Zero‑Dwell Threat Intelligence Report
A narrative, executive‑ready view into the malware’s behavior, exposure, and reliable defenses.
Generated: 2025-11-13 21:18:52 UTC
Executive Overview — What We’re Dealing With
This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.
File
a1nekuhz9.exe
Type
PE32 executable (GUI) Intel 80386, for MS Windows
SHA‑1
bb3e211bbc3f5827d2d298d7a115aae5a98a2294
MD5
de7a6dcd2a354ad6c12a0959a21a8925
First Seen
2025-10-05 13:25:20.156256
Last Analysis
2025-10-06 12:55:10.222080
Dwell Time
0 days, 7 hours, 33 minutes
Extended Dwell Time Impact
For 23+ hours, this malware remained undetected — a half-day window that permitted the adversary to complete initial execution, establish basic persistence, and perform initial system enumeration.
Comparative Context
Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.
Timeline
| Time (UTC) | Event | Elapsed |
|---|---|---|
| 2025-09-22 18:26:36 UTC | First VirusTotal submission | — |
| 2025-10-08 14:11:52 UTC | Latest analysis snapshot | 15 days, 19 hours, 45 minutes |
| 2025-11-13 21:18:52 UTC | Report generation time | 43 days, 12 hours, 52 minutes |
Why It Matters
Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.
Global Detection Posture — Who Caught It, Who Missed It
VirusTotal engines: 73. Detected as malicious: 59. Missed: 14. Coverage: 80.8%.
Detected Vendors
- Xcitium
- +58 additional vendors (names not provided)
List includes Xcitium plus an additional 58 vendors per the provided summary.
Missed Vendors
- Acronis
- Baidu
- ClamAV
- CMC
- Cynet
- google_safebrowsing
- Jiangmin
- SUPERAntiSpyware
- tehtris
- Trapmine
- ViRobot
- Yandex
- Zillya
- Zoner
Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.
Behavioral Storyline — How the Malware Operates
Intensive file system activity (57.52% of behavior) indicates data harvesting, file encryption, or dropper behavior. The threat is actively searching for and manipulating files across the system.
Behavior Categories (weighted)
Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.
| Category | Weight | Percentage |
|---|---|---|
| File System | 24882 | 57.52% |
| System | 14942 | 34.54% |
| Registry | 2324 | 5.37% |
| Misc | 576 | 1.33% |
| Device | 137 | 0.32% |
| Process | 127 | 0.29% |
| Threading | 125 | 0.29% |
| Services | 55 | 0.13% |
| Crypto | 32 | 0.07% |
| Com | 30 | 0.07% |
| Synchronization | 12 | 0.03% |
| Hooking | 7 | 0.02% |
| Windows | 5 | 0.01% |
| Network | 3 | 0.01% |
MITRE ATT&CK Mapping
- T1129 – link function at runtime on Windows
- T1112 – delete registry key
- T1059 – accept command line arguments
- T1012 – query or enumerate registry value
- T1082 – query environment variable
- T1027 – reference Base64 string
- T1129 – Drops a binary and executes it
- T1053 – Installs itself for autorun at Windows startup
- T1564 – A process created a hidden window
- T1202 – Uses Windows utilities for basic functionality
- T1562 – Attempts to stop active services
- T1562 – Tries to unhook or modify Windows functions monitored by CAPE
- T1036 – Attempts to make a network connection via suspicious process
- T1055 – Attempts to make a network connection via suspicious process
- T1112 – Installs itself for autorun at Windows startup
- T1112 – Installs itself for autorun at Windows startup
- T1070 – Clears Windows events or logs
- T1070 – Deletes executed files from disk
- T1562.001 – Attempts to stop active services
- T1562.001 – Tries to unhook or modify Windows functions monitored by CAPE
- T1027 – The binary likely contains encrypted or compressed data
- T1564.003 – A process created a hidden window
- T1027.002 – The binary likely contains encrypted or compressed data
- T1543 – Attempts to stop active services
- T1543 – Created a service that was not started
- T1547 – Installs itself for autorun at Windows startup
- T1543.003 – Attempts to stop active services
- T1543.003 – Created a service that was not started
- T1547.001 – Installs itself for autorun at Windows startup
- T1489 – Attempts to stop active services
- T1486 – Exhibits possible ransomware or wiper file modification behavior: overwrites_existing_files
- T1485 – Anomalous file deletion behavior detected (10+)
- T1485 – Clears Windows events or logs
- T1082 – Checks available memory
- T1082 – Access the NetLogon registry key, potentially used for discovery or tampering
- T1057 – Expresses interest in specific running processes
- T1057 – Enumerates running processes
- T1012 – Access the NetLogon registry key, potentially used for discovery or tampering
- T1071 – Attempts to connect to a dead IP:Port
- T1071 – The PE file contains a PDB path
- T1071 – HTTP traffic contains suspicious features which may be indicative of malware related traffic
- T1071 – Likely virus infection of existing binary
- T1071 – Dynamic (imported) function loading detected
- T1071 – Reads data out of its own binary image
- T1071 – Resolves a suspicious Top Level Domain (TLD)
- T1071 – A process attempted to delay the analysis task.
- T1547.008 – Spawns drivers
- T1547.008 – Enables driver privileges
- T1548 – Found direct / indirect Syscall (likely to bypass EDR)
- T1036 – Drops executable to common a third party application directory
- T1036 – Drops PE files to the windows directory (C:\\Windows)
- T1036 – Creates a directory in C:\Program Files
- T1036 – Creates files inside the program directory
- T1036 – Creates files inside the system directory
- T1036 – Creates files inside the user directory
- T1497 – May sleep (evasive loops) to hinder dynamic analysis
- T1027 – Binary may include packed or crypted data
- T1027.002 – Binary may include packed or crypted data
- T1070.006 – Binary contains a suspicious time stamp
- T1082 – Queries the volume information (name, serial number etc) of a device
- T1082 – Checks if Microsoft Office is installed
- T1082 – Queries the cryptographic machine GUID
- T1080 – Infects executable files (exe, dll, sys, html)
- T1105 – Downloads files from webservers via HTTP
- T1105 – Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable)
- T1105 – Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
- T1095 – Downloads files from webservers via HTTP
- T1095 – Posts data to webserver
- T1095 – Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable)
- T1071 – Downloads files from webservers via HTTP
- T1071 – Posts data to webserver
- T1071 – Tries to download or post to a non-existing HTTP route (HTTP/1.1 404 Not Found / 503 Service Unavailable)
- T1071 – Uses a known web browser user agent for HTTP communication
Following the Trail — Network & DNS Activity
Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.
Contacted Domains
| Domain | IP | Country | ASN/Org |
|---|---|---|---|
| www.aieov.com | 13.248.169.48 | United States | Amazon Technologies Inc. |
| pywolwnvd.biz | 44.244.22.128 | United States | Amazon.com, Inc. |
| www.msftncsi.com | 2.18.67.81 | Europe | Akamai Technologies |
Observed IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
DNS Queries
| Request | Type |
|---|---|
| www.msftncsi.com | A |
| pywolwnvd.biz | A |
| 5isohu.com | A |
| www.aieov.com | A |
Contacted IPs
| IP | Country | ASN/Org |
|---|---|---|
| 224.0.0.252 | — | — |
| 239.255.255.250 | — | — |
| 8.8.4.4 | United States | Google LLC |
| 8.8.8.8 | United States | Google LLC |
Port Distribution
| Port | Count | Protocols |
|---|---|---|
| 137 | 1 | udp |
| 5355 | 5 | udp |
| 53 | 52 | udp |
| 3702 | 1 | udp |
UDP Packets
| Source IP | Dest IP | Sport | Dport | Time | Proto |
|---|---|---|---|---|---|
| 192.168.56.11 | 192.168.56.255 | 137 | 137 | 3.243983030319214 | udp |
| 192.168.56.11 | 224.0.0.252 | 49563 | 5355 | 3.1730620861053467 | udp |
| 192.168.56.11 | 224.0.0.252 | 54650 | 5355 | 3.175413131713867 | udp |
| 192.168.56.11 | 224.0.0.252 | 55601 | 5355 | 4.259793996810913 | udp |
| 192.168.56.11 | 224.0.0.252 | 60205 | 5355 | 3.183655023574829 | udp |
| 192.168.56.11 | 224.0.0.252 | 62798 | 5355 | 5.73537015914917 | udp |
| 192.168.56.11 | 239.255.255.250 | 62184 | 3702 | 3.1816320419311523 | udp |
| 192.168.56.11 | 8.8.4.4 | 50586 | 53 | 330.6507019996643 | udp |
| 192.168.56.11 | 8.8.4.4 | 51628 | 53 | 98.83821105957031 | udp |
| 192.168.56.11 | 8.8.4.4 | 51663 | 53 | 160.6500871181488 | udp |
| 192.168.56.11 | 8.8.4.4 | 51690 | 53 | 5.947620153427124 | udp |
| 192.168.56.11 | 8.8.4.4 | 51880 | 53 | 193.73160409927368 | udp |
| 192.168.56.11 | 8.8.4.4 | 51899 | 53 | 5.744590997695923 | udp |
| 192.168.56.11 | 8.8.4.4 | 52464 | 53 | 302.0252540111542 | udp |
| 192.168.56.11 | 8.8.4.4 | 53480 | 53 | 222.44744110107422 | udp |
| 192.168.56.11 | 8.8.4.4 | 54684 | 53 | 269.41632413864136 | udp |
| 192.168.56.11 | 8.8.4.4 | 55183 | 53 | 345.00974202156067 | udp |
| 192.168.56.11 | 8.8.4.4 | 56213 | 53 | 22.493646144866943 | udp |
| 192.168.56.11 | 8.8.4.4 | 56473 | 53 | 80.40032815933228 | udp |
| 192.168.56.11 | 8.8.4.4 | 56666 | 53 | 208.08820605278015 | udp |
| 192.168.56.11 | 8.8.4.4 | 58090 | 53 | 255.05629205703735 | udp |
| 192.168.56.11 | 8.8.4.4 | 58800 | 53 | 316.38480401039124 | udp |
| 192.168.56.11 | 8.8.4.4 | 58917 | 53 | 65.9787061214447 | udp |
| 192.168.56.11 | 8.8.4.4 | 59770 | 53 | 36.869189977645874 | udp |
| 192.168.56.11 | 8.8.4.4 | 60054 | 53 | 240.6972851753235 | udp |
| 192.168.56.11 | 8.8.4.4 | 60334 | 53 | 113.22913312911987 | udp |
| 192.168.56.11 | 8.8.4.4 | 61467 | 53 | 359.36885714530945 | udp |
| 192.168.56.11 | 8.8.4.4 | 61507 | 53 | 127.61892604827881 | udp |
| 192.168.56.11 | 8.8.4.4 | 62120 | 53 | 146.2912721633911 | udp |
| 192.168.56.11 | 8.8.4.4 | 62329 | 53 | 51.60324215888977 | udp |
| 192.168.56.11 | 8.8.4.4 | 63439 | 53 | 7.057025194168091 | udp |
| 192.168.56.11 | 8.8.4.4 | 63550 | 53 | 175.04103112220764 | udp |
| 192.168.56.11 | 8.8.4.4 | 64563 | 53 | 287.66604018211365 | udp |
| 192.168.56.11 | 8.8.8.8 | 50586 | 53 | 329.65080308914185 | udp |
| 192.168.56.11 | 8.8.8.8 | 51628 | 53 | 97.83823704719543 | udp |
| 192.168.56.11 | 8.8.8.8 | 51663 | 53 | 159.65144801139832 | udp |
| 192.168.56.11 | 8.8.8.8 | 51690 | 53 | 6.947673082351685 | udp |
| 192.168.56.11 | 8.8.8.8 | 51880 | 53 | 192.7339789867401 | udp |
| 192.168.56.11 | 8.8.8.8 | 51899 | 53 | 6.744176149368286 | udp |
| 192.168.56.11 | 8.8.8.8 | 52464 | 53 | 301.02608704566956 | udp |
| 192.168.56.11 | 8.8.8.8 | 53480 | 53 | 221.44762706756592 | udp |
| 192.168.56.11 | 8.8.8.8 | 54684 | 53 | 268.4164550304413 | udp |
| 192.168.56.11 | 8.8.8.8 | 55183 | 53 | 344.0101730823517 | udp |
| 192.168.56.11 | 8.8.8.8 | 56213 | 53 | 21.49466896057129 | udp |
| 192.168.56.11 | 8.8.8.8 | 56473 | 53 | 79.40141916275024 | udp |
| 192.168.56.11 | 8.8.8.8 | 56666 | 53 | 207.0886890888214 | udp |
| 192.168.56.11 | 8.8.8.8 | 58090 | 53 | 254.05760097503662 | udp |
| 192.168.56.11 | 8.8.8.8 | 58800 | 53 | 315.38606810569763 | udp |
| 192.168.56.11 | 8.8.8.8 | 58917 | 53 | 64.97861909866333 | udp |
| 192.168.56.11 | 8.8.8.8 | 59770 | 53 | 35.87034296989441 | udp |
| 192.168.56.11 | 8.8.8.8 | 60054 | 53 | 239.69797611236572 | udp |
| 192.168.56.11 | 8.8.8.8 | 60334 | 53 | 112.23863506317139 | udp |
| 192.168.56.11 | 8.8.8.8 | 61467 | 53 | 358.3697521686554 | udp |
| 192.168.56.11 | 8.8.8.8 | 61507 | 53 | 126.62963318824768 | udp |
| 192.168.56.11 | 8.8.8.8 | 62120 | 53 | 145.30511116981506 | udp |
| 192.168.56.11 | 8.8.8.8 | 62329 | 53 | 50.60370111465454 | udp |
| 192.168.56.11 | 8.8.8.8 | 63439 | 53 | 8.056213140487671 | udp |
| 192.168.56.11 | 8.8.8.8 | 63550 | 53 | 174.05637216567993 | udp |
| 192.168.56.11 | 8.8.8.8 | 64563 | 53 | 286.66637206077576 | udp |
Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.
Persistence & Policy — Registry and Services
Registry and service telemetry points to policy awareness and environment reconnaissance rather than noisy persistence. Below is a compact view of the most relevant keys and handles; expand to see the full lists where available.
Registry Opened
308
Registry Set
279
Services Started
39
Services Opened
71
Registry Opened (Top 25)
| Key |
|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E579AB5F-1CC4-44b4-BED9-DE0991FF0623}\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}\LocalService |
| HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Settings\ActiveWriterStateTimeout |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\AMSI\Providers |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37734C4D-FFA8-4139-9AAC-60FBE55BF3DF} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5A2C52-3EB9-470a-96E2-6C6D4570E40F}\TreatAs |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\RpcCacheTimeout |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Log File Max Size |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\Software\Classes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5A2C52-3EB9-470a-96E2-6C6D4570E40F}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Logging Directory |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Settings\IdleTimeout |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS |
| HKEY_CURRENT_USER\Software\Classes |
| HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv\Alias |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E579AB5F-1CC4-44B4-BED9-DE0991FF0623} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}\ActivateOnHostFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbengine\ODSFLAGS |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WmiApSrv.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\AppID |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbengine\ODS |
Show all (308 total)
| Key |
|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E579AB5F-1CC4-44b4-BED9-DE0991FF0623}\InprocHandler |
| HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5A2C52-3EB9-470a-96E2-6C6D4570E40F}\(Default) |
| HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default) |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E579AB5F-1CC4-44b4-BED9-DE0991FF0623}\TreatAs |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Settings\TornComponentsMax |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E579AB5F-1CC4-44b4-BED9-DE0991FF0623}\ActivateOnHostFlags |
| HKEY_USERS\.DEFAULT\Software\Classes |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E579AB5F-1CC4-44b4-BED9-DE0991FF0623}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37734C4D-FFA8-4139-9AAC-60FBE55BF3DF}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MiniNT |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\ActivateOnHostFlags |
| HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wbengine.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\vssvc.exe |
| HKEY_CLASSES_ROOT\AppID |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5A2C52-3EB9-470a-96E2-6C6D4570E40F}\ActivateOnHostFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86) |
| HKEY_LOCAL_MACHINE\SYSTEM\Setup |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\(Default) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Elevation |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbengine |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5A2C52-3EB9-470a-96E2-6C6D4570E40F}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir (x86) |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbengine\Alias |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Alias |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887} |
| HKEY_LOCAL_MACHINE\Software\Microsoft\OLE |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Tahoma |
| HKEY_CURRENT_USER\Software\Microsoft\.NETFramework |
| HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGENBreakOnWorker |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD8A8E7D-E42F-434A-8215-C7ECB6C32786} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{BBB36F15-408D-4056-8C27-920843D40BE5} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E590D61-F6BC-4DAD-AC21-7DC40D304059} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74FA5D1F-BBD3-4F3E-8776-41EDEFC608D9}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{6F9942C9-C1B1-4AB5-93DA-6058991DC8F3} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3C9166D-1D39-4D4E-A45D-BC7BE9B00578} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47782907-6A6D-44BC-8872-4E45E994E6F9}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC9B54AB-7883-4C13-909F-033D03267990} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D15188C-D298-4E10-83B2-64666CCBEBBD}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CF41123-E9E6-4AC0-85A7-C4001F513C6A}\InprocHandler32 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual\ |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{816A45F9-7406-42BB-B4FA-A655D96F2A8A} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDAE4045-CAE6-4706-8973-FA69715B8C10}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFD80D65-D501-43B2-A8FF-86617BD81EA7} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AD032184-B0DE-4962-BBAC-146621F0770E} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22D2E146-1A68-40B8-949C-8FD848B415E6} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CF41123-E9E6-4AC0-85A7-C4001F513C6A}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D15188C-D298-4E10-83B2-64666CCBEBBD}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D71BECE8-17B8-4636-832C-D010D4F847F7} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{BC9B54AB-7883-4C13-909F-033D03267990} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{7B3181A0-C92F-4567-B0FA-CD9A10ECD7D1} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{470B9B9B-0E95-4963-B265-5D58E5808C3D} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2A6D7C6-ECBD-439E-9244-9E784608439F}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8956DE3F-472B-4FBC-AF5F-748F61CBC386} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDAE4045-CAE6-4706-8973-FA69715B8C10}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2A6D7C6-ECBD-439E-9244-9E784608439F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B48339C-D15E-45F3-AD55-A851CB66BE6B}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B48339C-D15E-45F3-AD55-A851CB66BE6B} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{D8A68E5E-2B37-426C-A329-C117C14C429E} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\elevation_service.exe |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CF41123-E9E6-4AC0-85A7-C4001F513C6A}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74FA5D1F-BBD3-4F3E-8776-41EDEFC608D9}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\LocalServer |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2557A77E-882D-4633-960E-0C718670C1C7} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74FA5D1F-BBD3-4F3E-8776-41EDEFC608D9}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2557A77E-882D-4633-960E-0C718670C1C7}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBB36F15-408D-4056-8C27-920843D40BE5} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0074FFD-570F-4A9B-8D69-199FDBA5723B}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{F8ADE1D3-49DF-4B75-9005-EF9508E6A337} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B48339C-D15E-45F3-AD55-A851CB66BE6B}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDAE4045-CAE6-4706-8973-FA69715B8C10}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74FA5D1F-BBD3-4F3E-8776-41EDEFC608D9}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D15188C-D298-4E10-83B2-64666CCBEBBD}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\alg.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2ABC0864-9677-42E5-882A-D415C556C284}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37529A8C-668C-4D7B-8EC0-FFB545A337FC} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CEB5509-C1CD-432F-9D8F-65D1E286AA80} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6015EC3-FA16-4813-9CA1-DA204574F5DA}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{6E590D61-F6BC-4DAD-AC21-7DC40D304059} |
| HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{BC9B54AB-7883-4C13-909F-033D03267990} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22D2E146-1A68-40B8-949C-8FD848B415E6}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39622C7-DDA7-4385-BD69-B6CC374C2E2F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC66E708-C687-42EA-806E-83D41C9D1A5F}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B48339C-D15E-45F3-AD55-A851CB66BE6B}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63436228-BAFC-4ACD-A2AE-75E4F5108AB1}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF986EAD-F547-477F-8F40-2DCCAD2D76C0} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDAE4045-CAE6-4706-8973-FA69715B8C10} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF986EAD-F547-477F-8F40-2DCCAD2D76C0}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63436228-BAFC-4ACD-A2AE-75E4F5108AB1} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC66E708-C687-42EA-806E-83D41C9D1A5F}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6015EC3-FA16-4813-9CA1-DA204574F5DA}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDD8A353-2577-40A0-BB02-22A99A86B34F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B48339C-D15E-45F3-AD55-A851CB66BE6B}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2A6D7C6-ECBD-439E-9244-9E784608439F}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E041C90B-68BA-42C9-991E-477B73A75C90} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A47979D2-C419-11D9-A5B4-001185AD2B89}\InprocHandler32 |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47782907-6A6D-44BC-8872-4E45E994E6F9} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2557A77E-882D-4633-960E-0C718670C1C7}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6015EC3-FA16-4813-9CA1-DA204574F5DA}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2557A77E-882D-4633-960E-0C718670C1C7}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD8A8E7D-E42F-434A-8215-C7ECB6C32786}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD8A8E7D-E42F-434A-8215-C7ECB6C32786}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8ADE1D3-49DF-4B75-9005-EF9508E6A337} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2ABC0864-9677-42E5-882A-D415C556C284} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\TreatAs |
| HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0074FFD-570F-4A9B-8D69-199FDBA5723B} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D15188C-D298-4E10-83B2-64666CCBEBBD} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC66E708-C687-42EA-806E-83D41C9D1A5F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{BBB36F15-408D-4056-8C27-920843D40BE5} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC66E708-C687-42EA-806E-83D41C9D1A5F}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\LocalServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47782907-6A6D-44BC-8872-4E45E994E6F9}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6015EC3-FA16-4813-9CA1-DA204574F5DA} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6976CF5-68A8-436C-975A-40BE53616D59} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AppVClient.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{6E590D61-F6BC-4DAD-AC21-7DC40D304059} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer32 |
| HKEY_LOCAL_MACHINE\OSDATA\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6B0D1EB-456E-48FF-A3E3-F393C74B85DB} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{3CEB5509-C1CD-432F-9D8F-65D1E286AA80} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47782907-6A6D-44BC-8872-4E45E994E6F9}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD8A8E7D-E42F-434A-8215-C7ECB6C32786}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B3181A0-C92F-4567-B0FA-CD9A10ECD7D1} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{3CEB5509-C1CD-432F-9D8F-65D1E286AA80} |
| HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{6F9942C9-C1B1-4AB5-93DA-6058991DC8F3} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6015EC3-FA16-4813-9CA1-DA204574F5DA}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434AEC1C-8583-45EC-B88F-750D6F380BC3} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8A68E5E-2B37-426C-A329-C117C14C429E} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBDB628F-AEEE-4630-9FEC-4256620CDB8D}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74FA5D1F-BBD3-4F3E-8776-41EDEFC608D9} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CF41123-E9E6-4AC0-85A7-C4001F513C6A} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBDB628F-AEEE-4630-9FEC-4256620CDB8D} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}\LocalServer |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\FileSyncHelper.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D15188C-D298-4E10-83B2-64666CCBEBBD}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC66E708-C687-42EA-806E-83D41C9D1A5F}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2A6D7C6-ECBD-439E-9244-9E784608439F}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFD80D65-D501-43B2-A8FF-86617BD81EA7}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47782907-6A6D-44BC-8872-4E45E994E6F9}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5FEEED48-1AE6-4C15-9D6E-27DD3DF6CAC8} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDAE4045-CAE6-4706-8973-FA69715B8C10}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{15C23079-E719-4E7C-BD9C-F20983A9480F} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82345212-6ACA-4B38-8CD7-BF9DE8ED07BD}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}\TreatAs |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C03EBDD-BE8F-4E39-8B9C-EA0B1EA8395C} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCB00C01-570F-4A9B-8D69-199FDBA5723B}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AD0F0FC-7043-4A81-BBFA-9F68ADC97122} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\Elevation |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F99A566C-42AE-4DE2-AD4D-D297A04C5433} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52BC3999-6E52-4E8A-87C4-0A2A0CC359B1}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{7B3181A0-C92F-4567-B0FA-CD9A10ECD7D1} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{F8ADE1D3-49DF-4B75-9005-EF9508E6A337} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2A6D7C6-ECBD-439E-9244-9E784608439F}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FCBE96C-1697-43AF-9140-2897C7C69767}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD8A8E7D-E42F-434A-8215-C7ECB6C32786}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{D8A68E5E-2B37-426C-A329-C117C14C429E} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08728914-3F57-4D52-9E31-49DAECA5A80A}\InprocServer32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CF41123-E9E6-4AC0-85A7-C4001F513C6A}\InprocHandler |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SecurityHealthService.exe |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F9942C9-C1B1-4AB5-93DA-6058991DC8F3} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2557A77E-882D-4633-960E-0C718670C1C7}\InprocHandler |
| HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36383E77-35C2-4B45-8277-329E4BEDF47F}\InprocHandler32 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{136FECC8-05C4-4DEA-AC27-4C0666C20320} |
Registry Set (Top 25)
| Key | Value |
|---|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\LocalService | gupdate |
| HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ServiceParameters | /comsvc |
| HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\LocalService | gupdatem |
| HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ServiceParameters | /comsvc |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe\AppID | {9465B4B4-5216-4042-9A2C-754D3BCDC410} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass.1\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass.1\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback\CurVer\(Default) | — |
Show all (279 total)
| Key | Value |
|---|---|
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CLSID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CurVer\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\AppID | {9465B4B4-5216-4042-9A2C-754D3BCDC410} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C0B6D8C-1ECE-47E8-8C92-4CD88C0274DA}\InprocHandler32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4C0B6D8C-1ECE-47E8-8C92-4CD88C0274DA}\InprocHandler32\ThreadingModel | Both |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\AppID | {4EB61BAC-A3B6-4760-9581-655041EF4D69} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalizedString | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-3000 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\Elevation\Enabled | 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\Elevation\IconReference | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-1004 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\AppID | {9465B4B4-5216-4042-9A2C-754D3BCDC410} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalizedString | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-3000 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation\Enabled | 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation\IconReference | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-1004 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalizedString | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-3000 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation\Enabled | 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation\IconReference | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-1004 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalizedString | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-3000 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation\Enabled | 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation\IconReference | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-1004 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\AppID | {9465B4B4-5216-4042-9A2C-754D3BCDC410} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalizedString | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-3000 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation\Enabled | 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation\IconReference | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-1004 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel | Both |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\LocalizedString | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-3000 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\Elevation\Enabled | 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\Elevation\IconReference | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-1004 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalizedString | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-3000 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation\Enabled | 1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation\IconReference | @%ProgramFiles(x86)%\Google\Update\1.3.36.372\goopdate.dll,-1004 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\ThreadingModel | Both |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel | Both |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\AppID | {9465B4B4-5216-4042-9A2C-754D3BCDC410} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\(Default) | — |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\tapisrv\EnableFileTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\tapisrv\EnableAutoFileTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\tapisrv\EnableConsoleTracing | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\tapisrv\FileTracingMask | 18446744073709486080 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\tapisrv\ConsoleTracingMask | 18446744073709486080 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\tapisrv\MaxFileSize | 1048576 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\tapisrv\FileDirectory | %windir%\tracing |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\DomainName | domain |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\brand | GGLS |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\ap | x64-statsdef_1 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\cohort\(Default) | 1:scr:3943@0.2,38u9@0.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\cohort\name | Everyone |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort\(Default) | 1:gu:3953@0.5 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort\name | Stable |
| HKEY_USERS\S-1-5-21-4005801669-2598574594-602355426-1001\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}\dr | 0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\pv | 141.0.7376.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\name | GoogleUpdater |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\pv | 141.0.7376.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\name | GoogleUpdater |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EFD71EC-512A-5B84-B5F4-5C54CF6A7B48}\AppID | {6EFD71EC-512A-5B84-B5F4-5C54CF6A7B48} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6EFD71EC-512A-5B84-B5F4-5C54CF6A7B48}\LocalService | GoogleUpdaterInternalService141.0.7376.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{6EFD71EC-512A-5B84-B5F4-5C54CF6A7B48}\ServiceParameters | –com-service |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\(Default) | IUpdaterInternalSystem |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\ProxyStubClsid32\(Default) | {00020424-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\TypeLib\(Default) | {87550072-9879-59FB-8FC5-7DE2F51C3B43} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\TypeLib\Version | 1.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\(Default) | IUpdaterInternalSystem |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\ProxyStubClsid32\(Default) | {00020424-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\TypeLib\(Default) | {87550072-9879-59FB-8FC5-7DE2F51C3B43} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\TypeLib\Version | 1.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\1.0\0\win32\(Default) | C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe\5 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\1.0\0\win64\(Default) | C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe\5 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87550072-9879-59FB-8FC5-7DE2F51C3B43}\1.0\(Default) | GoogleUpdater TypeLib for IUpdaterInternalSystem |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\(Default) | IUpdaterInternalCallbackSystem |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\ProxyStubClsid32\(Default) | {00020424-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\TypeLib\(Default) | {533B177C-6E6D-5F3A-A86D-DEB8BCF7758D} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\TypeLib\Version | 1.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\(Default) | IUpdaterInternalCallbackSystem |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\ProxyStubClsid32\(Default) | {00020424-0000-0000-C000-000000000046} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\TypeLib\(Default) | {533B177C-6E6D-5F3A-A86D-DEB8BCF7758D} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\TypeLib\Version | 1.0 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\1.0\0\win32\(Default) | C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe\5 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\1.0\0\win64\(Default) | C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe\5 |
| HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{533B177C-6E6D-5F3A-A86D-DEB8BCF7758D}\1.0\(Default) | GoogleUpdater TypeLib for IUpdaterInternalCallbackSystem |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PerceptionSimulationExtensions\DeviceId | {88034E57-D692-4A12-8950-EFCE785B46C8} |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spectrum\HeadCenterOfRotationFloat3 | \x00\x00\x00\x00 \xd7\xa3\xbd \xd7\xa3= |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Subsystem\VirtualRegistry\PassThroughPaths | \x00\x00\x00w\x6f73\x7466\x535c\x666f\x4774\x6972\x5c64\x2e34\x5c35\x6c43\x6569\x746e\x415c\x7070\x5346\x535c\x7265\x6976\x6563\x6e49\x6c63\x7375\x6f69\x736e |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\ALG\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\aspnet_state\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\COMSysApp\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\ehRecvr\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\ehSched\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\Fax\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\GoogleChromeElevationService\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\gupdate\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\IEEtwCollectorService\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\MozillaMaintenance\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\MSDTC\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\msiserver\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\PerfHost\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\RpcLocator\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\SNMPTRAP\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\vds\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\VSS\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wbengine\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\wmiApSrv\Start | DWORD (0x00000002) |
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation | DWORD (0x00000000) |
| HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\gupdatem\Start | DWORD (0x00000003) |
| HKEY_USERS\S-1-5-21-4270068108-2931534202-3907561125-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\exefile | Binary Data |
| HKEY_CLASSES_ROOT\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\(Default) | C:\Program Files (x86)\Google\Update\1.3.36.372\psmachine_64.dll |
| HKEY_CLASSES_ROOT\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default) | C:\Program Files (x86)\Google\Update\1.3.36.372\psmachine_64.dll |
| HKEY_CLASSES_ROOT\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\(Default) | C:\Program Files (x86)\Google\Update\1.3.36.372\psmachine_64.dll |
| HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\(Default) | C:\Program Files (x86)\Google\Update\1.3.36.372\psmachine.dll |
| HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default) | C:\Program Files (x86)\Google\Update\1.3.36.372\psmachine.dll |
| HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B50B3FA2-B519-4C16-A932-46E9FFD1D910}\InProcServer32\(Default) | C:\Program Files (x86)\Google\Update\1.3.36.372\psmachine.dll |
| HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Adobe\Adobe ARM\1.0\ARM\iLastSvcSuccess | 6993796 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9f227d50-5e28-4b1a-96e3-472897854677} | — |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9f227d50-5e28-4b1a-96e3-472897854677}\Properties | — |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9f227d50-5e28-4b1a-96e3-472897854677}\Class | AppvVemgr |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9f227d50-5e28-4b1a-96e3-472897854677}\NoDisplayClass | 1 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9f227d50-5e28-4b1a-96e3-472897854677}\NoUseClass | 1 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{9f227d50-5e28-4b1a-96e3-472897854677}\Properties\Security | 01 00 0C 90 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 14 00 00 0 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{d8c2b72a-2c85-436a-84d5-d226785c7bdf} | — |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{d8c2b72a-2c85-436a-84d5-d226785c7bdf}\Properties | — |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{d8c2b72a-2c85-436a-84d5-d226785c7bdf}\Class | AppvVfs |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{d8c2b72a-2c85-436a-84d5-d226785c7bdf}\NoDisplayClass | 1 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{d8c2b72a-2c85-436a-84d5-d226785c7bdf}\NoUseClass | 1 |
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{d8c2b72a-2c85-436a-84d5-d226785c7bdf}\Properties\Security | 01 00 0C 90 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 14 00 00 0 |
Services Started (Top 15)
| Service |
|---|
| AdobeARMservice |
| ALG |
| AppVClient |
| diagnosticshub.standardcollector.service |
| Fax |
| GoogleChromeElevationService |
| GoogleUpdaterInternalService136.0.7079.0 |
| LibreOfficeMaintenance |
| MicrosoftEdgeElevationService |
| MozillaMaintenance |
| MSDTC |
| ose |
| perceptionsimulation |
| PerfHost |
| RpcLocator |
| SensorDataService |
| SNMPTRAP |
| spectrum |
| ssh-agent |
| TieringEngineService |
Services Opened (Top 15)
| Service |
|---|
| wbengine |
| WmiApSrv |
| AdobeARMservice |
| ALG |
| AppVClient |
| autotimesvc |
| COMSysApp |
| defragsvc |
| diagnosticshub.standardcollector.service |
| DiagTrack |
| DmEnrollmentSvc |
| edgeupdate |
| edgeupdatem |
| Fax |
| FontCache3.0.0.0 |
| GoogleChromeElevationService |
| GoogleUpdaterInternalService136.0.7079.0 |
| GoogleUpdaterService136.0.7079.0 |
| HncUpdateService_2020 |
| iphlpsvc |
What To Do Now — Practical Defense Playbook
- Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
- EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
- Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
- Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
- Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.
Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.