'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-09-30 00:10:05.814020 2016-09-30 00:12:12.549128 126 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2016-09-30 00:10:06 2016-09-30 00:12:12

File Details

File name 9739557846af8f69d6ff8746ab395cabaa0655dd.zip
File size 1695635 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 9A6C455A
MD5 23022539ad9878111b70383e9fa909b8
SHA1 9739557846af8f69d6ff8746ab395cabaa0655dd
SHA256 fdea4bcc1a625ac5894a84ef7f9a0b82825428db2e745482b683510d2225d518
SHA512 d560cd2c129893d90f3737d7604f2c1534d9aac17a08220d49772b0bac65405ed15e9599fc3659cb2505484a889db59a0b0dc07f0ea58d358e66cebb494dc1c7
Ssdeep 49152:ACOXjkc+789KJw9NVJj4vVPN8cZKT028z2DH:8jkc+g9KJENVeX8bT028z2L
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=150, Anomalies=0, PEiD=0, Yara=0, VT[1475194366]=0): Snort Events=4, AV Events=0
Total Score=150

SNORT EVENTS:
ET TROJAN LuminosityLink - Data Channel Client Request 2
ET TROJAN LuminosityLink - Data Channel Server Response 2
ET TROJAN LuminosityLink - CnC
ET TROJAN LuminosityLink - CnC Password Exfil

Dropped File/Buffer Yara Signatures:
afa2cfc6e192aa9de5463746466b0133375a2d54 [BUFFER]: shellcode
0f02fdb1f561ac02eddb65cc2276179b3a89f423 [BUFFER]: embedded_win_api
0f02fdb1f561ac02eddb65cc2276179b3a89f423 [BUFFER]: Str_Win32_Wininet_Library
0f02fdb1f561ac02eddb65cc2276179b3a89f423 [BUFFER]: with_sqlite
9310cf993dd18ac326b74ecbadc192f66cc8ba9f [BUFFER]: embedded_win_api

Signatures

antivm_queries_computername details
recon_fingerprint details
locates_browser details
antivm_memory_available details
dumped_buffer details
antisandbox_sleep details
infostealer_browser details
antivm_network_adapters details
dumped_buffer2 details
infostealer_ftp details
known_malware_mutex details
Startup_Added_to_Registry details
persistence_ads details
persistence_autorun details
antivm_generic_disk details
infostealer_ftp details
has_wmi details
infostealer_keylogger details
injection_runpe details
exploit_heapspray details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

d5be7caa0da2458f_pwd

50888d45b8b58066_KHAS

68127084029e2acc_Cab20E2.tmp

406e72a3cecd42c6_MIAMO

2a7c847e7b11bd6d_77ec63bda74bd0d0e0426dc8f8008506

3acab2c1aeb96909_DATOS

0b6aab0b560e6d12_MOFTO

4ee6706df7dd2289_e0f5c59f9fa661f6f4c50b87fef3a15a

7fa41bc535d6e4eb_Tar20E3.tmp

af7cc1706c9a8a53_MOF

e3b0c44298fc1c14_aspr_keys.ini

a2ce3a0fa7d2a833_e0f5c59f9fa661f6f4c50b87fef3a15a

b3d510ef04275ca8_8825

bedc1259b8c74f5d_bhv276A.tmp

PO..PKL160904.exe

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

ICMP requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\AppData\Local\Temp\8825
  • C:\Windows\System32\mscoree.dll
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
  • C:\Users\Harry Dresden\AppData\Local\Temp\Cab20E2.tmp
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Users\Harry Dresden\AppData\Local\Temp\PWD
  • C:\Users\Harry Dresden\AppData\Local\Temp\Tar20E3.tmp
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\signons.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cert8.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\secmod.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\key3.db
  • C:\Users\Harry Dresden\AppData\Local\Temp\bhv276A.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\BMIAMO
  • C:\Users\Harry Dresden\AppData\Local\Temp\DATOS
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOF
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOFTO
  • C:\Users\Harry Dresden\AppData\Local\Temp\KHAS
  • C:\Users\Harry Dresden\AppData\Local\Temp\MIAMO
File-Written
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
  • C:\Users\Harry Dresden\AppData\Local\Temp\Cab20E2.tmp
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
  • C:\Users\Harry Dresden\AppData\Local\Temp\Tar20E3.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\PWD
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
  • C:\Users\Harry Dresden\AppData\Local\Temp\BMIAMO
  • C:\Users\Harry Dresden\AppData\Local\Temp\DATOS
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOF
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOFTO
  • C:\Users\Harry Dresden\AppData\Local\Temp\KHAS
  • C:\Users\Harry Dresden\AppData\Local\Temp\MIAMO
  • C:\Users\Harry Dresden\AppData\Local\Temp\8825
  • C:\Users\Harry Dresden\AppData\Local\Temp\bhv276A.tmp
File-Deleted
  • C:\Users\Harry Dresden\AppData\Local\Temp\Cab20E2.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\client977.exe:Zone.Identifier
  • C:\Users\Harry Dresden\AppData\Local\Temp\Tar20E3.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\aspr_keys.ini
  • C:\Users\Harry Dresden\AppData\Local\Temp\bhv276A.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\BMIAMO
  • C:\Users\Harry Dresden\AppData\Local\Temp\DATOS
  • C:\Users\Harry Dresden\AppData\Local\Temp\aspr_keys.ini
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOF
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOFTO
  • C:\Users\Harry Dresden\AppData\Local\Temp\KHAS
  • C:\Users\Harry Dresden\AppData\Local\Temp\MIAMO
File-Opened
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\
  • C:\Windows\System32\mscoree.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\Cab20E2.tmp
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
  • C:\Windows\
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
  • C:\Windows\assembly\NativeImages_v2.0.50727_32\index538.dat
  • C:\Windows\assembly\pubpol40.dat
  • C:\Windows\System32\l_intl.nls
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
  • C:\Users\Harry Dresden\AppData\Local\Temp\PWD
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\8825
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
  • C:\Windows\System32\en-US\winhttp.dll.mui
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
  • C:\Users\Harry Dresden\AppData\Local\Temp\Tar20E3.tmp
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
  • C:\Users\Harry Dresden\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
  • C:\Windows\System32\
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
  • C:\Users\Harry Dresden\AppData\LocalLow
  • C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe
  • C:\
  • \??\PhysicalDrive0
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\places.sqlite
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\signons.sqlite
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cert8.db
  • C:\Program Files (x86)\Mozilla Firefox
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\secmod.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\key3.db
  • C:\Users\Harry Dresden\AppData\Local\Temp\bhv276A.tmp
  • C:\
  • C:\Users\Harry Dresden\AppData\Local\Temp\DATOS
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOF
  • C:\Users\Harry Dresden\AppData\Local\Temp\MOFTO
  • \??\PhysicalDrive0
  • C:\Users\Harry Dresden\AppData\Local\Temp\KHAS
  • C:\Users\Harry Dresden\AppData\Local\Temp\MIAMO
  • D:\
  • C:\Users\Harry Dresden\AppData\Local\Temp\BMIAMO
File-Copied
  • C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe -> C:\Users\Harry Dresden\AppData\Roaming\PO..PKL160904.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe -> D:\PO..PKL160904.exe
File-Moved
  • C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe -> C:\Users\Harry Dresden\AppData\Local\Temp\client977.exe
Directory-Enumerated
  • C:\Windows\System32\*.*
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
  • C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
  • C:\Users\Harry Dresden\AppData\Local
  • C:\Windows\System32
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
  • C:\Users
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
  • C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
  • C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
  • C:\Users\Harry Dresden
  • C:\Windows\Microsoft.NET\Framework\*
  • C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.INI
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
  • C:\Windows
  • C:\Windows\winsxs
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\*.*
  • C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
  • C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe
  • C:\Users\Harry Dresden\AppData
  • C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
  • C:\Users\Harry Dresden\AppData\Local\Temp\aspr_keys.ini
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\History\History.IE5\*.*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\*.*
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016092920160930\*.*
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\*.*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\key3.db
  • C:\Users\Harry Dresden\AppData\Local\Google\Chrome\User Data\*.*
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\cert7.db
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\secmod.db
  • C:\Users\Harry Dresden\AppData\Roaming\Opera\*.*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Profiles\*.*
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\SeaMonkey\Profiles\*.*
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\History\*.*
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\Firefox\Profiles\451jog5r.default\cert8.db
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\cert8.db
  • C:\Users\Harry Dresden\AppData\Local\Mozilla\Firefox\Profiles\451jog5r.default\secmod.db
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\History\Low\*.*
  • C:\Program Files (x86)\Mozilla Firefox\nss3.dll
  • C:\Users\Harry Dresden\AppData\Roaming\Mozilla\SeaMonkey\Profiles\*.*
  • C:\Users\Harry Dresden\AppData\Local\Google\Chrome SxS\User Data\*.*
  • C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
  • C:\Windows
  • C:\Windows\winsxs
  • C:\Users\Harry Dresden\AppData\Local\Chromium\User Data\*.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\aspr_keys.ini
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PO..PKL160904.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.2.AForge.Video.DirectShow__61ea4348d43881b7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3416602863-1947377224-293699093-1003\Installer\Assemblies\C:|Users|Harry Dresden|AppData|Local|Temp|PO..PKL160904.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
  • HKEY_CURRENT_USER\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8
  • HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\7454be22\631aafc0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\Policy\Standards\v2.0.50727
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\Policy\v4.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
  • \Policy\Standards
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\64\1cae81b7
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\VFW
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.JScript__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
  • HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER\Control Panel\International
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.0.0.d.resources_en-US_461d39c4a423da0b
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_CURRENT_USER\Wow6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Harry Dresden|AppData|Local|Temp|PO..PKL160904.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
  • HKEY_CLASSES_ROOT\CLSID
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\Security\Policy\Extensions\NamedPermissionSets\Internet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\1c0fa883\2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\f75b17b\68e59096
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index538
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3416602863-1947377224-293699093-1003\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.0.0.d.resources_en_461d39c4a423da0b
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
  • HKEY_CLASSES_ROOT\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\Policy\AppPatch\v4.0.30319.00000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Harry Dresden|AppData|Local|Temp|PO..PKL160904.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
  • HKEY_CURRENT_USER\SOFTWARE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\f75b17b\6ed085fa
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\Policy\Standards
  • HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
  • HKEY_LOCAL_MACHINE\Software\Borland\Locales
  • HKEY_CURRENT_USER\Software\Borland\Locales
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\bin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox 12.0\bin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
  • HKEY_LOCAL_MACHINE\Software\Borland\Locales
  • HKEY_CURRENT_USER\Software\Borland\Locales
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\SIG
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertLastSyncTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\EnableMulticast
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo\MSVideo.VFWWDM\Description
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\FileTracingMask
  • HKEY_CURRENT_USER\Software\S1NQNIKRqzUQtJzv3DaGsQ==
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\RegisterAdapterName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAAllFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextLockCount
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\1c0fa883\2\SIG
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\MissingDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\ChainCacheResyncFiletime
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\InstallRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003\ProfileImagePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\MaxNumberOfAddressesToRegister
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\kernel32.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\MissingDependencies
  • HKEY_CURRENT_USER\Software\CPL7dneTZr1EiR4NiVSeZn1vaXQaO1BED6ODd2VGzbE=
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\OnlyUseLatestCLR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\MaxFileSize
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\RegistrationMaxAddressCount
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\Modules
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertSyncDeltaTime
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\FileTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\SIG
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ntdll.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\1c0fa883\2\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo\MSVideo.VFWWDM\Driver
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\C198305E
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\ConfigString
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\Modules
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SCHANNEL\UserContextListCount
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\MaxFileSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\SyncDeltaTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseOldHostResolutionOrder
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\DisableAdapterDomainName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\1c0fa883\2\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\LastSyncTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\GCStressStart
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ConfigString
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\NIDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\DisallowedCertEncodedCtl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakDSAAllFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakECDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\NIDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\EncodedCtl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\MissingDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\Domain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartyAfterTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_CURRENT_USER\Software\N0nagzM7zZPbLMxMELBh/GKzYBXyuA/bWm2yEj3mPkw=
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllSha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\EvalationData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\EvalationData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\SIG
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}\InprocServer32\Class
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\LastModTime
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_CURRENT_USER\Software\tRJXmx1mSGK/4Nrv3X6gPEgEy+Sp5+eowpBoVji9CfM=
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogMaxFileSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1AllFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo\MSVideo.VFWWDM\DevNode
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRsaPubKeyTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo\MSVideo.VFWWDM\Active
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\Modules
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\Status
  • HKEY_CURRENT_USER\Software\1ynyauZZodDpbNpOAPMiEQ==
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNELBASE.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\RootDirUrl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\EnableConsoleTracing
  • HKEY_CURRENT_USER\Control Panel\International\sYearMonth
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartySha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\6a8005f1\a\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\73\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\ILDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SQMServiceList\SQMServiceList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\ConfigString
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Windows\LoadAppInit_DLLs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakSHA1ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\GCStressStartAtJit
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\Status
  • HKEY_CURRENT_USER\Software\0npohjxOULvowldb5o9iBg==
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\RegistrationEnabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableMulticast
  • HKEY_CURRENT_USER\Software\iSfLab1flxUoZRLjLbxdFTJwcUmLswrfm9Fx/52+nt8=
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\27\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\Drivers32\msvideo8
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\LastModTime
  • HKEY_CURRENT_USER\Software\fmSqFRzYAQMy8eEOlsNUhw==
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\UseLegacyV2RuntimeActivationPolicyDefaultValue
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\DisableConfigCache
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\DisplayName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Window Protector
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\8\ILDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1ThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\4efd60f7\3\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index538\NIUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\CLRLoadLogDir
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\c\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\LastModTime
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseHostnameAsAlias
  • HKEY_CURRENT_USER\Software\o6NxtYSLEcOOgsySxDSCdQ==
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index40
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\4a\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakRSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo\MSVideo.VFWWDM\SOFTWAREKEY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideo\MSVideo.VFWWDM\Disabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakMD5AllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\MissingDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\11\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\4644d0dd\96\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\40b284ba\f\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\1c0fa883\2\LastModTime
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakSHA1AllFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\3afc2ff2\6\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\1c0fa883\2\Status
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\WeakRSAAllFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index538\ILUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\328194a0\95\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Window Protector
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\Status
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\LdapClientIntegrity
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WINDOWS NT\CURRENTVERSION\InstallationType
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5ThirdPartySha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\96f8a9\51\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\615f9e15\8\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\6\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\QueryAdapterName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MinRsaPubKeyBitLength
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakECDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAAllFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\4a\NIDependencies
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\9\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\MVID
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\3029020b\4\Modules
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\d\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakMD5AllSha256Allow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\b\DisplayName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\54\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate\Flags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\DhcpDomain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\Tracing\Enabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\EvalationData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\7\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\WeakDSAThirdPartyFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFRAMEWORK\LegacyWPADSupport
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\2077bef2\7\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\4\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DisableBranchCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableMandatoryBasicConstraints
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
  • HKEY_CURRENT_USER\Software\H/xDw87vYENz1Bm3vdXVWw==
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox 12.0\bin\PathToExe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
Registry Key-Written
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\MaxFileSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Window Protector
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\ConsoleTracingMask
  • HKEY_CURRENT_USER\Software\o6NxtYSLEcOOgsySxDSCdQ==
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\MaxFileSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\EnableFileTracing
  • HKEY_CURRENT_USER\Software\1ynyauZZodDpbNpOAPMiEQ==
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\FileTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\FileDirectory
  • HKEY_CURRENT_USER\Software\tRJXmx1mSGK/4Nrv3X6gPEgEy+Sp5+eowpBoVji9CfM=
  • HKEY_CURRENT_USER\Software\S1NQNIKRqzUQtJzv3DaGsQ==
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASMANCS\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\PO_RASAPI32\FileTracingMask
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\LanguageList
  • HKEY_CURRENT_USER\Software\fmSqFRzYAQMy8eEOlsNUhw==
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Window Protector
  • HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\Version
  • HKEY_CURRENT_USER\Software\H/xDw87vYENz1Bm3vdXVWw==
  • HKEY_CURRENT_USER\Software\CPL7dneTZr1EiR4NiVSeZn1vaXQaO1BED6ODd2VGzbE=
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Mozilla Firefox
Mutex-Accessed
  • eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-21-3416602863-1947377224-293699093-1003
  • Global\.net clr networking
  • Global\ 647bb8bce6b9f2ff1adf07dd42dae195ef3cc5a3
  • RasPbFile

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe" PID: 1736, Parent PID: 2692

"C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe" PID: 3856, Parent PID: 1736

"C:\Users\Harry Dresden\AppData\Local\Temp\PO..PKL160904.exe" PID: 4336, Parent PID: 3856

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /stext "C:\Users\Harry Dresden\AppData\Local\Temp\8825" PID: 4936, Parent PID: 4336

Volatility

Nothing to display.