'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-11-12 15:03:04.123941 2017-11-12 15:05:28.639504 144 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2017-11-12 15:03:05 2017-11-12 15:05:28

File Details

File name 1759b90e51620e81c07562fd5f1f38aa3620bbaf.zip
File size 10612573 bytes
File type Zip archive data, at least v1.0 to extract
CRC32 7FE30222
MD5 dd92aa13791d28d4d2aca4a20bcf20bf
SHA1 1759b90e51620e81c07562fd5f1f38aa3620bbaf
SHA256 25f6500ef193de8f27be26d2a1ac106eb3e7a89b07cab2aadc5f5b838c5103f2
SHA512 5e572f5b9b2e823605347be5eea932f705aedfe1d506b69dcab251f8c336d120642ba648a19e3f0fc752f0f927bfa8f790fd9d4caf0f40e9353c385d9c644629
Ssdeep None
PEiD None matched
Yara
  • shellcode (Matched shellcode byte patterns)
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=2, VT[1510517188]=0): Snort Events=0, AV Events=0
Total Score=75

MetaFlows Virus DB DETECTED Dropped File:
DevPro.exe INFECTED - Antivirus report:Here
4b3c99d30fef12c2_devpro.exe INFECTED - Antivirus report:Here

Dropped File/Buffer Yara Signatures:
826091664e7961b1_update.zip: embedded_pe
5aa85fb32d806ab3_ygopro.exe: GenerateTLSClientHelloPacket_Test

Signatures

antivm_memory_available details
raises_exception details
dumped_buffer details
allocates_rwx details
antivm_network_adapters details
overwites_files details
known_malware_mutex details
antisandbox_idletime details
antisandbox_sleep details
dropper details
ransomware_message details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

826091664e7961b1_update.zip

4d4d44e55c2aabae_c101001065.lua

e7760236668d7bd2_100000031.png

473b224d76552405_100912000.png

1c6cdb7c99d32444_cards.cdb

fa57f55099d002df_100912000.png

2bf6589c3c3b962e_101001001.png

00438fd61427bb29_36211150.png

a445db2832024cba_100000031.png

dcde108085e7b1e8_645087.png

5067464cbb27fd81_101001054.png

45b7f207a970c69d_utility.lua

fac924a24df2dfa4_101001011.png

91680be14ef69794_101001054.png

e069563b5af83a1b_c100912000.lua

86261a3f71472574_icsharpcode.sharpziplib.dll

a985be739d74eb37_strings.conf

4fca55c258bc89c6_101001003.png

345ea8018a9ea88f_c100217042.lua

33d0171b13ef316c_c7409792.lua

1ea74d2e374c4224_strings.conf

1c1277cda7e62a95_cards.cdb

2f172a8fac54b3a8_c13629812.lua

979aef2723f6d681_c73941492.lua

6ab4f2d8258ab910_101001002.png

340ab910842e5f8c_100217042.png

11529d07e445aa3b_c100000029.lua

c916f95ba49f631c_c61583217.lua

9e6f1c166f157095_73941492.png

09fbc34a63c9e469_c101001075.lua

8229d025c9c81f7e_c9190563.lua

c816c7ac9629c31f_c62706865.lua

3baf7a5fec491e7a_c101001054.lua

38d4a7f28b31f4b4_c100000025.lua

e0c5404671b36979_c101001005.lua

fce1b236ead08619_100000029.png

7fbc09eb412b8bb3_c34472920.lua

5c12dd6500362cfb_c99427357.lua

88a960dfc453a1a7_101001001.png

21049513eba62f4b_new cards.ydk

4d0159a829833c57_c101001029.lua

d751ef65868d7cfd_strings.conf

7406074a5c4e99e2_73941492.png

054bce52691633af_101001011.png

00574c91c3668d50_101001006.png

26d33b5617b6cd7c_update.zip

4777551e96fd0534_101001002.png

19c8fe5d3a5a1b44_101001003.png

cdcdc42fa0d91356_cards.cdb

509d8b0d1501ad1a_100000029.png

32aa30248ab07197_100317003.png

3cd40f7fce95e4c9_c101001044.lua

37eb3071d7a8e50f_launcher.conf

f99493c9e038c3d7_101001068.png

cea91e00d1c7e6ee_100317003.png

54e955ddb473070b_c101001011.lua

389ee2b21ef47cea_strings.conf

291df8bc27aae24c_c35595518.lua

c9e5af0f790eb7d3_101001034.png

33220ea85b8a997a_lflist.conf

62a3f53ac9947a27_c101001068.lua

7fad471381cee60b_645087.png

49d1ee8801456bb8_c81210420.lua

6c2ef9768c24d486_c39956951.lua

f00d120ce1b010f2_c74063034.lua

4b3c99d30fef12c2_devpro.exe

3944c725bd4548c0_c63394872.lua

ee662c8b578847ab_100217042.png

234395f2527683de_ygoupdater.exe

343002376905e0b6_c101001053.lua

b45d92266109205a_36211150.png

6a0c1846bd6c05d6_cards.cdb

bc3b824a011cca11_c101001034.lua

4d2bce3c8c5c31c3_101001006.png

cc8abe28622f0c7e_c101001043.lua

5aa85fb32d806ab3_ygopro.exe

1f5eaa6671a508bd_c61529473.lua

8ebc2b1a29006302_101001034.png

dd6b6baaf1f05b2a_c101001002.lua

06da276efccc07dd_101001068.png

fddb2039decda9a1_c101001003.lua

9a2c57fa03724c31_c101001006.lua

078ba08f6798bd21_c100217006.lua

DevPro.exe

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b75ba99f72f116d8951b0f2bba8c276a\System.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7ece7799d670cdfc1393b98b0668a046\System.Configuration.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\668bc5e53fd656dc16c9f40ea15e872e\System.Xml.ni.dll.aux
  • C:\Users\Harry Dresden\AppData\Local\Temp\update.zip
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ce11900fa489575613dc777c7fbb0d7d\System.Drawing.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac38cb30c15eb9e4a54459ee01e9f8e6\System.Windows.Forms.ni.dll.aux
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b75ba99f72f116d8951b0f2bba8c276a\System.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7ece7799d670cdfc1393b98b0668a046\System.Configuration.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\668bc5e53fd656dc16c9f40ea15e872e\System.Xml.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ce11900fa489575613dc777c7fbb0d7d\System.Drawing.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e0fea191b75897ec38735bfc31b89fe0\System.Core.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac38cb30c15eb9e4a54459ee01e9f8e6\System.Windows.Forms.ni.dll.aux
File-Written
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c39956951.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\100000031.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c61583217.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001003.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\100912000.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001001.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\100000031.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\36211150.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\German\cards.cdb
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001011.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001054.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c73941492.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c7409792.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c81210420.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001054.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c100912000.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\German\strings.conf
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c100217006.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c9190563.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c13629812.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c62706865.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001002.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001006.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001006.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c100000029.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\DevPro.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\73941492.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001029.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001068.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\French\cards.cdb
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\100000029.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001001.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c34472920.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001011.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c99427357.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001005.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\645087.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001034.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\645087.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001003.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001002.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\Spanish\cards.cdb
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001011.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\100217042.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\update.zip
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001043.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\100000029.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\100317003.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001068.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c35595518.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\French\strings.conf
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001002.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001068.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\100317003.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\Spanish\strings.conf
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\utility.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\101001034.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\lflist.conf
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\English\cards.cdb
  • C:\Users\Harry Dresden\AppData\Local\Temp\Language\English\strings.conf
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001065.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001075.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c74063034.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001034.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c63394872.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\100217042.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\36211150.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\100912000.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001044.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c100000025.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\101001006.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\pics\thumbnail\73941492.png
  • C:\Users\Harry Dresden\AppData\Local\Temp\ygopro.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c61529473.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\deck\New Cards.ydk
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001054.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001053.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c100217042.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\script\c101001003.lua
  • C:\Users\Harry Dresden\AppData\Local\Temp\YgoUpdater.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\launcher.conf
File-Deleted
  • C:\Users\Harry Dresden\AppData\Local\Temp\update.zip
File-Opened
  • C:\Windows\Fonts\cour.ttf
  • C:\Windows\Fonts\STENCIL.TTF
  • C:\Windows\Fonts\palabi.ttf
  • C:\Windows\Fonts\taileb.ttf
  • C:\Windows\Fonts\HARNGTON.TTF
  • C:\Windows\Fonts\nyala.ttf
  • C:\Windows\Fonts\raavi.ttf
  • C:\Windows\Fonts\ELEPHNTI.TTF
  • C:\Windows\Fonts\timesi.ttf
  • C:\Windows\Fonts\gulim.ttc
  • C:\Windows\Fonts\LCALLIG.TTF
  • C:\Windows\Fonts\TCMI____.TTF
  • C:\Windows\Fonts\KUNSTLER.TTF
  • C:\Windows\Fonts\malgunbd.ttf
  • C:\Windows\Fonts\dokchamp.ttf
  • C:\Windows\Fonts\CURLZ___.TTF
  • C:\Windows\Fonts\kartikab.ttf
  • C:\Windows\Fonts\kokilab.ttf
  • C:\Windows\Fonts\FRAHV.TTF
  • C:\Windows\Fonts\calibril.ttf
  • C:\Windows\Fonts\cordiab.ttf
  • C:\Windows\Fonts\gautamib.ttf
  • C:\Windows\Fonts\mangal.ttf
  • C:\Windows\Fonts\georgiai.ttf
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Windows\Fonts\mingliub.ttc
  • C:\Windows\Fonts\BOOKOSB.TTF
  • C:\Windows\Fonts\MSYHBD.TTC
  • C:\Windows\Fonts\ONYX.TTF
  • C:\Windows\Fonts\BASKVILL.TTF
  • C:\Windows\Fonts\LTYPEO.TTF
  • C:\Windows\Fonts\himalaya.ttf
  • C:\Windows\Fonts\cordia.ttf
  • C:\Windows\Fonts\ebrima.ttf
  • C:\Windows\Fonts\upckbi.ttf
  • C:\Windows\Fonts\angsai.ttf
  • C:\Windows\Fonts\upcfb.ttf
  • C:\Windows\Fonts\msjh.ttf
  • C:\Windows\Fonts\majalla.ttf
  • C:\Windows\Fonts\tunga.ttf
  • C:\Windows\Fonts\GOTHIC.TTF
  • C:\Windows\Fonts\cambriaz.ttf
  • C:\Windows\Fonts\VINERITC.TTF
  • C:\Windows\Fonts\upcibi.ttf
  • C:\Windows\Fonts\mvboli.ttf
  • C:\Windows\Fonts\lvnmbd.ttf
  • C:\Windows\Fonts\LTYPEB.TTF
  • C:\Windows\Fonts\timesbd.ttf
  • C:\Windows\Fonts\HTOWERTI.TTF
  • C:\Windows\Fonts\LSANS.TTF
  • C:\Users\Harry Dresden\AppData\Local\Temp\update.zip
  • C:\Windows\Fonts\ITCKRIST.TTF
  • C:\Windows\Fonts\marlett.ttf
  • C:\Windows\Fonts\gishabd.ttf
  • C:\Windows\Fonts\FRABK.TTF
  • C:\Windows\Fonts\upcll.ttf
  • C:\Windows\Fonts\upcfbi.ttf
  • C:\Windows\Fonts\ARLRDBD.TTF
  • C:\Windows\Fonts\vrindab.ttf
  • C:\Windows\Fonts\kalingab.ttf
  • C:\Windows\Fonts\calibrii.ttf
  • C:\Windows\Fonts\framdit.ttf
  • C:\Windows\Fonts\FTLTLT.TTF
  • C:\Windows\Fonts\kaiu.ttf
  • C:\Windows\Fonts\msyhbd.ttf
  • C:\Windows\Fonts\trebucbi.ttf
  • C:\Windows\Fonts\GOUDOSB.TTF
  • C:\Windows\Fonts\MSUIGHUB.TTF
  • C:\Windows\Fonts\JOKERMAN.TTF
  • C:\Windows\Fonts\constanb.ttf
  • C:\Windows\Fonts\TEMPSITC.TTF
  • C:\Windows\Fonts\WINGDNG2.TTF
  • C:\Windows\Fonts\BRITANIC.TTF
  • C:\Windows\Fonts\GADUGI.TTF
  • C:\Windows\Fonts\coure.fon
  • C:\Windows\Fonts\BOD_BLAI.TTF
  • C:\Windows\Fonts\calibriz.ttf
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Windows\Fonts\upcjbi.ttf
  • C:\Windows\Fonts\sserife.fon
  • C:\Windows\Fonts\BKANT.TTF
  • C:\Windows\Fonts\GIGI.TTF
  • C:\Windows\Fonts\MSJH.TTC
  • C:\Windows\Fonts\constanz.ttf
  • C:\Windows\Fonts\FRADMCN.TTF
  • C:\Windows\Fonts\ANTQUABI.TTF
  • C:\Windows\Fonts\taile.ttf
  • C:\Windows\Fonts\SCHLBKBI.TTF
  • C:\Windows\Fonts\BERNHC.TTF
  • C:\Windows\Fonts\ROCKBI.TTF
  • C:\Users\Harry Dresden\AppData\Local\GDIPFONTCACHEV1.DAT
  • C:\Windows\Fonts\LFAXD.TTF
  • C:\Windows\Fonts\CHILLER.TTF
  • C:\Windows\Fonts\framd.ttf
  • C:\Windows\Fonts\LSANSI.TTF
  • C:\Windows\Fonts\FELIXTI.TTF
  • C:\Windows\Fonts\browab.ttf
  • C:\Windows\Fonts\VLADIMIR.TTF
  • C:\Windows\Fonts\impact.ttf
  • C:\Windows\Fonts\malgun.ttf
  • C:\Windows\Fonts\BROADW.TTF
  • C:\Windows\Fonts\COLONNA.TTF
  • C:\Windows\Fonts\upcel.ttf
  • C:\Windows\Fonts\wingding.ttf
  • C:\Windows\Fonts\CALISTI.TTF
  • C:\Windows\Fonts\mangalb.ttf
  • C:\Windows\Fonts\kartika.ttf
  • C:\Windows\Fonts\modern.fon
  • C:\Windows\Fonts\CALISTBI.TTF
  • C:\Windows\Fonts\l_10646.ttf
  • C:\Windows\Fonts\upckl.ttf
  • C:\Windows\Fonts\SEGOEUISL.TTF
  • C:\Windows\Fonts\ANTQUAI.TTF
  • C:\Windows\Fonts\BRLNSDB.TTF
  • C:\Windows\Fonts\georgiaz.ttf
  • C:\Windows\Fonts\segoepr.ttf
  • C:\Windows\Fonts\micross.ttf
  • C:\Windows\Fonts\WINGDNG3.TTF
  • C:\Windows\Fonts\kokilabi.ttf
  • C:\Windows\Fonts\GILBI___.TTF
  • C:\Windows\Fonts\PALSCRI.TTF
  • C:\Windows\Fonts\segoeprb.ttf
  • C:\Windows\Fonts\upcfl.ttf
  • C:\Windows\Fonts\verdanai.ttf
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\Fonts\simsun.ttc
  • C:\Windows\Fonts\cordiaz.ttf
  • C:\Windows\Fonts\simkai.ttf
  • C:\Windows\Fonts\simfang.ttf
  • C:\Windows\Fonts\utsaah.ttf
  • C:\Windows\Fonts\upcil.ttf
  • C:\Windows\Fonts\PAPYRUS.TTF
  • C:\Windows\Fonts\shrutib.ttf
  • C:\Windows\Fonts\BSSYM7.TTF
  • C:\Windows\Fonts\consolai.ttf
  • C:\Windows\Fonts\serife.fon
  • C:\Windows\Fonts\HATTEN.TTF
  • C:\Windows\Fonts\seguisb.ttf
  • C:\Windows\Fonts\tradbdo.ttf
  • C:\Windows\Fonts\kokilai.ttf
  • C:\Windows\Fonts\segoesc.ttf
  • C:\Windows\Fonts\BRLNSR.TTF
  • C:\Windows\Fonts\euphemia.ttf
  • C:\Windows\Fonts\mingliu.ttc
  • C:\Windows\Fonts\leelawdb.ttf
  • C:\Windows\Fonts\constani.ttf
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
  • C:\Windows\Fonts\cambria.ttc
  • C:\Windows\Fonts\GILB____.TTF
  • C:\Windows\Fonts\ANTQUAB.TTF
  • C:\Windows\System32\tzres.dll
  • C:\Windows\Fonts\BOD_R.TTF
  • C:\Windows\Fonts\MATURASC.TTF
  • C:\Windows\Fonts\GLSNECB.TTF
  • C:\Windows\Fonts\BRUSHSCI.TTF
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\668bc5e53fd656dc16c9f40ea15e872e\System.Xml.ni.dll.aux
  • C:\Windows\Fonts\latha.ttf
  • C:\Windows\Fonts\browaui.ttf
  • C:\Windows\Fonts\monbaiti.ttf
  • C:\Windows\Fonts\Candarab.ttf
  • C:\Windows\Fonts\COOPBL.TTF
  • C:\Windows\Fonts\ariblk.ttf
  • C:\Windows\Fonts\corbel.ttf
  • C:\Windows\Fonts\GLECB.TTF
  • C:\Windows\Fonts\gautami.ttf
  • C:\Windows\Fonts\NIAGSOL.TTF
  • C:\Windows\Fonts\msyi.ttf
  • C:\Windows\Fonts\calibrib.ttf
  • C:\Windows\Fonts\lvnm.ttf
  • C:\Windows\Fonts\nrkis.ttf
  • C:\Windows\Fonts\upclb.ttf
  • C:\Windows\Fonts\phagspab.ttf
  • C:\Windows\Fonts\upcib.ttf
  • C:\Windows\Fonts\browauz.ttf
  • C:\Windows\Fonts\JUICE___.TTF
  • C:\Windows\Fonts\LBRITEI.TTF
  • C:\Windows\Fonts\angsa.ttf
  • C:\Windows\Fonts\BRADHITC.TTF
  • C:\Windows\Fonts\angsab.ttf
  • C:\Windows\Fonts\ARIALN.TTF
  • C:\Windows\Fonts\segoeuib.ttf
  • C:\Windows\Fonts\GILLUBCD.TTF
  • C:\Windows\Fonts\Candaraz.ttf
  • C:\Windows\Fonts\BOD_CBI.TTF
  • C:\Windows\Fonts\LFAX.TTF
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
  • C:\Windows\Fonts\daunpenh.ttf
  • C:\Windows\Fonts\Vani.ttf
  • C:\Windows\Fonts\GIL_____.TTF
  • C:\Windows\Fonts\msuighur.ttf
  • C:\Windows\Fonts\BOD_CI.TTF
  • C:\Windows\Fonts\courbd.ttf
  • C:\Windows\Fonts\timesbi.ttf
  • C:\Windows\Fonts\upcdb.ttf
  • C:\Windows\Fonts\aparajb.ttf
  • C:\Windows\Fonts\TCM_____.TTF
  • C:\Windows\Fonts\SNAP____.TTF
  • C:\Windows\Fonts\BOOKOSI.TTF
  • C:\Windows\Fonts\ROCKB.TTF
  • C:\Windows\Fonts\CALIBRILI.TTF
  • C:\Windows\Fonts\CALIFB.TTF
  • C:\Windows\Fonts\TCCEB.TTF
  • C:\Windows\Fonts\REFSAN.TTF
  • C:\Windows\Fonts\GARABD.TTF
  • C:\Windows\Fonts\GADUGIB.TTF
  • C:\Windows\Fonts\upcii.ttf
  • C:\Windows\Fonts\batang.ttc
  • C:\Windows\Fonts\MOD20.TTF
  • C:\Windows\Fonts\LTYPE.TTF
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac38cb30c15eb9e4a54459ee01e9f8e6\System.Windows.Forms.ni.dll.aux
  • C:\Windows\Fonts\ERASLGHT.TTF
  • C:\Windows\Fonts\arialbi.ttf
  • C:\Windows\Fonts\browa.ttf
  • C:\Windows\Fonts\ROCCB___.TTF
  • C:\Windows\Fonts\cambriai.ttf
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b75ba99f72f116d8951b0f2bba8c276a\System.ni.dll.aux
  • C:\Windows\Fonts\upcdbi.ttf
  • C:\Windows\Fonts\ebrimabd.ttf
  • C:\Windows\Fonts\BELL.TTF
  • C:\Windows\Fonts\vijayab.ttf
  • C:\Windows\Fonts\Gabriola.ttf
  • C:\Windows\Fonts\PRISTINA.TTF
  • C:\Windows\Fonts\GILSANUB.TTF
  • C:\Windows\Fonts\TCB_____.TTF
  • C:\Windows\Fonts\BOD_CB.TTF
  • C:\Windows\Fonts\ENGR.TTF
  • C:\Windows\Fonts\Candarai.ttf
  • C:\Windows\Fonts\angsauz.ttf
  • C:\Windows\Fonts\SHOWG.TTF
  • C:\Windows\Fonts\trebucbd.ttf
  • C:\Windows\Fonts\couri.ttf
  • C:\Windows\Fonts\cordiauz.ttf
  • C:\Windows\Fonts\verdanaz.ttf
  • C:\Windows\Fonts\kalinga.ttf
  • C:\Windows\Fonts\aparaj.ttf
  • C:\Windows\Fonts\sylfaen.ttf
  • C:\Windows\Fonts\segoeuii.ttf
  • C:\Windows\Fonts\COPRGTL.TTF
  • C:\Windows\Fonts\PER_____.TTF
  • C:\Windows\assembly\pubpol40.dat
  • C:\Windows\Fonts\cordiai.ttf
  • C:\Windows\Fonts\utsaahb.ttf
  • C:\Windows\Fonts\simpbdo.ttf
  • C:\Windows\Fonts\tungab.ttf
  • C:\Windows\Fonts\mriam.ttf
  • C:\Windows\Fonts\GILI____.TTF
  • C:\Windows\Fonts\majallab.ttf
  • C:\Windows\Fonts\comicbd.ttf
  • C:\Windows\Fonts\RAGE.TTF
  • C:\Windows\Fonts\iskpota.ttf
  • C:\Windows\Fonts\PERBI___.TTF
  • C:\Windows\Fonts\Shonar.ttf
  • C:\Windows\Fonts\LATINWD.TTF
  • C:\Windows\Fonts\segoeuil.ttf
  • C:\Windows\Fonts\LFAXDI.TTF
  • C:\Windows\Fonts\mriamc.ttf
  • C:\Windows\Fonts\simhei.ttf
  • C:\Windows\Fonts\browai.ttf
  • C:\Windows\Fonts\corbelz.ttf
  • C:\Windows\Fonts\FORTE.TTF
  • C:\Windows\Fonts\BOD_B.TTF
  • C:\Windows\Fonts\upcji.ttf
  • C:\Windows\Fonts\arialbd.ttf
  • C:\Windows\Fonts\FRAHVIT.TTF
  • C:\Windows\Fonts\comic.ttf
  • C:\Windows\Fonts\shruti.ttf
  • C:\Windows\Fonts\FRSCRIPT.TTF
  • C:\Windows\Fonts\MISTRAL.TTF
  • C:\Windows\Fonts\trado.ttf
  • C:\Windows\Fonts\FRABKIT.TTF
  • C:\Windows\Fonts\upcjl.ttf
  • C:\Windows\Fonts\CASTELAR.TTF
  • C:\Windows\Fonts\utsaahbi.ttf
  • C:\Windows\Fonts\BAUHS93.TTF
  • C:\Windows\Fonts\LBRITED.TTF
  • C:\Windows\Fonts\CALISTB.TTF
  • C:\Windows\Fonts\raavib.ttf
  • C:\Windows\Fonts\meiryob.ttc
  • C:\Windows\Fonts\BRLNSB.TTF
  • C:\Windows\Fonts\davidbd.ttf
  • C:\Windows\Fonts\ntailu.ttf
  • C:\Windows\Fonts\FRAMDCN.TTF
  • C:\Windows\Fonts\msmincho.ttc
  • C:\Windows\Fonts\HTOWERT.TTF
  • C:\Windows\Fonts\ROCKI.TTF
  • C:\Windows\Fonts\Vanib.ttf
  • C:\Windows\Fonts\MSYH.TTC
  • C:\Windows\Fonts\trebuc.ttf
  • C:\Windows\Fonts\corbeli.ttf
  • C:\Windows\Fonts\MTEXTRA.TTF
  • C:\Windows\Fonts\consolab.ttf
  • C:\Windows\Fonts\estre.ttf
  • C:\Windows\Fonts\angsaz.ttf
  • C:\Windows\Fonts\AGENCYB.TTF
  • C:\Windows\Fonts\IMPRISHA.TTF
  • C:\Windows\Fonts\SCRIPTBL.TTF
  • C:\Windows\Fonts\FRADMIT.TTF
  • C:\Windows\Fonts\GOTHICB.TTF
  • C:\Windows\Fonts\georgia.ttf
  • C:\Windows\Fonts\HARLOWSI.TTF
  • C:\Windows\Fonts\ELEPHNT.TTF
  • C:\Windows\Fonts\courbi.ttf
  • C:\Windows\Fonts\corbelb.ttf
  • C:\Windows\Fonts\OCRAEXT.TTF
  • C:\Windows\Fonts\georgiab.ttf
  • C:\Windows\Fonts\palai.ttf
  • C:\Windows\Fonts\BELLI.TTF
  • C:\Windows\Fonts\ERASBD.TTF
  • C:\Windows\Fonts\angsaub.ttf
  • C:\Windows\Fonts\upckb.ttf
  • C:\Windows\Fonts\LaoUIb.ttf
  • C:\Windows\Fonts\aparajbi.ttf
  • C:\Windows\Fonts\FRADM.TTF
  • C:\Windows\Fonts\RAVIE.TTF
  • C:\Windows\Fonts\tahomabd.ttf
  • C:\Windows\Fonts\BOD_I.TTF
  • C:\Windows\Fonts\MSJHBD.TTC
  • C:\Windows\Fonts\Shonarb.ttf
  • C:\Windows\Fonts\webdings.ttf
  • C:\Windows\Fonts\consola.ttf
  • C:\Windows\Fonts\browau.ttf
  • C:\Windows\Fonts\NIAGENG.TTF
  • C:\Windows\Fonts\msjhbd.ttf
  • C:\Windows\Fonts\upclbi.ttf
  • C:\Windows\Fonts\andlso.ttf
  • C:\Windows\Fonts\segoeuiz.ttf
  • C:\Windows\Fonts\INFROMAN.TTF
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
  • C:\Windows\Fonts\smalle.fon
  • C:\Windows\Fonts\kokila.ttf
  • C:\Windows\Fonts\verdana.ttf
  • C:\Windows\Fonts\script.fon
  • C:\Windows\Fonts\ROCK.TTF
  • C:\Windows\Fonts\ARIALNBI.TTF
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll.aux
  • C:\Windows\Fonts\ntailub.ttf
  • C:\Windows\Fonts\GOUDOSI.TTF
  • C:\Windows\Fonts\segoeui.ttf
  • C:\Windows\Fonts\BOD_BI.TTF
  • C:\Windows\Fonts\symbol.ttf
  • C:\Windows\Fonts\upcdi.ttf
  • C:\Windows\Fonts\browaub.ttf
  • C:\Windows\Fonts\aparaji.ttf
  • C:\Windows\Fonts\CALIFR.TTF
  • C:\Windows\Fonts\VIVALDII.TTF
  • C:\Windows\Fonts\BOOKOS.TTF
  • C:\Windows\Fonts\palab.ttf
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7ece7799d670cdfc1393b98b0668a046\System.Configuration.ni.dll.aux
  • C:\Windows\Fonts\gisha.ttf
  • C:\Windows\Fonts\msyh.ttf
  • C:\Windows\Fonts\arial.ttf
  • C:\Windows\Fonts\tahoma.ttf
  • C:\Windows\Fonts\MAGNETOB.TTF
  • C:\Windows\Fonts\TCCM____.TTF
  • C:\Windows\Fonts\SCHLBKB.TTF
  • C:\Windows\Fonts\frank.ttf
  • C:\Windows\Fonts\LFAXI.TTF
  • C:\Windows\Fonts\simsunb.ttf
  • C:\Windows\Fonts\upcli.ttf
  • C:\Windows\Fonts\ahronbd.ttf
  • C:\Windows\Fonts\verdanab.ttf
  • C:\Windows\Fonts\simpo.ttf
  • C:\Windows\Fonts\GARAIT.TTF
  • C:\Windows\Fonts\PLAYBILL.TTF
  • C:\Windows\Fonts\GARA.TTF
  • C:\Windows\Fonts\CALIFI.TTF
  • C:\Windows\Fonts\LaoUI.ttf
  • C:\Users\Harry Dresden\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
  • C:\Windows\Fonts\upcjb.ttf
  • C:\Windows\Fonts\REFSPCL.TTF
  • C:\Windows\Fonts\NIRMALA.TTF
  • C:\Windows\Fonts\PARCHM.TTF
  • C:\Windows\Fonts\upceb.ttf
  • C:\Windows\Fonts\POORICH.TTF
  • C:\Windows\Fonts\BOD_CR.TTF
  • C:\Windows\Fonts\GOTHICBI.TTF
  • C:\Windows\Fonts\LSANSDI.TTF
  • C:\Users\Harry Dresden\AppData\Local\Temp\YgoUpdater.exe
  • C:\Windows\Fonts\cambriab.ttf
  • C:\Windows\Fonts\ROCKEB.TTF
  • C:\Windows\Fonts\ERASDEMI.TTF
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\Windows\Fonts\vijaya.ttf
  • C:\Windows\Fonts\LBRITE.TTF
  • C:\Windows\Fonts\AGENCYR.TTF
  • C:\Windows\Fonts\ALGER.TTF
  • C:\Windows\Fonts\ariali.ttf
  • C:\Windows\Fonts\BOD_BLAR.TTF
  • C:\Windows\Fonts\COPRGTB.TTF
  • C:\Windows\Fonts\ITCEDSCR.TTF
  • C:\Windows\Fonts\SCHLBKI.TTF
  • C:\Windows\Fonts\browaz.ttf
  • C:\Windows\Fonts\GOUDYSTO.TTF
  • C:\Windows\Fonts\moolbor.ttf
  • C:\Windows\Fonts\KhmerUIb.ttf
  • C:\Windows\Fonts\CENSCBK.TTF
  • C:\Windows\Fonts\meiryo.ttc
  • C:\Windows\Fonts\LTYPEBO.TTF
  • C:\Windows\Fonts\constan.ttf
  • C:\Windows\Fonts\msgothic.ttc
  • C:\Windows\Fonts\simpfxo.ttf
  • C:\Windows\Fonts\ERASMD.TTF
  • C:\Windows\Fonts\upcebi.ttf
  • C:\Windows\Fonts\pala.ttf
  • C:\Windows\Fonts\ROCC____.TTF
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ce11900fa489575613dc777c7fbb0d7d\System.Drawing.ni.dll.aux
  • C:\Windows\Fonts\MTCORSVA.TTF
  • C:\Windows\Fonts\PERI____.TTF
  • C:\Windows\Fonts\OUTLOOK.TTF
  • C:\Windows\Fonts\upcfi.ttf
  • C:\Windows\Fonts\ARIALNI.TTF
  • C:\Windows\Fonts\rod.ttf
  • C:\Windows\System32\en-US\tzres.dll.mui
  • C:\Windows\Fonts\PERTILI.TTF
  • C:\Windows\Fonts\calibri.ttf
  • C:\Windows\Fonts\trebucit.ttf
  • C:\Windows\Fonts\GILC____.TTF
  • C:\Windows\Fonts\GOUDOS.TTF
  • C:\Windows\Fonts\lucon.ttf
  • C:\Windows\Fonts\CENTURY.TTF
  • C:\Windows\Fonts\LHANDW.TTF
  • C:\Windows\Fonts\angsau.ttf
  • C:\Windows\Fonts\OLDENGL.TTF
  • C:\Windows\Fonts\arabtype.ttf
  • C:\Windows\Fonts\vrinda.ttf
  • C:\Windows\Fonts\ARIALNB.TTF
  • C:\Windows\Fonts\segoescb.ttf
  • C:\Windows\Fonts\CENTAUR.TTF
  • C:\Windows\Fonts\iskpotab.ttf
  • C:\Windows\Fonts\Candara.ttf
  • C:\Windows\Fonts\utsaahi.ttf
  • C:\Windows\Fonts\NIRMALAB.TTF
  • C:\Windows\Fonts\BELLB.TTF
  • C:\Windows\Fonts\leelawad.ttf
  • C:\Windows\System32\
  • C:\Windows\Fonts\seguisym.ttf
  • C:\Windows\Fonts\times.ttf
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Windows\Fonts\lathab.ttf
  • C:\Windows\Fonts\smallf.fon
  • C:\Windows\Fonts\roman.fon
  • C:\Windows\Fonts\upcdl.ttf
  • C:\Windows\Fonts\TCBI____.TTF
  • C:\Windows\Fonts\LSANSD.TTF
  • C:\Windows\Fonts\cordiaui.ttf
  • C:\Windows\Fonts\phagspa.ttf
  • C:\Windows\Fonts\ITCBLKAD.TTF
  • C:\Windows\Fonts\PERTIBD.TTF
  • C:\Windows\Fonts\consolaz.ttf
  • C:\Windows\Fonts\upcei.ttf
  • C:\Windows\Fonts\LBRITEDI.TTF
  • C:\Windows\Fonts\GOTHICI.TTF
  • C:\Windows\Fonts\MAIAN.TTF
  • C:\Windows\Fonts\FREESCPT.TTF
  • C:\Windows\Fonts\TCCB____.TTF
  • C:\Windows\Fonts\cordiau.ttf
  • C:\Windows\Fonts\upcki.ttf
  • C:\Windows\Fonts\angsaui.ttf
  • C:\Windows\Fonts\david.ttf
  • C:\Windows\Fonts\KhmerUI.ttf
  • C:\Windows\Fonts\BOOKOSBI.TTF
  • C:\Windows\Fonts\plantc.ttf
  • C:\Windows\Fonts\PERB____.TTF
  • C:\Windows\Fonts\cordiaub.ttf
  • C:\Windows\Fonts\BOD_PSTC.TTF
  • C:\Windows\Fonts\CALIST.TTF
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll.aux
  • C:\Windows\AppPatch\sysmain.sdb
  • C:\Windows\System32\mscoree.dll
  • C:\Windows\assembly\pubpol40.dat
  • C:\Windows\System32\
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7ece7799d670cdfc1393b98b0668a046\System.Configuration.ni.dll.aux
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Users\Harry Dresden\AppData\Local\Temp\DevPro.exe
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\668bc5e53fd656dc16c9f40ea15e872e\System.Xml.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System\b75ba99f72f116d8951b0f2bba8c276a\System.ni.dll.aux
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ce11900fa489575613dc777c7fbb0d7d\System.Drawing.ni.dll.aux
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e0fea191b75897ec38735bfc31b89fe0\System.Core.ni.dll.aux
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac38cb30c15eb9e4a54459ee01e9f8e6\System.Windows.Forms.ni.dll.aux
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
Directory-Enumerated
  • C:\Windows\Microsoft.NET\Framework\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
  • C:\Windows\System32\*.*
  • C:\Windows\System32\mscoree.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
  • C:\Users\Harry Dresden\AppData\Local
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\YgoUpdater\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
  • C:\Windows
  • C:\Users
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCoded64bfd68#\*
  • C:\Users\Harry Dresden\AppData
  • C:\Windows\System32
  • C:\Users\Harry Dresden
  • C:\Windows\Microsoft.NET\Framework\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
  • C:\Windows\System32\*.*
  • C:\Windows\System32\mscoree.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\Users\Harry Dresden\AppData\Local\Temp\DevPro.exe
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\*
  • C:\Users\Harry Dresden\AppData\Local
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\*
  • C:\Windows
  • C:\Users
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\DevPro\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\*
  • C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\*
  • C:\Users\Harry Dresden\AppData
  • C:\Windows\System32
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
  • \Policy\Standards
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YgoUpdater.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
  • \Policy\Standards
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3416602863-1947377224-293699093-1003\Installer\Assemblies\C:|Users|Harry Dresden|AppData|Local|Temp|DevPro.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Accessibility__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
  • HKEY_CURRENT_USER\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevPro.exe
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Harry Dresden|AppData|Local|Temp|DevPro.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Accessibility__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3416602863-1947377224-293699093-1003\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Harry Dresden|AppData|Local|Temp|DevPro.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\MaxFileSize
  • HKEY_CURRENT_USER\Software\Microsoft\GDIPlus\FontCachePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index40
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNELBASE.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\MaxFileSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\MUI_Std
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\TZI
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SQMServiceList\SQMServiceList
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguageFallback
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\EMPTY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
  • HKEY_CURRENT_USER\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\MUI_Display
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\MUI_Dlt
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\FileTracingMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\FileTracingMask
  • HKEY_CURRENT_USER\Control Panel\Desktop\PreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\AlternateCodePage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\MSCOREE.DLL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNEL32.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DisableBranchCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ntdll.dll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\Tracing\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2006
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2007
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpScopeId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\LegacyWPADSupport
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\ScopeId
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseEdns
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheTtl
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateSecurityLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\FileTracingMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\MaxNumberOfAddressesToRegister
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterAdapterName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\SecurityProviders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index40
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UpdateSecurityLevel
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DomainNameDevolutionLevel
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider Types\Type 024\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNELBASE.dll
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastResponderFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQueryTimeouts
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenDefaultServers
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273c-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\CacheAllCompartments
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\FileDirectory
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\DisableAdapterDomainName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\QueryAdapterName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DhcpDomain
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegisterAdapterName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterReverseLookup
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationTtl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\FilterClusterIp
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SQMServiceList\SQMServiceList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\QueryAdapterName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseDomainNameDevolution
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\EnableConsoleTracing
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseNewRegistration
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCachedSockets
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DowncaseSpnCauseApiOwnerIsTooLazy
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryIpMatching
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\UseDomainNameDevolution
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguageFallback
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadOverride
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationTTL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderMaxTimeout
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsSecureNameQueryFallback
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\EnableMulticast
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\EMPTY
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxCacheSize
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Comment
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\RegistrationEnabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenBadTlds
  • HKEY_CURRENT_USER\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationEnabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationOverwrite
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableMulticast
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\FileTracingMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableMulticast
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterPrimaryName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UpdateTopLevelDomainZones
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\QueryAdapterName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\EnableAdapterDomainNameRegistration
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\EnableDAForAllNetworks
  • HKEY_CURRENT_USER\Control Panel\Desktop\PreferredUILanguages
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureDll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableDns
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\LsaExtensionConfig\SspiCli\CheckSignatureRoutine
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\AlternateCodePage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationMaxAddressCount
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\EnableProxy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\9B700E
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationMaxAddressCount
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DnsQuickQueryTimeouts
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\NodeType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableAdapterDomainName
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AllowUnqualifiedQuery
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQuickQueryTimeouts
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\PrioritizeRecordData
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseHostsFile
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsQueryTimeouts
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\MSCOREE.DLL
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Capabilities
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT\Parameters\DhcpNodeType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\MaxFileSize
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\MaxNumberOfAddressesToRegister
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DirectAccessQueryOrder
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DefaultRegistrationRefreshInterval
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegisterWanAdapters
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DynamicServerQueryOrder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\Domain
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\SearchList
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\MaxNumberOfAddressesToRegister
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ScreenUnreachableServers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\TokenSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableReverseAddressRegistrations
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\FileDirectory
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableWanDynamicUpdate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\RegistrationMaxAddressCount
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableDynamicUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AdapterTimeoutLimit
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\DhcpDomain
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\Domain
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ShareCredsWithWinHttp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\WaitForNameErrorOnAll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\KERNEL32.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\MaxFileSize
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\DisableDynamicUpdate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\EnableAdapterDomainNameRegistration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\DnsTest
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc2740-d442-11e0-8ee6-806e6f6e6963}\Data
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\AllowUnqualifiedQuery
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ServerPriorityTimeLimit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MaxNegativeCacheTtl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{87979D8F-DBB2-48D6-A984-D5B3AF417131}\RegisterAdapterName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\DisableBranchCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\MulticastSenderFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\ResolverRegistrationOnly
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\RegistrationRefreshInterval
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\RegistrationEnabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\ntdll.dll
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\ComputerName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b9fc273d-d442-11e0-8ee6-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AddrConfigControl
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\DisableAdapterDomainName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\AppendToMultiLabelName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\Tracing\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\SspiCache\credssp.dll\RpcId
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\PrioritizeRecordData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache\Parameters\UseCompartments
Registry Key-Written
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\MaxFileSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\FileTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\FileTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\MaxFileSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASAPI32\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YgoUpdater_RASMANCS\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\EnableConsoleTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\ConsoleTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\EnableFileTracing
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\FileTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\FileDirectory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\MaxFileSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\FileTracingMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASAPI32\MaxFileSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DevPro_RASMANCS\EnableFileTracing
Mutex-Accessed
  • RasPbFile
  • RasPbFile

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 484, Parent PID: 388

"C:\Users\Harry Dresden\AppData\Local\Temp\DevPro.exe" PID: 4964, Parent PID: 4936

"C:\Users\Harry Dresden\AppData\Local\Temp\YgoUpdater.exe" http://158.69.116.140/launcher/updates/patch210750.zip,http://158.69.116.140/launcher/updates/patch210751.zip,http://158.69.116.140/launcher/updates/patch210760.zip,http://158.69.116.140/launcher/updates/patch210770.zip,http://158.69.116.140/launcher/updates/patch210771.zip,http://158.69.116.140/launcher/updates/patch210780.zip,http://158.69.116.140/launcher/updates/patch210790.zip,http://158.69.116.140/launcher/updates/patch210800.zip,http://158.69.116.140/launcher/updates/patch210810.zip,http://158.69.116.140/launcher/updates/patch210820.zip,http://158.69.116.140/launcher/updates/patch210830.zip,http://158.69.116.140/launcher/updates/patch210840.zip,http://158.69.116.140/launcher/updates/patch210850.zip,http://158.69.116.140/launcher/updates/patch210860.zip,http://158.69.116.140/launcher/updates/patch210861.zip,http://158.69.116.140/launcher/updates/patch210870.zip,http://158.69.116.140/launcher/updates/patch210880.zip,http://158.69.116.140/launcher/updates/patch210890.zip C:\Users\Harry Dresden\AppData\Local\Temp\DevPro.exe PID: 1928, Parent PID: 4964

Volatility

Nothing to display.