UPX-Packed Malware Masquerading As Core Windows System Processes


Zero‑Dwell Threat Intelligence Report

A narrative, executive‑ready view into the malware’s behavior, exposure, and reliable defenses.
Generated: 2025-12-04 08:24:16 UTC

Executive Overview — What We’re Dealing With

This specimen has persisted long enough to matter. Human experts classified it as Malware, and the telemetry confirms a capable, evasive Trojan with real impact potential.

File
MpDefenderCoreService.exe
Type
UPX compressed Win32 Executable
SHA‑1
13ae04a3c0b2f716f64e4be323b16c2ee3982d46
MD5
276ff69704019d7b8491059ea9445a81
First Seen
2025-08-06 07:23:52.265517
Last Analysis
2025-08-06 11:36:16.368437
Dwell Time
0 days, 7 hours, 33 minutes

Extended Dwell Time Impact

For 4+ hours, this malware remained undetected — a limited but sufficient window for the adversary to complete initial execution and establish basic system access.

Comparative Context

Industry studies report a median dwell time closer to 21–24 days. This case represents rapid detection and containment within hours rather than days.

Timeline

Time (UTC) Event Elapsed
2025-08-05 11:56:54 UTC First VirusTotal submission
2025-11-28 06:54:18 UTC Latest analysis snapshot 114 days, 18 hours, 57 minutes
2025-12-04 08:24:16 UTC Report generation time 120 days, 20 hours, 27 minutes

Why It Matters

Every additional day of dwell time is not just an abstract number — it is attacker opportunity. Each day equates to more time for lateral movement, stealth persistence, and intelligence gathering.

Global Detection Posture — Who Caught It, Who Missed It

VirusTotal engines: 73. Detected as malicious: 59. Missed: 14. Coverage: 80.8%.

Detected Vendors

  • Xcitium
  • +58 additional vendors (names not provided)

List includes Xcitium plus an additional 58 vendors per the provided summary.

Missed Vendors

  • Acronis
  • Antiy-AVL
  • Baidu
  • ClamAV
  • CMC
  • Gridinsoft
  • Jiangmin
  • SUPERAntiSpyware
  • TACHYON
  • tehtris
  • Webroot
  • Yandex
  • Zillya
  • Zoner

Why it matters: if any endpoint relies solely on a missed engine, this malware can operate with zero alerts. Prevention‑first controls close that gap regardless of signature lag.

Behavioral Storyline — How the Malware Operates

Dominant system-level operations (88.06% of behavior) suggest this malware performs deep system reconnaissance, privilege escalation, or core OS manipulation. It’s actively probing system defenses and attempting to gain administrative control.

Behavior Categories (weighted)

Weight values represent the frequency and intensity of malware interactions with specific system components. Higher weights indicate more aggressive targeting of that category. Each operation (registry access, file modification, network connection, etc.) contributes to the category’s total weight, providing a quantitative measure of the malware’s behavioral focus.

Category Weight Percentage
System 59 88.06%
Process 4 5.97%
File System 2 2.99%
Registry 2 2.99%

MITRE ATT&CK Mapping

  • T1027.002 – packed with generic packer
  • T1027.002 – packed with UPX
  • T1129 – Drops a binary and executes it
  • T1053 – Installs itself for autorun at Windows startup
  • T1564 – A process created a hidden window
  • T1202 – Uses Windows utilities for basic functionality
  • T1562 – Tries to unhook or modify Windows functions monitored by CAPE
  • T1112 – Installs itself for autorun at Windows startup
  • T1112 – Installs itself for autorun at Windows startup
  • T1070 – Deletes executed files from disk
  • T1562.001 – Tries to unhook or modify Windows functions monitored by CAPE
  • T1027 – The binary contains an unknown PE section name indicative of packing
  • T1027 – The binary likely contains encrypted or compressed data
  • T1564.003 – A process created a hidden window
  • T1027.002 – The binary contains an unknown PE section name indicative of packing
  • T1027.002 – The binary likely contains encrypted or compressed data
  • T1543 – Created a service that was not started
  • T1547 – Installs itself for autorun at Windows startup
  • T1543.003 – Created a service that was not started
  • T1547.001 – Installs itself for autorun at Windows startup
  • T1082 – Checks available memory
  • T1082 – Collects information to fingerprint the system
  • T1057 – Enumerates running processes
  • T1057 – Expresses interest in specific running processes
  • T1012 – Collects information to fingerprint the system
  • T1071 – Yara detections observed in process dumps, payloads or dropped files
  • T1071 – Attempts to connect to a dead IP:Port (2 unique times)
  • T1071 – Terminates another process
  • T1071 – Reads data out of its own binary image
  • T1486 – Exhibits possible ransomware or wiper file modification behavior: mass_file_deletion
  • T1485 – Anomalous file deletion behavior detected (10+)
  • T1005 – Searches for sensitive browser data
  • T1005 – Reads sensitive browser data
  • T1012 – Reads system data
  • T1012 – Possibly does reconnaissance
  • T1016 – Reads network adapter information
  • T1016 – Queries a host’s domain name
  • T1016 – Combination of other detections shows configuration discovery
  • T1027.002 – Resolves API functions dynamically
  • T1047 – Collects hardware properties
  • T1047 – Queries OS version via WMI
  • T1053.005 – Schedules task
  • T1057 – Enumerates running processes
  • T1071.004 – Performs DNS request
  • T1082 – Reads system data
  • T1082 – Collects hardware properties
  • T1082 – Queries OS version via WMI
  • T1082 – Combination of other detections shows configuration discovery
  • T1083 – Searches for sensitive browser data
  • T1083 – Reads sensitive browser data
  • T1083 – Possibly does reconnaissance
  • T1095 – Sets up server that accepts incoming connections
  • T1112 – Installs system startup script or application
  • T1113 – Takes screenshot
  • T1119 – Searches for sensitive browser data
  • T1119 – Reads sensitive browser data
  • T1547.001 – Installs system startup script or application
  • T1552.001 – Searches for sensitive browser data
  • T1552.001 – Reads sensitive browser data
  • T1564.003 – Creates process with hidden window
  • T1047 – Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
  • T1047 – Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
  • T1047 – Queries process information (via WMI, Win32_Process)
  • T1547.001 – Creates an autostart registry key
  • T1547.001 – Creates multiple autostart registry keys
  • T1055 – May try to detect the Windows Explorer process (often used for injection)
  • T1036 – Drops executable to common a third party application directory
  • T1036 – Creates files inside the user directory
  • T1497 – Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
  • T1497 – Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
  • T1027 – Sample is packed with UPX
  • T1027.002 – Sample is packed with UPX
  • T1056 – Installs a raw input device (often for capturing keystrokes)
  • T1056 – Sample has functionality to log and monitor keystrokes, analyze it with the keystroke simulation cookbook
  • T1518.001 – Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
  • T1518.001 – Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
  • T1057 – Queries a list of all running processes
  • T1057 – May try to detect the Windows Explorer process (often used for injection)
  • T1082 – Queries the volume information (name, serial number etc) of a device
  • T1082 – Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
  • T1082 – Queries process information (via WMI, Win32_Process)
  • T1082 – Queries the cryptographic machine GUID
  • T1005 – Found many strings related to Crypto-Wallets (likely being stolen)

Following the Trail — Network & DNS Activity

Outbound activity leans on reputable infrastructure (e.g., CDNs, cloud endpoints) to blend in. TLS sessions and
HTTP calls show routine beaconing and IP‑lookup behavior that can masquerade as normal browsing.

Contacted Domains

Domain IP Country ASN/Org
www.msftncsi.com 23.200.3.32 United States Akamai Technologies, Inc.

Observed IPs

IP Country ASN/Org
224.0.0.252
239.255.255.250
8.8.4.4 United States Google LLC
8.8.8.8 United States Google LLC

DNS Queries

Request Type
5isohu.com A
www.msftncsi.com A

Contacted IPs

IP Country ASN/Org
224.0.0.252
239.255.255.250
8.8.4.4 United States Google LLC
8.8.8.8 United States Google LLC

Port Distribution

Port Count Protocols
137 1 udp
138 1 udp
5355 5 udp
53 4 udp
3702 1 udp

UDP Packets

Source IP Dest IP Sport Dport Time Proto
192.168.56.13 192.168.56.255 137 137 3.2228500843048096 udp
192.168.56.13 192.168.56.255 138 138 9.22288703918457 udp
192.168.56.13 224.0.0.252 49311 5355 5.74109411239624 udp
192.168.56.13 224.0.0.252 55150 5355 3.1745219230651855 udp
192.168.56.13 224.0.0.252 60010 5355 5.167474031448364 udp
192.168.56.13 224.0.0.252 62406 5355 3.189513921737671 udp
192.168.56.13 224.0.0.252 63527 5355 4.007894992828369 udp
192.168.56.13 239.255.255.250 52252 3702 3.1981141567230225 udp
192.168.56.13 8.8.4.4 54879 53 7.725027084350586 udp
192.168.56.13 8.8.4.4 54881 53 6.5865700244903564 udp
192.168.56.13 8.8.8.8 54879 53 8.722604990005493 udp
192.168.56.13 8.8.8.8 54881 53 7.5824689865112305 udp

Hunting tip: alert on unknown binaries initiating TLS to IP‑lookup services or unusual CDN endpoints — especially early in execution.

Persistence & Policy — Registry and Services

Registry and service telemetry points to policy awareness and environment reconnaissance rather than noisy persistence. Below is a compact view of the most relevant keys and handles; expand to see the full lists where available.

Registry Opened

373

Registry Set

393

Services Started

10

Services Opened

4

Registry Opened (Top 25)

Key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\0\win64
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientState
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientStateMedium\
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\usagestats
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\0\win64\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\name
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\Version
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\GoogleUpdaterInternalService140.0.7273.0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\pv
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientStateMedium\{6f0f9a34-a0ab-4a75-a0eb-6eab78d0dc4b}
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\Interface
HKEY_LOCAL_MACHINE\Software\Classes\AppID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientState\{6f0f9a34-a0ab-4a75-a0eb-6eab78d0dc4b}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ProgIdIndex
HKEY_LOCAL_MACHINE\Software\Classes\PackagedCom
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InprocHandler32
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\ProviderOrder
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WbemScripting.SWbemLocator
HKEY_LOCAL_MACHINE\Software\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WbemScripting.SWbemLocator\CLSID
Show all (373 total)
Key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\Windows NT Access Provider\ProviderPath
HKEY_LOCAL_MACHINE\Software\Google\Update\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}
HKEY_LOCAL_MACHINE\Software\Google\Update
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\Version
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\name
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DisplayVersion
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Classes\AppID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\usagestats
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\RequireUniqueAccessibility
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{6f0f9a34-a0ab-4a75-a0eb-6eab78d0dc4b}\usagestats
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WbemScripting.SWbemLocator\CLSID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\LocalService
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\Windows NT Access Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\0\win64\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\pv
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\0\win32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\(Default)
HKEY_LOCAL_MACHINE\Software\Google
HKEY_LOCAL_MACHINE\Software\Google\Update\ClientState\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\SymbolicLinkValue
HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\0\win64
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\Google\Update\Clients
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnlyDomain
HKEY_LOCAL_MACHINE\Software\Microsoft\IdentityStore\Cache\S-1-5-21-2377844457-1847597103-2569463324-1000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&RDCAMERA_BUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnly
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TSBUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM\PRINTQUEUES\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverInfFiles
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TS_USB_HUB_ENUMERATOR\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Remote Desktop\Certificates
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fontdrvhost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\explorer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\ClusterSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Device Metadata\ActiveDownloads
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TS_USB_HUB_ENUMERATOR\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityHealthSystray
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\SystemMetaData
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Remote Desktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input\Settings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileService\References
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\TS_USB_HUB_ENUMERATOR\UMB\2&30D3618&0&TS_USB_HUB\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\StoreInit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TERMINPUT_BUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TERMINPUT_BUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&RDCAMERA_BUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0008
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates
HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DriverPackages
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileService\References\S-1-5-21-2377844457-1847597103-2569463324-1000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Remote Desktop\CRLs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\3000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0050
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM\PRINTQUEUES\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65185086-8FD6-4ECD-A096-39670E5E2E87}
\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DeviceSetup
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Remote Desktop\Certificates\D5C7CE873EA763D11D6F032D6795B85CFF7AEB52
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TSBUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0069
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\TS_USB_HUB_ENUMERATOR\UMB\2&30D3618&0&TS_USB_HUB\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1C0848D-A02E-497E-B5AB-1551FACE2847}
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Remote Desktop\CTLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\AutoEnrollment\Debug
HKEY_CURRENT_USER\SOFTWARE\Classes\tg\shell\open\command
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skype
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\AmsiEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Impersonation Level
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\Debug
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting\Default Namespace
HKEY_CURRENT_USER\SOFTWARE\Valve\Steam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bitkinex
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lawcharge
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\AutoEnrollment\certenroll.log
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000346-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000339-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\machine
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jZE6mJPck8P8v.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\AMSI\Providers2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{00000346-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\AMSI
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{00000344-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Rpc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\LocalServer32
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\StartMenuExperienceHost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Wow64\x86
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\Tcpip6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\LocalServer32
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\OleAut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\9
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TypeLibIndex
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\Tcpip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000344-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Segment Heap
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\409
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020404-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{0000034B-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\LocalServer32
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\System\DNSClient
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ProgIdIndex\WbemScripting.SWbemLocator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Parameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0000032A-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000339-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020404-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1070296143-2877979003-364783958-1001
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\WBEM
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\OLE\Tracing
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{00000344-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole\FeatureDevelopmentProperties
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{0000032A-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppModel\Lookaside\user
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\OSDATA\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{00000346-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocHandler
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\AMSI\Providers
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\software.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ViS4xMISc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\SdbUpdates\ManifestedMergeStubSdbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\Elevation
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Wbem\Scripting
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\ClassIndex\{00000339-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Policies\Microsoft\MUI\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020400-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{0000032A-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000344-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0000032A-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Disable8And16BitMitigation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\SdbUpdates
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000346-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\software.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e87602b6-fe02-11ef-83b3-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}\InprocServer32
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PackagedCom\TreatAsClassIndex\{00000339-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E7D35CFA-348B-485E-B524-252725D697CA}\LocalServer

Registry Set (Top 25)

Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\pv 140.0.7273.0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\name GoogleUpdater
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\pv 140.0.7273.0
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}\name GoogleUpdater
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\AppID {F712E7AB-1264-5F6D-AA77-7777672D1F2A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\LocalService GoogleUpdaterInternalService140.0.7273.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F712E7AB-1264-5F6D-AA77-7777672D1F2A}\ServiceParameters –com-service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\(Default) IUpdaterInternalSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\(Default) {2A859659-6F92-5F49-B7A2-E5C8BAF5B060}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\(Default) IUpdaterInternalSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\(Default) {2A859659-6F92-5F49-B7A2-E5C8BAF5B060}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe\5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe\5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2A859659-6F92-5F49-B7A2-E5C8BAF5B060}\1.0\(Default) GoogleUpdater TypeLib for IUpdaterInternalSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\(Default) IUpdaterInternalCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\(Default) {B405A64A-6E9F-522E-8450-2C67038707C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\(Default) IUpdaterInternalCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\(Default) {B405A64A-6E9F-522E-8450-2C67038707C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B405A64A-6E9F-522E-8450-2C67038707C0}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe\5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe\5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B405A64A-6E9F-522E-8450-2C67038707C0}\1.0\(Default) GoogleUpdater TypeLib for IUpdaterInternalCallbackSystem
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\unsecapp C:\Program Files (x86)\chrome_url_fetcher_3916_1313216039\unsecapp.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartMenuExperienceHost C:\Users\Bruno\AppData\Local\Packages\StartMenuExperienceHost.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss C:\Program Files (x86)\Microsoft\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\AppID {8018F647-BF07-55BB-82BE-A2D7049F7CE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\LocalService GoogleUpdaterService138.0.7194.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8018F647-BF07-55BB-82BE-A2D7049F7CE4}\ServiceParameters –com-service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\AppID {8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalService GoogleUpdaterService138.0.7194.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ServiceParameters –com-service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\AppID {534F5323-3569-4F42-919D-1E1CF93E5BF6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\LocalService GoogleUpdaterService138.0.7194.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ServiceParameters –com-service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\AppID {521FDB42-7130-4806-822A-FC5163FAD983}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalService GoogleUpdaterService138.0.7194.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{521FDB42-7130-4806-822A-FC5163FAD983}\ServiceParameters –com-service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\AppID {ABC01078-F197-4B0B-ADBC-CFE684B39C82}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalService GoogleUpdaterService138.0.7194.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ServiceParameters –com-service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CLSID\(Default) {8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\(Default) IUpdateStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
Show all (393 total)
Key Value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib\(Default) {1588C1A8-27D9-563E-9641-8D20767FB258}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\(Default) IUpdateStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib\(Default) {1588C1A8-27D9-563E-9641-8D20767FB258}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\(Default) GoogleUpdater TypeLib for IUpdateStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\(Default) IUpdaterSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\TypeLib\(Default) {ACAB122B-29C0-56A9-8145-AFA2F82A547C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\(Default) IUpdaterSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\TypeLib\(Default) {ACAB122B-29C0-56A9-8145-AFA2F82A547C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\(Default) GoogleUpdater TypeLib for IUpdaterSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\(Default) IUpdater2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\TypeLib\(Default) {D39AC5FB-3662-521F-B4DA-149AA6CB515E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\(Default) IUpdater2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\TypeLib\(Default) {D39AC5FB-3662-521F-B4DA-149AA6CB515E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D39AC5FB-3662-521F-B4DA-149AA6CB515E}\1.0\(Default) GoogleUpdater TypeLib for IUpdater2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\(Default) ICompleteStatusSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\TypeLib\(Default) {85AE4AE3-8530-516B-8BE4-A456BF2637D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\(Default) ICompleteStatusSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\TypeLib\(Default) {85AE4AE3-8530-516B-8BE4-A456BF2637D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{85AE4AE3-8530-516B-8BE4-A456BF2637D3}\1.0\(Default) GoogleUpdater TypeLib for ICompleteStatusSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\(Default) IUpdaterObserverSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\(Default) {B16B5A0E-3B72-5223-8DF0-9117CD64DE77}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\(Default) IUpdaterObserverSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\(Default) {B16B5A0E-3B72-5223-8DF0-9117CD64DE77}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B16B5A0E-3B72-5223-8DF0-9117CD64DE77}\1.0\(Default) GoogleUpdater TypeLib for IUpdaterObserverSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\(Default) IUpdaterCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib\(Default) {0486745C-8D9B-5377-A54C-A61FFAA0BBE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\(Default) IUpdaterCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib\(Default) {0486745C-8D9B-5377-A54C-A61FFAA0BBE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0486745C-8D9B-5377-A54C-A61FFAA0BBE4}\1.0\(Default) GoogleUpdater TypeLib for IUpdaterCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\(Default) IUpdaterAppStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib\(Default) {B7FD5390-D593-5A8B-9AE2-23CE39822FD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\(Default) IUpdaterAppStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib\(Default) {B7FD5390-D593-5A8B-9AE2-23CE39822FD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B7FD5390-D593-5A8B-9AE2-23CE39822FD4}\1.0\(Default) GoogleUpdater TypeLib for IUpdaterAppStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\(Default) IUpdaterAppStatesCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib\(Default) {699F07AD-304C-5F71-A2DA-ABD765965B54}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\(Default) IUpdaterAppStatesCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib\(Default) {699F07AD-304C-5F71-A2DA-ABD765965B54}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{699F07AD-304C-5F71-A2DA-ABD765965B54}\1.0\(Default) GoogleUpdater TypeLib for IUpdaterAppStatesCallbackSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\(Default) IAppVersionWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\TypeLib\(Default) {F258BE54-7C5F-44A0-AAE0-730620A31D23}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\(Default) IAppVersionWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\TypeLib\(Default) {F258BE54-7C5F-44A0-AAE0-730620A31D23}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\1.0\(Default) GoogleUpdater TypeLib for IAppVersionWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\(Default) ICurrentStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\(Default) {E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\(Default) ICurrentStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\(Default) {E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0\(Default) GoogleUpdater TypeLib for ICurrentStateSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\(Default) IGoogleUpdate3WebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib\(Default) {5F793925-C903-4E92-9AE3-77CA5EAB1716}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\(Default) IGoogleUpdate3WebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib\(Default) {5F793925-C903-4E92-9AE3-77CA5EAB1716}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\1.0\(Default) GoogleUpdater TypeLib for IGoogleUpdate3WebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\(Default) IAppBundleWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib\(Default) {C4622B28-A747-44C7-96AF-319BE5C3B261}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\(Default) IAppBundleWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib\(Default) {C4622B28-A747-44C7-96AF-319BE5C3B261}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C4622B28-A747-44C7-96AF-319BE5C3B261}\1.0\(Default) GoogleUpdater TypeLib for IAppBundleWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\(Default) IAppWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib\(Default) {D576ED7F-31DA-4EE1-98CE-1F882FB3047A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\(Default) IAppWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib\(Default) {D576ED7F-31DA-4EE1-98CE-1F882FB3047A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\1.0\(Default) GoogleUpdater TypeLib for IAppWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\(Default) IAppCommandWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\(Default) {1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\(Default) IAppCommandWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\(Default) {1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1F1289FD-DD10-4579-81F6-1C59AAF2E1A9}\1.0\(Default) GoogleUpdater TypeLib for IAppCommandWebSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\(Default) IPolicyStatusSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\(Default) {B685B009-DBC4-4F24-9542-A162C3793E77}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\(Default) IPolicyStatusSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\(Default) {B685B009-DBC4-4F24-9542-A162C3793E77}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B685B009-DBC4-4F24-9542-A162C3793E77}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B685B009-DBC4-4F24-9542-A162C3793E77}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B685B009-DBC4-4F24-9542-A162C3793E77}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B685B009-DBC4-4F24-9542-A162C3793E77}\1.0\(Default) GoogleUpdater TypeLib for IPolicyStatusSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\(Default) IPolicyStatus2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib\(Default) {513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\(Default) IPolicyStatus2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib\(Default) {513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\1.0\(Default) GoogleUpdater TypeLib for IPolicyStatus2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\(Default) IPolicyStatus3System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\(Default) {F4334319-8210-469B-8262-DD03623FEB5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\(Default) IPolicyStatus3System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\(Default) {F4334319-8210-469B-8262-DD03623FEB5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0\(Default) GoogleUpdater TypeLib for IPolicyStatus3System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\(Default) IPolicyStatus4System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\(Default) {F966A529-43C6-4710-8FF4-0B456324C8F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\(Default) IPolicyStatus4System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\(Default) {F966A529-43C6-4710-8FF4-0B456324C8F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F966A529-43C6-4710-8FF4-0B456324C8F4}\1.0\(Default) GoogleUpdater TypeLib for IPolicyStatus4System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\(Default) IPolicyStatusValueSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\(Default) {4DC034A8-4BFC-4D43-9250-914163356BB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\(Default) IPolicyStatusValueSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\(Default) {4DC034A8-4BFC-4D43-9250-914163356BB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC034A8-4BFC-4D43-9250-914163356BB0}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC034A8-4BFC-4D43-9250-914163356BB0}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC034A8-4BFC-4D43-9250-914163356BB0}\1.0\(Default) GoogleUpdater TypeLib for IPolicyStatusValueSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\(Default) IProcessLauncher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\(Default) {128C2DA6-2BC0-44C0-B3F6-4EC22E647964}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\(Default) IProcessLauncher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\(Default) {128C2DA6-2BC0-44C0-B3F6-4EC22E647964}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\1.0\(Default) GoogleUpdater TypeLib for IProcessLauncher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\(Default) IProcessLauncherSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\(Default) {F4FE76BC-62B9-49FC-972F-C81FC3A926DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\(Default) IProcessLauncherSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\(Default) {F4FE76BC-62B9-49FC-972F-C81FC3A926DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\(Default) GoogleUpdater TypeLib for IProcessLauncherSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\(Default) IProcessLauncher2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\(Default) {D106AB5F-A70E-400E-A21B-96208C1D8DBB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\(Default) IProcessLauncher2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\(Default) {D106AB5F-A70E-400E-A21B-96208C1D8DBB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\1.0\(Default) GoogleUpdater TypeLib for IProcessLauncher2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\(Default) IProcessLauncher2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\(Default) {6430040A-5EBD-4E63-A56F-C71D5990F827}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\(Default) IProcessLauncher2System
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\ProxyStubClsid32\(Default) {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\(Default) {6430040A-5EBD-4E63-A56F-C71D5990F827}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6430040A-5EBD-4E63-A56F-C71D5990F827}\TypeLib\Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6430040A-5EBD-4E63-A56F-C71D5990F827}\1.0\0\win32\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6430040A-5EBD-4E63-A56F-C71D5990F827}\1.0\0\win64\(Default) C:\Program Files (x86)\Google\GoogleUpdater\138.0.7194.0\updater.exe\6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SecurityHealthSystray %TEMP%\SecurityHealthSystray.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer %LOCALAPPDATA%\MicrosoftEdge\explorer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fontdrvhost %ProgramFiles%%ProgramFiles(x86)%\Adobe\fontdrvhost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\explorer\Index 0x00000002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityHealthSystray\SD \x01\x00\x04\x80\x88\x00\x00\x00\x98\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x02\x00\x74\x00\x04\x00\x00\x00\x00\x10\x18\x00\x9f\x01\x1f\x00\x01\x02\x00\x00\x00\x00\x00\x05\x20\x00\x00\x00\x20\x02\x00\x00\x00\x10\x14\x00\x9f\x01\x1f\x00\x01\x01\x00\x00\x00\x00\x00\x05\x12\x00\x00\x00\x00\x10\x18\x00\xff\x01\x1f\x00\x01\x02\x00\x00\x00…
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\DynamicInfo \x03\x00\x00\x00\x68\xd1\x77\xd7\x5b\x06\xdc\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\Author mhdxytktyr\user
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\URI \fontdrvhost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\Actions \x03\x00\x0c\x00\x00\x00\x41\x00\x75\x00\x74\x00\x68\x00\x6f\x00\x72\x00\x66\x66\x00\x00\x00\x00\x6c\x00\x00\x00\x43\x00\x3a\x00\x5c\x00\x55\x00\x73\x00\x65\x00\x72\x00\x73\x00\x5c\x00\x75\x00\x73\x00\x65\x00\x72\x00\x5c\x00\x41\x00\x70\x00\x70\x00\x44\x00\x61\x00\x74\x00\x61\x00\x5c\x00\x4c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x5c\x00\x4d…
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\Actions \x03\x00\x0c\x00\x00\x00\x41\x00\x75\x00\x74\x00\x68\x00\x6f\x00\x72\x00\x66\x66\x00\x00\x00\x00\x58\x00\x00\x00\x43\x00\x3a\x00\x5c\x00\x50\x00\x72\x00\x6f\x00\x67\x00\x72\x00\x61\x00\x6d\x00\x20\x00\x46\x00\x69\x00\x6c\x00\x65\x00\x73\x00\x20\x00\x28\x00\x78\x00\x38\x00\x36\x00\x29\x00\x5c\x00\x41\x00\x64\x00\x6f\x00\x62\x00\x65\x00\x5c…
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\DynamicInfo \x03\x00\x00\x00\x9a\x83\x9d\xd7\x5b\x06\xdc\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\TS_USB_HUB_ENUMERATOR\UMB\2&30D3618&0&TS_USB_HUB\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A 4294901767
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\SelfSignedCertificate \xd5\xc7\xce\x87\x3e\xa7\x63\xd1\x1d\x6f\x03\x2d\x67\x95\xb8\x5c\xff\x7a\xeb\x52
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\Schema 0x00010002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\Hash \xfd\xc2\x48\x44\x3a\xd5\xc7\xdc\x8f\xaf\xee\x1a\x44\x46\x2c\xb4\x61\xe9\x15\x65\x07\x75\x14\xe2\xef\x7d\x03\x2b\x03\x4a\x5d\x05
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\3000 4294901778
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\Path \fontdrvhost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\Date 2025-08-05T15:54:04
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\Triggers \x17\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x6f\x0d\xb5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x6f\x0d\xb5\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x68\x21\x41\x03\x48\x48\x48\x48\x22\x67\x3a\xeb\x48\x48\x48\x48\x0e\x00\x00\x00\x48\x48\x48\x48\x41\x00\x75\x00\x74\x00\x68\x00\x6f\x00\x72\x00\x00\x00\x48\x48\x00\x00\x00\x00\x48…
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TERMINPUT_BUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A 4294901767
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\Flags 0x00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\Author mhdxytktyr\user
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\Actions \x03\x00\x0c\x00\x00\x00\x41\x00\x75\x00\x74\x00\x68\x00\x6f\x00\x72\x00\x66\x66\x00\x00\x00\x00\x74\x00\x00\x00\x43\x00\x3a\x00\x5c\x00\x55\x00\x73\x00\x65\x00\x72\x00\x73\x00\x5c\x00\x75\x00\x73\x00\x65\x00\x72\x00\x5c\x00\x41\x00\x70\x00\x70\x00\x44\x00\x61\x00\x74\x00\x61\x00\x5c\x00\x4c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x5c\x00\x54…
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0002 4294901777
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fontdrvhost\SD \x01\x00\x04\x80\x88\x00\x00\x00\x98\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x02\x00\x74\x00\x04\x00\x00\x00\x00\x10\x18\x00\x9f\x01\x1f\x00\x01\x02\x00\x00\x00\x00\x00\x05\x20\x00\x00\x00\x20\x02\x00\x00\x00\x10\x14\x00\x9f\x01\x1f\x00\x01\x01\x00\x00\x00\x00\x00\x05\x12\x00\x00\x00\x00\x10\x18\x00\xff\x01\x1f\x00\x01\x02\x00\x00\x00…
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fontdrvhost\Id {65185086-8FD6-4ECD-A096-39670E5E2E87}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\explorer\SD \x01\x00\x04\x80\x88\x00\x00\x00\x98\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x02\x00\x74\x00\x04\x00\x00\x00\x00\x10\x18\x00\x9f\x01\x1f\x00\x01\x02\x00\x00\x00\x00\x00\x05\x20\x00\x00\x00\x20\x02\x00\x00\x00\x10\x14\x00\x9f\x01\x1f\x00\x01\x01\x00\x00\x00\x00\x00\x05\x12\x00\x00\x00\x00\x10\x18\x00\xff\x01\x1f\x00\x01\x02\x00\x00\x00…
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileService\References\S-1-5-21-2377844457-1847597103-2569463324-1000\RefCount \x05\x00\x00\x00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\DynamicInfo \x03\x00\x00\x00\x3e\x05\x8b\xd7\x5b\x06\xdc\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0050 4294909970
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\explorer\Id {D1C0848D-A02E-497E-B5AB-1551FACE2847}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\Triggers \x17\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x6f\x0d\xb5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x6f\x0d\xb5\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x68\x21\x41\x03\x48\x48\x48\x48\x16\x25\x86\x22\x48\x48\x48\x48\x0e\x00\x00\x00\x48\x48\x48\x48\x41\x00\x75\x00\x74\x00\x68\x00\x6f\x00\x72\x00\x00\x00\x48\x48\x00\x00\x00\x00\x48…
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TS_USB_HUB_ENUMERATOR\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A 4294901767
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\URI \explorer
\REGISTRY\USER\S-1-5-18\Software\Classes\Local Settings\MuiCache\3e\52C64B7E\LanguageList en-US\nen
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A 4294901767
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityHealthSystray\Index 0x00000002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\Schema 0x00010002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0008\en-US 4294901776
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\Hash \xb0\x86\xb0\x1b\x38\xd5\xab\xb1\x29\x92\xa8\xcb\x7f\xf3\x2f\x22\x9b\x11\x5e\x84\x9a\xb6\xca\x59\x04\xb9\x55\x51\xcd\xde\xd7\x5a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\Date 2025-08-05T15:54:04
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\URI \SecurityHealthSystray
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\Author mhdxytktyr\user
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&RDCAMERA_BUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A 4294901767
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65185086-8FD6-4ECD-A096-39670E5E2E87}\Hash \x1c\xd9\x61\x2b\x05\x88\xc7\x1a\x98\x68\x98\x88\xde\xd9\x9d\xf2\x12\x65\x0e\x9f\x37\x7e\xe7\x89\xb8\x5a\x9b\x29\xd4\xf5\x90\x24
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\SelfSignedCertStore Remote Desktop
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\ClusterSettings\LastLSMInstanceID 3cc4aba2-3d4a-49aa-b507-66eec89
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DsmSvc\State\LastActiveTime \x9e\x0c\x95\xf8\x5b\x06\xdc\x01
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\SWD\PRINTENUM\PRINTQUEUES\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A 4294901767
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\UMB\UMB\1&841921D&0&TSBUS\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A 4294901767
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityHealthSystray\Id {9A25B423-3B88-4131-9EDB-A1E4EC87828F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\Path \SecurityHealthSystray
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\Schema 0x00010002
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\Path \explorer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A 4294901778
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fontdrvhost\Index 0x00000002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0069 4294901767
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A25B423-3B88-4131-9EDB-A1E4EC87828F}\Date 2025-08-05T15:54:04
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1C0848D-A02E-497E-B5AB-1551FACE2847}\Triggers \x17\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x6f\x0d\xb5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x6f\x0d\xb5\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x68\x21\x41\x03\x48\x48\x48\x48\xd6\x68\x06\xae\x48\x48\x48\x48\x0e\x00\x00\x00\x48\x48\x48\x48\x41\x00\x75\x00\x74\x00\x68\x00\x6f\x00\x72\x00\x00\x00\x48\x48\x00\x00\x00\x00\x48…
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DsmSvc\State\SessionNumber \x09\x00\x00\x00
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Remote Desktop\Certificates\D5C7CE873EA763D11D6F032D6795B85CFF7AEB52\Blob \x03\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00\xd5\xc7\xce\x87\x3e\xa7\x63\xd1\x1d\x6f\x03\x2d\x67\x95\xb8\x5c\xff\x7a\xeb\x52\x02\x00\x00\x00\x01\x00\x00\x00\x9c\x00\x00\x00\x1c\x00\x00\x00\x3c\x00\x00\x00\x01\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x54\x00\x53\x00\x53\x00\x65\x00\x63\x00\x4b\x00\x65…
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Input\Settings\Insights \x01\x00\x00\x00\x07\x1d\xe8\xc1\x31\xcc\x83\x60\xa3\xd6\xd9\xc1\x33\x0a\x68\x6b\x16\x5a\xba\x2e\x23\x5f\x5a\x5c
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnly\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnlyDomain\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\fDenyChildConnections 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly\RD Child Sessions vs-debug/localhost
HKEY_USERS\%SID%\Software\Microsoft\Windows\CurrentVersion\Run\ShellExperienceHost C:\Program Files (x86)\Mozilla Firefox\ShellExperienceHost.exe
HKEY_USERS\%SID%\Software\Microsoft\Windows\CurrentVersion\Run\WmiPrvSE %USERPROFILE%\AppData\Local\TileDataLayer\WmiPrvSE.exe
HKEY_USERS\%SID%\Software\Microsoft\Windows\CurrentVersion\Run\slui C:\Program Files (x86)\Windows NT\slui.exe
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnly\RD Child Sessions vs-debug/localhost
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsWhenNTLMOnlyDomain\RD Child Sessions vs-debug/localhost
HKEY_USERS\%SID%\Software\Microsoft\Windows\CurrentVersion\Run\Detonate C:\Program Files (x86)\Internet Explorer\Detonate.exe
HKEY_USERS\%SID%\Software\Microsoft\Windows\CurrentVersion\Run\winlogon C:\Program Files (x86)\Windows Sidebar\winlogon.exe
HKEY_USERS\%SID%\Software\Microsoft\Windows\CurrentVersion\Run\explorer C:\Program Files (x86)\WindowsPowerShell\explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\OqXZRaykm\AppData\Local\VirtualStore\lawcharge.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skype
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bitkinex
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lawcharge
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ViS4xMISc C:\Users\user\AppData\Local\Publishers\ViS4xMISc.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\jZE6mJPck8P8v C:\Users\user\AppData\Local\Google\jZE6mJPck8P8v.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\StartMenuExperienceHost C:\Users\user\AppData\Local\Adobe\StartMenuExperienceHost.exe

Services Started (Top 15)

Service
GoogleUpdaterInternalService138.0.7194.0
GoogleUpdaterService138.0.7194.0
BITS
WSearch
UmRdpService
CertPropSvc
DsmSvc
TermService
SessionEnv
RdpVideoMiniport

Services Opened (Top 15)

Service
GoogleUpdaterInternalService140.0.7273.0
GoogleUpdaterService138.0.7194.0
VaultSvc
clipsvc

What To Do Now — Practical Defense Playbook

  • Contain unknowns: block first‑run binaries by default — signatures catch up, containment works now.
  • EDR controls: alert on keyboard hooks, screen capture APIs, VM/sandbox checks, and command‑shell launches.
  • Registry watch: flag queries/sets under policy paths (e.g., …\FipsAlgorithmPolicy\*).
  • Network rules: inspect outbound TLS to IP‑lookup services and unexpected CDN endpoints.
  • Hunt broadly: sweep endpoints for the indicators above and quarantine positives immediately.

Dwell time equals attacker opportunity. Reducing execution privileges and egress shrinks that window even when vendors disagree.

Scroll to Top