'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-08-22 11:42:22.528119 2016-08-22 11:45:09.195352 166 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-08-22 11:42:23 2016-08-22 11:45:09

File Details

File name d6e6d5407622f4b91b8fbea4aa1a20eab8d284f3.zip
File size 328235 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 44EAEF4B
MD5 08d46ab56131ee2e94de5069c8c3e42f
SHA1 d6e6d5407622f4b91b8fbea4aa1a20eab8d284f3
SHA256 72b5d8be4b3fd2413eb8bd18fd9c8e251309a991b713c45083b40efdb8ce5781
SHA512 7970af1fb10e74da3b45a43e84050f54801da0f76f1c4717896c9f0366c1ef1e1304ca7b70a74748d1e771e0a250ea636eddc28f8965542e3e17fe66b4b3e903
Ssdeep 6144:QEai+9JmCG+BvneZnwmJxXCSwlxMqKLCUfVg3Lh8axECtn9yHd:QEj+9gz2hctdwlu7CEybh8yjn9o
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=125, Anomalies=0, PEiD=0, Yara=0, VT[1471866448]=0): Snort Events=0, AV Events=0
Total Score=125

Dropped File/Buffer Yara Signatures:
7097c574cca7d7b7b73284f231ca49cce69eb873 [BUFFER]: shellcode
352d5f3366c43207ad99f300f5c7b7bfdafe8a03 [BUFFER]: embedded_win_api
5924a0978651d22248454e24b304afc1d28a578d [BUFFER]: shellcode
c0bd208944446e1f649fd5686e162e49084ba402 [BUFFER]: embedded_pe
c0bd208944446e1f649fd5686e162e49084ba402 [BUFFER]: embedded_win_api
c0bd208944446e1f649fd5686e162e49084ba402 [BUFFER]: CAP_HookExKeylogger
c0bd208944446e1f649fd5686e162e49084ba402 [BUFFER]: Str_Win32_Wininet_Library
c0bd208944446e1f649fd5686e162e49084ba402 [BUFFER]: shellcode
4fd547da5c7620b1814de0da8e538ff94bf41896 [BUFFER]: embedded_win_api

Signatures

antivm_queries_computername details
dumped_buffer details
Security_Cache_Tampering details
infostealer_browser details
memdump_urls details
infostealer_ftp details
MF_Heuristic details
Startup_Added_to_Registry details
antisandbox_idletime details
antisandbox_sleep details
persistence_autorun details
exploit_heapspray details
infostealer_ftp details
infostealer_im details
infostealer_keylogger details
infostealer_mail details
injection_runpe details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

fdaeb29c5dc8d7be_IEPass.txt

9d39345cec38f69c_strpath.tmp

e3b0c44298fc1c14_Mails.txt

Latest_Order 2016 8.exe

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.config
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config
  • C:\Users\Harry Dresden\AppData\Local\Temp\IEPass.txt
  • C:\Windows\System32\mscoree.dll
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Windows\System32\wbem\wbemdisp.tlb
  • C:\Users\Harry Dresden\AppData\Local\Temp\strpath.tmp
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Windows\SysWOW64\wshom.ocx
  • C:\Windows\SysWOW64\stdole2.tlb
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\account{D8AA64B8-53D0-449A-A9C1-54AE1ED62C82}.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\account{283097EF-0508-43FD-B420-F0DE30FFD021}.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\account{9777A2D2-D3EE-4B21-9974-7EAE46781951}.oeaccount
File-Written
  • C:\Users\Harry Dresden\AppData\Local\Temp\strpath.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\IEPass.txt
File-Deleted
  • C:\Users\Harry Dresden\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.6128.23283968
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.6128.23283953
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.6128.23283953
  • C:\Users\Harry Dresden\AppData\Local\Temp\IEPass.txt
  • C:\Users\Harry Dresden\AppData\Local\Temp\Mails.txt
File-Opened
  • C:\Windows\System32\l_intl.nls
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\assembly\pubpol40.dat
  • C:\Windows\System32\
  • C:\Windows\assembly\NativeImages_v2.0.50727_32\index552.dat
  • C:\Users\Harry Dresden\AppData\Local\Temp\Latest_Order 2016 8.exe
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
  • C:\Windows\assembly\NativeImages_v2.0.50727_32\index552.dat
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\Mails.txt
  • C:\Windows\assembly\pubpol40.dat
  • C:\Windows\System32\l_intl.nls
  • C:\Windows\System32\wbem\wbemdisp.tlb
  • C:\Users\Harry Dresden\AppData\Local\Temp\strpath.tmp
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
  • C:\Windows\SysWOW64\stdole2.tlb
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.config
  • C:\Users\Harry Dresden\AppData\Local\Temp\IEPass.txt
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe.Config
  • C:\Windows\SysWOW64\wshom.ocx
  • C:\Windows\System32\
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\account{D8AA64B8-53D0-449A-A9C1-54AE1ED62C82}.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\account{283097EF-0508-43FD-B420-F0DE30FFD021}.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\account{9777A2D2-D3EE-4B21-9974-7EAE46781951}.oeaccount
File-Copied
  • C:\Users\Harry Dresden\AppData\Local\Temp\Latest_Order 2016 8.exe -> C:\Users\Harry Dresden\AppData\Roaming\Java\JavaUpdtr.exe
Directory-Created
  • C:\Users\Harry Dresden\AppData\Roaming\Java
Directory-Enumerated
  • C:\Users\Harry Dresden
  • C:\Windows\Microsoft.NET\Framework\*
  • C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
  • C:\Users
  • C:\Windows\System32\*.*
  • C:\Windows\System32\mscoree.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\Users\Harry Dresden\AppData\Local\Temp\Latest_Order 2016 8.INI
  • C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
  • C:\Users\Harry Dresden\AppData\Local
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
  • C:\Windows
  • C:\Windows\winsxs
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\*.*
  • C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Users\Harry Dresden\AppData
  • C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
  • C:\Windows\System32
  • C:\Windows\System32\*.*
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.INI
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.INI
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Users\Harry Dresden\AppData\RoamingSmartFTPClient 2.0FavoritesQuick Connect*.xml
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
  • C:\Users
  • C:\Windows\System32
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
  • C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
  • C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
  • C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
  • C:\Users\Harry Dresden
  • C:\Windows\Microsoft.NET\Framework\*
  • C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
  • C:\Windows
  • C:\Windows\winsxs
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\*.*
  • C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
  • C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2A2F.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C06.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2FEC.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C65.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\acrord32_sbx\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CE6.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E0B.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2FBB.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD303F.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\Stationery\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\WPDNSE\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C07.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C0B.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\Adobe_ADMLogs\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2B72.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DC7.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D09.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3215.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C9A.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3192.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C05.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2B50.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C44.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2B11.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3203.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD304F.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C04.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E2B.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD29FD.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D3E.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD33CF.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\F255FE5A-DE25-46AB-80B1-6CA87F44B1EE\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD30C4.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2EED.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BD0.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2B11.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD30C4.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E2B.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\Low\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3225.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\Backup\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D1C.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C9B.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2B50.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BE1.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C88.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD29FD.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD31C2.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3295.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3192.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C2D.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DA2.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CAF.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E0B.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3225.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BCF.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C88.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Live Mail\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BE1.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD304F.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C66.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2FBB.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D0B.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E3D.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3081.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CD1.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C66.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\Backup\new\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2AF0.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D3E.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3051.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD33CF.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C2E.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD31C2.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DA2.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D80.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\Adobe_ADMLogs\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C04.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D0A.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CF7.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2AEF.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2A60.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCDA8D2.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C07.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2B72.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E2C.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D2E.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CC0.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C06.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C44.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D0B.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C0B.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E0A.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BE3.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C9B.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C9A.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D1C.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C0A.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D2E.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D80.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\F255FE5A-DE25-46AB-80B1-6CA87F44B1EE\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E2C.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C41.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CE5.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD30B3.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\Stationery\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3215.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3203.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD301D.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CE3.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3295.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CE3.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2A0F.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD30B3.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CF7.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD301D.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E3D.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\WPDNSE\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCDA8D2.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DC7.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BD0.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CD1.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2E0A.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\acrord32_sbx\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D0A.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DB5.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD303F.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CE6.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C65.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BE0.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CC0.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C2E.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C05.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C41.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C2D.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2EED.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2EBD.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2AEF.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CE5.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DB5.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DB4.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\Backup\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BCE.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\F255FE5A-DE25-46AB-80B1-6CA87F44B1EE\en-US\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BCF.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C77.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2FEC.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\F255FE5A-DE25-46AB-80B1-6CA87F44B1EE\en-US\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2DB4.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\Low\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C0A.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Mail\Backup\new\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2A2F.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2EBD.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BE3.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BCE.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2CAF.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3051.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2A0F.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2AF0.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2BE0.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2A60.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2D09.tmp\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD2C77.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Temp\TCD3081.tmp\*.oeaccount
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows Live Mail\*.oeaccount
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index552
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8
  • HKEY_CURRENT_USER\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\9610dc5\48d643c6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Latest_Order 2016 8.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
  • \Policy\Standards
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index552
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Windows|Microsoft.NET|Framework|v2.0.50727|MSBuild.exe.Config
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
  • HKEY_CURRENT_USER\Software\DownloadManager\Passwords
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
  • HKEY_CURRENT_USER\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3faa09f0\5ef07db9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51
  • HKEY_CLASSES_ROOT\CLSID\{D6BDAFB2-9435-491F-BB87-6AA0F0BC31A2}\InprocServer32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3416602863-1947377224-293699093-1003\Installer\Assemblies\C:|Windows|Microsoft.NET|Framework|v2.0.50727|MSBuild.exe.Config
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.CustomMarshalers__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Windows|Microsoft.NET|Framework|v2.0.50727|MSBuild.exe.Config
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
  • HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.JScript__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\33
  • \Policy\Standards
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
  • HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
  • HKEY_CURRENT_USER\Software\Paltalk
  • HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSBuild.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Vitalwerks\DUC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualC__b03f5f7f11d50a3a
  • HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\18683ad8\3b2c8ad8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3416602863-1947377224-293699093-1003\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3faa09f0\30812334
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
  • HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles
  • HKEY_CURRENT_USER\Software\Microsoft\MessengerService
  • HKEY_CURRENT_USER\Identities\{E5E75BBD-C0F6-409E-8A00-7A537CA1DB81}\Software\Microsoft\Internet Account Manager\Accounts
  • HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Thunderbird
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
  • HKEY_LOCAL_MACHINE\Software\Group Mail
  • HKEY_CURRENT_USER\Software\Yahoo\Pager
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
  • HKEY_CURRENT_USER\Identities\{E5E75BBD-C0F6-409E-8A00-7A537CA1DB81}
  • HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes
  • HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles
  • HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
  • HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
  • HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
  • HKEY_CURRENT_USER\Identities
  • HKEY_CURRENT_USER\Identities\{E5E75BBD-C0F6-409E-8A00-7A537CA1DB81}\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
  • HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL
  • HKEY_CURRENT_USER\Software\IncrediMail\Identities
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
  • HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
  • HKEY_LOCAL_MACHINE\Software\Classes\Software\Qualcomm\Eudora\CommandLine\current
  • HKEY_LOCAL_MACHINE\Software\IncrediMail\Identities
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index40
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNELBASE.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index552\NIUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguageFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ConfigMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\EMPTY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\Status
  • HKEY_CURRENT_USER\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\8BD80D59
  • HKEY_CURRENT_USER\Control Panel\Desktop\PreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\AlternateCodePage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index552\ILUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNEL32.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ntdll.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\MSCOREE.DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\EvalationData
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualC,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index40
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\Class
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\5\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNELBASE.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\33\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\EvalationData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\33\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index552\NIUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\5\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\SIG
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Java Updtr
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\33\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguageFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ConfigMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\33\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\Modules
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ConfigMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\EMPTY
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\Scripting\Default Namespace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\Status
  • HKEY_CURRENT_USER\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WScript.Shell\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\Modules
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\LastModTime
  • HKEY_CURRENT_USER\Control Panel\Desktop\PreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\AlternateCodePage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index552\ILUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\5\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\CustomMarshalers,2.0.0.0,,b03f5f7f11d50a3a,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\5\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\9C0191DC
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ConfigString
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\Modules
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\5\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNEL32.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\33\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ntdll.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\MSCOREE.DLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\36\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\EvalationData
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\svcVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_CURRENT_USER\Identities\{E5E75BBD-C0F6-409E-8A00-7A537CA1DB81}\Username
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
Registry Key-Written
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Java Updtr

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

"C:\Users\Harry Dresden\AppData\Local\Temp\Latest_Order 2016 8.exe" PID: 6128, Parent PID: 316

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" PID: 3808, Parent PID: 6128

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe -f C:\Users\HARRYD~1\AppData\Local\Temp\IEPass.txt PID: 3924, Parent PID: 3808

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext C:\Users\HARRYD~1\AppData\Local\Temp\Mails.txt PID: 4592, Parent PID: 3808

Volatility

Nothing to display.