95
Malicious
This predictive confidence of maliciousness for this sample is 95%.
55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06
489.5 kB
2020-05-11 23:51:56
First seen 8 days ago
Windows PE32 Executable

Classification

Full Detail

Ransomware
Low
Trojan
Low
Virus
Low
Banker
Low
Bot
Low
Rat
Low
Adware
Low
Infostealer
High
Worm
Low
Spyware
Low

Indicators

Expand All

SecondWrite Indicators
Forced Code Execution
Automatic Sequence Detection
Program Level Indicators
Anti-Analysis
Attempts to repeatedly call a single API many times in order to delay analysis time
Anti-Sandbox
A process attempted to delay the analysis task.
Tries to suspend sandbox threads to prevent logging of malicious activity
Looks for the Windows Idle Time to determine the uptime
Anti-Vm
Queries for the computername
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available
Checks adapter addresses which can be used to detect virtual network interfaces
Checks the system manufacturer, likely for anti-virtualization
Generic
Strings possibly contain hardcoded IP Addresses.
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Uses Windows utilities for basic Windows functionality
One or more of the buffers contains an embedded PE file
Creates a windows hook that monitors keyboard input (keylogger)
Infostealer
Steals private information from local Internet browsers
Harvests credentials from local FTP client softwares
Sniffs keystrokes
Harvests credentials from local email clients
Injection
Executed a process and injected code into it, probably while unpacking
Network
Performs some DNS requests
Packer
Allocates read-write-execute memory (usually to unpack itself)
Creates a suspicious process
The binary likely contains encrypted or compressed data.
Static
This sample contains high entropy sections
This sample contains low entropy sections
Stealth
A process created a hidden window
image/svg+xml

Yara


Yara Pattern Name Description
IsPE32 No Description Available
HasOverlay Overlay Check
suspicious_packer_section The packer/protector section names/keywords

Static Analysis


Version Infos

Translation:
0x0000 0x04b0
LegalCopyright:
Copyright \xc2\xa9 Microsoft 2016 - 2020
Assembly Version:
1.0.0.0
InternalName:
iZLeijuKSFmhgSkina.exe
FileVersion:
1.0.0.0
CompanyName:
Microsoft
LegalTrademarks:
Comments:
ProductName:
LibertorX
ProductVersion:
1.0.0.0
FileDescription:
LibertorX
OriginalFilename:
iZLeijuKSFmhgSkina.exe

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00076698 0x00076800 7.85853115474
.reloc 0x0007a000 0x0000000c 0x00000200 0.101910425663
.rsrc 0x0007c000 0x000005c8 0x00000600 4.32767452121

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0007c0a0 0x00000374 LANG_NEUTRAL SUBLANG_NEUTRAL None
RT_MANIFEST 0x0007c414 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL None

Imports

  • _CorExeMain

Strings

  • !This program cannot be run in DOS mode.
  • `.reloc
  • B.rsrc
  • Xfefefeffe G
  • Yfefefeffefea
  • afeffeefeffea
  • affeeffefe
  • Xfeffefefea
  • Yfefefeffeef
  • +}P$a
  • Yfefeffeeffehah
  • affefeeffehah
  • afeffeeffeefXa
  • Yfeffeefefa
  • Xfefeffefefe_-
  • afefeffefeefa
  • $(o.
  • 6(sI
  • 6FsI
  • 6csI
  • feffefefe
  • ffefeeffe
  • fefeffefefe
  • fefeffeeffe
  • afeffefefe
  • 9fefefefeffe
  • ffefeeffe
  • feffeefef
  • feffeeffefe
  • fefefefeffe
  • afeffefefefe
  • ffefeeffefeYa*
  • feffeeffeefY
  • feffefefeXa*
  • ^feffeefefefY
  • 2feffefeefefa(
  • feffeeffefea
  • 9~feffefefe(
  • ##sL
  • lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
  • PADPADP
  • lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
  • PADPADP
  • lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
  • PADPADP
  • lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
  • PADPADP
  • lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
  • PADPADP
  • lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
  • hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD
  • QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
  • System.Drawing.Bitmap
  • IDATx^
  • iS2)\?g
  • Zbph)c/
  • Z4kDyT[:
  • \Px"}v
  • VdVgcZ
  • [%cW~
  • mGauSNi
  • er[J:w#d
  • 5Av<9{
  • )mAR5h
  • )_;gVw*
  • C;1~=E
  • UNrI|IC
  • OdGOcn^
  • L|F'bT
  • o+bMmg
  • x>q?/Z
  • i'HXRNt
  • Pq}%3
  • yT46@Z
  • )qS7bg
  • ^\yZp1*
  • HBRuMXZ
  • e2VKWQ
  • D=bdt*
  • g]a8@
  • <ZfEr=UMw
  • `%_/"R
  • '#OUQ%
  • +OdSVk*
  • Hym%>^
  • vO89|'U
  • ,v7qaE
  • -c/} p@
  • T'*g*pv
  • yJ<4[yyz
  • iz<PV`6~"
  • CH?VDF
  • (&xv )}F
  • #!RMi
  • UW(;dK
  • {?*hxo
  • ,s!oM;
  • /RgYqs
  • sBY' a
  • rk(utL
  • fcT!'O
  • 1!X)~dS>
  • :q^\&
  • IjM}t<f
  • +9'Lbn+G
  • %HXJ?q
  • 2;e4}Wj3\
  • vr~w9R
  • '2%TIF
  • t~Ylad
  • %)4u?G
  • .j%Syk3
  • Y$f-"+
  • -XHqY/
  • <\6_fO
  • /mj?P1
  • j#Y/&X
  • lBZ{1{
  • ~6&U~W
  • Ki3CUny
  • Kv{eb%
  • X>=X,L
  • S1~W}ob
  • .R_g*^
  • G]nY+=
  • 1w&^9~k
  • uQ$vo#
  • GWU.mh
  • v\v&lJ
  • <h#w}F~x
  • r_Gk3)
  • exw~Nvs
  • EFV$S]
  • ?DzI4rl
  • ]7N$2"
  • };p^iH
  • $a?u9F
  • N(aSV_
  • uoArAv8
  • tB OUG
  • |~6F+4Y
  • %|Z(aE
  • <r'F1)
  • CB044[
  • ^$s'l%
  • xGJ)n#
  • z,!jUc^
  • fp({/3m
  • N|wi!H
  • aZe2yk
  • IJ86`0
  • ,Kld%x
  • 3]Y3J,1
  • mH2Y#e
  • B?ldnr
  • '?jn0MO
  • 83t_#>
  • Ze(<Pg
  • ^c|Yu
  • 4Kv&?&
  • +m6N!d
  • 4d[`{+
  • 7m5by[[
  • {5N#7Q
  • \4$wJ3
  • R?:/~E=)d
  • v+!;G8
  • F]Y!FU
  • (p>@bB.a
  • TWt^|'
  • d+W0iq=
  • ^r]v1@*
  • =_osZ'4Bw
  • m8+>db
  • DuA2c1y
  • v-*Yb'
  • '##Qo4
  • gIr[Z(
  • %kd*z-
  • ;7R`'O
  • ?{NlZ#
  • *d%xZT
  • [+6y_2K
  • fdL3,r
  • dt{bU
  • Kv&<n0
  • >Y9o0q[
  • v+>eix
  • *@nVu.
  • &,z9++L
  • `Oe]<[
  • hFf}3S~
  • Wf3g_,}M
  • Y=eh}Y
  • sy'@.(
  • ]k8Vi#
  • GsY,;*
  • ~cy+O
  • I'Twd0
  • yeAZzw
  • n:}Gw!r_
  • F3:l/D1
  • {| :B)ZO?
  • feukz~~
  • k'rB0i
  • xCuIgR&5
  • !,uz2yxg
  • +9C&pr
  • ~JR2n>
  • uH fC/
  • *l.r2z1
  • ld@XM-#
  • *ks)3|
  • 2fhc~]
  • J0a+FZ
  • n8CPU4*
  • \n?(Dv
  • 6s]:ILX{
  • qW5yiKP|
  • :o^'G1L
  • ?Y$Xb8S
  • y{ 3zy
  • 'lo'.^
  • mWGung
  • p/FVtA
  • oO``m=c
  • %HL,Hv
  • !wA;6[
  • vW%ew'
  • BUjZ5%za4
  • +'O#[<
  • "3FYH
  • R|S5kM
  • C{\g,ch
  • 5eolSz?
  • ]/>a"@
  • wK@mg>
  • PW`B@6
  • Y()/Gq
  • I#uqO\"]
  • u</? )
  • Io%6LF
  • S6#(,2c
  • Mv{ph^
  • s$l>'F
  • ho /R&
  • PJ{U.Lb
  • ,1$Z01K!
  • `R^LX:
  • @^d*+p
  • z?z+6i
  • 7'<%C0
  • L_LMZ
  • TW2rF>!c
  • :~.lKGQd
  • \J_K7Qd
  • -#en/zn
  • s4nW^sQlr
  • N&#r6y\
  • 8k?fC
  • ;JNQ8*
  • 8v<=IA
  • mRM^rEw
  • _2Fg'.N
  • AFu\/R
  • _<)e3$
  • pMf9U6
  • $wc./i
  • omF9w.
  • \$v_&>g
  • tnL!=
  • Vwfcc_v
  • +z0"8C
  • '^hEY{
  • xp7o="A
  • &$U?Bw
  • iDZC-.
  • ~ChZw)
  • xxn'u
  • 5nr?`/
  • g9{J^0
  • qp(.B^
  • =3kF5(c
  • 8fKCY8
  • XMHcsZc
  • kZ@]lr
  • }f]_C_
  • p,#Tu8+
  • Loc.or"KC
  • OO&olDM
  • "g\FR>
  • IDATt)
  • m^shsS
  • !wQ{4m
  • z?ZMpj
  • ,e&~FW
  • R3t;u?
  • $Vv'|n
  • rY/j\;qh
  • ~fK)MS
  • +H|d.p
  • nH}uIyQ
  • n'X!Mi
  • ~UckRII
  • w7,"*$
  • 'BLHy]
  • /rfl jQ
  • |sbRIcF
  • )acd(U
  • Rz?#+]0
  • jywDlQ
  • ST1AlrY2
  • .xEdh+
  • nn(6yo^
  • l3U%&4
  • P2O|^:W(
  • 'fwdp@
  • *?Wfs$a!
  • 0)N}sE
  • Ibp\b,
  • 2?a_Qd/:a
  • ]i}k+]
  • JMD%MS
  • |JouEs
  • eKK\ei
  • 4y&X~\
  • kNQI{LF
  • m1?<v2
  • bCR$]<[
  • dy)%z6T
  • zf=O!\>LdJ
  • 8z_d/>
  • '_?]}W9
  • /Jn^4;
  • v;C9?4]
  • YARzNJ
  • *A#o!cE!
  • s m7JY'{q
  • p:v.%<"
  • P($J!JT
  • %M{0{43
  • M*K0)]
  • W~fQM=
  • T>|.@JI
  • OulJ7!@v
  • us"^e<
  • g?[q%H
  • Qa,VVbs
  • b~3wZ1
  • F}E-#R\
  • E:B&:)R.
  • @o(2&|&A
  • un=8t,
  • #WhEPC
  • d.HBC?F
  • }ZNC\S
  • jTmXDU
  • &{4?O@
  • rWGN+n
  • ;v2&le&
  • q$e__2
  • ^Haw+Al
  • i}$GZZ
  • rrC =^
  • \]=99!
  • ?Ya0]0
  • Np;$G0)[
  • ^Oi2f<
  • )7v#:4
  • &<qRb[
  • n]9^~;J|
  • co{L4)E
  • WC]N'2)Cq
  • o5W^ES
  • ?&Ulq^<oL
  • QO[lGVa
  • gp9WMf
  • d\H|O3
  • ?~<D%D)
  • 0(y4NQ
  • [#a]':p
  • 7]r<F24
  • Fo??'4
  • [Edc[B*
  • ;R8j2}
  • BImXoAz
  • Er:R(a
  • !mAru>C
  • v0+W~ q
  • GG~qU0
  • 'a^~U1
  • 2cF.33
  • %~cRh6n
  • KjOmZo
  • 4JeF+F_
  • @nOI55
  • WHGZS[
  • |tJe_][*
  • !tIz.H
  • ePCDh,W
  • 3\,Jm5
  • PRsHVm
  • 3E[[Ka
  • {EJLf_b
  • ji4~63
  • W31t"a'
  • []j0;m
  • o.UB$|X
  • qzNOdAM
  • |N7t"y
  • xv\(@F
  • 9n#344i
  • VXPh(Hgy.w
  • $sd-]v
  • D7UG^j'1&
  • Zw"r7qnT
  • QU:*@R
  • @js'01Glr]=
  • (r'Ow/
  • saKfkn
  • NO$ye>}
  • V\<niD
  • SX^)eA
  • i*O9qc
  • /g#p8S
  • ()+vT#
  • DM~&,H
  • m^\EP;;
  • |I\Njx?
  • d~^c.?q
  • #[w]ep
  • !yh<G[
  • H<'r_(aW
  • 84B:!q\#H
  • D}^.KJ
  • 'IXxy3
  • 5'#v11DN
  • U~8o}G
  • EJ6_bi
  • :kwztM
  • |*/zSo5
  • z"lLym
  • 3b~dQuV
  • 'jr>BI
  • g$xZfq
  • E4zuct
  • GIb0JQ
  • bpI,BW%
  • wV+NAcp2
  • ',ctl+
  • Mk"Q~a<M
  • 33\u1Ip
  • +yqm7v
  • #B=iYm
  • *k<A~q
  • uX+KQ3
  • Cq,NGgN4)
  • NNcE`_Vw
  • lQ?i@Q
  • zA2[<cx
  • 1tb,3.
  • 4Y}B=.
  • CxE5pe
  • VcOMx!
  • t#._taT
  • |f'HX<
  • {6pJw/Vw/c
  • 4Lx3j+i
  • UVSSh!
  • V;Si!=]o
  • +tcZL-n
  • z$'&og
  • (w&wx!k
  • WU:oqD?
  • `}C<f~
  • =eJ*[()
  • tz_LKV
  • v>Nvp%
  • yo$Nb!
  • fcEg:~o
  • 7~+n!z
  • NVG9uc
  • 'jhFFT
  • D$7;1,
  • Y&,Vc|
  • b$]UhUzO6
  • 1T4%y@
  • 9fYcq<
  • {Jto3V
  • , 'NRAvO
  • O&qs=e
  • gSOlg}
  • Jx";]G
  • CGY:Sz
  • O#qKGP\
  • zsxd0F>
  • PKyy%i
  • "hSY@D+G
  • 6qM1}-E
  • Iw+?w;2n
  • | Tu"
  • -S3>q
  • n-X3o%J
  • Wq&Fwv
  • ]d{zs:
  • WCtk;.n
  • ;n,Gd
  • ga9LBMU:
  • p.OUXi
  • IDAT\=
  • Ng*GZa
  • dYO4c%
  • ZGqV(fkt8
  • /d*.!o
  • $]=Et;[
  • 8FcGN
  • djYkYL
  • -S$h[3
  • Yo~1-d
  • 7y<mxD
  • =/y3QLp,
  • %xEf_9VZH
  • d:Qx_v
  • #7rmp<z
  • i"0$aH
  • MJ`r3%
  • ?y-e%x%
  • <nP`%SR
  • UeF|97
  • y,7Vs[2
  • \/Stvy
  • IBdzoH
  • afJNzw&
  • +X,HJvq
  • t;Ij/99a+
  • )N\0|
  • `ib3<o
  • itXJVt
  • ;cw]<c
  • t+SlGp
  • Ecl%9
  • qn(!&1
  • &eCiV4
  • RRTB{{
  • ?UJhX0
  • x>!d%Qe
  • -'d%|R)
  • RB![dD
  • UR!dSdUJENi
  • #zW}"I+
  • x$_(Ya
  • ]I!JBI
  • N>;BmF
  • p"QS&Q
  • -!jeLT
  • ,z>Ce6
  • $z~<-'
  • wm ]+v
  • y}cyF`oA
  • ~CoVtO!:
  • #f9.|3=
  • rzd<G]L
  • :xgzpz\%
  • ED"u3e
  • O_'{&
  • 0_Uz16
  • 9R/,C5Y4TU
  • |"Me1..
  • o$H"M(
  • ,{Ut6z
  • Qq<W~K
  • 1=.A7[
  • vY3h~n<
  • <dy2Hx"gw=
  • hfhXs2
  • 4}#/'N
  • pmugr\
  • ]!;.Q])
  • _\!;Nv&,
  • M$WuMx|_
  • UsFl;B
  • GV'.o&
  • ?ob600j
  • K?~_5f
  • @cA2;1h
  • @2?40uT
  • $#Awk/6
  • a<k{5pz
  • H%P?V^]
  • BaM5C^
  • BcVKu1|
  • NbpI0
  • d!!Y/(
  • yz#}><
  • i.q76a
  • .DBG~Fu
  • iOu'rV
  • Ki*ML6
  • ycF{#3~7J!
  • :EJm8cR
  • V+B,6a
  • ]6N>Ob
  • `Ny=_F
  • \ns\|I+nG_
  • @oA2aS'
  • g ?*Z3
  • gv-|E{
  • >6j<uK
  • qm*k[Nf
  • GwZtXG
  • r$xw$sB
  • 4Bno&jP.-
  • gSr?4Nzau
  • 0r=Fp6
  • *M^v%g
  • )h*]b_
  • UFM]*C
  • U63}x<;
  • freO:Es{
  • =Ik8_|
  • q5JKnQk
  • \_9H9J
  • t5#cLq
  • LWd{Y$E
  • ueZ`0V}
  • ]XT-7(*
  • $T~&\b
  • MRwDMe
  • x^>xq
  • d.;(\Z
  • v{X8l:A
  • {[>]M@E
  • )n)O+6
  • Q1ufnH%
  • iZT'hQ
  • f?9:Q>
  • @bjn`sH
  • %,t0$sZ'
  • hEqfj,G
  • X~iDC';&
  • /c*WQ{3
  • 5%Tjnca
  • ozWDhu
  • krN'3a
  • 'ng%W|
  • P2{%&%o
  • r|_b%?
  • N*B{EC66
  • ?q+v?f
  • WGx;`9
  • 4 K(0c
  • oA:R#+
  • zX =ng
  • Pjk20l
  • ar<mtSY
  • vDprf-
  • J{9Yca
  • <Wojbv
  • r6n/aY=
  • Jf_ ^'
  • %Cs<[_
  • CUx7]j
  • c(N-bY13
  • ?d$Us7Q
  • jX@]Z+
  • 7Y]B0k
  • '<!pC87
  • -3hxw4s
  • F;):oL
  • m+CPZ?
  • B|~?-*F
  • ~#@FrA
  • Emu>;>N
  • aCH>Q
  • ^dH@n}4
  • KFb:q.
  • WS,^x{F
  • {nROWJFi
  • {gzn[%
  • WpK{>>
  • <>UNTM
  • ELY9kg
  • I6Q>{(\c
  • Bm1p,A
  • #f=L qK
  • 0kK2Fd
  • q"SeN]
  • l.dc,;&
  • KJ[. x
  • |JP|Wt
  • N-ci*u7,
  • \^kI$!
  • A^WJ.\
  • },n1;I
  • QVj<gw
  • Zaub9#}K
  • .*'b4|=9
  • Wu$pw?
  • ^9{(Iu
  • lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
  • PADPADP
  • `/GJq>p
  • _B~`TG
  • k`qgmX
  • KXAd"a/6FK
  • L>r09j
  • 'a$5TQ
  • 0!IriQ
  • kLf9154mn
  • 8)\(O
  • ToeQP+i1
  • HlNS+y2
  • ;0oZ2?sZ*
  • 9=deqN
  • Zur+h
  • YaolPHT
  • &[_^51V
  • 7$%ZDU5
  • #,Eib.
  • _xpR>N
  • ;7zBxz4
  • %?MBKS
  • + Z9{K
  • vvAQ|:
  • DP#MvF
  • Q.(wmj
  • $J*WMf
  • >N;{|K0
  • ^>Q/.V
  • !vkYdI
  • h--86SK
  • arz\GP
  • j?Kbgx%
  • v2.0.50727
  • #Strings
  • iZLeijuKSFmhgSkina
  • iZLeijuKSFmhgSkina.exe
  • mscorlib
  • System
  • System.Xml
  • System.Data
  • System.Drawing
  • System.Windows.Forms
  • user32.dll
  • winmm.dll
  • .resources
  • .resources
  • .resources
  • .resources
  • .resources
  • LibertorX.Properties.Resources.resources
  • .resources
  • AppDomain
  • ArgumentOutOfRangeException
  • AsyncCallback
  • Boolean
  • Buffer
  • GeneratedCodeAttribute
  • System.CodeDom.Compiler
  • IEnumerable`1
  • System.Collections.Generic
  • List`1
  • ICollection
  • System.Collections
  • IEnumerable
  • IEnumerator
  • BrowsableAttribute
  • System.ComponentModel
  • CollectionChangeAction
  • CollectionChangeEventArgs
  • CollectionChangeEventHandler
  • Container
  • HelpKeywordAttribute
  • System.ComponentModel.Design
  • DesignerSerializationVisibility
  • DesignerSerializationVisibilityAttribute
  • IContainer
  • ToolboxItemAttribute
  • ApplicationSettingsBase
  • System.Configuration
  • SettingsBase
  • Convert
  • DataColumn
  • DataColumnCollection
  • DataRelationCollection
  • DataRow
  • DataRowAction
  • DataRowBuilder
  • DataRowChangeEventArgs
  • DataRowCollection
  • DataSet
  • DataTable
  • DataTableCollection
  • InternalDataCollectionBase
  • MappingType
  • MissingSchemaAction
  • SchemaSerializationMode
  • StrongTypingException
  • XmlReadMode
  • DateTime
  • Decimal
  • Delegate
  • System.Diagnostics
  • DebuggerBrowsableAttribute
  • DebuggerBrowsableState
  • DebuggerHiddenAttribute
  • DebuggerNonUserCodeAttribute
  • StackFrame
  • StackTrace
  • Stopwatch
  • Double
  • Bitmap
  • FontStyle
  • Graphics
  • GraphicsUnit
  • IDeviceContext
  • Rectangle
  • SystemColors
  • Environment
  • EventArgs
  • EventHandler
  • Exception
  • CultureInfo
  • System.Globalization
  • IAsyncResult
  • IDisposable
  • EndOfStreamException
  • System.IO
  • FileStream
  • IOException
  • MemoryStream
  • Stream
  • StreamReader
  • StringReader
  • TextReader
  • IntPtr
  • InvalidCastException
  • MulticastDelegate
  • NotSupportedException
  • Object
  • Random
  • Assembly
  • System.Reflection
  • AssemblyCompanyAttribute
  • AssemblyConfigurationAttribute
  • AssemblyCopyrightAttribute
  • AssemblyDescriptionAttribute
  • AssemblyFileVersionAttribute
  • AssemblyName
  • AssemblyProductAttribute
  • AssemblyTitleAttribute
  • AssemblyTrademarkAttribute
  • Binder
  • BindingFlags
  • DefaultMemberAttribute
  • MemberInfo
  • MethodBase
  • MethodInfo
  • ResourceManager
  • System.Resources
  • CompilationRelaxationsAttribute
  • System.Runtime.CompilerServices
  • CompilerGeneratedAttribute
  • RuntimeCompatibilityAttribute
  • RuntimeHelpers
  • SuppressIldasmAttribute
  • ComVisibleAttribute
  • System.Runtime.InteropServices
  • GuidAttribute
  • SerializationInfo
  • System.Runtime.Serialization
  • StreamingContext
  • RuntimeFieldHandle
  • RuntimeMethodHandle
  • RuntimeTypeHandle
  • STAThreadAttribute
  • Single
  • String
  • Encoding
  • System.Text
  • StringBuilder
  • Interlocked
  • System.Threading
  • Monitor
  • ParameterizedThreadStart
  • Thread
  • ThreadStart
  • TimeSpan
  • UInt16
  • UInt32
  • UInt64
  • ValueType
  • Application
  • AutoScaleMode
  • Button
  • ButtonBase
  • ContainerControl
  • Control
  • ControlCollection
  • Cursor
  • DialogResult
  • FormBorderStyle
  • FormClosedEventArgs
  • FormClosedEventHandler
  • FormStartPosition
  • IButtonControl
  • MenuStrip
  • MessageBox
  • MessageBoxButtons
  • MessageBoxIcon
  • MouseEventArgs
  • MouseEventHandler
  • Padding
  • PaintEventArgs
  • ProgressBar
  • ProgressBarStyle
  • TextBox
  • TextBoxBase
  • TextFormatFlags
  • TextImageRelation
  • TextRenderer
  • ToolStrip
  • ToolStripItem
  • ToolStripItemCollection
  • ToolStripMenuItem
  • ValidationEventHandler
  • System.Xml.Schema
  • XmlSchema
  • XmlSchemaAny
  • XmlSchemaAttribute
  • XmlSchemaComplexType
  • XmlSchemaContentProcessing
  • XmlSchemaGroupBase
  • XmlSchemaObject
  • XmlSchemaObjectCollection
  • XmlSchemaParticle
  • XmlSchemaSequence
  • XmlSchemaSet
  • XmlRootAttribute
  • System.Xml.Serialization
  • XmlSchemaProviderAttribute
  • XmlReader
  • XmlTextReader
  • XmlTextWriter
  • XmlWriter
  • <Module>
  • Settings
  • LibertorX.Properties
  • DataTable1Row
  • Dispose
  • Invoke
  • BeginInvoke
  • EndInvoke
  • OnPaint
  • .cctor
  • value__
  • defaultInstance
  • get_Default
  • get_SchemaSerializationMode
  • set_SchemaSerializationMode
  • InitializeDerivedDataSet
  • ShouldSerializeTables
  • ShouldSerializeRelations
  • ReadXmlSerializable
  • GetSchemaSerializable
  • GetEnumerator
  • CreateInstance
  • NewRowFromBuilder
  • GetRowType
  • OnRowChanged
  • OnRowChanging
  • OnRowDeleted
  • OnRowDeleting
  • get_DataColumn1
  • set_DataColumn1
  • get_DataColumn2
  • set_DataColumn2
  • get_DataColumn3
  • set_DataColumn3
  • get_DataColumn4
  • set_DataColumn4
  • get_DataColumn5
  • set_DataColumn5
  • get_DataColumn6
  • set_DataColumn6
  • get_DataColumn7
  • set_DataColumn7
  • get_DataColumn8
  • set_DataColumn8
  • get_DataColumn9
  • set_DataColumn9
  • get_DataColumn10
  • set_DataColumn10
  • get_DataColumn11
  • set_DataColumn11
  • get_DataColumn12
  • set_DataColumn12
  • get_DataColumn13
  • set_DataColumn13
  • get_DataColumn14
  • set_DataColumn14
  • get_DataColumn15
  • set_DataColumn15
  • get_DataColumn16
  • set_DataColumn16
  • IsDataColumn1Null
  • SetDataColumn1Null
  • IsDataColumn2Null
  • SetDataColumn2Null
  • IsDataColumn3Null
  • SetDataColumn3Null
  • IsDataColumn4Null
  • SetDataColumn4Null
  • IsDataColumn5Null
  • SetDataColumn5Null
  • IsDataColumn6Null
  • SetDataColumn6Null
  • IsDataColumn7Null
  • SetDataColumn7Null
  • IsDataColumn8Null
  • SetDataColumn8Null
  • IsDataColumn9Null
  • SetDataColumn9Null
  • IsDataColumn10Null
  • SetDataColumn10Null
  • IsDataColumn11Null
  • SetDataColumn11Null
  • IsDataColumn12Null
  • SetDataColumn12Null
  • IsDataColumn13Null
  • SetDataColumn13Null
  • IsDataColumn14Null
  • SetDataColumn14Null
  • IsDataColumn15Null
  • SetDataColumn15Null
  • IsDataColumn16Null
  • SetDataColumn16Null
  • mciSendString
  • GetIconInfo
  • CreateIconIndirect
  • Default
  • DataColumn1
  • DataColumn2
  • DataColumn3
  • DataColumn4
  • DataColumn5
  • DataColumn6
  • DataColumn7
  • DataColumn8
  • DataColumn9
  • DataColumn10
  • DataColumn11
  • DataColumn12
  • DataColumn13
  • DataColumn14
  • DataColumn15
  • DataColumn16
  • get_CurrentThread
  • get_ManagedThreadId
  • Concat
  • OpenRead
  • get_UTF8
  • ReadLine
  • add_FormClosed
  • set_Maximum
  • set_Step
  • set_Value
  • set_IsBackground
  • set_Name
  • get_Controls
  • get_InvokeRequired
  • set_Text
  • PerformStep
  • SuspendLayout
  • set_AutoSize
  • set_Font
  • set_Location
  • set_Size
  • set_TabIndex
  • set_UseVisualStyleBackColor
  • add_Click
  • set_Style
  • set_AutoScaleDimensions
  • set_AutoScaleMode
  • set_ClientSize
  • set_MaximizeBox
  • set_MaximumSize
  • set_MinimumSize
  • set_ShowIcon
  • set_StartPosition
  • ResumeLayout
  • PerformLayout
  • get_Width
  • set_Cursor
  • get_Graphics
  • Refresh
  • get_Height
  • op_Equality
  • ToString
  • Format
  • get_Crimson
  • get_ControlText
  • DrawText
  • get_Red
  • add_Tick
  • set_DoubleBuffered
  • add_MouseClick
  • add_MouseMove
  • GetTypeFromHandle
  • get_Assembly
  • GetObject
  • set_FormBorderStyle
  • set_MinimizeBox
  • CreateGraphics
  • DrawRectangle
  • set_TextImageRelation
  • get_Blue
  • set_BackColor
  • set_ImageScalingSize
  • get_Items
  • AddRange
  • get_Black
  • set_MainMenuStrip
  • set_Margin
  • GetFrame
  • GetMethod
  • get_DeclaringType
  • GetExecutingAssembly
  • GetCallingAssembly
  • Append
  • GetManifestResourceStream
  • set_Position
  • get_Unicode
  • GetString
  • Intern
  • GetName
  • get_FullName
  • GetPublicKeyToken
  • ReadByte
  • BlockCopy
  • set_Enabled
  • add_MouseLeave
  • get_Name
  • ToCharArray
  • get_Chars
  • get_Item
  • get_Text
  • add_MouseEnter
  • set_Width
  • set_Height
  • Contains
  • set_Item
  • get_Enabled
  • get_Pink
  • InitializeArray
  • get_TextLength
  • get_Now
  • get_Day
  • get_Month
  • get_Year
  • set_MaxLength
  • set_AcceptButton
  • GetHicon
  • get_CurrentDomain
  • GetType
  • GetMethods
  • InvokeMember
  • Replace
  • get_Length
  • WriteAllText
  • get_NewLine
  • AppendAllText
  • RemoveAt
  • GetBytes
  • get_Count
  • get_MetadataToken
  • get_SteelBlue
  • set_ForeColor
  • WriteLine
  • get_Elapsed
  • get_Seconds
  • get_Minutes
  • StartNew
  • add_Load
  • DrawImage
  • EnableVisualStyles
  • SetCompatibleTextRenderingDefault
  • get_IsAlive
  • get_Message
  • get_MessageLoop
  • Remove
  • Synchronized
  • BeginInit
  • get_Tables
  • add_CollectionChanged
  • get_Relations
  • EndInit
  • IsBinarySerialized
  • GetValue
  • DetermineSchemaSerializationMode
  • ReadXmlSchema
  • get_DataSetName
  • set_DataSetName
  • get_Prefix
  • set_Prefix
  • get_Namespace
  • set_Namespace
  • get_Locale
  • set_Locale
  • get_CaseSensitive
  • set_CaseSensitive
  • get_EnforceConstraints
  • set_EnforceConstraints
  • GetSerializationData
  • ReadXml
  • WriteXmlSchema
  • get_Action
  • set_Particle
  • get_TargetNamespace
  • Schemas
  • get_Current
  • SetLength
  • get_Position
  • MoveNext
  • set_TableName
  • get_TableName
  • get_DataSet
  • op_Inequality
  • get_MinimumCapacity
  • set_MinimumCapacity
  • get_Rows
  • Combine
  • CompareExchange
  • NewRow
  • set_ItemArray
  • get_Columns
  • get_Row
  • set_MinOccurs
  • set_MaxOccurs
  • set_ProcessContents
  • set_FixedValue
  • get_Attributes
  • get_Table
  • IsNull
  • DBNull
  • (System.Data.Design.TypedDataSetGenerator
  • 16.0.0.0
  • 3System.Resources.Tools.StronglyTypedResourceBuilder
  • 16.0.0.0
  • KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
  • 16.1.0.0
  • vs.data.DataSet
  • GetTypedDataSetSchema
  • HUISAGHDIUOGDIAUDGB
  • GetTypedTableSchema
  • $07b9fba6-fee4-4688-b381-9dbe7f0e7e22
  • LibertorX
  • "Copyright
  • Microsoft 2016 - 2020
  • Microsoft
  • 1.0.0.0
  • WrapNonExceptionThrows
  • _CorExeMain
  • mscoree.dll
  • <?xml version="1.0" encoding="utf-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" name="MyApplication.app" /><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><security><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="asInvoker" uiAccess="false" /></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
  • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
  • IpsvttdzmEGEuSYEv
  • &%'%(%)%*%+%,%-%0/5464;:<:=:>:
  • VS_VERSION_INFO
  • VarFileInfo
  • Translation
  • StringFileInfo
  • 000004b0
  • Comments
  • CompanyName
  • Microsoft
  • FileDescription
  • LibertorX
  • FileVersion
  • 1.0.0.0
  • InternalName
  • iZLeijuKSFmhgSkina.exe
  • LegalCopyright
  • Copyright
  • Microsoft 2016 - 2020
  • LegalTrademarks
  • OriginalFilename
  • iZLeijuKSFmhgSkina.exe
  • ProductName
  • LibertorX
  • ProductVersion
  • 1.0.0.0
  • Assembly Version
  • 1.0.0.0

Network


DNS Requests

Domain IP Address
teredo.ipv6.microsoft.com
watson.microsoft.com 52.158.209.219

File


Type
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
CRC32
3D7FC4FA
MD5
e7662fce1cd01867c7b1731f2392fe56
SHA1
c35bc45e96f128db6223f8af3984b542aeb78623
SHA256
55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06
SHA512
76c7156c7233f10853faab12bb6b3836d360764d6116c396238730e5d9d1716f9707b7f51006cfada4072800b3c72e062cfdeb51774454a08892b88bec1e8a3d
Ssdeep
12288:zRTIrT/Ly86OEAdRU7LLQB9U6XAwIxTfdqj:18rC8fEUUXLQBvexTfd
PEiD
None matched

Screenshots


Behavior Summary


  • C:\Users\Virtual\AppData\Local\Google\Chrome\User Data\Default\Login Data
  • C:\Users\Virtual\AppData\Local\Google\Chrome\User Data\Local State
  • C:\Users\Virtual\AppData\Local\Temp\tmp6A46.tmp
  • C:\Users\Virtual\AppData\Roaming\Mozilla\Firefox\Profiles\p6d36utp.default\key3.db
  • C:\Users\Virtual\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Windows\SysWOW64\wshom.ocx
  • C:\Windows\System32\wbem\wbemdisp.tlb
  • C:\Users\Virtual\AppData\Local\Temp\tmp3BD7.tmp
  • C:\Windows\System32\drivers\etc\hosts
  • C:\Users\Virtual\AppData\Local\Temp\tmp3BD7.tmp
  • C:\Users\Virtual\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2452.22869716
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2452.22869685
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2452.22869685
  • C:\Users\Virtual\AppData\Local\Google\Chrome\User Data\Default\Login Data
  • C:\Users\Virtual\AppData\Local\Google\Chrome\User Data\Local State
  • C:\Users\Virtual\AppData\Local\Temp\55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06.exe
  • C:\Users\Virtual\AppData\Local\Temp\tmp6A46.tmp
  • C:\Users\Virtual\AppData\Roaming\
  • C:\Users\Virtual\AppData\Roaming\KpmAIpQQzCqk.exe
  • C:\Users\Virtual\AppData\Roaming\Mozilla\Firefox\Profiles\p6d36utp.default\key3.db
  • C:\Users\Virtual\AppData\Roaming\Mozilla\Firefox\profiles.ini
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Windows\SysWOW64\wshom.ocx
  • C:\Windows\System32\DHCPQEC.DLL
  • C:\Windows\System32\EAPQEC.DLL
  • C:\Windows\System32\drivers\etc\hosts
  • C:\Windows\System32\en-US\eapqec.dll.mui
  • C:\Windows\System32\en-US\napipsec.dll.mui
  • C:\Windows\System32\l_intl.nls
  • C:\Windows\System32\napipsec.dll
  • C:\Windows\System32\tsgqec.dll
  • C:\Windows\System32\wbem\wbemdisp.tlb
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
  • C:\Windows\assembly\NativeImages_v2.0.50727_32\index128.dat
  • C:\Windows\assembly\pubpol41.dat
  • \Device\NamedPipe\
  • C:\Users\Virtual\AppData\Local\Temp\55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06.exe -> C:\Users\Virtual\AppData\Roaming\KpmAIpQQzCqk.exe
  • C:\Users
  • C:\Users\Virtual
  • C:\Users\Virtual\AppData
  • C:\Users\Virtual\AppData\Local
  • C:\Users\Virtual\AppData\Local\Google\Chrome\User Data\*
  • C:\Users\Virtual\AppData\Local\Temp
  • C:\Users\Virtual\AppData\Local\Temp\55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06.INI
  • C:\Users\Virtual\AppData\Local\UCBrowser\*
  • C:\Users\Virtual\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\*.xml
  • C:\Windows
  • C:\Windows\Microsoft.NET\Framework\*
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
  • C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.INI
  • C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
  • C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
  • C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
  • C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.INI
  • C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.INI
  • C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
  • C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
  • C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
  • C:\Windows\winsxs
  • C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
  • HKEY_CLASSES_ROOT\CLSID\{04B83D61-21AE-11D2-8B33-00600806D9B6}\InprocServer32
  • HKEY_CLASSES_ROOT\CLSID\{62E522DC-8CF3-40A8-8B2E-37D595651E40}\InprocServer32
  • HKEY_CLASSES_ROOT\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InprocServer32
  • HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance
  • HKEY_CLASSES_ROOT\CLSID\{FAE3D380-FEA4-4623-8C75-C6B61110B681}\Instance\Disabled
  • HKEY_CURRENT_USER\Interface\{00000134-0000-0000-C000-000000000046}
  • HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
  • HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
  • HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
  • HKEY_CURRENT_USER\Software\DownloadManager\Passwords
  • HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites
  • HKEY_CURRENT_USER\Software\IncrediMail\Identities
  • HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
  • HKEY_CURRENT_USER\Software\Microsoft\Fusion
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Virtual|AppData|Local|Temp|55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06.exe
  • HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
  • HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
  • HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
  • HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
  • HKEY_CURRENT_USER\Software\OpenVPN-GUI\configs
  • HKEY_CURRENT_USER\Software\Qualcomm\Eudora\CommandLine
  • HKEY_CURRENT_USER\Software\RimArts\B2\Settings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Virtual|AppData|Local|Temp|55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\41
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\82
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\47870f6b\6874b176\a1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\5b43ba09\48ffecdd\76
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\103916ca\53c344ca
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\25fd5cf0\21bb12f8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\25fd5cf0\fe3ad34
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\560eb2c4\14e3c861
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\560eb2c4\2a1216cb
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index128
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.CustomMarshalers__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration.Install__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.JScript__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualC__b03f5f7f11d50a3a
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetSh
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CacheMgr\Publication
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CacheMgr\Republication
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\CooperativeCaching
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Discovery
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Download
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Peers\Connection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Protocol
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\Upload
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\UtilityIndex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HandleMgr
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\Connection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\PolicyProvider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Publisher
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3131157199-1995805048-2727015567-1000\Installer\Assemblies\C:|Users|Virtual|AppData|Local|Temp|55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-3131157199-1995805048-2727015567-1000\Installer\Assemblies\Global
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Publication
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DiscoveryManager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Discovery
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Download
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Peers\Connection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Protocol
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\Upload
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\DownloadManager\UtilityIndex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HandleMgr
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Publisher
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Roaming
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\SecurityManager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\SecurityManager\Restricted
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\Service
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft DH SChannel Cryptographic Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft RSA SChannel Cryptographic Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79617
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79619
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79621
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Qecs\79623
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\UI
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
  • HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
  • HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Scripting
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\55bc4407a03de9b13654755eea93e5b912fb4754ec0f95381740cb0692807b06.exe
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\PeerDist
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3131157199-1995805048-2727015567-1000
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PeerDist
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NapAgent\LocalConfig
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iphlpsvc\Config
  • HKEY_LOCAL_MACHINE\System\Setup
  • \Policy\Standards
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-100
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-101
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-102
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-103
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-100
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-101
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-102
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-103
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-1
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-2
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-3
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-4
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-100
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-101
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-102
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-103
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{94956483-9236-11e5-a874-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{94956483-9236-11e5-a874-806e6f6e6963}\Generation
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{94956484-9236-11e5-a874-806e6f6e6963}\Data
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{94956484-9236-11e5-a874-806e6f6e6963}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{565783C6-CB41-11D1-8B02-00600806D9B6}\1.2\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WINMGMTS\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WScript.Shell\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\Class
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\CustomMarshalers,2.0.0.0,,b03f5f7f11d50a3a,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.JScript,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualC,8.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration.Install,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data,2.0.0.0,,b77a5c561934e089,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\141dfd70\6b79efab\43\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\41\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\41\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\41\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\41\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\357ee49a\7d2df0ec\41\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\82\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\82\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\82\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\82\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3d590c3f\59f3b67b\82\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\47870f6b\6874b176\a1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\47870f6b\6874b176\a1\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\47870f6b\6874b176\a1\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\47870f6b\6874b176\a1\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\47870f6b\6874b176\a1\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\5b43ba09\48ffecdd\76\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\5b43ba09\48ffecdd\76\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\5b43ba09\48ffecdd\76\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\5b43ba09\48ffecdd\76\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\5b43ba09\48ffecdd\76\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\73843e06\43a920ef\66\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\109d7e79\357ee49a\44\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1d3b5ac\47870f6b\a1\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5a8de2c3\2b1a4e4\47\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6f06001f\475dce40\84\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index128\ILUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index128\NIUsageMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index41
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F2EBE88F
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\F6C4EC9A
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\DiscoveryProviderDllPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\MinBackoffWindow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DiscoveryManager\RepubQuorumSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\CryptoAlgo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\TransportDllPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ClientAuth
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\DoNotUseSSL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingDownloads
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxPendingOffers
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousDownloads
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\MaxSimultaneousUploads
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\ServerRole
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\HostedCache\TransportDllPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\ForceRoamingDetect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshDllName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Roaming\RefreshProcName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\BlockSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\NumBlocksPerSegment
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted\Seed
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\Service\PolicyRefreshInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\GpSvcDebugLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Cryptographic Provider v1.0\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS Cryptographic Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base DSS and Diffie-Hellman Cryptographic Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft DH SChannel Cryptographic Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced Cryptographic Provider v1.0\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft RSA SChannel Cryptographic Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider\Type
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.44.3.4!7\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.47.1.1!7\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.64.1.1!7\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\CIMOM\EnableObjectValidation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WBEM\Scripting\Default Namespace
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\UserenvDebugLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\LdapClientIntegrity
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseHostnameAsAlias
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LDAP\UseOldHostResolutionOrder
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6\Parameters\DisabledComponents
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\config\Connectivity_Platform_Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enable Tracing
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\PlumbIpsecPolicy
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Tracing Level
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Component Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Config Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Description
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Friendly Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Info Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Registration Date
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Validator Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Vendor Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79617\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Component Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Config Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Description
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Friendly Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Info Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Registration Date
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Validator Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Vendor Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79619\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Component Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Config Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Description
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Friendly Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Info Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Registration Date
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Validator Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Vendor Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79621\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Component Type
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Config Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Description
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Friendly Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Info Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Registration Date
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Validator Clsid
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Vendor Name
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent\Qecs\79623\Version
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-100
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-101
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-102
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\dhcpqec.dll,-103
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-100
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-101
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-102
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\eapqec.dll,-103
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-1
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-2
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-3
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\napipsec.dll,-4
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-100
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-101
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-102
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\@%SystemRoot%\system32\tsgqec.dll,-103
  • HKEY_CURRENT_USER\Local Settings\MuiCache\6E\52C64B7E\LanguageList
  • Global\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7
  • jkyRTIIpWIBrUE

Processes


Name: schtasks.exePID: 2920Name: netsh.exePID: 2696Name: 55bc4407a03de9b1365 755eea93e5b9...PID: 2228Name: 55bc4407a03de9b1365 755eea93e5b9...PID: 2452System
Process Name PID Parent PID