostSend=%d
iphlpapi.dll
DeleteIpForwardEntry dstip=%x
SetIpForwardEntry dstip=%x
CreateIpForwardEntry dstip=%x
nsServer_regapi: Failed DeleteRegValue for '%s'
nsServer_regapi: Successfully DeleteRegValue for '%s'
nsServer_regapi: Failed SetRegValue for '%s'
nsServer_regapi: Successfully SetRegValue for '%s'
Failed to launch installer, err=%d
/Q /C:"msiexec.exe /i agee.msi /qn AGEESELFUPGRADE=1"
\nsvpnc_setup.exe
\nsvpnc_setup64.exe
Folder='%S', len=%d, crc=0x%x
Failed to advertise package, err=%d
Advertising: %s
msiexec /qn /jm "%s"
msiexec /qn /jm "%s" /t @agee_%s.mst
Failed to extract package, err=%d
\agee.msi
Failed to run self-extract, err=%d
Calling self-extract: %s %s
/Q:A /C /T:"%s"
\tmpx
{36BCAC79-7E86-47DB-95C9-C29AA46D2690}
OnUnknownRequest() - opcode %d
Mscoree.dll
WinMain called, lpCmdLine = '%s'
nsverctl.txt
kd:d:d.d
Version: %s
9.2.39.6
Time: d:d:d
Date: d/d/%d
ns_restart_svc [%s] failed
ns_restart_svc: restart svc [%s]
Stopping service %s timed out
Stop to %s failed %lu
Service %s not currently running
Starting service %s timed out
Start %s failed %d
Service %s currently running
Query service status failed %d
%d.%d.%d.%d
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion
syspath=%s
shell32.dll
%s -- Error %d unknown
%s -- Error %d %s
KERNEL32.DLL
ns_GetUserToken: OpenProcessToken failed with %d.
ns_GetUserToken: OpenProcess failed with %d.
explorer.exe
Failed to launch agent, err=%d
nsload.exe /noDisplayLogin
CreateEnvironmentBlock failed, err %d
Impersonate User failed, err %d
WTSQuerySessionInformation failed, err %d
LoadUserProfile for '%s' failed, err %d
User profile for '%s' loaded
kernel32.dll
SHGetKnownFolderPath failed 0x%x
Shell32.dll
ProxyBypass
Failed deleted %s registry value, err %d
Secure Channel Failure error code:%d
Secure Channel Reseting:%s
DomainController:%s
DC IP:%s
Dns DomainName:%s
WinVerifyTrust failed %d, err %d
ns_verifyfile returns %d
ns_verifyfile output=%s
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
ns_verifyTrustedCert success
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
GetProcessWindowStation
USER32.DLL
operator
c:\ns_build\rs_92_39_2_ga\vpnc\win2\nsverctl\Win32\Release\nsverctl.pdb
GetProcessHeap
KERNEL32.dll
USER32.dll
RegCloseKey
RegSaveKeyA
RegOpenKeyA
RegRestoreKeyA
RegOpenKeyExA
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
ReportEventA
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
DNSAPI.dll
WS2_32.dll
IPHLPAPI.DLL
WTSAPI32.dll
USERENV.dll
WINTRUST.dll
CryptMsgClose
CertCloseStore
CRYPT32.dll
NETAPI32.dll
GetCPInfo
GetConsoleOutputCP
.?AV?$CAtlExeModuleT@VCnsverctlModule@@@ATL@@
%Documents and Settings%\All Users\Application Data\Citrix\AGEE\nsverctl.txt
%Program Files%\Citrix\Secure Access Client\nsverctl.exe
'nsverctl.EXE'
nsverctl.nsServer.1 = s 'nsServer Class'
CLSID = s '{04F0CF99-4401-4A22-A740-9262C0E8E06B}'
nsverctl.nsServer = s 'nsServer Class'
CurVer = s 'nsverctl.nsServer.1'
ForceRemove {04F0CF99-4401-4A22-A740-9262C0E8E06B} = s 'nsServer Class'
ProgID = s 'nsverctl.nsServer.1'
VersionIndependentProgID = s 'nsverctl.nsServer'
'TypeLib' = s '{46E0403B-BA8E-48EA-A33A-D3B40BF53251}'
stdole2.tlbWWW
nsServer_HTTPrequest
wPortWWW
pszURLWW
pszHttpHeaderWWW
5pszProxyPassword
cnsServer_saveRegkeyW
lpKeyNameWWW
nsServer_restoreRegkeyWWd
.NnsServer_updateDNSWW
bLoginWW
nsServer_notifyServiceOnLoginWWW
=zregOperation
hKey
PSubKeyWW
gUSubKeyNameWW
bIs64Key
method nsServer_HTTPrequestWWW!
method nsServer_saveRegkey
method nsServer_restoreRegkeyW#
method nsServer_notifyServiceOnLoginWW"
Created by MIDL version 7.00.0500 at Thu Mar 18 12:19:22 2010
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
%s\%s
SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}
OLEAUT32.DLL
ekernel32.dll
mscoree.dll
9, 2, 39, 6
nsverctl.exe

nsload.exe_2600:

.text
`.rdata
@.data
.rsrc
FtPhO
FtPh8
httpu
=hostwHt>=httpw(t
=tcpot
PORT
FtPhl
SSSSh
SSj%S
SSSSh85O
u%SSSS
O.QPP
u$SShe
@ SSHPWj
t.Vhx5P
vSSSh
It.It It!It
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
login=%s&passwd=%s
%s:%d: header buffer too small
%s:%d: path buffer too small
/cgi/login
%s:%d: method buffer too small
ctx_Create_Request_Login
Cookie: %s=%s
Host: %s
%s:%d: state %d => %d
%s:%d: error %d => %d
%s:%d: logout failed (%s)
%s:%d: AG CreateLogoutRequest failed
%s:%d: AG ParseConfigResponse failed: %d
%s:%d: get_config failed (%s)
%s:%d: AG CreateConfigRequest failed
%s:%d: AG ParseLoginResponse failed: %d
9.2.39.6
255.255.255.255
http%s://%s:%d/
%s:%d: login failed (%s)
%s:%d: AG CreateLoginRequest failed
%s:%d: AG Initialize failed
%s (%d)
AG Type %d unknown or not supported
AG %s has type %d
CEpaFactoryItf::Scan returning %d
EPAFactory scan <%S> returned %d
Failed downloading %s, ret=%d, status=%d
Failed loading EPAFactory entry point, err %d
Failed loading EPAFactory dll, err %d
Downloaded EPAFactory.dll not correct version
/epa/scripts/EPAFactory.dll
Right version EPAFactory.dll exists
\EPAFactory.dll
EPAFactorySignature: %s
Failed saving dump file, err %d
Dump file: %s
%s\nsloadx.dmp
***ERROR*** Crash (ExpCode: 0x%8.8X, ExpFlags: %d, ExpAddress: 0x%8.8X)
SetUrlCacheGroupAttribute error %d
ns_init_cache: failed to create cache, error %d
ns_get_cache: ReadUrlCacheEntryStream error %d
ns_get_cache: malloc error %d
ns_get_cache: RetrieveUrlCacheEntryStream error %d
ns_get_cache: getting url %s
%s/%x%x%x%x%x.nscache
ns_get_cache: found at %d
ns_get_cache: %s
ns_check_cache: found %s
ns_check_cache: found at %d
ns_check_cache: %s
ns_expire_cacheentry: geturlcacheentryinfo error %d
ns_expire_cacheentry: found at %d
SetUrlCacheEntryGroup error %d
ns_add_cache: commiturlcacheentry error %d
ns_add_cache: file open error, %d
ns_add_cache: Opening file %s, url %s
ns_add_cache: append %d
ns_add_cache: create %d
ns_add_cfgdomainips domain=%s
ns_iscfgdomain: domain=%s
size=%d
ns_sort_ushort pass %d
ns_sort_ushort called. Number of elements = %d
file://%s
ProviderOrder='%s'
ns_check_auto_login_setting (%d)
ns_processconfig_v15: ***ERROR*** GetExceptionCode 0x%x
ns_processconfig_v15: Invalid appflag %d, ignore %s
AppRHome:%s
Logout script =%s
Login Script =%s
User name =%s
Server build version =%s
outbound forward proxy exception list=%s
%s;%s
outbound forward proxy=%s
clientsecurity: <%s>
VA IP/GW/mask: %s/%s/%s
1.1.1.1
255.0.0.0
Rounding off idletimeout to maximum supported value
Client IIP: %s
ns_cleancfg.flag=0x%x
ns_plugincfg.hookflag:
nsload.ocx
nsload.exe
%s\%s
nssslvpn.txt
major=%d minor=%d
Transfer login returns: pccb->http.contentlength=%d
Transfer login failed
Kernel returns code %d for /cfg
%s (%s:%d)
c:\Program Files\Microsoft Visual Studio 9.0\VC\atlmfc\include\afxwin1.inl
%Program Files%\Common Files\Symantec Shared\VirusDefs\definfo.dat
pc-cillin.ini
NISVER.dat
ns_doEpaFactoryScan <%s>
Kernel32.dll
service product version %s
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\ProductVersion
AsProd.dll
Not found %s
filename=%s
SYSTEM\CurrentControlSet\Services\%s
%s version %s
%s version %d
Updates\Windows me
Updates\Windows 98
Updates\Windows 95
Updates\Windows NT
Updates\Windows 2000
Updates\Windows XP
Updates\Windows Server 2003
Updates\Windows Vista
Updates\Windows 7
Updates\Windows Server 2008
ns_chk_os: major version %d, minor version %d
ns_chk_os: Hotfix %s is installed
Failed RegOpenKeyEx '%s', err=%d
Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages
ns_chk_proc=%s
MD5 didnt match, need %s got %s
xxxxxxxxxxxxxxxx
KERNEL32.DLL
HKEY_CURRENT_CONFIG
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_CURRENT_USER_64
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE_64
HKEY_LOCAL_MACHINE
ns_getosname mismatch, s=%s os=%s
ns_chk_os: Hotfix %s not installed
Software\Microsoft\Windows NT\CurrentVersion\HotFix\%s
Software\Microsoft\%s\%s
ns_chk_os: system has SP maj %d, min %d
ns_chk_os: Patch %s not installed
ns_chk_os: %s
Software\Microsoft\%s\%s%s
ns_getosname returns reg=%s os=%s
ns_chk_svc: %d
QueryServiceStatus: GetLastError=%d
OpenService: svcname=%s GetLastError=%d
OpenSCManager failed: GetLastError=%d
ns_chk_filetime return %d
ns_chk_filetime: ft(%I64d), check(%I64d) ret %d
ns_chk_filetime %s
ns_chk_reg: Unsupported registry type check - %d %s
ns_chk_reg: RegOpenKey failed
ns_chk_reg: bad string2 %s
ns_chk_reg: bad string %s
ns_free_dependspol:num_mallocPolicyBuffer=%d
num_mallocPolicyBuffer=%d
Mcafee8.5 datver %s
%s\%s_Ýy
avvscan.dat
%Mcafee11 version %s
%s_Ýy
%Mcafee10 version %s
Mcafee version %s
SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx
ns_chk_mcafeedatversion: expected_version = '%s', freshness = %d
Mcafee DAT file location is not found at %s\DAT
Mcafee DAT file freshness check at %s passed
Mcafee DAT file freshness check at %s failed
Scan.dat
Mcafee installed version: %s
ns_chk_mcafeeenterprisedatversion: expected_version = '%s', freshness = %d
PccNTMon.exe
\Sophos\Sophos Anti-Virus\Config\factory.xml
SWEEPSRV.SYS
0.0.0.0
Version=%s
file_path=%s
freshness check of %d configured
%s\%d\Component\Pattern\0x00000004\DisplayVersion
wrong token: <%s>
token: <%s>
ns_EvalPolicy: %s returns %d
ns_EvalPolicy: %s
ns_EvalPolicy returns %d
num_mallocPolicyBuffer=%d print internal structure:
ns_check_depends: wrong config, dupcmdstring failed!
%s(%s)
Iphlpapi.dll
(build %d)
Windows 2000
Windows XP
Web Edition
Windows Server 2003,
Windows XP Professional x64 Edition
Windows Storage Server 2003
Windows Server 2003 R2,
Web Server Edition
Windows Server 2008 R2
Windows 7
Windows Server 2008
Windows Vista
kernel32.dll
%s-%s
nsload_ui_%s.dll
?456789:;<=
!"#$%&'()* ,-./0123
%s %s
pccb->authData=%s
pccb->g_Auth=0x%x
Digest username="%s", realm="%s", qop="%s", algorithm="%s", uri="%s", nonce="%s", nc=%s, cnonce="%s", response="%s"
00000001
%s:%s
[%s] %s
***ERROR*** negative value inptr=%d pr_size=%d
ns_zip: crc=0x%x bytes_in=%d outcnt=%d
BUG: outcnt=%d not enough buffer memory
ns_gzipmain: send_len=%d
namevalue: name=%s value=%s
ns_get_namevalue: name=%s returns %s
After modification : IP Length = %x, IP ID = %x, IP Fragmentation summary = %x
sendto : len = %d
New IP checksum = %x
After modification : IP Length = %x, IP ID = %x, IP Fragmenttion summary = %x
Old IP checksum = %x
Sending ICMP reply to IP = %x, port = %x
Chksum with reply 0x%x
Chksum with echo 0x%x
IP protocol = %x
Ping source IP = %x, destination IP = %x
Tunnel Header : Flags = %x, Type = %x, Port = %x
receive icmp data (len=%d) from clt
udp recvfrom error %d
receive icmp data from %s:%d
return Old_ProxyForURL(url,host);
if(shExpMatch(host, "*.%s"))
if (dnsDomainIs(host, "%s"))
if (isInNet(host, "%s", "%s"))
if (shExpMatch(url, "hXXps://%s/*"))
if (shExpMatch(url, "hXXp://%s:%d/*"))
wrote %s
function %s(url,host)
ns_modifypacfile: WriteFile error %d
ns_modifypacfile: ReadFile error %d
ns_modifypacfile: CreateFile%d error %d
FindProxyForURL
%s:%d
*.%s;
ns_initialQueryConnectionProxy: bReturn=%d
PROXY_BYPASS=%s
AUTODISCOVERY_FLAGS=%d
AUTOCONFIG_URL=%s
PROXY_SERVER=%s
CONN_FLAGS=%d
Connection type 0x%x name '%s'
ns_SetManualProxy: proxy=%s
ns_SetManualProxy: ns_plugincfg.proxyip=0x%x, ns_plugincfg.proxyport=%d
inflate_codes: pccb->svr.luncmp=%d
inflate_stored: pccb->svr.luncmp=%d
inflate_fixed: pccb->svr.luncmp=%d
inflate_dynamic: 2 pccb->svr.luncmp=%d
inflate_dynamic: pccb->svr.luncmp=%d
inflate_block: pccb->pcmp->inptr=%d t= %d
inflate_block return %d, endofblock=%d
expirecookie error %d
expirecookie %s
vpns/choices.html
ns_detect_default_browser: GetFileVersionInfo failed error %d
ns_detect_default_browser: GetFileVersionInfoSize failed error %d
ns_detect_default_browser: ExpandEnvironmentStringsForUser failed error %d
Minefield.exe
Opera.exe
Safari.exe
chrome.exe
IEXPLORE.exe
firefox.exe
%s\shell\open\command
https
/vpn/loading.html
/vpns/choices.html
ns_epa_fallback - Default browser type is 0x%x
ns_epa_fallback: errcookie set error %d
ns_epa_fallback: aaac set error %d
Could not save login url
REQ_LOGIN: detected version mismatch
fullurl %s
targeturl %s
/vpns/postepa.html
Got errc cookie %s
Got NSC_AAAC cookie: %s
Got NSC_NAME cookie: %s
Got NSC_CERT cookie: %s
NSC_CERT=
vpn/index.html
Cookie: NSC_EPAC=%s
passed
adr=x&cm=Transfer
/cgi/tlogin
Cookie: %s
adr=x&cm=Cancel
Transfering Login
response=%s
NAME=response TYPE=password
login=%s&passwd=%s&passwd1=%s
do_epa_login ... ...
Windows Autologon failed, but a running Receiver was not detected
Login originated from the Receiver
Got 403 for login, should not get FALLBACK here
ns_start_vpn returns %d
login request returns http code (%d) from server.
pccb->http.retcode=%d
dologin: ns_start_vpn returns %d
NSC_EPAC=%s
Cookie: NSC_CERT=%s;
DeDelta failed on error 0x%x
DeDelta done. Size of Base=%d, Delta=%d, Update=%d, Ratio=%u.u
ns_selectonevip: ip=%s port=%d
EnableGatewayAccessibleMsg
m_Notifier[%d]
***ERROR*** GetExceptionCode 0x%x
ns_ReqThreadProc: recv %d, %s
ns_ReqThreadProc: select fail %d
ns_ReqThreadProc: send fail %d
ns_ReqThreadProc: connect fail %d
ns_ReqThreadProc: socket fail %d
ns_ReqThreadProc(REQ_BASEFILE): pccb 0x%x
Thread exit code %d
ns_make_basefilereq: pccb 0x%x = 0x%x
ns_SocketThreadProc: ***ERROR*** GetExceptionCode 0x%x
ns_launchselectloop: CreateEvent error %d
%s: select loop is already running: %p
%s: src: %#.8x:%d dst: %#.8x:%d (orig_port: %d, proto: %d)
Kernel returned %d for csecr
Failed sending csecr, returns %d
CSEC: %s
%s%s[%s] %s[%s]
%s%s[%s:%s] %s[%d:%d] %s[%s:%d %s]
CnsPageResp: m_webserver=%s
0.0.0.0:0
ns_GetAppNameTlhlp: GMH kernel32.dll
09:00:00
08:00:00
%d %s d:d:d
d:d:d
%s (%d/%d)
notepad.exe "%s"
Saved url %s
ParseSERV: error packet %s
ParseLOCA: error packet %s
f_services.html
choices.html
postepa.html
epa/epa.html
Parsetcpopts: malloc error
TcpOpts:
HttpParser::InsertCookie called
HTTP data processed=%d
HTTP header is malformed
pccb->svr.ltobesent=%d
HTTP header found, contentLen=%d hdrLen=%d processed=%d
HttpParser::ParseHttpBody called
ns_enablessl=%d basevport=0xx
ns_ParseLocation: invalid url2
ns_ParseLocation: invalid url1
vip=%s
%a, %d-%b-%Y %H:%M:%S GMT
(global) ret1(%d) ret2(%d) error %d
%s=%s; expires=%s; path=/
ret1(%d) ret2(%d) error %d
Loc2 %s
Loc %s
http%s//%s/
Received headers size %d
ns_getheader: Failed to alloc memory of size %d
OpenProcess %s error: %u
Error(%d): %s is still running
pid=%d hProc=0x%x
Delete file %s error %d
User did not allow epa report execution
Login denied
malloc failed for epareport
ns_start_epa returning %s
No epa report!
Set errc cookie %s
Failed sending epas, ret %d
%sCSEC: %s
Failed sending epaq, ret %d
Got epa cookie %s
Failed sending /, ret %d
Input params: cookie %s location %s debug %s vip %s version %s
(XFailed to instantiate CLSID_nsServer interface, hr=0x%x
nsServer_RegisterNetworkProvider failed, hr=0x%x, lRet=%d
nsServer_UnregisterNetworkProvider failed, hr=0x%x, lRet=%d
nsServer_RestartDnsService failed, hr=0x%x, lRet=%d
nsServer_triggerNLAService failed, hr=0x%x, lRet=%d
nsServer_RestartNLAService failed, hr=0x%x, lRet=%d
nsServer_updateDNS failed, hr=0x%x, lRet=%d
nsservice.cpp The intranet IP is %s
nsServer_notifyServiceOnLogin failed, hr=0x%x, lRet=%d
nsServer_iphlpapi method %d failed, hr=0x%x, lRet=%d
nsServer_regapi failed, hr=0x%x, lRet=%d
Failed to find function DnsFlushResolverCache, err=%d
Failed loading '%s', err=%d
\dnsapi.dll
nsServer_SecureChannelReset failed, hr=0x%x, lRet=%d
nsServer_RestartDhcpService failed, hr=0x%x, lRet=%d
ns_addftpport: max entries reached
ns_buildhttpreqheader:
POST /controlack HTTP/1.1
PRTCL: TCP
GET /cs HTTP/1.1
PRTCL: UDP
GET /dns HTTP/1.1
SERVER: %s
ORGSVR: %s
CSIP: %s
PORT: %d
SPORT: %d
APPNAME: %s
APPMD5: xxxxxxxxxxxxxxxx
ADN-ID: xx
TunnelType: %s
TcpOpts:%s
CONNECT %s:%d HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; AGEE 8.0;)
Proxy-Authorization: %s
169.254.8.8
ns_addpid: pid=%d
ptobesent=0x%x ltobesent=%d ptobedecode=0x%x ltobedecode=%d
port=%d receive data (len=%d/%u) from svr
readsvrdata %d
Connection created by PID = %d
ns_get_socketpid: Looking for remote(%s:%d) and local(%d) against %d connections
ns_get_socketpid: GetExtendedTcpTable() returned %d
%s: error - no available pccbs!
ns_check_cleanup: commiturlcacheentry error %d
ns_check_cleanup: file open error %d
ns_check_cleanup: createurlcacheentry error %d
%s/test.html
ns_read_mux(mix): ltobesent %d
reallocating deltabuf to %d bytes
ns_read_mux(mix): blocklen %d submuxlen %d
ns_read_mux(mix): typ %d muxlen %d submuxtype 0x%x
ns_savedelta: %d bytes, tot %d
ns_savedelta: deltalen %d, need %d more bytes to save
ns_savedelta: recvlen %d, blklen %d
ns_savedelta(q): recvtot %d, blktot %d
%s: Transaction ID: %#0x
pccb 0x%x pccb.p.domain = 0x%x
Client Security String: %s
Failed to send setclient req, err %d
REQ_BASEFILE error: invalid pccb or state(%d) passed in!
/dns cache hit domain=%s ip=0x%x
/cs sip=0x%x sport=0x%x
%s: pccb_udp: %p
ns_csec_handler: clientsecurity: <%s>
port=%d %s
socket pair <%d, %d>
connect failed: WSAGetLastError=%d
send SYN to %s:%d for socket: %d
%s: failed to set socket %d non blocking
pccb->flag=0x%x pccb->m_req=%d
EnableAuthDeniedMsg
netscaler returns AAA code %d
port=%d send data (len=%d) returns error %d.
port=%d blocked reading & buffer data (len=%d).
port=%d send data (%d) to svr
%s: WINS control channel %p closed
%s: DNS control channel %p closed
%s: ICMP control channel %p closed
%s: UDP control channel %p closed
Closed UDP connection
sendto: ltobesent=%d ret=%d
sendto: %s:%d
cip=%s sip=%s cport=%d sport=%d origport=%d
ctrl pkt not found, making one for port %d
found ctrl pkt for port 0x%x
making new control packet for port %d
found ctrl pkt for %s:%d
ns_sendsingleudptoclt
Opened connection (cport = 0x%x sport = 0x%x sip = 0x%x) for server initiated tcp
ns_sinc_handler: select returned %d
ns_sinc_handler: Failed to establish server init tcp on port %d, error %d
ns_sinc_handler: FIONBIO(%d) returned %d
ns_sinc_handler: Failed to create socket, error %d
cip=%s sip=%s cport=%d sport=%d
ns_finishdelta: dedelta done, have %d bytes
ns_do_de_delta ret error %d
ns_finishdelta: calling de_delta(2) - basebuf(0x%x), basesz(%d), deltabuf(0x%x), deltasz(%d)
return IP address %s
ns_init_basefile_query error: invalid pccb or state(%d) passed in!
ns_init_basefile_query: pccb 0x%x
Forwarding DNS/WINS request to gateway via UDP channel
Passing thru DNS/WINS request to local name server
ns_proc_dnswins_query pdomain=%s
proxy returns HTTP code %d
pccb->http.contentlength=%d pccb->svr.ltobesent=%d
%s: pccb->clt.ltobesent=%d
ns_sinc_startftplisten: Opened ftp(cport = 0x%x sport = 0x%x sip = 0x%x)
ns_sinc_startftplisten: bind %d (gle %d)
ns_sinc_startftplisten: error - no available pccbs!
ns_parseftpcommand: bad arguments
ns_parseftpcommand: failed to parse PASV
ns_parseftpcommand: PASV port %d
%d,%d)
ns_parseftpcommand: done %s
PORT %d,%d,%d,%d,%d,%d
ns_parseftpcommand: failed to start listener on port (0x%x)
ns_parseftpcommand: got PORT %d,%d,%d,%d,%d,%d
%d,%d,%d,%d,%d,%d
ns_parseftpcommand: malloc failure
%s: port=%d send data (len=%d) returns error %d.
ns_tcpsendtoclt1
ns_tcpsendtoclt: pccb->svr.ltobedecode=%d
port=%d buffered data (%d) to clt
ns_tcpsendtoclt2
port=%d send data (%d) to clt 2
ns_tcpsendtoclt3: move ptobedecode
ns_tcpsendtoclt3: move ptobesent
ns_tcpsendtoclt3: pr_size=%d svr.ltobesent=%d
ns_tcpsendtoclt3(EOB): svr.ltobesent=%d
inflate returns %d, pccb->svr.luncmp=%d pccb->pcmp->inptr=%d
ns_tcpsendtoclt3: filesize=%d
ns_tcpsendtoclt3: svr.ltobesent=%d
port=%d send data (%d) to clt
ns_tcpsendtoclt3: pccb->svr.luncmp=%d
***ERROR*** ns_readclientdata in wrong state pccb->fsm=%d
ns_readtcpcltdata(mix): setting mux header len as 0x%x
GET %svpn/clientlogout.html HTTP/1.1
Bypassing Cisco SCCP spoofing
BypassCiscoSccpSpoof
port=%d receive data (len=%d) from clt
ns_readclttcpdata
ns_readclttcpdata(REQ_SIFTP): error after accept
accepted new connection on REQ_SIFTP
accept REQ_SIFTP error %d
calling accept on REQ_SIFTP...
pccb->clt.ltobesent: %d, ns_interface_s: %d, ni->m_req: %d, err: %d
udp send to svr
Bypassing DNS update not initiated by nsload.exe
Cannot find pmap: port=%d
udp packet
receive udp data (len=%d) from clt
receive udp data from %s:%d
ns_sinc_handler: Establishing server init TCP to port %d...
ns_sinc_handler: Unrecognized protocol %d!!
Partial data recved needs %d more
ns_udpsendtoclt
ns_tcpsendtoclt4:cmpbuf is freed in exit
setsockopt before(%d) after(%d) ret %d
port=%d blocked reading & buffer data (len=%d) cltport=%d.
ns_tcpsendtoclt4: luncmp is zero after decmp!
ns_tcpsendtoclt4: inflate returned CMP_ERROR!
ns_tcpsendtoclt4: get_method returned false!
ns_tcpsendtoclt4: %d left in recvd buf
ns_tcpsendtoclt4: received whole block, copy %d to uncmp
ns_tcpsendtoclt4: copy %d to uncmp
ns_tcpsendtoclt4: buffered %d more to cache, blklen %d
ns_tcpsendtoclt4: have bf delta, retrieving from cache %s
ns_tcpsendtoclt4: basefile morefrag   delta, waiting for next frag
ns_tcpsendtoclt4: basefile morefrag
ns_tcpsendtoclt4: adding to cache %d bytes
ns_tcpsendtoclt4: savedeltaEND %d bytes
ns_tcpsendtoclt4: savedeltaCONT %d bytes
ns_tcpsendtoclt4: move ptobedecode
ns_tcpsendtoclt4: move ptobesent
ns_tcpsendtoclt4: need more data
ns_tcpsendtoclt4: savedelta %d bytes
ns_tcpsendtoclt4: basefile headers/nocmp, got %d bytes
ns_tcpsendtoclt4: no delta %d
ns_tcpsendtoclt4(EOB): svr.ltobesent=%d
ns_tcpsendtoclt4: inflate returns %d, pccb->svr.luncmp=%d pccb->pcmp->inptr=%d
ns_tcpsendtoclt4: pr_size=%d
ns_tcpsendtoclt4(gzip): svr.ltobesent=%d
ns_tcpsendtoclt4: pccb->svr.luncmp=%d
client closes socket (ns_readclttcpdata failed)
passthru_sock: recvfrom error = %d
passthru_sock
UDP tunnel
UDP tunnel is not ready when UDP data comes
accept new connection clientfd=%d
ns_plugincfg.tcp_proxy_port=%d pccb->svr.port=%d
ns_plugincfg.basevip=0x%x pccb->svr.ip=0x%x
Releasing stray CCB for %s:%d to %s:%d
control_sock msg
ns_control_msg_heart_beat called
add to dnscache 0x%x %s
ns_svr_waitaaaresbody: pccb->svr.ltobesent=%d
schannel.dll
CryptUIDlgSelectCertificateFromStore
cryptui.dll
Failed CertOpenSystemStore, err = %d
Secur32.dll
Security.dll
Failed CertGetNameString
EncryptMessage (len=%d)
**** Error returned by EncryptMessage, 0x%x
pccb->clt.ptobesent=0x%x, pccb->clt.ltobesent=%d
SSL_EncryptData: cbHeader=%d, cbTrailer=%d, cbMaximumMessage=%d
Decryption returns NOT SEC_E_OK scRet=0x%x
DecryptMessage returns scRet=0x%x
FilterMatchingCerts added %d certs
Error adding cert context to store, err %d
Skipping cert with usage 0x%x
Found certificate for '%s'
1.3.6.1.5.5.7.3.2
Trusted issuer: %s
# of trusted issuers = %d
Defaulting to first matching certificate
User did not select a certificate!
Prompting user to select certificate
No matching certificate in store
Resynchronizing MY certificate store failed
Error returned by AcquireCredentialsHandle, err 0x%x
Selected certificate for '%s'
No certificate selected!
pccb->clt.ltobesent=%d
SSL_ClientHandshakeLoop: scRet=%x
%s: Certificate error 0x%x
ns_ssl::SSL_VerifyServerCertificate
***ERROR*** cbMaximumMessage>%d
Loading FwsVpn.DLL failed
FwsVPN.dll
%d.%d
***ERROR*** udpbuf > maximum %d
netscape.exe
mozilla/4.7
netscp.exe
firefox
navigator.exe
flock.exe
opera.exe
opera
useragent=%s appname=%s is64bitbrowser=%d
ns_parseua: p=%s
Not expected arguments "%s"
HTTP/1.1
nsWinAutoLogin=
nsversion=%s
nsvip=%s
nstrace=%s
nstdi=%s
Remove setup file: %s
nsvpnc_setup.exe
nsvpnc_setup64.exe
LastUrl
send failed, err %d
clilen=%d buf="%s"
HTTP/1.1 200 OK
ns_cmdlogin: exit
API login success
arg.nsversion: %s ns_hook_version: %s
Invalid login request, will discard it
LOGIN_FAIL
API login failed
API login failed with error [%d]
API login proxy authentication needed
WinLogin thread returned :%d
Waiting for WinLogin thread to return
API login
ns_parsehttp: invalid arguments
&nsWinAutoLogin=1
cmdlogin: skipping accept
Relogin after auto-update, skipping accept
port %d started
listen err=%d
bind err=%d
ns_cmdlogin: Previous login url %s
m_NoDisplayLogin==TRUE
noDisplayLogin
Arguments: %s
Previous login url %s
Failed to restore LastUrl
Failed archiving log file, err %d
Archiving log file from '%s' to '%s'
\~nssslvpn.txt
\nssslvpn.txt
Failed to open StopAgent event, err=%d
WSAStartup error %d
Failed to create stopNsloadThreadProc, err %d
Global\9C518270-2FB0-4ced-824C-35CAD3204ECA
Failed to detect if agent running, err %d
nsuninst2.txt
Global\FA920408-82BE-4bd8-9130-BB98D5F1EC79
OS Power event %x captured
LaunchBrowser -> OpenIEwithURL
LaunchBrowser - ShellExecute [ret = %d]
LaunchBrowser - url [%s]
LaunchBrowser - szPath is: %s
LaunchBrowser - is64bitbrowser=%d, szkey is: %s
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\%s
hXXp://%s:%d/vpns/err2002.html
hXXp://%s:%d/vpns/services.html
hXXp://%s:%d/vpns/fslogin.html
RedrawActiveXWnd: %d:%d
vpns/postepa.html
ARUpdateStatus(PLUGIN_UPGRADED,REBOOT_REQUIRED):%d
ARUpdateStatus:%d
Global\607A581D-4C6F-4beb-94AE-BC6855910B94
ARRegisterControlHandler:%d
ARRegister:%d
OnAPIMessage: ignoring %d
OnAPIMessage: NS_GET_STATUS: mutex [0x%x]
OnAPIMessage: wParam %d lParam %d
code %d bits %d->%d
gen_codes: max_code %d
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%)
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u
Shell_NotifyIcon %s
SendTrayMsg exception:%s
ARMenuRegisterDynamic failed:%d
ARAddMenu ret:%d menu count:%d
ns_findwinver=<%d, %d>
Client will support %d tunneled connections
ns_tunsocks: count %d
username=%s
Could not map view of file, err=%d
Could not open file mapping object %s, err=%d
ns_ParseLocation: invalid url <%s>
ploc=<%s>
IP %s resloved by DNS server is UP
IP %s Failed to create Socket, error %d
IP %s resloved by DNS server is DOWN
ns_enablessl=%d basevip=0xx basevport=0xx
hXXp://%s:%d/
hXXp://%s/
hXXps://%s:%d/
hXXps://%s/
basevip=%s
ns_addbypassurl: parsing asterisks in url
ns_addbypassurl: ip=0x%x basevip=0x%x
hXXps://
hXXp://
ns_addbypassurl: url=%s
hostname: %s
html_version=%s ns_version=%s
EnableHTTPVServer
Using %s as basevip
SSLVPN vip in the bypass list
bypass ps=%s
%s=%s
ns_start_vpn: location=%s
Software\Microsoft\Internet Explorer\TypedURLs
fTypedUrls
Save registry keys from service
Failed to create thread for DNS Update, error %d
IEXPLORE.EXE
iexplore.exe
http\shell\open\command
IE.HTTP
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice\Progid
OpenIEwithURL [%s] CreateProcess error %d
OpenIEwithURL [%s] [pid = %d]
"%s\Internet Explorer\iexplore.exe" %s
Failed notifying nsverctl service on login
ns_start_vpn returned %d
\ns1clean.cfg
ShellExecute '%s' failed, error %d
%s launched successfully
ns_launchnsclean: %s
\nswcc.exe
malloc=%d free=%d
\nsinst.dll
Deleting 'RouteChanges' registry key failed
Shell execute ipconfig successful
Shell execute ipconfig failed
ns_free_udp_control_queue called
Delete %s cache entry returned %d
Skipping scheme %d
Test connecting to server %x:%d...
Resolving %s
Failed InternetCrackUrl, err %d
InternetGetProxyInfo failed, err %d
InternetInitializeAutoProxyDll returns: %d
InternetInitializeAutoProxyDll failed, %d
wpac url=%s
Urldownloadtofile2 failed, err %d
AutoConfigJSURL
Urldownloadtofile failed, err %d
Proxy script URL not accessible
jsproxy.dll
ns_ClearConnectionProxy: bReturn=%d
%s: proxy=%s
%s: type=%d bReturn=%d
ns_SetIEConnectionProxyBypass: %s bReturn=%d
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
Succeeded in setting HKCU\%s\%s
Succeeded in setting HKLM\%s\%s
, schannel.dll
FileName:%s
URL:%s
%svpns/f_ndisagent.html
%svpns/f_services.html
%svpns/app.html
ProxyBypass
ns_wpad.pac
ns_QueryConnectionProxy: bReturn=%d
proxyport=%d proxyip=0x%x
proxy="%s"
HTTP proxy not set, skipping
http=
https=
starting parseproxy %s
finished ns_getproxy setting bypass %s
ns_getproxy returned %s
ns_QueryFirefoxConnectionProxy : returns FALSE
proxy_settings::set_proxybypass malloc failed
proxy_settings::set_proxyConnection_default Connection type 0x%x name '%s'
proxy_settings::GetIEConnectionProxy PROXY_BYPASS=%s
proxy_settings::GetIEConnectionProxy AUTODISCOVERY_FLAGS=%d
proxy_settings::GetIEConnectionProxy AUTOCONFIG_URL=%s
proxy_settings::GetIEConnectionProxy PROXY_SERVER=%s
proxy_settings::GetIEConnectionProxy CONN_FLAGS=%d
proxy_settings::parse_proxy proxyport=%d proxyip=0x%x
proxy_settings::parse_proxy proxy="%s"
proxy_settings::parse_proxy HTTP proxy not set, skipping
proxy_settings::parse_proxy called %s
proxy_settings::update_pacfile proxy=%s
ns_BackupFirefoxCookieFiles finished
Failed to backup firefox cookie file %s to %s, error=%d
Copied file %s to %s
ns_cookies.bak
cookies.sqlite
cookies.txt
SOFTWARE\Mozilla\Mozilla Firefox
ns_GetProfileDirectory returns path %s
Next section scanned is %s
ns_BackupFirefoxCookieFiles called
Successfully reset timestamp for file %s
ns_SetFirefoxConnectionProxy finished
Could not copy %s to %s
MozillaWindowClass
MozillaUIWindowClass
OldPrefsFile %s file not found
%s\%s.bak
prefs.js
ns_SetFirefoxConnectionProxy called
ns_CleanupFirefoxAAAC finished
ns_CleanupFirefoxAAAC:memory alocation error
ns_CleanupFirefoxAAAC: found cookie, closing browser
Cookie file is %s
ns_GetFirefoxProfileFile returns syspath %s
ns_CleanupFirefoxAAAC called
Got proxy bypass list
Got auto proxy URL
autoconfig_url
network.proxy.ssl_port
network.proxy.ssl
network.proxy.http_port
network.proxy.http
network.proxy.
network.proxy.type
user_pref("network.proxy.type",0);
user_pref("network.proxy.no_proxies_on","
user_pref("network.proxy.share_proxy_settings",true);
user_pref("network.proxy.share_proxy_settings",false);
user_pref("network.proxy.ftp_port",
user_pref("network.proxy.ftp","
PTF://
user_pref("network.proxy.gopher_port",
user_pref("network.proxy.gopher","
user_pref("network.proxy.ssl_port",
user_pref("network.proxy.ssl","
user_pref("network.proxy.socks_port",
user_pref("network.proxy.socks","
user_pref("network.proxy.http_port",
user_pref("network.proxy.http","
user_pref("network.proxy.type",1);
user_pref("network.proxy.autoconfig_url","
user_pref("network.proxy.type",2);
Failed copying from %s to %s
%s.bak
Failed doing map view of file %s
Failed creating file mapping of file %s
Failed opening file %s
Failed saving firefox proxy settings
Prefs file is %s
ns_QueryFirefoxConnectionProxy called
prefermethod=%s
proxydlg=%s
password=
password=
username=%s
pacfile=%s
bypasslist=%s
bypasslist=
proxyserverlist=%s
proxytype=%s
proxyconnection=%s
proxyaddress=%s
***%s Exception***: Code: %#0x
Failed setting NDIS driver key!!!
!!! WARNING, Failed to issue driver filter because of %d
GetDriverVer: return %d
%d%d%d%d
%d.%d.%d.%d
__ws_sendconfig: Unrecognized WS msg type.
__ws_sendconfig: Could not connect to WS client, err %d
__ws_sendconfig: send err(%d), attempt re-connect
__ws_sendconfig: win32_sel ret %d
__ws_sendconfig: Could not send WS client config %d.
ws_thread: failed to bind udpsock, %d
ws_thread: recv err %d
ws_thread: recvd %d
ws_thread: failed to create udpsock, %d
ClearDriverFilter: requre: %s
1.1.0.236
CTXVPN: failed to open driver handle when setting driver key.
Failed opening device %s
Total subnet filters = %x
Remote subnet entry %d Start IP = %x, Stop IP = %x
Remote subnet entry <%d> Start IP = %x, Stop IP = %x
Tunnel port = %x, Control port = %x, ICMP port = %x, Passthru port = %x, Base VIP = %x
LoadLibrary for iphlpapi.dll failed, err %d
%s: Adapter (%d) Index %d, Name '%S'
Citrix Adapter index(%d):%s
%s: SetIpInterfaceEntry failed, err %d
%s: GetIpInterfaceEntry failed, err %d
%s is up
WaitForVAIP retry adapter entry:%d
VA DeviceIOControl failed:%d
ns_iphlpapi returned %d
IpReleaseAddress returned %d
Failed opening driver handle, err %d
Disabling Virtual Adapter, g_dwVaIndex=%d
IpRenewAddress returned %d
Setting up the Virtual Adapter, g_dwVaIndex=%d
Wrong version nswcc.exe exists
ns_loadwcc: Localfilename: %s
Setting NDIS driver key...
ns_check_ndisdriverversion returned %d.
nsServer_LaunchMsiUninstaller failed, hr=0x%x, lRet=%d
ns_AdvertiseMsiPackage failed, hr=0x%x, lRet=%d
MSI package in: %s
Failed to install package, err=%d
Installing: %s
msiexec /i "%s"%s
TRANSFORMS=@agee_%s.mst
%s\agee.msi
8.1.16.0
Installer exit code: %d
Localfilename: %s
/vpns/scripts/vista/nsvpnc_setup.exe
%s\nsvpnc_setup.exe
/vpns/scripts/vista/nsvpnc_setup64.exe
%s\nsvpnc_setup64.exe
d:
Control msg from: %s
ns_read_tcp_control_msg
ns_control_msg: output=%d
Sending control msg %d to %s:%d
ns_control_msg
vaaddr=0x%x saddr=0x%x basevip=0x%x daddr=0x%x
__add_control_packet_to_queue: sport %d added
__find_control_packet: port=%d queue found
__find_control_packet: looking for port=%d
sendto returns %d
Dest 0x%x is broadcast
Found source IP %s/%s
Checking interface %x/%x
isDestIpBroadcastAddr called, saddr=%x daddr=%x
%s: out of memory for %d bytes
%s: GetIpForwardTable failed: %#.8x
%s%s(%u,%u) %s/%s -> %s [%x, %x, %x, %x, %x (%x)]
%s: Added (%d) %s/%s -> %s
%s: Failed (%d) to add %s/%s -> %s, err %d
%s: Deleted (%d) %s/%s -> %s
%s: Failed (%d) to delete %s/%s -> %s: %#.8x
Setting 'RouteChanges' registry key failed
GetNetworkParams failed with error: %d
ns_check_ndisdriverversion: returns %s, requires %s
RasEnumConnections failed, err %d
Failed RasHangUp, err %d
Disconnecting active RAS connection: %s
Found default gateway %s
InetCfg.Initialize
AcquireWriteLock by '%S'
LockedBy '%S'
NetCfgLock.AcquireWriteLock
InetCfg.QueryInterface
ns_InitializeInetCfg returning %d
ns_UninitializeInetCfg returning %d
InetCfg.Uninitialize
ns_InstallNdisDriver finished, status = %d
InetCfgClassSetup.Install
InetCfgClassSetup.Install returned: 0x%x
net6im_m.inf
Copied file %s
net6im.inf
InetCfg.QueryNetCfgClass
InetCfgClassSetup.DeInstall
InetCfgClassSetup.DeInstall returned: 0x%x
InetCfgClass.QueryInterface
InetCfgComponent.GetClassGuid
InetCfg.FindComponent
ns_IS_Install_NDIS_Driver: returns %d
nsinst.txt
d:d:d.d
Version: %s
Time: d:d:d
Date: d/d/%d
x:
Unsupported auth
ns_proxy_handler: Headers error %d
ns_proxy_handler: No pxy-auth: %s
CertVerifyCertificateChainPolicy
Error 0x%x returned by CertGetCertificateChain!
%s: *** CryptDecodeObjectEx failed %d
VerifyServerCertificate
Server cert name mismatch, len=%d
2.5.4.3
2.16.840.1.113730.4.1
1.3.6.1.4.1.311.10.3.3
1.3.6.1.5.5.7.3.1
ns_HTTPrequest return value is: %d
Error querying response code %d bQuery=%d
HttpQueryInfo
downloaded total %d bytes
%s %s returned: %d
proxy auth rqd respcode=%d
Server certificate in chain context invalid!
Failed InternetSetOption for client cert, err %d
HttpSendRequest
<%s %s HTTP/1.1
passwd
HTTP/1.0
Failed InternetOpen, err=%d
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; AGEE 8.0;)
%s: %s://%s:%d%s
ns_HTTPrequest
%s: AG %s returned status code %d
%s: failed determine AG type for %s: %d, fallback to EE
/vpn_logo.gif
pacfile local url
pacfile original url
proxy bypass list
last url
proxy port
native login
login
Mozilla\Firefox\
%s\%s%s
profiles.ini
\ns1profile.ini
Failed migrating profile, err %d
WinVerifyTrust failed %d, err %d
ns_verifyfile returns %d
ns_verifyfile output=%s
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
ns_verifyTrustedCert success
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Software\Microsoft\Windows\CurrentVersion
syspath=%s
shell32.dll
%s -- Error %d unknown
%s -- Error %d %s
ns_GetUserToken: OpenProcessToken failed with %d.
ns_GetUserToken: OpenProcess failed with %d.
explorer.exe
CreateProcessAsUser failed, err %d
Failed to launch agent, err=%d
nsload.exe /noDisplayLogin
CreateEnvironmentBlock failed, err %d
Impersonate User failed, err %d
WTSQuerySessionInformation failed, err %d
LoadUserProfile for '%s' failed, err %d
User profile for '%s' loaded
*** %s:%d: Exception ***
***%s:%d ERROR***
*** %s:%d: Exception %#0x ***
***%s:%d ERROR*** ExceptionCode: 0x%x ExceptionAddr: %p
{X-X-X-X-XXXXXX}
AdjustTokenPrivileges error: %u
OpenProcessToken error: %u
LookupPrivilegeValue error: %u
returning %d
LoadLibrary err %d
GetProcAddress err %d
IEIsProtectedModeURL ret 0x%x
Calling IEIsProtectedModeURL 0x%x for '%S'
IEIsProtectedModeURL
IEIsProtectedModeProcess ret 0x%x
ieframe.dll
SHGetKnownFolderPath failed 0x%x
Shell32.dll
ns_install_verctl return %d
\nsverctl.exe
ns_free_suffixlist: %s
ns_add_suffix: %s
System\CurrentControlSet\Services\Tcpip\Parameters
SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
group policy primary suffix %s
%s : %s
interface[%d]: %s
GetUdpTable failed.
GetTcpTable failed.
Address matched: %s
App listening on Local Address: %s:%ld
Failed deleted %s registry value, err %d
Failed calling RegDeleteKeyEx from Advapi32.dll
RegDeleteKeyExA
Advapi32.dll
ns_removereg_recurse: Failed deleting '%s', err=%d
ns_removereg_recurse: Failed opening key, err=%d
ns_removereg_recurse: '%s' deleted
ns_saveRegkey: Successfully backed-up registry key %s to file %s
ns_saveRegkey: Saving registry key %s to %s failed %d
ns_saveRegkey: Opening Key %s failed
PSAPI.DLL
GetLogicalDriveStrings failed %d
ns_callcreateprocess: CreateProcess %s failed, error %d.
ns_callcreateprocess: launching %s
ns_launchscript: waiting for %d processes
%s%s\
ns_launchscript: %s not expandable
ns_launchscript: %s
@Error calculating md5 hash for %s
Error creating md5 thread; Error %d
Get module filename failed %d
OpenProcess failed, err %d
CMP: mismatch(crc %d, len %d), gzip %d block %d
ICMP: toremote %d tolocal %d
UDP: send %d, recv %d, frag(no %d yes %d end %d err %d), dns %d, wins %d, oths %d, err(!nudp %d recvfrom %d)
IPPORT: get(Tot: %d, Err %d) set(Tot: %d, Err %d)
DEP: svc %d, file %d, proc %d, reg %d, versvc %d
CCB: cur %d
CONN: Tot(block %d, accept %d timeout %d)
CONN: Err(notaccpt %d, conn %d, send: %d) Cur(clt %d, svr %d, active %d)
MEM: used %d, free %d, getbuf %d, alloc %d, free %d
SSL: Tot(hs %d clthelo %d certchk %d)
SSL: Err(handsh %d, dec %d, enc %d rcrdsz %d cert %d)
DNS: insert %d, hit %d, miss %d, err(dns %d, wins %d)
SRV_INIT_CONN: Tot %d, TCP %d, Err %d
NSPROTO: errcltreq %d, cs(svr %d, vpn %d) dns %d
FORMAT: http %d proxy %d
FUNC: rdsvr %d, rdclt %d, sdbf2svr %d, sdbf2clt %d
AAA: !200 %d, 403 %d
d:d.d> Statistics
Error %d creating view of the file mapping
Error %d creating file mapping
Error %d opening %s
ns_restart_svc [%s] failed
ns_restart_svc: restart svc [%s]
Stopping service %s timed out
Stop to %s failed %lu
Service %s not currently running
Starting service %s timed out
Start %s failed %d
Service %s currently running
Query service status failed %d
Open service failed %d
OpenService: err=%d
OpenSCManager: err=%d
cached: name="%s" ip="%s" timeout=%ds
ns_getipbydomain domain=%s ns_pdnsc=0x%x
dnsname=%s
dns query type = %d
ns_adddnscache m_domain=%s m_ip=%s cached
GetProfileByType (%d) failed: 0xlx
Authorized application %lS is now enabled in the firewall profile %d.
PWindowsFirewallAppIsEnabled failed: 0xlx
Authorized application %lS is now deleted in the firewall profile %d.
WindowsFirewallInitialize failed: 0xlx
WindowsFirewallAddApp failed: 0xlx
IDispatch error #%d
Ferror 0xlx (%s)
%s: Remove outbound FwRule failed,
%s: Firewall rule rule for %S removed
%s: Remove inbound FwRule failed,
%s: CoCreateInstanceAsAdmin failed,
%s: Add outbound FwRule failed,
%s: Firewall rule for %S added
%s: Add inbound FwRule failed,
%s: CreateInstance failed,
HNetCfg.FwRule
Secure Channel Failure error code:%d
Secure Channel Reseting:%s
DomainController:%s
DC IP:%s
Dns DomainName:%s
X:X:X:X:X:X
User: %s
Password: %s
x-quoted-passwd: "%s"
Secondary-Password: "%s"
x-next-token: %s
x-app: %s
x-app-version: %d
Mac: %s
x-token1-challenge-state: %s
x-token1-response: %s
x-token1-challenge: %s
x-pin: %s
x-vpn-cookie: %s
port
VpnGateway%d
x-true-disconnect: %d
127.0.0.1:0
CONNECTUDP
127.0.0.1
%s %s HTTP/1.0
CNotSupportedException
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
commctrl_DragListMsg
CCmdTarget
CHotKeyCtrl
msctls_hotkey32
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
comctl32.dll
comdlg32.dll
GDI32.DLL
File%d
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
ntdll.dll
%s%s.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
%sCLSID\%s
TYPELIB\%s
CLSID\%s
CLSID\%s\%s
mfcm90.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
%s\shell\open\%s
%s\shell\print\%s
%s\shell\printto\%s
%s\DefaultIcon
%s\ShellNew
ddeexec
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
{X-X-X-XX-XXXXXX}
ole32.dll
user32.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olefact.cpp
UxTheme.dll
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\dockcont.cpp
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
ADVAPI32.DLL
operator
portuguese-brazilian
GetProcessWindowStation
USER32.DLL
OLEACC.dll
c:\ns_build\rs_92_39_2_ga\vpnc\win2\nsvpnapp\Win32\Release\nsload.pdb
GetExtendedTcpTable
IPHLPAPI.DLL
WS2_32.dll
CertOpenStore
CertCloseStore
CertFreeCertificateContext
CertGetNameStringA
CertAddCertificateContextToStore
CertGetIntendedKeyUsage
CertFindChainInStore
CertNameToStrA
CertControlStore
CertDeleteCertificateFromStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CRYPT32.dll
SetUrlCacheGroupAttributeA
CreateUrlCacheGroup
ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream
RetrieveUrlCacheEntryStreamA
GetUrlCacheEntryInfoA
DeleteUrlCacheEntry
SetUrlCacheEntryGroup
CommitUrlCacheEntryA
CreateUrlCacheEntryA
WININET.dll
VERSION.dll
dbghelp.dll
RASAPI32.dll
USERENV.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
KERNEL32.dll
EnumWindows
GetKeyState
SetWindowsHookExA
GetAsyncKeyState
UnhookWindowsHookEx
GetKeyNameTextA
MapVirtualKeyA
CreateDialogIndirectParamA
USER32.dll
GetViewportExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GDI32.dll
COMDLG32.dll
WINSPOOL.DRV
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegDeleteKeyA
RegSaveKeyA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
ADVAPI32.dll
ShellExecuteA
ShellExecuteExA
SHELL32.dll
COMCTL32.dll
SHLWAPI.dll
oledlg.dll
OLEAUT32.dll
URLDownloadToFileA
urlmon.dll
WINTRUST.dll
WTSAPI32.dll
GetUdpTable
GetTcpTable
CertFreeCertificateChain
CertGetCertificateChain
CryptMsgClose
InternetCrackUrlA
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
MPR.dll
SETUPAPI.dll
SensApi.dll
NETAPI32.dll
.?AVCCmdTarget@@
.PAVCException@@
.?AV?$CMap@HHV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV12@@@
.?AVCnsdlgloginopts@@
.?AVCnsdlglogin@@
.?AV?$ResourceCache@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@@
.?AVCnsdlgloginpopup@@
{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
ports
pres_tcp_opts
%[^/]%*[/]%s
Preserve TCP options
unexpected verdict flags %d
(unrecognized: %u)
(%s) network address [%s] mask [%s] port%s %s protocol%s%s
encountered char > 255 (decimal %d)
-_.!~*'()
0123456789
%s%s%s%s%s%s
()<>@,;:\"/[]?={}
.PAVCOleException@@
.PAVCObject@@
.PAVCMemoryException@@
.PAVCSimpleException@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCNotSupportedException@@
.?AVCTestCmdUI@@
.?AVCCmdUI@@
.PAVCUserException@@
.?AVCHotKeyCtrl@@
.PAVCResourceException@@
.PAVCArchiveException@@
.PAVCOleDispatchException@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CFixedStringT@V?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@$0EA@@ATL@@
.?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@
.?AVCToolCmdUI@@
.PAVCFileException@@
zcÁ
hXXps://4cornerspro.ccf.org
%Documents and Settings%\%current user%\Local Settings\Application Data\Citrix\AGEE\ns1profile.ini
%Program Files%\Citrix\Secure Access Client\nsload.exe
%)'#()))'
')%#))))'
!))'#'))))(#'))))(#')'
.,5557:,
('****'59'|
''*'**'*88.
)'4.''&'&&'&
&&&'&'&'4'&
&&'&&&..4&2
&&)))44&(
3333333
474747474
!/34343433
4/4..444..
..IIID.../23
-/2.D.DII..
D.IIIIDD4223
---#-#---
!:2.DDIII.D
-!-#--#-#
",,",","
33333333
???#???'???,???/???/???,???'???#???
@@@'@@@,@@@1@@@1@@@,@@@'@@@
@@@^@@@%@@@
@@@{@@@1
!!! " "!! " " "!!!
#"#"#"#"#"#"#"#"#"#"
""#"#"#"
.QQQ6/
???'???,???1???2???/???1???3???6???6???4???/???%???
???|???.???
???}???1}}}
???|???1
s.PionlYYOOOOYlnoiS0'
%)  ...  )%
77999999977
3699963
=$$$~```
.rjdb22 p
%DWWGF
444444444
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="nsload.exe" type="win32"></assemblyIdentity><description>Citrix Access Gateway</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
{b9852000-041d-11ff-25ff-0800400c9a66}
\Citrix\WindowsAppRHelper.dll
\WindowsAppRHelper_
048e6a9e-a722-489e-a4d7-8ad3a95a2e89
92B47D79-0F72-4ff3-BDA5-845078308BF2
1819bf96-fddc-489b-bff0-3ee2dd423b20
\Citrix\Receiver\Receiver.exe
iphlpapi.dll
\\.\CTXVA
dElevation:Administrator!new:%s
accKeyboardShortcut
OLEAUT32.DLL
ekernel32.dll
mscoree.dll
grspro.ccf.org
Show Secondary Password
Password:
Secondary password:
Version 9.2.39.6
For support, contact your system administrator.
07:51:00
03:00:00
Tunneled connections (%d)
Web address:
Port:
Please enter the IP and Port for the proxy to be used for this session
Proxy Port
Transfer Login
Enter Network Password
Please type your user name and password.
Password
Destination Web Server:
Either the Certificate Authority is not recognized and the gateway is misconfigured, or you are connecting to a site that is impersonating your Access Gateway.
>Windows auto logon is not supported for this operating system.
Windows auto logon is enabled.$Unable to enable windows auto logon.
Windows auto logon is disabled.*Cannot disable windows auto logon feature.ISplit tunneling is enabled and an intranet application is not configured.?%d intranet applications are configured exceed the limit of %d.5No IntranetIP is available. Please try to logon later;Your Access Gateway session is expired. Please logon again. Failed to download configuration
to be completedvERROR: The client security configuration [%s] is not correct. For more information, contact your system administrator.#Exceeded %d client security strings The Client security check failedIThe client security check of [%s] failed. The configuration is not right.[The client security check of [%s] failed. The required security application is not running.]The client security check of [%s] failed. The required security application is not installed.cThe client security check of [%s] failed. The required security application version is not correct.0The client security check of [%s] has succeeded.:The client security check of [%s] failed(Freshness check).?The client security check of [%s] failed for an unknown reason.'Open this link for more information: %s(Enter a valid IP address and port number
Enter a valid port number
Proxy: %s:%d
Realm: %s
Citrix Access Client6The ICMP reply was sent to server 0x%x with size of ÙReceived the ICMP packet from server %s with a size of %d/The ICMP packet is sent to %s with a size of %dÞ-delta: basefile pointer overflow!!EThe Access Gateway (%s:%d) is not accessible. Trying to reconnect ...)The Access Gateway (%s:%d) is accessible.
Port
Cannot monitor socket %dyThe Access Gateway connection failed due to inadequate licenses. For more information, contact your system administrator.&The TCP connection to %s:%d is denied.WThe connection was denied. Please try again later. (server reconfiguration in progress)
Server %s:%d is not listening.-The TCP connection to %s:%d is not available.)Remote DNS resolution for %s returned %s.*Local DNS lookup timed out for domain (%s)&Making a connection to %s:%d by %s ...8The Access Gateway Plug-in received an invalid socket id,The connection %s:%d to %s:%d is established*Local DNS lookup succeeded for domain (%s) Failed to lookup the domain (%s)DConnection to an internal Access Gateway service at %s:%d is closed.(Direct to server %s:%d connection closed)The connection to the server %s:%d failedgApplication (%s) closed its connection to %s:%d. (bytes sent: %d, bytes received: %d, time started: %s)
%s:1dData received from %s:%d has been accelerated by %s%%. (originally %d bytes, compressed to %d bytes)BData received from %s:%d is not accelerated. (Incompressible Data)^Data sent to %s:%d has been accelerated by %s%%. (originally %d bytes, compressed to %d bytes)BData sent to %s:%d has not been accelerated. (Incompressible Data);The internal connection used for control messages is closed/%s's connection from %s:%d unexpectedly closed.6Secure Access Client closed one connection [type: %d].
.Received UDP packet from server %s:%d, size %d!UDP packet sent to %s:%d, size %d)Making a local DNS lookup for domain "%s"*Making a remote DNS lookup for domain "%s"tYou are currently logged in to Access Gateway from another device. Please click transfer button to end that session.
You have reached the limit of the allowed Access Gateway sessions. Please select which session to release in order to continue with this session.NWARNING, invalid access request. A request for a new SSL TCP tunnel is denied5Processing a request for a tunnel from %s:%d to %s:%d(The TCP port deleted from %s:%d to %s:%d
Processed ARP response received"Processing ARP request for %s (%d)<ARP request is being passed through to enable LAN MAC lookup,ARP request is being handled by the SSL linkGCannot find the original source port, datagrams on this socket are lostTWARNING: No memory to allocate for the queue entry. You might lose some connections.NWARNING, invalid access request. A request for a new SSL TCP tunnel is denied,Processing a UDP request from %s:%d to %s:%d(The UDP port deleted from %s:%d to %s:%d
Loading ...<Downgrading the Citrix Access Gateway Plug-in from %s to %s.:Upgrading the Citrix Access Gateway Plug-in from %s to %s.qConnection established.
You are not logged on3Your session is going to be timed-out in %d secondsGYour Citrix Access Gateway session timed-out and you are not connected.[The Access Gateway did not detected keyboard or mouse activity. The session has timed-out.7This logon exceeds the maximum number of allowed users./You need to install endpoint security software.3You need to upgrade the endpoint security software.
Citrix Access Gateway Plug-in is not supported on this version of your operating system. For more information, contact your system administrator."You need to stop "%s" application.0The required security software is not activated.5There is a configuration issue on the Access Gateway.QThis version of the Citrix Access Gateway Plug-in is updated. Please logon again.
The versions between the Citrix Access Gateway Plug-in and the Access Gateway do not match. To upgrade, logon on using the Web browser.QThis version of the Citrix Access Gateway Plug-in is updated. Please logon again.4The proxy server requires unsupported authentication7Proxy server authentication failed, please logon again.AYour logon failed. Check the connection log for more information.OThe Citrix Access Gateway Plug-in failed to download the correct configuration.
Failed to allocate memory`The Citrix Access Gateway Plug-in could not start. For more information, see the connection log.MFailed to parse configuration. Check the connection log for more information.=The Access Gateway failed to validate the secure certificate.JThe Citrix Access Gateway Plug-in failed to start the interception driver.
5Failed to read the proxy settings in the Web browser.CThe client device could not resolve the Access Gateway Web address./The secure connection could not be established.$The Access Gateway is not available.DFailed to downgrade the Citrix Access Gateway Plug-in from %s to %s.BFailed to upgrade the Citrix Access Gateway Plug-in from %s to %s.[The connection to the Access Gateway cannot be established due to failed endpoint analysis.7Please use fallback access mode(s) shown in the browser0Citrix Access Gateway Plug-in is already runningPThe Web Interface is used for user connections. To logon, use Internet Explorer.[There is an internal error. For more information, please contact your system administrator.#Close all existing Firefox windows?
Secure Access ClientNCitrix Access Gateway needs to close all existing Firefox windows to continue.
Ignoring forward proxy script!(Failed to download forward proxy script!LBound the server on control port=%d tcp/udp port=%d icmp port=%d passthru=Ô!!! WARNING, cannot find ports to bind forwarders onJYou need to reboot your system for the changes to take effect. Reboot Now?
Citrix Access Gateway>CTXVPN: failed to start open driver handle in ns_SetDriverKey.
The Secure Access Client for Access Gateway Standard Edition client is using the concentrator. Log off the Secure Access Client for Standard Edition and then log on again using the Secure Access Client for Enterprise Edition.@CTXVPN: failed to open driver handle when setting driver filter.]!!! WARNING, FUNC_FILTER_ENTRIES: terminated abnormally because of error %d. UDP stream lost
To downgrade Citrix Access Gateway Plug-in from %s to %s, the current version must be uninstalled first.
The upgrade of hook file failed&Downloaded %d bytes configuration data8The correct version of the NDIS driver is not installed.
download %s failedxVPN client does NOT try to resolve domain (%s) through local DNS server. Forward proxy should be configured in this case
Collecting information ...&Connecting to the Access Gateway at %s
VPN client cannot resolve domain (%s) through your local DNS server. You need to modify the "hosts" file to add the IP address for this domain.UConnections to the Access Gateway are enabled for Web addresses that start with HTTP.NYour connection to the Access Gateway is not secure. Do you want to continue?
Citrix Access Gateway3Your connection to the Access Gateway is not secure#User ended insecure HTTP connectionaYou are trying to log on using HTTP in the Web address. To connect, use HTTPS in the Web address.2Post authentication endpoint analysis check failed-Please choose an access mode from the browser5Post authentication endpoint analysis check succeeded
Starting tunneling ...(Disconnecting from Access Gateway at %s.
<none>!Access Gateway session is closed.GYou are in a quarantine group. Certain applications will be unavailable
70eThe security certificate presented by this gateway was not issued by a trusted certificate authority.2hXXp://%s:%d/vpns/help/SAC_Windows/Title-Page.htmlXVista NLA: Failed changing to Domain profile. Network and Sharing Center may be running.[Vista NLA: Failed reverting from Domain profile. Network and Sharing Center may be running.'Invalid Access Gateway SSL certificate!`The security certificate presented by this gateway was issued for a different website's address.~Connection established.
The security certificate presented by the Delivery Services Access Gateway
was issued by a certifying authority you have not chosen to trust.
certificate, or you are connecting to a site that is impersonating your Access Gateway.
-Security Alert - Untrusted Server Certificate
was issued for a different website's address.
Invalid username or password.
Logging into: %s
Please enter a valid port value
Connect to: %s
Hide Secondary Password
Show Secondary Password}The Secure Access Client and Access Gateway versions do not match. Upgrade to the latest version of the Secure Access Client.1Citrix Endpoint Analysis is scanning your system.<Citrix Endpoint Analysis not configured, proceeding to login[Citrix Endpoint Analysis not configured and user already authenticated, proceeding to login$Citrix Endpoint Analysis failed: %s.5Citrix Endpoint Analysis succeeded, initiating logon.
EPA check completed ...*End user chooses to cancel transfer login.FThe Access Gateway session for user %s moved from %s to this computer.
Please Enter Passcode
user answered question %s*Failed to connect to the Access Gateway %s/Invalid username or password. Please try again.2Post authentication endpoint analysis check failed-Please choose an access mode from the browser5Post authentication endpoint analysis check succeeded1Pre-authentication endpoint analysis check failed4Pre-authentication endpoint analysis check succeededZThere is an internal server error. For more information, contact your system administrator9This client is accessing standard edition gateway (AGSE).;This client is accessing enterprise edition gateway (AGEE).
Connecting to server %s ...
For security, Citrix recommends closing all Web browser windows.bDo you want to end your session?
For security, Citrix recommends closing all Web browser windows.
All Files (*.*)
No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.
#Unable to load mail system support.
9, 2, 39, 6


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    nsverctl.exe:552
    dneinst.exe:1536
    dneinst.exe:2644
    dne2000.exe:2696
    nsload.exe:2600
    concentr.exe:1976
    wfcrun32.exe:1240
    wfcrun32.exe:1452
    CitrixOnlinePluginWeb12144.exe:1264
    icaconf.exe:636
    ipconfig.exe:1028
    rundll32.exe:1716
    runonce.exe:3612
    runonce.exe:3660
    runonce.exe:3492
    runonce.exe:552
    runonce.exe:544
    runonce.exe:3700
    runonce.exe:332
    runonce.exe:3528
    usbinst.exe:1472
    usbinst.exe:1104
    TrolleyExpress.exe:1988
    grpconv.exe:1252
    MsiExec.exe:1164
    MsiExec.exe:1632
    MsiExec.exe:852
    MsiExec.exe:1840
    MsiExec.exe:1680
    MsiExec.exe:1500
    MsiExec.exe:1408
    MsiExec.exe:376

  2. Delete the original Worm file.
  3. Delete or disinfect the following files created/modified by the Worm:

    %Documents and Settings%\All Users\Desktop\4 Corners Pro.url (118 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\aut2E.tmp (36 bytes)
    %WinDir%\Temp\4CornersProInstaller\agee.msi (24303 bytes)
    %System%\drivers\etc\hosts (734 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (568 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (17713 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\aut44.tmp (118 bytes)
    %WinDir%\Temp\4CornersProInstaller\CitrixOnlinePluginWeb12144.exe (107168 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (112834 bytes)
    %Documents and Settings%\%current user%\Application Data\ICAClient\webica.ini (36 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\AGEE\nsverctl.txt (1670 bytes)
    %WinDir%\Temp\dneinst.log (11598 bytes)
    %System%\drivers\SET3D.tmp (673 bytes)
    %System%\config\SYSTEM.LOG (16225 bytes)
    %WinDir%\inf\INFCACHE.0 (17864 bytes)
    %WinDir%\setupapi.log (61904 bytes)
    %WinDir%\inf\oem14.inf (1 bytes)
    %System%\CatRoot2\dberr.txt (1198 bytes)
    %System%\SET3C.tmp (601 bytes)
    %WinDir%\inf\oem13.inf (3 bytes)
    %System%\config\system (11579 bytes)
    %WinDir%\inf\oem13.PNF (14632 bytes)
    %WinDir%\inf\oem14.PNF (11004 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Citrix\AGEE\nssslvpn.txt (1830 bytes)
    %Documents and Settings%\%current user%\Application Data\ICAClient\APPSRV.INI (7903 bytes)
    %Documents and Settings%\%current user%\Application Data\ICAClient\WFCLIENT.INI (597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_en.rtf (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_de.dll (1235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\CTX_UPDATE_PACKAGE (100429 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\GenericUSB.msi (50780 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ru.rtf (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\HeaderLogo.bmp (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_en.dll (1540 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_zh-TW.rtf (1886 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_fr.dll (1957 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_fr.rtf (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_fr.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\SideBarBackground.bmp (790 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\ICAWebWrapper.msi (148728 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_es.rtf (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\dualpk.cab (1378 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_zh-TW.xml (167 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ja.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ko.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ru.dll (1264 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ko.rtf (1369 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpress.exe (17495 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_de.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_zh-TW.dll (2479 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\DesktopViewer.msi (16674 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_zh-CN.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_ja.rtf (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_zh-CN.dll (2725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_ru.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ko.dll (1176 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_zh-CN.rtf (703 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_es.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_ja.dll (1419 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Global.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\Localized_en.xml (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\EULA_de.rtf (502 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\TrolleyExpressUI_es.dll (2495 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Ctx-AFE9AAB9-3C30-4A95-B443-084D869E2377\Extract\CitrixHDXMediaStreamForFlash-ClientInstall.msi (20805 bytes)
    %WinDir%\inf\oem10.PNF (7393 bytes)
    %System%\drivers\SET1F.tmp (601 bytes)
    %WinDir%\inf\oem10.inf (6 bytes)
    %WinDir%\inf\oem11.PNF (7028 bytes)
    %WinDir%\inf\oem11.inf (11 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_es.xml (3 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpress.exe (7433 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_fr.dll (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-ICAWebWrapper.log (185796 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\dualpk.cab (689 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-CitrixHDXMediaStreamForFlash-ClientInstall.log (85068 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ru.dll (601 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_ru.rtf (16 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_ru.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TrolleyExpress-20150927-212002.log (107892 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\CitrixHDXMediaStreamForFlash-ClientInstall.msi (8281 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_en.xml (3 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\HeaderLogo.bmp (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-GenericUSB.log (95774 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\DesktopViewer.msi (6841 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ko.dll (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\CtxInstall-DesktopViewer.log (83736 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-CN.dll (601 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_zh-TW.xml (3 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_ja.dll (601 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_en.rtf (9 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_de.dll (601 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\ICAWebWrapper.msi (70216 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_zh-TW.dll (601 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_de.xml (3 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_es.rtf (6 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_fr.xml (3 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_en.dll (601 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_ja.xml (3 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\TrolleyExpressUI_es.dll (601 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_ko.xml (3 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_zh-CN.rtf (703 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_de.rtf (502 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\GenericUSB.msi (23062 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\SideBarBackground.bmp (54 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Global.xml (2 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_ja.rtf (1 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_ko.rtf (24 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_zh-TW.rtf (14 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\EULA_fr.rtf (1 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\Citrix online plug-in - web\Localized_zh-CN.xml (3 bytes)
    %WinDir%\Temp\dneca.log (59412 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\AGEE\nsinst.txt (3585 bytes)
    %System%\drivers\SET38.tmp (41 bytes)
    %WinDir%\inf\oem12.inf (3 bytes)
    %WinDir%\inf\oem12.PNF (31402 bytes)
    %Documents and Settings%\All Users\Application Data\Citrix\AGEE\nsinst2.txt (265 bytes)
    %Program Files%\Citrix\ICA Client\wfcwin32.log (54 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv" = "grpconv -o"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ConnectionCenter" = "%Program Files%\Citrix\ICA Client\concentr.exe /startup"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now