Zero‑Dwell Threat Intelligence Report
A narrative, executive‑ready view into the malware’s behavior, exposure, and reliable defenses.
Generated: 2025-09-26 07:49:53 UTC
Executive Overview — What We’re Dealing With
This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.
File
s9u725y.exe
Type
Win64 Executable (generic)
SHA‑1
0ce10645f3a76072ada6e46ebd37666467be3b7e
MD5
d413431422430fe475eb6556009e9d3f
First Seen
2025-09-05 07:15:44.743334
Last Analysis
2025-09-05 10:02:29.670914
Dwell Time
0 days, 7 hours, 33 minutes
Extended Dwell Time Impact
For 2+ hours, this malware remained undetected — a limited but sufficient window for the adversary to complete initial execution and establish basic system access.
Comparative Context
Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.
Timeline
| Time (UTC) | Event | Elapsed |
|---|---|---|
| 2025-09-04 11:01:57 UTC | First VirusTotal submission | — |
| 2025-09-09 07:34:23 UTC | Latest analysis snapshot | 4 days, 20 hours, 32 minutes |
| 2025-09-26 07:49:53 UTC | Report generation time | 21 days, 20 hours, 47 minutes |
Why It Matters
Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.
Global Detection Posture — Who Caught It, Who Missed It
VirusTotal engines: 73. Detected as malicious: 51. Missed: 22. Coverage: 69.9%.
Detected Vendors
- Xcitium
- +50 additional vendors (names not provided)
List includes Xcitium plus an additional 50 vendors per the provided summary.
Missed Vendors
- Acronis
- Antiy-AVL
- Baidu
- ClamAV
- CMC
- huorong
- Jiangmin
- NANO-Antivirus
- SentinelOne
- SUPERAntiSpyware
- TACHYON
- tehtris
- Trapmine
- TrendMicro
- VBA32
- VirIT
- ViRobot
- Webroot
- Yandex
- Zillya
- ZoneAlarm
- Zoner
Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.
Behavioral Storyline — How the Malware Operates
Intensive file system activity (36.23% of behavior) indicates data harvesting, file encryption, or dropper behavior. The threat is actively searching for and manipulating files across the system.
Behavior Categories (weighted)
Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.
| Category | Weight | Percentage |
|---|---|---|
| File System | 2701 | 36.23% |
| Registry | 2388 | 32.03% |
| System | 1636 | 21.95% |
| Process | 456 | 6.12% |
| Crypto | 106 | 1.42% |
| Misc | 82 | 1.10% |
| Device | 29 | 0.39% |
| Com | 21 | 0.28% |
| Threading | 17 | 0.23% |
| Synchronization | 11 | 0.15% |
| Hooking | 4 | 0.05% |
| Windows | 2 | 0.03% |
| Services | 2 | 0.03% |
MITRE ATT&CK Mapping
- T1129 – parse PE header
- T1546.001 – persist via default file association registry key
- T1070.004 – self delete
- T1083 – get common file path
- T1083 – enumerate files on Windows
- T1129 – link function at runtime on Windows
- T1082 – query environment variable
- T1564 – A process created a hidden window
- T1064 – Data downloaded by powershell script
- T1064 – PowerShell attempted to make a network connection
- T1064 – A scripting utility was executed
- T1064 – Attempts to execute suspicious powershell command arguments
- T1027 – The binary contains an unknown PE section name indicative of packing
- T1564.003 – A process created a hidden window
- T1027.002 – The binary contains an unknown PE section name indicative of packing
- T1082 – Collects information to fingerprint the system
- T1082 – Checks available memory
- T1057 – Enumerates running processes
- T1012 – Collects information to fingerprint the system
- T1071 – Queries or connects to DNS-Over-HTTPS/DNS-Over-TLS domain or IP address
- T1071 – Attempts to connect to a dead IP:Port
- T1071 – The PE file contains a suspicious PDB path
- T1071 – At least one IP Address, Domain, or File Name was found in a crypto call
- T1071 – Reads from the memory of another process
- T1071 – PowerShell attempted to make a network connection
- T1071 – Yara detections observed in process dumps, payloads or dropped files
- T1573 – Establishes an encrypted HTTPS connection to an open-source code-hosting platform
- T1573 – Establishes an encrypted HTTPS connection
- T1573 – Downloads executable over encrypted HTTPS connection
- T1573 – Establishes an encrypted HTTPS connection to a social media API
- T1106 – Guard pages use detected – possible anti-debugging.
- T1106 – Created a process from a suspicious location
- T1059 – A scripting utility was executed
- T1059 – A document or script wrote an executable file to disk
- T1059 – Attempts to execute suspicious powershell command arguments
- T1059 – Data downloaded by powershell script
- T1059 – PowerShell attempted to make a network connection
- T1059 – A script or command line contains a long continuous string indicative of obfuscation
- T1059 – Executed a very long command line or script command which may be indicative of chained commands or obfuscation
- T1059.001 – Data downloaded by powershell script
- T1059.001 – PowerShell attempted to make a network connection
- T1059.001 – Attempts to execute suspicious powershell command arguments
- T1129 – The process attempted to dynamically load a malicious function
- T1057 – The process has tried to detect the debugger probing the use of page guards.
- T1564.003 – Detected the creation of a hidden window (common execution hiding technique)
- T1057 – The process attempted to detect a running debugger using common APIs
- T1086 – Detected some PowerShell commands executions
- T1059 – Decoded suspicious Command
- T1140 – Decoded suspicious Command
- T1202 – Decoded suspicious Command
- T1063 – It Tries to detect injection methods
- T1059 – Very long cmdline option found, this is very uncommon (may be encrypted or packed)
- T1059.001 – Bypasses PowerShell execution policy
- T1059.001 – Encrypted powershell cmdline option found
- T1059.001 – Powershell drops PE file
- T1036 – Creates files inside the user directory
- T1497 – Queries disk information (often used to detect virtual machines)
- T1497 – May sleep (evasive loops) to hinder dynamic analysis
- T1140 – Encrypted powershell cmdline option found
- T1027 – Sample is packed with UPX
- T1027.002 – Sample is packed with UPX
- T1056 – Sample has functionality to log and monitor keystrokes, analyze it with the keystroke simulation cookbook
- T1056 – Installs a raw input device (often for capturing keystrokes)
- T1518.001 – Queries disk information (often used to detect virtual machines)
- T1057 – Queries a list of all running processes
- T1083 – Reads ini files
- T1082 – Queries disk information (often used to detect virtual machines)
- T1082 – Queries the volume information (name, serial number etc) of a device
- T1082 – Queries the cryptographic machine GUID
- T1005 – Found many strings related to Crypto-Wallets (likely being stolen)
- T1573 – Uses HTTPS
- T1071 – Uses HTTPS
Following the Trail — Network & DNS Activity
Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.
Contacted Domains
| Domain | IP | Country | ASN/Org |
|---|---|---|---|
| www.msftncsi.com | 23.200.3.20 | United States | Akamai Technologies, Inc. |
| www.aieov.com | 76.223.54.146 | United States | Amazon.com, Inc. |
Observed IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
DNS Queries
| Request | Type |
|---|---|
| 5isohu.com | A |
| www.msftncsi.com | A |
| www.aieov.com | A |
Contacted IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
Port Distribution
| Port | Count | Protocols |
|---|---|---|
| 137 | 1 | udp |
| 5355 | 5 | udp |
| 53 | 12 | udp |
| 3702 | 1 | udp |
UDP Packets
| Source IP | Dest IP | Sport | Dport | Time | Proto |
|---|---|---|---|---|---|
| 192.168.56.13 | 192.168.56.255 | 137 | 137 | 7.333471059799194 | udp |
| 192.168.56.13 | 224.0.0.252 | 49311 | 5355 | 9.836605072021484 | udp |
| 192.168.56.13 | 224.0.0.252 | 55150 | 5355 | 7.2618889808654785 | udp |
| 192.168.56.13 | 224.0.0.252 | 60010 | 5355 | 9.27229118347168 | udp |
| 192.168.56.13 | 224.0.0.252 | 62406 | 5355 | 7.263925075531006 | udp |
| 192.168.56.13 | 224.0.0.252 | 63527 | 5355 | 7.571959972381592 | udp |
| 192.168.56.13 | 239.255.255.250 | 52252 | 3702 | 7.270477056503296 | udp |
| 192.168.56.13 | 8.8.4.4 | 54879 | 53 | 11.833394050598145 | udp |
| 192.168.56.13 | 8.8.4.4 | 54881 | 53 | 10.163180112838745 | udp |
| 192.168.56.13 | 8.8.4.4 | 57310 | 53 | 69.00487899780273 | udp |
| 192.168.56.13 | 8.8.4.4 | 58697 | 53 | 25.52023410797119 | udp |
| 192.168.56.13 | 8.8.4.4 | 62493 | 53 | 54.61429500579834 | udp |
| 192.168.56.13 | 8.8.4.4 | 62849 | 53 | 39.88025617599487 | udp |
| 192.168.56.13 | 8.8.8.8 | 54879 | 53 | 12.833253145217896 | udp |
| 192.168.56.13 | 8.8.8.8 | 54881 | 53 | 11.161134004592896 | udp |
| 192.168.56.13 | 8.8.8.8 | 57310 | 53 | 68.00518417358398 | udp |
| 192.168.56.13 | 8.8.8.8 | 58697 | 53 | 24.521717071533203 | udp |
| 192.168.56.13 | 8.8.8.8 | 62493 | 53 | 53.61495804786682 | udp |
| 192.168.56.13 | 8.8.8.8 | 62849 | 53 | 38.88056397438049 | udp |
Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.
Persistence & Policy — Registry and Services
Registry and service telemetry points to policy awareness and environment reconnaissance rather than noisy persistence. Below is a compact view of the most relevant keys and handles; expand to see the full lists where available.
Registry Opened
472
Registry Set
325
Services Started
2
Services Opened
4
Registry Opened (Top 25)
| Key |
|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{000C10F1-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4005801669-2598574594-602355426-1001\Installer\Assemblies\Global |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableWeakSignatureFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxVerifySignatureCountPerChain |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableCANameConstraints |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1\CryptSIPDllPutSignedDataMsg |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AMSI\FeatureBits |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\DisableConfigCache |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MinRsaPubKeyBitLength |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1629F04E-2799-4DB5-8FE5-ACE10F17EBAB} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Permissions |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateInBrokerForMediumILContainer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\Software\Microsoft\OLE |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalByteCount |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\OnlyUseLatestCLR |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCountPerChain |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\DisableUnsupportedCriticalExtensions |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE} |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue |
| HKEY_LOCAL_MACHINE\Software\Microsoft\AMSI |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense |
| HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\CustomAttributes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} |
Show all (472 total)
| Key |
|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\TrustLevel |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateAsUser |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxIssuerDepth |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4005801669-2598574594-602355426-1001\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe.Config |
| HKEY_CURRENT_USER\Software\Microsoft\.NETFramework |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateOnHostFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{603BCC1F-4B59-4E08-B724-D2C6297EF351} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{0F5F58B3-AADE-4B9A-A434-95742D92ECEB} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateInSharedBroker |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\RemoteServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Server |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxPathCountPerChain |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{5598CFF1-68DB-4340-B57F-1CACF88C9A51} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\UseRyuJIT |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivationType |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\InstallRoot |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\CryptnetPreFetchTriggerPeriodSeconds |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{1A610570-38CE-11D4-A2A3-00104BD35090} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Release |
| HKEY_LOCAL_MACHINE\Software\Classes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxUrlRetrievalByteCount |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\DllPath |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlRetrievalCertCount |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe.Config |
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\MaxAIAUrlCountInCert |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{06C9E010-38CE-11D4-A2A3-00104BD35090} |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\powershell.exe |
| HKEY_LOCAL_MACHINE\Software\Microsoft\AMSI\Providers |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir |
| HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Threading |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonW6432Dir |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\HillClimbing_TargetSignalToNoiseRatio |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\powershell_RASAPI32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\CTLs |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\CRLs |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust\CRLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\Certificates |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\CRLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CRLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust\Certificates |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\CTLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\Certificates |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\CRLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\powershell_RASMANCS |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Disallowed\CTLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\CRLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA\Certificates |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\Certificates |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\TrustedPeople\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\CTLs |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Root\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disallowed\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\Certificates |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\CRLs |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\trust |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\CTLs |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CTLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\trust\CRLs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Disallowed |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust\Certificates |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\trust\CRLs |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root |
| HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.System.Management.Automation__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Serialization__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Transactions__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.ServiceProcess__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.Microsoft.CSharp__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4270068108-2931534202-3907561125-1001\Installer\Assemblies\Global |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\PowerShell\ConsoleSessionConfiguration |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\HillClimbing_TargetSignalToNoiseRatio |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\InstallationType |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\EnableLog |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml.Linq__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.ConsoleHost__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Commands.Utility__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell |
| HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LoggingLevel |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\BidInterface\Loader |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\RequireCertificateEKUs |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Transactions__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.ConsoleHost.resources_en-US_31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\HWRPortReuseOnSocketBind |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.System.Management.Automation.resources_en-US_31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.Management.Infrastructure.Native__31bf3856ad364e35 |
| HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\0x0 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Management__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web.Extensions__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\UseHttpPipeliningAndBufferPooling |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\InstallRoot |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\Dynamic DST |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Uri.UseStrictIPv6AddressParsing |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\UseLegacyIdentityFormat |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.SMDiagnostics__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\FileInUseRetryAttempts |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Dynamic__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\MUI_Std |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine\NetFrameworkV4IsInstalled |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\__PSLockdownPolicy |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue |
| HKEY_CURRENT_USER\Control Panel\International |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Commands.Management.resources_en-US_31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.UseSafeSynchronousClose |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web.Services__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web.Services__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN\ServiceStackVersion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.1.0.Microsoft.Management.Infrastructure.Native__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Management__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml.Linq__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.SchSendAuxRecord |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Commands.Management__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.WSMan.Management__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\CLRLoadLogDir |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\Standards\v4.0.30319 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\0x0 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.Microsoft.CSharp__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.ConsoleHost__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Commands.Utility__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WSMAN |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Commands.Management__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\DisableMSIPeek |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.ServiceProcess__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.1.0.Microsoft.Management.Infrastructure__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4270068108-2931534202-3907561125-1001 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.10.0.Microsoft.JScript__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Windows.Forms__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SystemDefaultTlsVersions |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\MUI_Dlt |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Commands.Management.resources_en-US_31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.1.0.Microsoft.Management.Infrastructure__31bf3856ad364e35 |
| HKEY_CURRENT_USER\Control Panel\International\sYearMonth |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\OnlyUseLatestCLR |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Runtime.Serialization__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\DownloadCacheQuotaInKB |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Web__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchSendAuxRecord |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.SMDiagnostics__b77a5c561934e089 |
| HKEY_CURRENT_USER\Environment\PSMODULEPATH |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Drawing__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\SchUseStrongCrypto |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries |
| HKEY_CURRENT_USER\Software\Microsoft\.NETFramework\Policy\Standards |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-4270068108-2931534202-3907561125-1001\Installer\Assemblies\C:|Windows|System32|WindowsPowerShell|v1.0|powershell.exe |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\UseSafeSynchronousClose |
| System\CurrentControlSet\Control\SecurityProviders\Schannel\UserContextListCount |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MiniNT |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Uri.AllowDangerousUnicodeDecompositions |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.System.Management.Automation.resources_en-US_31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\FeatureSIMD |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LogResourceBinds |
| System\CurrentControlSet\Control\SecurityProviders\Schannel\UserContextLockCount |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Data.SqlXml__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine\ConsoleHostAssemblyName |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\AllowAllUriEncodingExpansion |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\ForceLog |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DisableConfigCache |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\UseStrictIPv6AddressParsing |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\AllowDangerousUnicodeDecompositions |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Runtime.Caching__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\index9 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine\RuntimeVersion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration.Install__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\TZI |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine\PowerShellVersion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Data.SqlXml__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.Security__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\CacheLocation |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.DirectoryServices__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\3\PowerShellEngine\ApplicationBase |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.System.Management.Automation__31bf3856ad364e35 |
| HKEY_CURRENT_USER\Environment |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.3.0.Microsoft.PowerShell.Security__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.PowerShell.ConsoleHost.resources_en-US_31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.3.0.Microsoft.WSMan.Management__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Dynamic__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\Latest |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\LogFailures |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\v4.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Tokyo Standard Time\MUI_Display |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\0x0 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging |
| HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Web.Extensions__31bf3856ad364e35 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Windows.Forms__b77a5c561934e089 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\Transcription |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\UseRyuJIT |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 |
| HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\0x0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Uri.AllowAllUriEncodingExpansion |
| HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\LegacyWPADSupport |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.EnterpriseServices__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\UseStrictRfcInterimResponseHandling |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Drawing__b03f5f7f11d50a3a |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz\HasRepaired\VolatileChildTest |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\HasRepaired\VolatileChildTest |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\user |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz |
| HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windowsystem32.exe |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Rpc |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows NT\DnsClient |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\MUI\Settings |
| HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows NT\Rpc |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\Tcpip6 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\Tcpip |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\System\DNSClient |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\SdbUpdates\ManifestedMergeStubSdbs |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e87602b6-fe02-11ef-83b3-806e6f6e6963} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Wow64\x86 |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\Settings |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\machine |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\Windows\Display |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US |
| HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\SdbUpdates |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\HasRepaired |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Parameters |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Wow64\x86\xtajit |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft |
| HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz\HasRepaired |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\LanguageOverlay\OverlayPackages\en-US |
| HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options |
| HKEY_LOCAL_MACHINE\Software |
| HKEY_LOCAL_MACHINE\System\Setup |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Disable8And16BitMitigation |
| HKEY_LOCAL_MACHINE\OSDATA\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM |
Registry Set (Top 25)
| Key | Value |
|---|---|
| HKEY_USERS\S-1-5-21-575823232-3065301323-1442773979-1000\Software\Microsoft\SystemCertificates\Root\Certificates\0174E68C97DDF1E0EEEA415EA336A163D2B61AFD\Blob | 5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 04 00 00 00 01 00 00 00 10 00 00 00 0D BE 92 DE FF 7D 36 BB 48 C4 A6 B1 15 24 95 38 0F 00 00 00 01 00 00 00 20 00 00 00 53 FE B9 19 2E D4 80 F2 09 12 4A 2C 57 D7 E8 97 7A 2E 9F 39 46 1D BF 21 4D F1 12 CB 16 02 4F A2 14 00 00 00 01 00 00 00 14 00 00 00 78 B8 30 FD 63 AC 7B 89 4A 07 3B ED F6 8A 83 9C C3 52 02 65 19 00 00 00 01 00 00 00 10 00 00 00 B5 74 AF 30 C5 C1 BA 3A 69 A7 10 02 00 82 4D D0 03 00 00 00 01 00 00 00 14 00 00 00 01 74 E6 8C 97 DD F1 E0 EE EA 41 5E A3 36 A1 63 D2 B6 1A FD 20 00 00 00 01 00 00 00 F8 05 00 00 30 82 05 F4 30 82 03 DC A0 03 02 01 02 02 09 00 E0 EA 61 4C 28 56 32 64 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0B 05 00 30 81 8E 31 0B 30 09 06 03 55 04 06 13 02 49 4C 31 0F 30 0D 06 03 55 04 08 0C 06 43 65 6E 74 65 72 31 0C 30 0A 06 03 55 04 07 0C 03 4C 6F 64 31 10 30 0E 06 03 55 04 0A 0C 07 47 6F 50 72 6F 78 79 31 10 30 0E 06 03 55 04 0B 0C 07 47 6F 50 72 6F 78 79 31 1A 30 18 06 03 55 04 03 0C 11 67 6F 70 72 6F 78 79 2E 67 69 74 68 75 62 2E 69 6 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\EnableFileTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\EnableAutoFileTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\EnableConsoleTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\FileTracingMask | 18446744073709486080 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\ConsoleTracingMask | 18446744073709486080 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\MaxFileSize | 1048576 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\FileDirectory | %windir%\tracing |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\EnableFileTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\EnableAutoFileTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\EnableConsoleTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\FileTracingMask | 18446744073709486080 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\ConsoleTracingMask | 18446744073709486080 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\MaxFileSize | 1048576 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\FileDirectory | %windir%\tracing |
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-4226853953-3309226944-3078887307-1000\%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe | \xe7\x3e\x77\xa7\x00\x1e\xdc\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00 |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect | 0x00000000 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplication\0000c34c48b48a14753d8877e705591744db00000000\Publisher | Microsoft Corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/genuineintel_-_intel64_family_6_model_79_-____________intel(r)_xeon(r)_cpu_@_2.20ghz/_0\DriverVerVersion | 6.1.7601.24520 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/genuineintel_-_intel64_family_6_model_79_-____________intel(r)_xeon(r)_cpu_@_2.20ghz/_1\DriverVerVersion | 6.1.7601.24520 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/pnp0303/4&2c352a27&0\DriverVerVersion | 6.1.7601.17514 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplication\0000021f1df94e2c7570a94e39009b97cde300000000\Publisher | Microsoft Corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/pnp0700/4&2c352a27&0\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/pnp0a03/0\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/pnp0a06/pci_hotplug_resources\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/pnp0b00/4&2c352a27&0\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/pnp0f13/4&2c352a27&0\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\acpi/qemu0002/3&267a616a&0\DriverVerVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\hdaudio/func_01&ven_1af4&dev_0022&subsys_1af40022&rev_1001/4&82fd0c&0&0001\DriverVerVersion | 6.1.7601.24519 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1001&subsys_00021af4&rev_00/3&267a616a&0&38\DriverVerVersion | 61.77.104.17100 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1002&subsys_00051af4&rev_00/3&267a616a&0&40\DriverVerVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_1af4&dev_1003&subsys_00031af4&rev_00/3&267a616a&0&30\DriverVerVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_1b36&dev_0100&subsys_11001af4&rev_05/3&267a616a&0&10\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_100e&subsys_11001af4&rev_03/3&267a616a&0&18\DriverVerVersion | 8.4.1.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_1237&subsys_11001af4&rev_02/3&267a616a&0&00\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_2668&subsys_11001af4&rev_01/3&267a616a&0&20\DriverVerVersion | 6.1.7601.17514 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_2934&subsys_11001af4&rev_03/3&267a616a&0&28\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_2935&subsys_11001af4&rev_03/3&267a616a&0&29\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_2936&subsys_11001af4&rev_03/3&267a616a&0&2a\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_293a&subsys_11001af4&rev_03/3&267a616a&0&2f\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_7000&subsys_11001af4&rev_00/3&267a616a&0&08\DriverVerVersion | 6.1.7601.24441 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pci/ven_8086&dev_7010&subsys_11001af4&rev_00/3&267a616a&0&09\DriverVerVersion | 6.1.7601.18231 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pciide/idechannel/4&403bef5&0&0\DriverVerVersion | 6.1.7601.18231 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\pciide/idechannel/4&403bef5&0&1\DriverVerVersion | 6.1.7601.18231 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\scsi/disk&ven_red_hat&prod_virtio/4&3595d273&0&000000\DriverVerVersion | 6.1.7601.19133 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\usb/root_hub20/4&1df0ebf0&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\LowerCaseLongPath | c:\program files\mozilla firefox\updated\crashreporter.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\LinkDate | 01/04/2023 18:08:34 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|ff7d4b2859769f83\BinProductVersion | 108.0.2.8404 |
Show all (325 total)
| Key | Value |
|---|---|
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\LowerCaseLongPath | c:\program files\mozilla firefox\updated\default-browser-agent.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\LinkDate | 01/04/2023 18:14:01 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|42c867fb8c2e92b5\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\LowerCaseLongPath | c:\program files\mozilla firefox\updated\firefox.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\LinkDate | 01/04/2023 18:07:51 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|2ad62017703a5d51\BinProductVersion | 108.0.2.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\LowerCaseLongPath | c:\program files\mozilla firefox\updated\maintenanceservice.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\LinkDate | 01/04/2023 18:08:08 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|9e41ab94690fe110\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\LowerCaseLongPath | c:\program files\mozilla firefox\updated\maintenanceservice_installer.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\LinkDate | 07/24/2021 22:21:04 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|835fe6e36c60be8a\BinProductVersion | 1.0.0.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\usb/root_hub/4&1327ac63&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\usb/root_hub/4&2498ad15&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\usb/root_hub/4&3227fcd4&0\DriverVerVersion | 6.1.7601.24138 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{27db0821-3bf9-f71a-f96f-a53403857690}\FriendlyName | AZURE-PC |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\{3e395e2e-0a77-5e77-8cea-5633ca5b5831}\DriverVerVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{8b19d947-35da-14cb-2134-6586f47f8530}\FriendlyName | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{3d362e77-8e1a-b332-2008-5fe18b068f95}\FriendlyName | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{fc25e1b0-d28e-45aa-2fe2-6c6dd6ed05fc}\FriendlyName | Red Hat VirtIO SCSI Disk Device |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{7431a2df-217c-3945-9910-7f734f1c0b9d}\FriendlyName | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{b2214ffb-cfbd-3695-6be4-7b60be5ee496}\FriendlyName | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\hid/vid_0627&pid_0001/6&e74c61b&0&0000\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\usb/vid_0627&pid_0001/28754-0000:00:05.7-1\DriverVerVersion | 6.1.7601.24386 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{615acc7d-ec3e-3892-ebb4-91e57cb137e4}\FriendlyName | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{b36f9a3e-2c32-448c-8bb5-18f65536904a}\FriendlyName | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\LowerCaseLongPath | c:\program files\mozilla firefox\updated\minidump-analyzer.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\LinkDate | 01/04/2023 18:08:09 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|65ea540e962fc321\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\LowerCaseLongPath | c:\program files\mozilla firefox\updated\pingsender.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\LinkDate | 01/04/2023 18:08:08 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|8b73640a1b1d1fbf\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\LowerCaseLongPath | c:\program files\mozilla firefox\updated\plugin-container.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\LinkDate | 01/04/2023 18:25:28 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|d11f96b41e7541d1\BinProductVersion | 108.0.2.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\LowerCaseLongPath | c:\program files\mozilla firefox\updated\private_browsing.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\LinkDate | 01/04/2023 18:07:20 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\private_browsing|f9cb5f69ed313a48\BinProductVersion | 108.0.2.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDevicePnp\display/default_monitor/4&17f3f539&0&12345678&00&02\DriverVerVersion | 6.1.7600.16385 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDeviceContainer\{06874cfd-e172-829b-34f3-8bc99edece3e}\FriendlyName | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\LowerCaseLongPath | c:\program files\mozilla firefox\updated\uninstall\helper.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\LinkDate | 07/24/2021 22:21:04 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\helper.exe|d40dac1890f7a00\BinProductVersion | 1.0.0.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\LowerCaseLongPath | c:\program files\mozilla firefox\updated\updater.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\LinkDate | 01/04/2023 18:07:32 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|1b3aeb7e8625ed27\BinProductVersion | 108.0.2.8404 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LowerCaseLongPath | c:\program files\mozilla firefox\crashreporter.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplication\0000ca0169d7b9bbcfa4e65eb68a13f930210000ffff\Publisher | Mozilla |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LowerCaseLongPath | c:\program files\mozilla firefox\default-browser-agent.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LowerCaseLongPath | c:\program files\mozilla firefox\firefox.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LowerCaseLongPath | c:\program files\mozilla firefox\maintenanceservice.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LowerCaseLongPath | c:\program files\mozilla firefox\maintenanceservice_installer.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LowerCaseLongPath | c:\program files\mozilla firefox\minidump-analyzer.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LowerCaseLongPath | c:\program files\mozilla firefox\pingsender.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LowerCaseLongPath | c:\program files\mozilla firefox\plugin-container.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\Publisher | mozilla corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LowerCaseLongPath | c:\program files\mozilla firefox\updater.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\Publisher | mozilla foundation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LinkDate | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\BinProductVersion | (Empty) |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\addinprocess.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\LinkDate | 03/28/2019 06:56:01 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|313edc2dd92685a6\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\addinprocess.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\LinkDate | 03/28/2019 06:56:01 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess.exe|31487d5668d38eef\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\addinprocess32.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\LinkDate | 03/28/2019 06:56:57 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|3e8e05d4ef4495aa\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\addinprocess32.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\LinkDate | 03/28/2019 06:56:57 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinprocess32.e|fe3b638e0334bae2\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\addinutil.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\LinkDate | 03/28/2019 06:56:58 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|92167fbc1ed0ed08\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\addinutil.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\LinkDate | 03/28/2019 06:56:58 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\addinutil.exe|ab652f18224684a7\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\applaunch.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\LinkDate | 03/28/2019 06:36:04 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|45b62bd7e4fc0c6f\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\applaunch.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\LinkDate | 03/28/2019 06:49:21 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\applaunch.exe|7127527a8f617d48\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_compiler.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\LinkDate | 03/28/2019 06:48:46 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|4b7f3f64b82fdfc9\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\LinkDate | 03/28/2019 06:56:53 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_compiler.|e1cf3170e346d70f\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regbrowsers.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\LinkDate | 03/28/2019 06:48:49 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|8255322e96705ae8\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regbrowsers.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\LinkDate | 03/28/2019 06:56:53 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regbrowse|87ef4760aa410a54\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regiis.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|12e275fb52b742fb\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regiis.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\LinkDate | 03/28/2019 06:56:58 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regiis.ex|9ffa85ecfdd8c5d0\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_regsql.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\LinkDate | 03/28/2019 06:56:56 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|5e0151b8dea6687b\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_regsql.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_regsql.ex|a1587a010eaeaa18\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\LinkDate | 03/28/2019 06:57:06 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|5841eb7e6d8b7edb\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_state.exe|a2ade42aec949a2c\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\aspnet_wp.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\LinkDate | 12/03/2019 22:00:00 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|2cd7c621dc57cefc\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_wp.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\LinkDate | 12/03/2019 22:08:22 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\aspnet_wp.exe|d4da0ae1ea579195\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\caspol.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\LinkDate | 03/28/2019 06:49:14 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|1c3df8b9b20d9142\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\caspol.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\LinkDate | 03/28/2019 06:35:27 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\caspol.exe|3d95aa202ac5f130\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\comsvcconfig.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\LinkDate | 03/28/2019 07:24:03 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|127ae901cca76da4\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryDriverBinary\c:/windows/system32/drivers/e1g6032e.sys\DriverVersion | 8.4.1.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\comsvcconfig.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\LinkDate | 03/28/2019 07:24:03 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\comsvcconfig.exe|8253c813c9c92b41\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\csc.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\LinkDate | 03/28/2019 07:23:26 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|151e2b3228d75f8e\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\csc.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\LinkDate | 03/28/2019 07:20:59 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\csc.exe|9b9c2e289b6f7430\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\cvtres.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\LinkDate | 09/26/2018 23:48:24 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|3e0333619bb586da\BinProductVersion | 14.10.25028.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\cvtres.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\LinkDate | 09/26/2018 23:45:05 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\cvtres.exe|9c0eb88f7ba223af\BinProductVersion | 14.10.25028.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\datasvcutil.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\LinkDate | 03/28/2019 06:57:10 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|2f484f7d34674ba\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\datasvcutil.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\LinkDate | 03/28/2019 06:57:10 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\datasvcutil.exe|7374bdcd0d8b988d\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\dfsvc.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\LinkDate | 03/28/2019 06:56:35 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|726d5ed0fc38e92f\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\LinkDate | 03/28/2019 06:56:35 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\dfsvc.exe|cccc1df8872c992e\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\edmgen.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\LinkDate | 03/28/2019 06:57:51 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|5efc2f3d0a4c87e2\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\edmgen.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\LinkDate | 03/28/2019 06:57:51 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\edmgen.exe|ba34d2097aba251\BinProductVersion | 4.8.3761.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\ilasm.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\LinkDate | 03/28/2019 06:38:02 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|27fd71b20771561e\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\ilasm.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\LinkDate | 03/28/2019 06:48:55 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\ilasm.exe|c81c4887c12ac429\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\installutil.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\LinkDate | 03/28/2019 06:56:27 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|95e234cbcbb20632\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\installutil.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\LinkDate | 03/28/2019 06:47:19 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\installutil.exe|9c12a7aa48d106cd\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\jsc.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\LinkDate | 03/28/2019 07:26:30 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|785d24c55cf53178\BinProductVersion | 14.8.3761.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\jsc.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\LinkDate | 03/28/2019 07:26:30 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\jsc.exe|d324e2e35ff7610f\BinProductVersion | 14.8.3761.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\LowerCaseLongPath | c:\windows\microsoft.net\framework64\v4.0.30319\microsoft.workflow.compiler.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\LinkDate | 03/28/2019 07:23:52 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|413f97257efd1489\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\LowerCaseLongPath | c:\windows\microsoft.net\assembly\gac_msil\microsoft.workflow.compiler\v4.0_4.0.0.0__31bf3856ad364e35\microsoft.workflow.compiler.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\LinkDate | 03/28/2019 07:23:52 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|abb7cedc80142e09\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\Publisher | microsoft corporation |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\LinkDate | 03/28/2019 07:23:52 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\microsoft.workfl|cac4f8bfecd2d08a\BinProductVersion | 4.0.30319.0 |
| \REGISTRY\A\{D3E58BC6-CB5E-0261-E2A6-2DC7D7A06975}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff\LowerCaseLongPath | c:\windows\microsoft.net\framework\v4.0.30319\msbuild.exe |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\powershell_RASAPI32 | — |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\powershell_RASMANCS | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\FileTracingMask | -65536 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32\ConsoleTracingMask | -65536 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\FileTracingMask | -65536 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS\ConsoleTracingMask | -65536 |
| HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults\data | D9 A7 A8 01 01 00 03 00 EC 03 F4 6F 00 00 00 00 0D 00 00 00 00 00 00 00 49 A8 A8 01 01 01 03 00 5C 4 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS\PerfMMFileName | Global\MMF_BITS7427fddd-c3c6-43fb-8afb-f5056c5033a5 |
Services Started (Top 15)
| Service |
|---|
| BITS |
| WSearch |
Services Opened (Top 15)
| Service |
|---|
| SSTPSVC |
| VaultSvc |
| clipsvc |
| dnsCache |
What To Do Now — Practical Defense Playbook
- Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
- EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
- Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
- Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
- Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.
Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.