Zero‑Dwell Threat Intelligence Report
A narrative, executive‑ready view into the malware’s behavior, exposure, and reliable defenses.
Generated: 2025-11-27 12:48:44 UTC
Executive Overview — What We’re Dealing With
This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.
File
donsdp.exe
Type
Generic CIL Executable (.NET, Mono, etc.)
SHA‑1
3fbf8354afb4c6856598123ab905fbd1c1871930
MD5
e097225f199708dd6bb74c15d2a74eca
First Seen
2025-11-25 07:59:44.607713
Last Analysis
2025-11-25 09:02:25.381983
Dwell Time
0 days, 7 hours, 33 minutes
Extended Dwell Time Impact
For 1+ hours, this malware remained undetected — a limited but sufficient window for the adversary to complete initial execution and establish basic system access.
Comparative Context
Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.
Timeline
| Time (UTC) | Event | Elapsed |
|---|---|---|
| 2025-11-02 16:18:47 UTC | First VirusTotal submission | — |
| 2025-11-27 06:46:12 UTC | Latest analysis snapshot | 24 days, 14 hours, 27 minutes |
| 2025-11-27 12:48:44 UTC | Report generation time | 24 days, 20 hours, 29 minutes |
Why It Matters
Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.
Global Detection Posture — Who Caught It, Who Missed It
VirusTotal engines: 72. Detected as malicious: 56. Missed: 16. Coverage: 77.8%.
Detected Vendors
- Xcitium
- +55 additional vendors (names not provided)
List includes Xcitium plus an additional 55 vendors per the provided summary.
Missed Vendors
- Acronis
- Antiy-AVL
- Baidu
- ClamAV
- CMC
- Cynet
- Jiangmin
- SUPERAntiSpyware
- TACHYON
- tehtris
- TrendMicro
- VBA32
- VirIT
- Webroot
- Yandex
- Zoner
Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.
Behavioral Storyline — How the Malware Operates
Dominant system-level operations (42.82% of behavior) suggest this malware performs deep system reconnaissance, privilege escalation, or core OS manipulation. It’s actively probing system defenses and attempting to gain administrative control.
Behavior Categories (weighted)
Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.
| Category | Weight | Percentage |
|---|---|---|
| System | 656 | 42.82% |
| Registry | 370 | 24.15% |
| File System | 211 | 13.77% |
| Process | 137 | 8.94% |
| Misc | 59 | 3.85% |
| Crypto | 35 | 2.28% |
| Device | 22 | 1.44% |
| Threading | 20 | 1.31% |
| Synchronization | 11 | 0.72% |
| Com | 7 | 0.46% |
| Hooking | 3 | 0.20% |
| Windows | 1 | 0.07% |
MITRE ATT&CK Mapping
- T1083 – check if file exists
- T1083 – check if directory exists
- T1560.002 – compress data using GZip in .NET
- T1082 – query environment variable
- T1497.001 – reference anti-VM strings targeting Xen
- T1222 – set file attributes
- T1562 – Tries to unhook or modify Windows functions monitored by CAPE
- T1562.001 – Tries to unhook or modify Windows functions monitored by CAPE
- T1027 – The binary likely contains encrypted or compressed data
- T1027.002 – The binary likely contains encrypted or compressed data
- T1082 – Collects information to fingerprint the system
- T1082 – Checks available memory
- T1057 – Enumerates running processes
- T1012 – Collects information to fingerprint the system
- T1071 – Yara detections observed in process dumps, payloads or dropped files
- T1071 – Reads data out of its own binary image
- T1106 – Guard pages use detected – possible anti-debugging.
- T1106 – Created a process from a suspicious location
- T1112 – Stores large binary data to the registry
- T1562.001 – Creates guard pages, often used to prevent reverse engineering and debugging
- T1497 – Allocates memory with a write watch (potentially for evading sandboxes)
- T1497 – May sleep (evasive loops) to hinder dynamic analysis
- T1027 – Sample is packed with UPX
- T1027.002 – Sample is packed with UPX
- T1056 – Sample has functionality to log and monitor keystrokes, analyze it with the keystroke simulation cookbook
- T1056 – Installs a raw input device (often for capturing keystrokes)
- T1057 – Queries a list of all running processes
- T1083 – Reads ini files
- T1082 – Queries the volume information (name, serial number etc) of a device
- T1082 – Queries the cryptographic machine GUID
- T1005 – Found many strings related to Crypto-Wallets (likely being stolen)
Following the Trail — Network & DNS Activity
Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.
Contacted Domains
| Domain | IP | Country | ASN/Org |
|---|---|---|---|
| www.msftncsi.com | 23.200.3.18 | United States | Akamai Technologies, Inc. |
| www.aieov.com | 76.223.54.146 | United States | Amazon.com, Inc. |
Observed IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
DNS Queries
| Request | Type |
|---|---|
| 5isohu.com | A |
| www.msftncsi.com | A |
| www.aieov.com | A |
Contacted IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
Port Distribution
| Port | Count | Protocols |
|---|---|---|
| 137 | 1 | udp |
| 138 | 1 | udp |
| 5355 | 5 | udp |
| 53 | 6 | udp |
| 3702 | 1 | udp |
UDP Packets
| Source IP | Dest IP | Sport | Dport | Time | Proto |
|---|---|---|---|---|---|
| 192.168.56.13 | 192.168.56.255 | 137 | 137 | 8.372936010360718 | udp |
| 192.168.56.13 | 192.168.56.255 | 138 | 138 | 14.370308876037598 | udp |
| 192.168.56.13 | 224.0.0.252 | 49311 | 5355 | 10.870301961898804 | udp |
| 192.168.56.13 | 224.0.0.252 | 55150 | 5355 | 8.304192066192627 | udp |
| 192.168.56.13 | 224.0.0.252 | 60010 | 5355 | 10.309443950653076 | udp |
| 192.168.56.13 | 224.0.0.252 | 62406 | 5355 | 8.309265851974487 | udp |
| 192.168.56.13 | 224.0.0.252 | 63527 | 5355 | 8.855016946792603 | udp |
| 192.168.56.13 | 239.255.255.250 | 52252 | 3702 | 8.314316034317017 | udp |
| 192.168.56.13 | 8.8.4.4 | 54879 | 53 | 12.911870002746582 | udp |
| 192.168.56.13 | 8.8.4.4 | 54881 | 53 | 11.41391897201538 | udp |
| 192.168.56.13 | 8.8.4.4 | 58697 | 53 | 26.85461401939392 | udp |
| 192.168.56.13 | 8.8.8.8 | 54879 | 53 | 13.917155981063843 | udp |
| 192.168.56.13 | 8.8.8.8 | 54881 | 53 | 12.401453018188477 | udp |
| 192.168.56.13 | 8.8.8.8 | 58697 | 53 | 25.855485916137695 | udp |
Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.
Persistence & Policy — Registry and Services
Registry and service telemetry points to policy awareness and environment reconnaissance rather than noisy persistence. Below is a compact view of the most relevant keys and handles; expand to see the full lists where available.
Registry Opened
402
Registry Set
301
Services Started
2
Services Opened
1
Registry Opened (Top 25)
| Key |
|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\RemoteServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer32 |
| HKEY_CURRENT_USER\Software\Microsoft\.NETFramework |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivationType |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\TrustLevel |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\FeatureSIMD |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath |
Show all (402 total)
| Key |
|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{657A8842-0B5E-40E1-B8CB-9AAFACC33AAB}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\Elevation |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateAsUser |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Threading |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4005801669-2598574594-602355426-1001\Installer\Assemblies\Global |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\CustomAttributes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Server |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Soundpad.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CustomAttributes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\DllPath |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInSharedBroker |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\CustomAttributes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository |
| Policy\Standards |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\Elevation |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|<USER>|Desktop|Soundpad.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SKUs\default |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4005801669-2598574594-602355426-1001\Installer\Assemblies\C:|Users|<USER>|Desktop|Soundpad.exe |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
| HKEY_CURRENT_USER\Software |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\v4.0 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4270068108-2931534202-3907561125-1001\Installer\Assemblies\Global |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\OnlyUseLatestCLR |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|azure|Downloads|Soundpad.exe |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LoggingLevel |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\FeatureSIMD |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SessionMerging |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\AdminTabProcs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion |
| HKEY_LOCAL_MACHINE\System\Setup |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\ForceLog |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\FileInUseRetryAttempts |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\DisableMSIPeek |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\DownloadCacheQuotaInKB |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\EnableLog |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\index9 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4270068108-2931534202-3907561125-1001\Installer\Assemblies\C:|Users|azure|Downloads|Soundpad.exe |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\EnablePunycode |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer |
| HKEY_LOCAL_MACHINE\System\Setup\SystemSetupInProgress |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\Latest |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562 |
| HKEY_LOCAL_MACHINE\Software\Policies |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\CacheLocation |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\InstallRoot |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DisableConfigCache |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LogFailures |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\CLRLoadLogDir |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\default |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CreateUriCacheSize |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915 |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|azure|Downloads|Soundpad.exe |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\UseRyuJIT |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Deployment__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v4.0.30319 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089 |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameTabWindow |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Remoting__b77a5c561934e089 |
| HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheck |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Deployment__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LogResourceBinds |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\UseLegacyIdentityFormat |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.VisualBasic__b03f5f7f11d50a3a |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FrameMerging |
| HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\TabProcGrowth |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Remoting__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs |
| HKEY_CURRENT_USER_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\TreatAs |
| HKEY_CURRENT_USER_Classes\Folder\Clsid |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid |
| HKEY_CURRENT_USER_Classes\SystemFileAssociations\.exe\DocObject |
| HKEY_CURRENT_USER_Classes\exefile\Clsid |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000346-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\TreatAs |
| HKEY_CURRENT_USER_Classes\Drive\shellex\FolderExtensions |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{00000346-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD} |
| HKEY_CURRENT_USER\Software\Microsoft\Fusion |
| HKEY_CURRENT_USER_Classes\Directory\ShellEx\IconHandler |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1 |
| HKEY_CURRENT_USER_Classes\SystemFileAssociations\.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ProgIdIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\LocalServer32 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AllowedEnumeration |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{00000344-0000-0000-C000-000000000046} |
| HKEY_CURRENT_USER_Classes\exefile\ShellEx\IconHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
| HKEY_CURRENT_USER_Classes\Directory |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{00000344-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0000032A-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\9 |
| HKEY_CURRENT_USER_Classes\Directory\Clsid |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000344-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\TreatAs |
| HKEY_CURRENT_USER_Classes\SystemFileAssociations\.exe\BrowseInPlace |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|user|Desktop|Soundpad.exe |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|user|Desktop|Soundpad.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000339-0000-0000-C000-000000000046} |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{0000034B-0000-0000-C000-000000000046} |
| HKEY_CURRENT_USER_Classes\Folder\BrowseInPlace |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\steamwebhelper.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance\InitPropertyBag |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24} |
| HKEY_CURRENT_USER_Classes\SystemFileAssociations\.exe\ShellEx\IconHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TypeLibIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0 |
| HKEY_CURRENT_USER_Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\LocalServer32 |
| HKEY_CURRENT_USER_Classes\Folder |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32 |
| HKEY_CURRENT_USER_Classes\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000339-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InprocHandler |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder |
| HKEY_CURRENT_USER_Classes\.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32 |
| HKEY_CURRENT_USER_Classes\AllFilesystemObjects |
| HKEY_CURRENT_USER_Classes\Folder\DocObject |
| HKEY_CURRENT_USER_Classes\Folder\ShellEx\IconHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid |
| HKEY_CURRENT_USER_Classes\AllFilesystemObjects\Clsid |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ProgIdIndex\WbemScripting.SWbemLocator |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace |
| HKEY_CURRENT_USER_Classes\exefile |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{0000032A-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{00000346-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000032A-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{0000034B-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000346-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance\NULL |
| HKEY_CURRENT_USER_Classes\Directory\BrowseInPlace |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
| HKEY_CURRENT_USER_Classes\SystemFileAssociations\.exe\Clsid |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler32 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
| HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{0000032A-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{00000339-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 |
| HKEY_CURRENT_USER\Control Panel\International\Geo |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000344-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000034B-0000-0000-C000-000000000046} |
| HKEY_CURRENT_USER_Classes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\409 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{00000339-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4df0c730-df9d-4ae3-9153-aa6b82e9795a}\Elevation |
| HKEY_CURRENT_USER_Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} |
| HKEY_LOCAL_MACHINE\OSDATA\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocHandler |
| HKEY_CURRENT_USER_Classes\exefile\DocObject |
| HKEY_CURRENT_USER_Classes\AllFilesystemObjects\BrowseInPlace |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\Elevation |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 |
| HKEY_CURRENT_USER_Classes\AllFilesystemObjects\DocObject |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32 |
| HKEY_CURRENT_USER_Classes\AllFilesystemObjects\ShellEx\IconHandler |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\LocalServer32 |
| HKEY_CURRENT_USER_Classes\CLSID\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\ShellFolder |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NULL |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Elevation |
| HKEY_CURRENT_USER_Classes\Directory\DocObject |
| HKEY_CURRENT_USER_Classes\exefile\BrowseInPlace |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0000034B-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\Elevation |
| HKEY_CURRENT_USER_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance\InitPropertyBag |
| HKEY_CURRENT_USER\Software\Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\Instance |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Elevation |
| HKEY_CURRENT_USER_Classes\exefile\CurVer |
Registry Set (Top 25)
| Key | Value |
|---|---|
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/genuineintel_-_intel64_family_6_model_79_-____________intel(r)_xeon(r)_cpu_@_2.20ghz/_0\DriverVerVersion | 6.1.7601.24520 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/genuineintel_-_intel64_family_6_model_79_-____________intel(r)_xeon(r)_cpu_@_2.20ghz/_1\DriverVerVersion | 6.1.7601.24520 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/pnp0303/4&2c352a27&0\DriverVerVersion | 6.1.7601.17514 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/pnp0700/4&2c352a27&0\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/pnp0a03/0\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplication\0000c34c48b48a14753d8877e705591744db00000000\Publisher | Microsoft Corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplication\0000021f1df94e2c7570a94e39009b97cde300000000\Publisher | Microsoft Corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/pnp0a06/pci_hotplug_resources\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/pnp0b00/4&2c352a27&0\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/pnp0f13/4&2c352a27&0\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\acpi/qemu0002/3&267a616a&0\DriverVerVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\hdaudio/func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001/4&82fd0c&0&0001\DriverVerVersion | 6.1.7601.24519 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1001&subsys_00021af4&rev_00/3&267a616a&0&38\DriverVerVersion | 61.77.104.17100 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1002&subsys_00051af4&rev_00/3&267a616a&0&40\DriverVerVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1003&subsys_00031af4&rev_00/3&267a616a&0&30\DriverVerVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_1b36&dev_0100&subsys_11001af4&rev_05/3&267a616a&0&10\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_100e&subsys_11001af4&rev_03/3&267a616a&0&18\DriverVerVersion | 8.4.1.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_1237&subsys_11001af4&rev_02/3&267a616a&0&00\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_2668&subsys_11001af4&rev_01/3&267a616a&0&20\DriverVerVersion | 6.1.7601.17514 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_2934&subsys_11001af4&rev_03/3&267a616a&0&28\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_2935&subsys_11001af4&rev_03/3&267a616a&0&29\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_2936&subsys_11001af4&rev_03/3&267a616a&0&2a\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_293a&subsys_11001af4&rev_03/3&267a616a&0&2f\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_7000&subsys_11001af4&rev_00/3&267a616a&0&08\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pci/ven_8086&dev_7010&subsys_11001af4&rev_00/3&267a616a&0&09\DriverVerVersion | 6.1.7601.18231 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pciide/idechannel/4&403bef5&0&0\DriverVerVersion | 6.1.7601.18231 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\pciide/idechannel/4&403bef5&0&1\DriverVerVersion | 6.1.7601.18231 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\scsi/disk&ven_red_hat&prod_virtio/4&3595d273&0&000000\DriverVerVersion | 6.1.7601.19133 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\usb/root_hub20/4&1df0ebf0&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\usb/root_hub/4&1327ac63&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\usb/root_hub/4&2498ad15&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\usb/root_hub/4&3227fcd4&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{27db0821-3bf9-f71a-f96f-a53403857690}\FriendlyName | AZURE-PC |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\{3e395e2e-0a77-5e77-8cea-5633ca5b5831}\DriverVerVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{8b19d947-35da-14cb-2134-6586f47f8530}\FriendlyName | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{3d362e77-8e1a-b332-2008-5fe18b068f95}\FriendlyName | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{fc25e1b0-d28e-45aa-2fe2-6c6dd6ed05fc}\FriendlyName | Red Hat VirtIO SCSI Disk Device |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{7431a2df-217c-3945-9910-7f734f1c0b9d}\FriendlyName | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{b2214ffb-cfbd-3695-6be4-7b60be5ee496}\FriendlyName | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\hid/vid_0627&pid_0001/6&e74c61b&0&0000\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\usb/vid_0627&pid_0001/28754-0000:00:05.7-1\DriverVerVersion | 6.1.7601.24386 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{615acc7d-ec3e-3892-ebb4-91e57cb137e4}\FriendlyName | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{b36f9a3e-2c32-448c-8bb5-18f65536904a}\FriendlyName | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDevicePnp\display/default_monitor/4&17f3f539&0&12345678&00&02\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryDeviceContainer\{f61ebb59-14dd-4786-7dc7-1bc8023cad36}\FriendlyName | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\LowerCaseLongPath | c:\program files\mozilla firefox\updated\crashreporter.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\LinkDate | 01/04/2023 18:08:34 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\LowerCaseLongPath | c:\program files\mozilla firefox\updated\default-browser-agent.exe |
Show all (301 total)
| Key | Value |
|---|---|
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\LinkDate | 01/04/2023 18:14:01 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\LowerCaseLongPath | c:\program files\mozilla firefox\updated\firefox.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\LinkDate | 01/04/2023 18:07:51 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\BinProductVersion | 108.0.2.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\LowerCaseLongPath | c:\program files\mozilla firefox\updated\maintenanceservice.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\LinkDate | 01/04/2023 18:08:08 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\LowerCaseLongPath | c:\program files\mozilla firefox\updated\maintenanceservice_installer.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\LinkDate | 07/24/2021 22:21:04 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\BinProductVersion | 1.0.0.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\LowerCaseLongPath | c:\program files\mozilla firefox\updated\minidump-analyzer.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\LinkDate | 01/04/2023 18:08:09 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\LowerCaseLongPath | c:\program files\mozilla firefox\updated\pingsender.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\LinkDate | 01/04/2023 18:08:08 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\LowerCaseLongPath | c:\program files\mozilla firefox\updated\plugin-container.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\LinkDate | 01/04/2023 18:25:28 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\BinProductVersion | 108.0.2.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\LowerCaseLongPath | c:\program files\mozilla firefox\updated\private_browsing.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\LinkDate | 01/04/2023 18:07:20 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\BinProductVersion | 108.0.2.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\LowerCaseLongPath | c:\program files\mozilla firefox\updated\uninstall\helper.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\LinkDate | 07/24/2021 22:21:04 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\BinProductVersion | 1.0.0.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\LowerCaseLongPath | c:\program files\mozilla firefox\updated\updater.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\LinkDate | 01/04/2023 18:07:32 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LowerCaseLongPath | c:\program files\mozilla firefox\crashreporter.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplication\0000ca0169d7b9bbcfa4e65eb68a13f930210000ffff\Publisher | Mozilla |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LowerCaseLongPath | c:\program files\mozilla firefox\default-browser-agent.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LowerCaseLongPath | c:\program files\mozilla firefox\firefox.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LowerCaseLongPath | c:\program files\mozilla firefox\maintenanceservice.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LowerCaseLongPath | c:\program files\mozilla firefox\maintenanceservice_installer.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LowerCaseLongPath | c:\program files\mozilla firefox\minidump-analyzer.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LowerCaseLongPath | c:\program files\mozilla firefox\pingsender.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LowerCaseLongPath | c:\program files\mozilla firefox\plugin-container.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\Publisher | mozilla corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LowerCaseLongPath | c:\program files\mozilla firefox\updater.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\Publisher | mozilla foundation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LinkDate | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\BinProductVersion | (Empty) |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\addinprocess.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LinkDate | 03/28/2019 06:56:01 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\addinprocess.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\LinkDate | 03/28/2019 06:56:01 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\addinprocess32.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\LinkDate | 03/28/2019 06:56:57 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\addinprocess32.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\LinkDate | 03/28/2019 06:56:57 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\addinutil.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\LinkDate | 03/28/2019 06:56:58 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\addinutil.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\LinkDate | 03/28/2019 06:56:58 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\applaunch.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\LinkDate | 03/28/2019 06:36:04 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\LinkDate | 03/28/2019 06:49:21 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\LinkDate | 03/28/2019 06:48:46 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\LinkDate | 03/28/2019 06:56:53 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\LinkDate | 03/28/2019 06:48:49 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\LinkDate | 03/28/2019 06:56:53 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\LinkDate | 03/28/2019 06:56:58 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\LinkDate | 03/28/2019 06:56:56 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\LinkDate | 03/28/2019 06:57:06 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_wp.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\LinkDate | 12/03/2019 22:00:00 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\LinkDate | 12/03/2019 22:08:22 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\caspol.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\LinkDate | 03/28/2019 06:49:14 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\caspol.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\LinkDate | 03/28/2019 06:35:27 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\comsvcconfig.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\LinkDate | 03/28/2019 07:24:03 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\LinkDate | 03/28/2019 07:24:03 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\csc.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\LinkDate | 03/28/2019 07:23:26 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\csc.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\LinkDate | 03/28/2019 07:20:59 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\cvtres.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\LinkDate | 09/26/2018 23:48:24 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\BinProductVersion | 14.10.25028.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\LinkDate | 09/26/2018 23:45:05 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\BinProductVersion | 14.10.25028.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\datasvcutil.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\LinkDate | 03/28/2019 06:57:10 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\datasvcutil.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\LinkDate | 03/28/2019 06:57:10 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\dfsvc.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\LinkDate | 03/28/2019 06:56:35 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\LinkDate | 03/28/2019 06:56:35 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\edmgen.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\LinkDate | 03/28/2019 06:57:51 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\edmgen.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\LinkDate | 03/28/2019 06:57:51 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\ilasm.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\LinkDate | 03/28/2019 06:38:02 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\ilasm.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\LinkDate | 03/28/2019 06:56:27 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\installutil.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\LinkDate | 03/28/2019 06:47:19 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\jsc.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\LinkDate | 03/28/2019 07:26:30 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\BinProductVersion | 14.8.3761.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\jsc.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\LinkDate | 03/28/2019 07:26:30 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\BinProductVersion | 14.8.3761.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\LinkDate | 03/28/2019 07:23:52 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\LowerCaseLongPath | c:\windows\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\LinkDate | 03/28/2019 07:23:52 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\Publisher | microsoft corporation |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\LinkDate | 03/28/2019 07:23:52 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\msbuild.exe |
| \REGISTRY\A\{A4ACAAF1-E431-F67D-EB16-307E17205ADA}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff\Publisher | microsoft corporation |
| HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults\data | D9 A7 A8 01 01 00 03 00 EC 03 F4 6F 00 00 00 00 0C 00 00 00 03 00 00 00 49 A8 A8 01 01 02 03 00 5C 4 |
Services Started (Top 15)
| Service |
|---|
| BITS |
| WSearch |
Services Opened (Top 15)
| Service |
|---|
| VaultSvc |
What To Do Now — Practical Defense Playbook
- Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
- EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
- Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
- Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
- Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.
Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.