Analysis

Category Package Started Completed Duration Options Log
FILE pdf 2019-12-03 06:14:08 2019-12-03 06:17:52 224 seconds Show Options Show Log
route = internet
procdump = 1
2019-12-03 06:14:09,000 [root] INFO: Date set to: 12-03-19, time set to: 06:14:09, timeout set to: 200
2019-12-03 06:14:09,015 [root] DEBUG: Starting analyzer from: C:\rwekuld
2019-12-03 06:14:09,015 [root] DEBUG: Storing results at: C:\RRgVUXrs
2019-12-03 06:14:09,015 [root] DEBUG: Pipe server name: \\.\PIPE\pVlBCZtCNZ
2019-12-03 06:14:09,015 [root] DEBUG: No analysis package specified, trying to detect it automagically.
2019-12-03 06:14:09,015 [root] INFO: Automatically selected analysis package "pdf"
2019-12-03 06:14:09,312 [root] DEBUG: Started auxiliary module Browser
2019-12-03 06:14:09,312 [root] DEBUG: Started auxiliary module Curtain
2019-12-03 06:14:09,312 [modules.auxiliary.digisig] DEBUG: Checking for a digitial signature.
2019-12-03 06:14:09,608 [modules.auxiliary.digisig] DEBUG: File format not recognized.
2019-12-03 06:14:09,608 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2019-12-03 06:14:09,608 [root] DEBUG: Started auxiliary module DigiSig
2019-12-03 06:14:09,608 [root] DEBUG: Started auxiliary module Disguise
2019-12-03 06:14:09,608 [root] DEBUG: Started auxiliary module Human
2019-12-03 06:14:09,608 [root] DEBUG: Started auxiliary module Screenshots
2019-12-03 06:14:09,608 [root] DEBUG: Started auxiliary module Sysmon
2019-12-03 06:14:09,608 [root] DEBUG: Started auxiliary module Usage
2019-12-03 06:14:09,608 [root] INFO: Analyzer: Package modules.packages.pdf does not specify a DLL option
2019-12-03 06:14:09,608 [root] INFO: Analyzer: Package modules.packages.pdf does not specify a DLL_64 option
2019-12-03 06:14:09,686 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" with arguments ""C:\Users\user\AppData\Local\Temp\IPSecTunnelDatasheet.pdf"" with pid 884
2019-12-03 06:14:09,686 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-12-03 06:14:09,701 [lib.api.process] INFO: 32-bit DLL to inject is C:\rwekuld\dll\XVPpDwM.dll, loader C:\rwekuld\bin\GKJIFdA.exe
2019-12-03 06:14:09,779 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pVlBCZtCNZ.
2019-12-03 06:14:09,779 [root] DEBUG: Loader: Injecting process 884 (thread 1368) with C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:09,779 [root] DEBUG: Process image base: 0x01340000
2019-12-03 06:14:09,779 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:09,779 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x01394000 - 0x77110000
2019-12-03 06:14:09,779 [root] DEBUG: InjectDllViaIAT: Allocated 0x1c4 bytes for new import table at 0x013A0000.
2019-12-03 06:14:09,779 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-12-03 06:14:09,779 [root] DEBUG: Successfully injected DLL C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:09,779 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 884
2019-12-03 06:14:11,792 [lib.api.process] INFO: Successfully resumed process with pid 884
2019-12-03 06:14:11,792 [root] INFO: Added new process to list with pid: 884
2019-12-03 06:14:11,885 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 06:14:11,885 [root] DEBUG: Process dumps enabled.
2019-12-03 06:14:11,917 [root] INFO: Disabling sleep skipping.
2019-12-03 06:14:11,917 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-12-03 06:14:11,917 [root] INFO: Disabling sleep skipping.
2019-12-03 06:14:11,917 [root] INFO: Disabling sleep skipping.
2019-12-03 06:14:11,917 [root] INFO: Disabling sleep skipping.
2019-12-03 06:14:11,917 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 884 at 0x747e0000, image base 0x1340000, stack from 0x306000-0x310000
2019-12-03 06:14:11,917 [root] DEBUG: Commandline: C:\Users\user\AppData\Local\Temp\"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\IPSecTunnelDatasheet.pdf".
2019-12-03 06:14:11,917 [root] INFO: Monitor successfully loaded in process with pid 884.
2019-12-03 06:14:11,947 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:11,979 [root] DEBUG: DLL loaded at 0x726C0000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32 (0x1324000 bytes).
2019-12-03 06:14:11,994 [root] DEBUG: DLL loaded at 0x74930000: C:\Windows\system32\VERSION (0x9000 bytes).
2019-12-03 06:14:12,026 [root] DEBUG: DLL loaded at 0x73F00000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM (0x59d000 bytes).
2019-12-03 06:14:12,056 [root] DEBUG: DLL loaded at 0x73CA0000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType (0x25f000 bytes).
2019-12-03 06:14:12,056 [root] DEBUG: DLL loaded at 0x73B00000: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32 (0x19e000 bytes).
2019-12-03 06:14:12,134 [root] DEBUG: set_caller_info: Adding region at 0x00210000 to caller regions list (kernel32::GetSystemInfo).
2019-12-03 06:14:12,134 [root] DEBUG: DLL loaded at 0x72680000: C:\Windows\system32\WINMM (0x32000 bytes).
2019-12-03 06:14:12,134 [root] DEBUG: DLL loaded at 0x73AE0000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB (0x1c000 bytes).
2019-12-03 06:14:12,151 [root] DEBUG: DLL loaded at 0x725B0000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE (0xc3000 bytes).
2019-12-03 06:14:12,197 [root] DEBUG: set_caller_info: Adding region at 0x008D0000 to caller regions list (advapi32::RegOpenKeyExW).
2019-12-03 06:14:12,229 [root] DEBUG: DLL loaded at 0x71B30000: C:\Windows\system32\ieframe (0xa80000 bytes).
2019-12-03 06:14:12,259 [root] DEBUG: DLL loaded at 0x71AF0000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-12-03 06:14:12,276 [root] DEBUG: DLL loaded at 0x75980000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2019-12-03 06:14:12,276 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-12-03 06:14:12,306 [root] DEBUG: DLL unloaded from 0x71B30000.
2019-12-03 06:14:12,306 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:12,322 [root] DEBUG: set_caller_info: Adding region at 0x012B0000 to caller regions list (advapi32::RegOpenKeyExW).
2019-12-03 06:14:12,322 [root] DEBUG: set_caller_info: Adding region at 0x004C0000 to caller regions list (ntdll::LdrLoadDll).
2019-12-03 06:14:12,322 [root] DEBUG: DLL unloaded from 0x726C0000.
2019-12-03 06:14:12,322 [root] DEBUG: set_caller_info: Adding region at 0x00650000 to caller regions list (user32::SystemParametersInfoW).
2019-12-03 06:14:12,368 [root] DEBUG: DLL loaded at 0x75980000: C:\Windows\syswow64\OLEAUT32 (0x8f000 bytes).
2019-12-03 06:14:12,384 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-12-03 06:14:12,384 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-12-03 06:14:12,384 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-12-03 06:14:12,384 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-12-03 06:14:12,384 [root] DEBUG: DLL loaded at 0x724B0000: C:\Windows\system32\propsys (0xf5000 bytes).
2019-12-03 06:14:12,384 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 06:14:12,415 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-12-03 06:14:12,415 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-12-03 06:14:12,525 [root] DEBUG: set_caller_info: Adding region at 0x013B0000 to caller regions list (advapi32::RegEnumValueA).
2019-12-03 06:14:12,572 [root] DEBUG: set_caller_info: Adding region at 0x011B0000 to caller regions list (advapi32::RegEnumValueA).
2019-12-03 06:14:12,572 [root] DEBUG: set_caller_info: Adding region at 0x00330000 to caller regions list (advapi32::RegOpenKeyExW).
2019-12-03 06:14:12,665 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-12-03 06:14:12,665 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-12-03 06:14:12,665 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-12-03 06:14:12,759 [root] DEBUG: DLL loaded at 0x72430000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-12-03 06:14:12,759 [root] DEBUG: set_caller_info: Adding region at 0x04C80000 to caller regions list (user32::SendMessageW).
2019-12-03 06:14:12,852 [root] INFO: Announced 64-bit process name: explorer.exe pid: 1632
2019-12-03 06:14:12,852 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-12-03 06:14:12,852 [lib.api.process] INFO: 64-bit DLL to inject is C:\rwekuld\dll\WLbdjwe.dll, loader C:\rwekuld\bin\VvxYXIhj.exe
2019-12-03 06:14:12,868 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pVlBCZtCNZ.
2019-12-03 06:14:12,868 [root] DEBUG: Loader: Injecting process 1632 (thread 0) with C:\rwekuld\dll\WLbdjwe.dll.
2019-12-03 06:14:12,868 [root] DEBUG: InjectDll: No thread ID supplied, GetProcessInitialThreadId failed.
2019-12-03 06:14:12,884 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 06:14:12,884 [root] DEBUG: Process dumps enabled.
2019-12-03 06:14:12,884 [root] INFO: Disabling sleep skipping.
2019-12-03 06:14:12,914 [root] WARNING: Unable to place hook on LockResource
2019-12-03 06:14:12,914 [root] WARNING: Unable to hook LockResource
2019-12-03 06:14:12,946 [root] DEBUG: CAPE initialised: 64-bit base package loaded in process 1632 at 0x0000000072350000, image base 0x00000000FF900000, stack from 0x0000000005DA2000-0x0000000005DB0000
2019-12-03 06:14:12,961 [root] DEBUG: Commandline: C:\Windows\explorer.exe.
2019-12-03 06:14:12,961 [root] INFO: Added new process to list with pid: 1632
2019-12-03 06:14:12,961 [root] INFO: Monitor successfully loaded in process with pid 1632.
2019-12-03 06:14:12,961 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2019-12-03 06:14:12,961 [root] DEBUG: InjectDll: Successfully injected DLL via thread.
2019-12-03 06:14:12,961 [root] DEBUG: Successfully injected DLL C:\rwekuld\dll\WLbdjwe.dll.
2019-12-03 06:14:12,993 [root] DEBUG: DLL loaded at 0x71EA0000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api (0x4a1000 bytes).
2019-12-03 06:14:13,055 [root] DEBUG: DLL loaded at 0x71420000: C:\Windows\system32\ieframe (0xa80000 bytes).
2019-12-03 06:14:13,055 [root] DEBUG: DLL loaded at 0x713E0000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-12-03 06:14:13,055 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-12-03 06:14:13,055 [root] DEBUG: DLL unloaded from 0x71420000.
2019-12-03 06:14:13,055 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:13,071 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Windows\system32\profapi (0xb000 bytes).
2019-12-03 06:14:13,071 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 06:14:13,071 [root] DEBUG: DLL unloaded from 0x01340000.
2019-12-03 06:14:13,086 [root] DEBUG: DLL loaded at 0x709A0000: C:\Windows\system32\ieframe (0xa80000 bytes).
2019-12-03 06:14:13,086 [root] DEBUG: DLL loaded at 0x71E60000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-12-03 06:14:13,086 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-12-03 06:14:13,086 [root] DEBUG: DLL unloaded from 0x709A0000.
2019-12-03 06:14:13,086 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:13,134 [root] DEBUG: set_caller_info: Adding region at 0x05D10000 to caller regions list (kernel32::FindResourceExW).
2019-12-03 06:14:13,164 [root] DEBUG: set_caller_info: Adding region at 0x05020000 to caller regions list (user32::GetSystemMetrics).
2019-12-03 06:14:13,273 [root] DEBUG: set_caller_info: Adding region at 0x00080000 to caller regions list (user32::GetCursorPos).
2019-12-03 06:14:13,335 [root] DEBUG: set_caller_info: Adding region at 0x00FB0000 to caller regions list (ntdll::NtSetInformationFile).
2019-12-03 06:14:13,368 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 06:14:13,460 [root] DEBUG: set_caller_info: Adding region at 0x77110000 to caller regions list (ntdll::memcpy).
2019-12-03 06:14:14,990 [root] DEBUG: DLL loaded at 0x71E70000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils (0x29000 bytes).
2019-12-03 06:14:17,813 [root] DEBUG: DLL loaded at 0x71E30000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite (0x3a000 bytes).
2019-12-03 06:14:22,711 [root] DEBUG: DLL loaded at 0x71DB0000: C:\Windows\system32\mscms (0x79000 bytes).
2019-12-03 06:14:22,727 [root] DEBUG: DLL loaded at 0x71D90000: C:\Windows\system32\USERENV (0x17000 bytes).
2019-12-03 06:14:22,789 [root] DEBUG: DLL loaded at 0x71D60000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api (0x30000 bytes).
2019-12-03 06:14:22,836 [root] DEBUG: DLL loaded at 0x71BF0000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api (0x167000 bytes).
2019-12-03 06:14:22,898 [root] DEBUG: DLL loaded at 0x71B60000: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater (0x83000 bytes).
2019-12-03 06:14:22,930 [root] DEBUG: set_caller_info: Adding region at 0x01330000 to caller regions list (kernel32::SetErrorMode).
2019-12-03 06:14:22,946 [root] DEBUG: DLL loaded at 0x710E0000: C:\Windows\System32\ieframe (0xa80000 bytes).
2019-12-03 06:14:22,946 [root] DEBUG: DLL loaded at 0x710A0000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-12-03 06:14:22,946 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-12-03 06:14:22,946 [root] DEBUG: DLL unloaded from 0x710E0000.
2019-12-03 06:14:22,946 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:22,946 [root] DEBUG: DLL loaded at 0x70660000: C:\Windows\System32\ieframe (0xa80000 bytes).
2019-12-03 06:14:22,961 [root] DEBUG: DLL loaded at 0x71B20000: C:\Windows\system32\OLEACC (0x3c000 bytes).
2019-12-03 06:14:22,961 [root] DEBUG: DLL loaded at 0x76CA0000: C:\Windows\syswow64\iertutil (0x1fb000 bytes).
2019-12-03 06:14:22,961 [root] DEBUG: DLL unloaded from 0x70660000.
2019-12-03 06:14:22,961 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:22,993 [root] DEBUG: DLL unloaded from 0x772C0000.
2019-12-03 06:14:23,007 [root] INFO: Announced 32-bit process name: Adobe_Updater.exe pid: 2628
2019-12-03 06:14:23,007 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-12-03 06:14:23,007 [lib.api.process] INFO: 32-bit DLL to inject is C:\rwekuld\dll\XVPpDwM.dll, loader C:\rwekuld\bin\GKJIFdA.exe
2019-12-03 06:14:23,007 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pVlBCZtCNZ.
2019-12-03 06:14:23,007 [root] DEBUG: Loader: Injecting process 2628 (thread 2064) with C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:23,007 [root] DEBUG: Process image base: 0x01290000
2019-12-03 06:14:23,007 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:23,023 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x014FE000 - 0x77110000
2019-12-03 06:14:23,023 [root] DEBUG: InjectDllViaIAT: Allocated 0x28c bytes for new import table at 0x01500000.
2019-12-03 06:14:23,023 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-12-03 06:14:23,023 [root] DEBUG: Successfully injected DLL C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:23,023 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2628
2019-12-03 06:14:23,023 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-12-03 06:14:23,055 [root] INFO: Announced 32-bit process name: Adobe_Updater.exe pid: 2628
2019-12-03 06:14:23,055 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-12-03 06:14:23,055 [lib.api.process] INFO: 32-bit DLL to inject is C:\rwekuld\dll\XVPpDwM.dll, loader C:\rwekuld\bin\GKJIFdA.exe
2019-12-03 06:14:23,071 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pVlBCZtCNZ.
2019-12-03 06:14:23,071 [root] DEBUG: Loader: Injecting process 2628 (thread 2064) with C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:23,071 [root] DEBUG: Process image base: 0x01290000
2019-12-03 06:14:23,071 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:23,071 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-12-03 06:14:23,071 [root] DEBUG: Successfully injected DLL C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:23,071 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2628
2019-12-03 06:14:23,164 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 06:14:23,164 [root] DEBUG: Process dumps enabled.
2019-12-03 06:14:23,164 [root] INFO: Disabling sleep skipping.
2019-12-03 06:14:23,196 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-12-03 06:14:23,196 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2628 at 0x747e0000, image base 0x1290000, stack from 0x286000-0x290000
2019-12-03 06:14:23,196 [root] DEBUG: Commandline: C:\Program Files (x86)\Common Files\Adobe\Updater6\"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US.
2019-12-03 06:14:23,196 [root] INFO: Added new process to list with pid: 2628
2019-12-03 06:14:23,196 [root] INFO: Monitor successfully loaded in process with pid 2628.
2019-12-03 06:14:23,242 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Windows\system32\profapi (0xb000 bytes).
2019-12-03 06:14:23,242 [root] DEBUG: DLL loaded at 0x724B0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2019-12-03 06:14:23,257 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-12-03 06:14:23,257 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-12-03 06:14:23,257 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-12-03 06:14:23,257 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-12-03 06:14:23,257 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-12-03 06:14:23,257 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-12-03 06:14:23,257 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 06:14:23,273 [root] DEBUG: DLL unloaded from 0x724B0000.
2019-12-03 06:14:23,273 [root] DEBUG: set_caller_info: Adding region at 0x03DB0000 to caller regions list (kernel32::SetErrorMode).
2019-12-03 06:14:23,305 [root] DEBUG: set_caller_info: Adding region at 0x03CA0000 to caller regions list (kernel32::SetErrorMode).
2019-12-03 06:14:23,319 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:23,319 [root] DEBUG: set_caller_info: Adding region at 0x004A0000 to caller regions list (ntdll::memcpy).
2019-12-03 06:14:23,335 [root] DEBUG: DLL loaded at 0x71880000: C:\Windows\system32\RICHED32 (0x6000 bytes).
2019-12-03 06:14:23,335 [root] DEBUG: DLL loaded at 0x71800000: C:\Windows\system32\RICHED20 (0x76000 bytes).
2019-12-03 06:14:23,367 [root] DEBUG: set_caller_info: Adding region at 0x00190000 to caller regions list (ntdll::NtWriteFile).
2019-12-03 06:14:23,414 [root] DEBUG: DLL loaded at 0x717E0000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2019-12-03 06:14:23,476 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-12-03 06:14:23,476 [root] DEBUG: DLL loaded at 0x71780000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-12-03 06:14:23,476 [root] DEBUG: DLL loaded at 0x71760000: C:\Windows\system32\rasman (0x15000 bytes).
2019-12-03 06:14:23,476 [root] DEBUG: DLL unloaded from 0x71780000.
2019-12-03 06:14:23,476 [root] DEBUG: DLL loaded at 0x71750000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-12-03 06:14:23,476 [root] DEBUG: DLL loaded at 0x71740000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-12-03 06:14:23,476 [root] DEBUG: DLL unloaded from 0x75600000.
2019-12-03 06:14:23,476 [root] DEBUG: DLL unloaded from 0x71760000.
2019-12-03 06:14:23,476 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-12-03 06:14:23,476 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-12-03 06:14:23,492 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-12-03 06:14:23,492 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-12-03 06:14:23,492 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-12-03 06:14:23,492 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-12-03 06:14:23,492 [root] DEBUG: DLL loaded at 0x71730000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-12-03 06:14:23,492 [root] DEBUG: DLL loaded at 0x71720000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-12-03 06:14:23,492 [root] DEBUG: DLL loaded at 0x716E0000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-12-03 06:14:23,523 [root] DEBUG: DLL loaded at 0x71680000: C:\Windows\System32\netprofm (0x5a000 bytes).
2019-12-03 06:14:23,523 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-12-03 06:14:23,539 [root] DEBUG: DLL loaded at 0x74C30000: C:\Windows\system32\rsaenh (0x3b000 bytes).
2019-12-03 06:14:23,539 [root] DEBUG: DLL loaded at 0x747D0000: C:\Windows\system32\RpcRtRemote (0xe000 bytes).
2019-12-03 06:14:23,539 [root] DEBUG: DLL loaded at 0x71670000: C:\Windows\system32\dhcpcsvc6 (0xd000 bytes).
2019-12-03 06:14:23,539 [root] DEBUG: DLL unloaded from 0x718A0000.
2019-12-03 06:14:23,539 [root] DEBUG: DLL unloaded from 0x717E0000.
2019-12-03 06:14:25,832 [root] DEBUG: DLL unloaded from 0x75600000.
2019-12-03 06:14:25,894 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-12-03 06:14:26,174 [root] DEBUG: set_caller_info: Adding region at 0x049F0000 to caller regions list (ntdll::NtWriteFile).
2019-12-03 06:14:26,206 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:27,486 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-12-03 06:14:29,388 [root] DEBUG: DLL loaded at 0x71590000: C:\Windows\system32\ntshrui (0x70000 bytes).
2019-12-03 06:14:29,404 [root] DEBUG: DLL loaded at 0x71650000: C:\Windows\system32\srvcli (0x19000 bytes).
2019-12-03 06:14:29,420 [root] DEBUG: DLL loaded at 0x71640000: C:\Windows\system32\cscapi (0xb000 bytes).
2019-12-03 06:14:29,450 [root] DEBUG: DLL loaded at 0x71630000: C:\Windows\system32\slc (0xa000 bytes).
2019-12-03 06:14:29,450 [root] DEBUG: DLL loaded at 0x71620000: C:\Windows\system32\netutils (0x9000 bytes).
2019-12-03 06:14:29,467 [root] DEBUG: DLL unloaded from 0x01290000.
2019-12-03 06:14:29,482 [root] DEBUG: DLL loaded at 0x71610000: C:\Windows\system32\mssprxy (0xc000 bytes).
2019-12-03 06:14:29,482 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 06:14:29,482 [root] DEBUG: DLL unloaded from 0x71880000.
2019-12-03 06:14:29,482 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2628
2019-12-03 06:14:29,497 [root] DEBUG: GetHookCallerBase: thread 2064 (handle 0x0), return address 0x013D5D02, allocation base 0x01290000.
2019-12-03 06:14:29,497 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x01290000.
2019-12-03 06:14:29,497 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-12-03 06:14:29,497 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x01290000.
2019-12-03 06:14:29,497 [root] DEBUG: DumpProcess: Module entry point VA is 0x001480A3.
2019-12-03 06:14:29,559 [root] INFO: Added new CAPE file to list with path: C:\RRgVUXrs\CAPE\2628_167611303631251332122019
2019-12-03 06:14:29,559 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x243600.
2019-12-03 06:14:29,559 [root] DEBUG: DLL unloaded from 0x724B0000.
2019-12-03 06:14:29,559 [root] DEBUG: DLL unloaded from 0x75140000.
2019-12-03 06:14:29,559 [root] DEBUG: DLL unloaded from 0x749D0000.
2019-12-03 06:14:29,559 [root] INFO: Notified of termination of process with pid 2628.
2019-12-03 06:14:32,696 [root] DEBUG: DLL unloaded from 0x751B0000.
2019-12-03 06:14:46,252 [root] DEBUG: set_caller_info: Adding region at 0x051A0000 to caller regions list (kernel32::SetErrorMode).
2019-12-03 06:14:46,283 [root] INFO: Announced 32-bit process name: Adobe_Updater.exe pid: 2992
2019-12-03 06:14:46,299 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-12-03 06:14:46,299 [lib.api.process] INFO: 32-bit DLL to inject is C:\rwekuld\dll\XVPpDwM.dll, loader C:\rwekuld\bin\GKJIFdA.exe
2019-12-03 06:14:46,299 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pVlBCZtCNZ.
2019-12-03 06:14:46,299 [root] DEBUG: Loader: Injecting process 2992 (thread 1328) with C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:46,299 [root] DEBUG: Process image base: 0x01290000
2019-12-03 06:14:46,299 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:46,299 [root] DEBUG: InjectDllViaIAT: Found a free region from 0x014FE000 - 0x77110000
2019-12-03 06:14:46,299 [root] DEBUG: InjectDllViaIAT: Allocated 0x28c bytes for new import table at 0x01500000.
2019-12-03 06:14:46,299 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2019-12-03 06:14:46,299 [root] DEBUG: Successfully injected DLL C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:46,299 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2992
2019-12-03 06:14:46,299 [root] INFO: Announced 32-bit process name: Adobe_Updater.exe pid: 2992
2019-12-03 06:14:46,315 [lib.api.process] INFO: Option 'procdump' with value '1' sent to monitor
2019-12-03 06:14:46,315 [lib.api.process] INFO: 32-bit DLL to inject is C:\rwekuld\dll\XVPpDwM.dll, loader C:\rwekuld\bin\GKJIFdA.exe
2019-12-03 06:14:46,345 [root] DEBUG: ReadConfig: Successfully loaded pipe name \\.\PIPE\pVlBCZtCNZ.
2019-12-03 06:14:46,361 [root] DEBUG: Loader: Injecting process 2992 (thread 1328) with C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:46,377 [root] DEBUG: Process image base: 0x01290000
2019-12-03 06:14:46,392 [root] DEBUG: InjectDllViaIAT: IAT patching with dll name C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:46,392 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2019-12-03 06:14:46,407 [root] DEBUG: Successfully injected DLL C:\rwekuld\dll\XVPpDwM.dll.
2019-12-03 06:14:46,407 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2992
2019-12-03 06:14:46,407 [root] DEBUG: Terminate processes on terminate_event enabled.
2019-12-03 06:14:46,407 [root] DEBUG: Process dumps enabled.
2019-12-03 06:14:46,440 [root] INFO: Disabling sleep skipping.
2019-12-03 06:14:46,440 [root] DEBUG: RestoreHeaders: Restored original import table.
2019-12-03 06:14:46,454 [root] DEBUG: CAPE initialised: 32-bit base package loaded in process 2992 at 0x747e0000, image base 0x1290000, stack from 0x1c6000-0x1d0000
2019-12-03 06:14:46,470 [root] DEBUG: Commandline: C:\Program Files (x86)\Common Files\Adobe\Updater6\"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US.
2019-12-03 06:14:46,486 [root] INFO: Added new process to list with pid: 2992
2019-12-03 06:14:46,486 [root] INFO: Monitor successfully loaded in process with pid 2992.
2019-12-03 06:14:46,486 [root] DEBUG: DLL loaded at 0x73AD0000: C:\Windows\system32\profapi (0xb000 bytes).
2019-12-03 06:14:46,486 [root] DEBUG: DLL loaded at 0x724B0000: C:\Windows\system32\PROPSYS (0xf5000 bytes).
2019-12-03 06:14:46,502 [root] DEBUG: DLL loaded at 0x74EB0000: C:\Windows\syswow64\CLBCatQ (0x83000 bytes).
2019-12-03 06:14:46,502 [root] DEBUG: DLL loaded at 0x749D0000: C:\Windows\system32\ntmarta (0x21000 bytes).
2019-12-03 06:14:46,502 [root] DEBUG: DLL loaded at 0x76EA0000: C:\Windows\syswow64\WLDAP32 (0x45000 bytes).
2019-12-03 06:14:46,517 [root] DEBUG: DLL unloaded from 0x724B0000.
2019-12-03 06:14:46,517 [root] DEBUG: DLL loaded at 0x75A70000: C:\Windows\syswow64\SETUPAPI (0x19d000 bytes).
2019-12-03 06:14:46,532 [root] DEBUG: DLL loaded at 0x75A10000: C:\Windows\syswow64\CFGMGR32 (0x27000 bytes).
2019-12-03 06:14:46,549 [root] DEBUG: DLL loaded at 0x75D40000: C:\Windows\syswow64\DEVOBJ (0x12000 bytes).
2019-12-03 06:14:46,549 [root] DEBUG: set_caller_info: Adding region at 0x005B0000 to caller regions list (kernel32::SetErrorMode).
2019-12-03 06:14:46,563 [root] DEBUG: set_caller_info: Adding region at 0x04770000 to caller regions list (kernel32::SetErrorMode).
2019-12-03 06:14:46,579 [root] DEBUG: DLL unloaded from 0x75E70000.
2019-12-03 06:14:46,579 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:46,579 [root] DEBUG: set_caller_info: Adding region at 0x00400000 to caller regions list (ntdll::memcpy).
2019-12-03 06:14:46,579 [root] DEBUG: DLL loaded at 0x71AC0000: C:\Windows\system32\RICHED32 (0x6000 bytes).
2019-12-03 06:14:46,595 [root] DEBUG: DLL loaded at 0x71A40000: C:\Windows\system32\RICHED20 (0x76000 bytes).
2019-12-03 06:14:46,611 [root] DEBUG: set_caller_info: Adding region at 0x000D0000 to caller regions list (ntdll::NtWriteFile).
2019-12-03 06:14:46,611 [root] DEBUG: set_caller_info: Adding region at 0x00920000 to caller regions list (ntdll::memcpy).
2019-12-03 06:14:46,674 [root] DEBUG: set_caller_info: Adding region at 0x005F0000 to caller regions list (kernel32::GetSystemTimeAsFileTime).
2019-12-03 06:14:46,688 [root] DEBUG: DLL unloaded from 0x772C0000.
2019-12-03 06:14:46,736 [root] DEBUG: DLL loaded at 0x71A20000: C:\Windows\system32\dhcpcsvc (0x12000 bytes).
2019-12-03 06:14:46,766 [root] DEBUG: DLL loaded at 0x74B50000: C:\Windows\system32\dnsapi (0x44000 bytes).
2019-12-03 06:14:46,766 [root] DEBUG: DLL unloaded from 0x75D60000.
2019-12-03 06:14:46,766 [root] DEBUG: DLL loaded at 0x719C0000: C:\Windows\system32\RASAPI32 (0x52000 bytes).
2019-12-03 06:14:46,782 [root] DEBUG: DLL loaded at 0x719A0000: C:\Windows\system32\rasman (0x15000 bytes).
2019-12-03 06:14:46,798 [root] DEBUG: DLL loaded at 0x71990000: C:\Windows\system32\rtutils (0xd000 bytes).
2019-12-03 06:14:46,798 [root] DEBUG: DLL loaded at 0x72430000: C:\Windows\system32\UxTheme (0x80000 bytes).
2019-12-03 06:14:46,798 [root] DEBUG: DLL unloaded from 0x719C0000.
2019-12-03 06:14:46,798 [root] DEBUG: DLL unloaded from 0x719A0000.
2019-12-03 06:14:46,798 [root] DEBUG: DLL unloaded from 0x75600000.
2019-12-03 06:14:46,813 [root] DEBUG: DLL loaded at 0x71980000: C:\Windows\system32\sensapi (0x6000 bytes).
2019-12-03 06:14:46,813 [root] DEBUG: DLL loaded at 0x74BD0000: C:\Windows\system32\NLAapi (0x10000 bytes).
2019-12-03 06:14:46,813 [root] DEBUG: DLL loaded at 0x74BC0000: C:\Windows\system32\napinsp (0x10000 bytes).
2019-12-03 06:14:46,829 [root] DEBUG: DLL loaded at 0x74BA0000: C:\Windows\system32\pnrpnsp (0x12000 bytes).
2019-12-03 06:14:46,829 [root] DEBUG: DLL loaded at 0x74BF0000: C:\Windows\System32\mswsock (0x3c000 bytes).
2019-12-03 06:14:46,845 [root] DEBUG: DLL loaded at 0x74B40000: C:\Windows\System32\winrnr (0x8000 bytes).
2019-12-03 06:14:46,861 [root] DEBUG: DLL loaded at 0x74BE0000: C:\Windows\System32\wshtcpip (0x5000 bytes).
2019-12-03 06:14:46,861 [root] DEBUG: DLL loaded at 0x71970000: C:\Windows\System32\wship6 (0x6000 bytes).
2019-12-03 06:14:46,861 [root] DEBUG: DLL loaded at 0x71960000: C:\Windows\system32\rasadhlp (0x6000 bytes).
2019-12-03 06:14:46,861 [root] DEBUG: DLL loaded at 0x71920000: C:\Windows\System32\fwpuclnt (0x38000 bytes).
2019-12-03 06:14:46,875 [root] DEBUG: DLL unloaded from 0x74F40000.
2019-12-03 06:14:47,125 [root] DEBUG: set_caller_info: Adding region at 0x04A00000 to caller regions list (ntdll::NtWriteFile).
2019-12-03 06:14:47,484 [root] DEBUG: DLL loaded at 0x74AF0000: C:\Windows\system32\apphelp (0x4c000 bytes).
2019-12-03 06:14:49,309 [root] DEBUG: DLL loaded at 0x71670000: C:\Windows\system32\ntshrui (0x70000 bytes).
2019-12-03 06:14:49,341 [root] DEBUG: DLL loaded at 0x71630000: C:\Windows\system32\srvcli (0x19000 bytes).
2019-12-03 06:14:49,357 [root] DEBUG: DLL loaded at 0x71660000: C:\Windows\system32\cscapi (0xb000 bytes).
2019-12-03 06:14:49,388 [root] DEBUG: DLL loaded at 0x71650000: C:\Windows\system32\slc (0xa000 bytes).
2019-12-03 06:14:49,404 [root] DEBUG: DLL loaded at 0x71610000: C:\Windows\system32\netutils (0x9000 bytes).
2019-12-03 06:14:49,450 [root] DEBUG: DLL loaded at 0x74C70000: C:\Windows\system32\CRYPTSP (0x16000 bytes).
2019-12-03 06:14:49,450 [root] DEBUG: DLL unloaded from 0x01290000.
2019-12-03 06:14:49,450 [root] DEBUG: DLL unloaded from 0x71AC0000.
2019-12-03 06:14:49,450 [root] DEBUG: NtTerminateProcess hook: Attempting to dump process 2992
2019-12-03 06:14:49,450 [root] DEBUG: GetHookCallerBase: thread 1328 (handle 0x0), return address 0x013D5D02, allocation base 0x01290000.
2019-12-03 06:14:49,450 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x01290000.
2019-12-03 06:14:49,482 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-12-03 06:14:49,496 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x01290000.
2019-12-03 06:14:49,513 [root] DEBUG: DumpProcess: Module entry point VA is 0x001480A3.
2019-12-03 06:14:49,543 [root] INFO: Added new CAPE file to list with path: C:\RRgVUXrs\CAPE\2992_35864765648251332122019
2019-12-03 06:14:49,543 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x243600.
2019-12-03 06:14:49,559 [root] DEBUG: DLL unloaded from 0x724B0000.
2019-12-03 06:14:49,559 [root] DEBUG: DLL unloaded from 0x75140000.
2019-12-03 06:14:49,575 [root] DEBUG: DLL unloaded from 0x749D0000.
2019-12-03 06:14:49,575 [root] INFO: Notified of termination of process with pid 2992.
2019-12-03 06:15:07,546 [root] DEBUG: DLL loaded at 0x71B50000: C:\Windows\system32\msimg32 (0x5000 bytes).
2019-12-03 06:16:29,726 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF8390000 to caller regions list (ntdll::NtDuplicateObject).
2019-12-03 06:16:29,759 [root] DEBUG: set_caller_info: Adding region at 0x000007FEF45C0000 to caller regions list (ntdll::NtDuplicateObject).
2019-12-03 06:17:32,595 [root] INFO: Analysis timeout hit (200 seconds), terminating analysis.
2019-12-03 06:17:32,595 [root] INFO: Created shutdown mutex.
2019-12-03 06:17:33,608 [lib.api.process] INFO: Terminate event set for process 884
2019-12-03 06:17:33,608 [root] DEBUG: Terminate Event: Attempting to dump process 884
2019-12-03 06:17:33,608 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x01340000.
2019-12-03 06:17:33,608 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-12-03 06:17:33,608 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x01340000.
2019-12-03 06:17:33,608 [root] DEBUG: DumpProcess: Module entry point VA is 0x00004054.
2019-12-03 06:17:33,625 [root] INFO: Added new CAPE file to list with path: C:\RRgVUXrs\CAPE\884_14546532433317632122019
2019-12-03 06:17:33,625 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x51600.
2019-12-03 06:17:33,641 [lib.api.process] INFO: Termination confirmed for process 884
2019-12-03 06:17:33,641 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 884
2019-12-03 06:17:33,641 [root] INFO: Terminate event set for process 884.
2019-12-03 06:17:33,641 [root] INFO: Terminating process 884 before shutdown.
2019-12-03 06:17:33,641 [root] INFO: Waiting for process 884 to exit.
2019-12-03 06:17:34,654 [lib.api.process] INFO: Terminate event set for process 1632
2019-12-03 06:17:34,654 [root] DEBUG: Terminate Event: Attempting to dump process 1632
2019-12-03 06:17:34,654 [root] DEBUG: DumpInterestingRegions: Dumping Imagebase at 0x00000000FF900000.
2019-12-03 06:17:34,654 [root] DEBUG: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2019-12-03 06:17:34,654 [root] DEBUG: DumpProcess: Instantiating PeParser with address: 0x00000000FF900000.
2019-12-03 06:17:34,654 [root] DEBUG: DumpProcess: Module entry point VA is 0x000000000002B790.
2019-12-03 06:17:34,733 [root] INFO: Added new CAPE file to list with path: C:\RRgVUXrs\CAPE\1632_8978294673417632122019
2019-12-03 06:17:34,733 [root] DEBUG: DumpProcess: Module image dump success - dump size 0x2baa00.
2019-12-03 06:17:34,733 [lib.api.process] INFO: Termination confirmed for process 1632
2019-12-03 06:17:34,733 [root] DEBUG: Terminate Event: CAPE shutdown complete for process 1632
2019-12-03 06:17:34,733 [root] INFO: Terminate event set for process 1632.
2019-12-03 06:17:34,733 [root] INFO: Terminating process 1632 before shutdown.
2019-12-03 06:17:34,733 [root] INFO: Waiting for process 1632 to exit.
2019-12-03 06:17:35,740 [root] INFO: Shutting down package.
2019-12-03 06:17:35,740 [root] INFO: Stopping auxiliary modules.
2019-12-03 06:17:35,740 [root] INFO: Finishing auxiliary modules.
2019-12-03 06:17:35,740 [root] INFO: Shutting down pipe server and dumping dropped files.
2019-12-03 06:17:35,740 [root] WARNING: File at path "C:\RRgVUXrs\debugger" does not exist, skip.
2019-12-03 06:17:35,740 [root] INFO: Analysis completed.

MalScore

10.0

Malicious

Machine

Name Label Manager Started On Shutdown On
target-01 target-01 ESX 2019-12-03 06:14:08 2019-12-03 06:17:50

File Details

File Name IPSecTunnelDatasheet.pdf
File Size 60981 bytes
File Type PDF document, version 1.5
MD5 caae2d88f064e4019772086a1324358c
SHA1 3e2a1a5aef76d97b07bba375231723b008c7e00c
SHA256 2a13e759260c38ffcff6f9ce1f8fdcd5e048d18cb54f5a6e95d613e2223739a0
SHA512 f800d9d51c6c11719fc21064f18668da01fdd56c262c2ba0bf415b5f49b5d17723fa92218e262f0fd0a892a21b643d4e1cd64f4c0d8a5f9405b16a6dbc91e7a9
CRC32 B9A8E9E9
Ssdeep 1536:jtu0dHzrDJHttig/QNWMWwvLvURQbUfsEY/Wxtigc:jtuI/vINWMW6vUSbUf5tHc
TrID
  • 100.0% (.PDF) Adobe Portable Document Format (5000/1)
ClamAV None matched
Yara None matched
CAPE Yara None matched
Resubmit sample

Signatures

SetUnhandledExceptionFilter detected (possible anti-debug)
Possible date expiration check, exits too soon after checking local time
process: Adobe_Updater.exe, PID 2628
Anomalous file deletion behavior detected (10+)
DeletedFile: C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
DeletedFile: C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
DeletedFile: C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
DeletedFile: C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
DeletedFile: C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\Data\AdobeUpdater.aum
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml.0
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.sig
DeletedFile: C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
DeletedFile: C:\Users\user\AppData\Local\Temp\AdobeUpdater6.rbt
DeletedFile: C:\ProgramData\AdobeUpdater6.rbt
Dynamic (imported) function loading detected
DynamicLoader: COMCTL32.dll/RegisterClassNameW
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: USER32.dll/GetGUIThreadInfo
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: GDI32.dll/GdiIsMetaPrintDC
DynamicLoader: UxTheme.dll/BufferedPaintInit
DynamicLoader: UxTheme.dll/BeginBufferedPaint
DynamicLoader: UxTheme.dll/EndBufferedPaint
DynamicLoader: kernel32.dll/SetCriticalSectionSpinCount
DynamicLoader: BIBUtils.dll/
DynamicLoader: sqlite.dll/sqlite3_open_v2
DynamicLoader: sqlite.dll/sqlite3_create_function
DynamicLoader: sqlite.dll/sqlite3_busy_handler
DynamicLoader: sqlite.dll/sqlite3_prepare_v2
DynamicLoader: sqlite.dll/sqlite3_step
DynamicLoader: sqlite.dll/sqlite3_reset
DynamicLoader: sqlite.dll/sqlite3_finalize
DynamicLoader: sqlite.dll/sqlite3_close
DynamicLoader: sqlite.dll/sqlite3_get_autocommit
DynamicLoader: sqlite.dll/sqlite3_exec
DynamicLoader: sqlite.dll/sqlite3_changes
DynamicLoader: sqlite.dll/sqlite3_bind_int64
DynamicLoader: sqlite.dll/sqlite3_bind_text
DynamicLoader: sqlite.dll/sqlite3_bind_null
DynamicLoader: sqlite.dll/sqlite3_bind_int
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: SHELL32.dll/DllGetClassObject
DynamicLoader: mscms.dll/CloseColorProfile
DynamicLoader: mscms.dll/DeleteColorTransform
DynamicLoader: mscms.dll/TranslateBitmapBits
DynamicLoader: mscms.dll/TranslateColors
DynamicLoader: mscms.dll/CheckBitmapBits
DynamicLoader: mscms.dll/InstallColorProfileW
DynamicLoader: mscms.dll/UninstallColorProfileW
DynamicLoader: mscms.dll/EnumColorProfilesW
DynamicLoader: mscms.dll/GetStandardColorSpaceProfileW
DynamicLoader: mscms.dll/GetColorProfileHeader
DynamicLoader: mscms.dll/GetColorDirectoryW
DynamicLoader: mscms.dll/CreateProfileFromLogColorSpaceW
DynamicLoader: mscms.dll/CreateMultiProfileTransform
DynamicLoader: mscms.dll/InternalGetDeviceConfig
DynamicLoader: mscms.dll/WcsOpenColorProfileW
DynamicLoader: mscms.dll/WcsGetDefaultColorProfileSize
DynamicLoader: mscms.dll/WcsGetDefaultColorProfile
DynamicLoader: mscms.dll/WcsGetDefaultRenderingIntent
DynamicLoader: mscms.dll/WcsCreateIccProfile
DynamicLoader: mscms.dll/GetColorProfileFromHandle
DynamicLoader: mscms.dll/WcsGetUsePerUserProfiles
DynamicLoader: Updater.api/PlugInMain
DynamicLoader: EScript.api/PlugInMain
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: AdobeUpdater.dll/AUMDownloadMissingComponents
DynamicLoader: AdobeUpdater.dll/AUMTriggerUpdateCheck
DynamicLoader: AdobeUpdater.dll/AUMDoPluginAction
DynamicLoader: AdobeUpdater.dll/AUMRegisterApplication
DynamicLoader: AdobeUpdater.dll/AUMUnRegisterApplication
DynamicLoader: ieframe.dll/IEIsProtectedModeProcess
DynamicLoader: ieframe.dll/IEIsProtectedModeProcess
DynamicLoader: msimg32.dll/AlphaBlend
DynamicLoader: comctl32.dll/
DynamicLoader: comctl32.dll/
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverPackagePathW
DynamicLoader: WINSPOOL.DRV/CorePrinterDriverInstalledW
DynamicLoader: WINSPOOL.DRV/GetCorePrinterDriversW
DynamicLoader: WINSPOOL.DRV/UploadPrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/InstallPrinterDriverFromPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/AddPrinterConnection2W
DynamicLoader: WINSPOOL.DRV/OpenPrinter2W
DynamicLoader: WINSPOOL.DRV/DeletePrinterKeyW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataExW
DynamicLoader: WINSPOOL.DRV/EnumPrinterKeyW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataExW
DynamicLoader: WINSPOOL.DRV/GetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataW
DynamicLoader: WINSPOOL.DRV/SpoolerPrinterEvent
DynamicLoader: WINSPOOL.DRV/SetPortW
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: WINSPOOL.DRV/DevicePropertySheets
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeW
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeA
DynamicLoader: WINSPOOL.DRV/AddPortExW
DynamicLoader: WINSPOOL.DRV/DeletePrintProvidorW
DynamicLoader: WINSPOOL.DRV/AddPrintProvidorW
DynamicLoader: WINSPOOL.DRV/DeletePrintProcessorW
DynamicLoader: WINSPOOL.DRV/DeleteMonitorW
DynamicLoader: WINSPOOL.DRV/AddMonitorW
DynamicLoader: WINSPOOL.DRV/StartDocDlgW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesA
DynamicLoader: WINSPOOL.DRV/DocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/DeviceCapabilitiesW
DynamicLoader: WINSPOOL.DRV/DeletePrinterIC
DynamicLoader: WINSPOOL.DRV/PlayGdiScriptOnPrinterIC
DynamicLoader: WINSPOOL.DRV/CreatePrinterIC
DynamicLoader: WINSPOOL.DRV/SetJobW
DynamicLoader: WINSPOOL.DRV/GetJobW
DynamicLoader: WINSPOOL.DRV/EnumJobsW
DynamicLoader: WINSPOOL.DRV/AddPrinterW
DynamicLoader: WINSPOOL.DRV/SetPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintersW
DynamicLoader: WINSPOOL.DRV/AddPrinterConnectionW
DynamicLoader: WINSPOOL.DRV/DeletePrinterConnectionW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExA
DynamicLoader: WINSPOOL.DRV/EnumPrinterDriversW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrintProcessorW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorsW
DynamicLoader: WINSPOOL.DRV/GetPrintProcessorDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorDatatypesW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SplDriverUnloadComplete
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/OpenPrinterW
DynamicLoader: WINSPOOL.DRV/OpenPrinterA
DynamicLoader: WINSPOOL.DRV/ResetPrinterW
DynamicLoader: WINSPOOL.DRV/StartDocPrinterW
DynamicLoader: WINSPOOL.DRV/FlushPrinter
DynamicLoader: WINSPOOL.DRV/GetPrinterDataW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataW
DynamicLoader: WINSPOOL.DRV/AddJobW
DynamicLoader: WINSPOOL.DRV/ScheduleJob
DynamicLoader: WINSPOOL.DRV/WaitForPrinterChange
DynamicLoader: WINSPOOL.DRV/FindNextPrinterChangeNotification
DynamicLoader: WINSPOOL.DRV/PrinterMessageBoxW
DynamicLoader: WINSPOOL.DRV/ClosePrinter
DynamicLoader: WINSPOOL.DRV/AddFormW
DynamicLoader: WINSPOOL.DRV/DeleteFormW
DynamicLoader: WINSPOOL.DRV/GetFormW
DynamicLoader: WINSPOOL.DRV/SetFormW
DynamicLoader: WINSPOOL.DRV/EnumFormsW
DynamicLoader: WINSPOOL.DRV/EnumPortsW
DynamicLoader: WINSPOOL.DRV/EnumMonitorsW
DynamicLoader: WINSPOOL.DRV/AddPortW
DynamicLoader: WINSPOOL.DRV/ConfigurePortW
DynamicLoader: WINSPOOL.DRV/DeletePortW
DynamicLoader: WINSPOOL.DRV/GetPrinterW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: LPK.dll/LpkEditControl
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadStrAlloc
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: COMCTL32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: COMCTL32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: COMCTL32.dll/
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: COMCTL32.dll/
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/GetUserDefaultUILanguage
DynamicLoader: kernel32.dll/GetSystemDefaultUILanguage
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: kernel32.dll/GetLongPathNameW
DynamicLoader: kernel32.dll/TryEnterCriticalSection
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: iphlpapi.dll/GetAdaptersAddresses
DynamicLoader: dhcpcsvc.DLL/DhcpRequestParams
DynamicLoader: OLEAUT32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: PROPSYS.dll/PSLookupPropertyHandlerCLSID
DynamicLoader: PROPSYS.dll/PSCreatePropertyStoreFromObject
DynamicLoader: PROPSYS.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: PROPSYS.dll/PropVariantToBoolean
DynamicLoader: PROPSYS.dll/InitPropVariantFromBuffer
DynamicLoader: PROPSYS.dll/PropVariantToBuffer
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: COMCTL32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: sechost.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: srvcli.dll/NetShareGetInfo
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: COMCTL32.dll/
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: SHELL32.dll/
DynamicLoader: ADVAPI32.dll/GetNamedSecurityInfoW
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: COMCTL32.dll/
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: kernel32.dll/GetNativeSystemInfo
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetDefaultPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverPackagePathW
DynamicLoader: WINSPOOL.DRV/CorePrinterDriverInstalledW
DynamicLoader: WINSPOOL.DRV/GetCorePrinterDriversW
DynamicLoader: WINSPOOL.DRV/UploadPrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/InstallPrinterDriverFromPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/AddPrinterConnection2W
DynamicLoader: WINSPOOL.DRV/OpenPrinter2W
DynamicLoader: WINSPOOL.DRV/DeletePrinterKeyW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataExW
DynamicLoader: WINSPOOL.DRV/EnumPrinterKeyW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataExW
DynamicLoader: WINSPOOL.DRV/GetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataExW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDataW
DynamicLoader: WINSPOOL.DRV/EnumPrinterDataW
DynamicLoader: WINSPOOL.DRV/SpoolerPrinterEvent
DynamicLoader: WINSPOOL.DRV/SetPortW
DynamicLoader: WINSPOOL.DRV/DocumentPropertySheets
DynamicLoader: WINSPOOL.DRV/DevicePropertySheets
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeW
DynamicLoader: WINSPOOL.DRV/IsValidDevmodeA
DynamicLoader: WINSPOOL.DRV/AddPortExW
DynamicLoader: WINSPOOL.DRV/DeletePrintProvidorW
DynamicLoader: WINSPOOL.DRV/AddPrintProvidorW
DynamicLoader: WINSPOOL.DRV/DeletePrintProcessorW
DynamicLoader: WINSPOOL.DRV/DeleteMonitorW
DynamicLoader: WINSPOOL.DRV/AddMonitorW
DynamicLoader: WINSPOOL.DRV/StartDocDlgW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/AdvancedDocumentPropertiesA
DynamicLoader: WINSPOOL.DRV/DocumentPropertiesW
DynamicLoader: WINSPOOL.DRV/DeviceCapabilitiesW
DynamicLoader: WINSPOOL.DRV/DeletePrinterIC
DynamicLoader: WINSPOOL.DRV/PlayGdiScriptOnPrinterIC
DynamicLoader: WINSPOOL.DRV/CreatePrinterIC
DynamicLoader: WINSPOOL.DRV/SetJobW
DynamicLoader: WINSPOOL.DRV/GetJobW
DynamicLoader: WINSPOOL.DRV/EnumJobsW
DynamicLoader: WINSPOOL.DRV/AddPrinterW
DynamicLoader: WINSPOOL.DRV/SetPrinterW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverW
DynamicLoader: WINSPOOL.DRV/GetPrinterDriverDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintersW
DynamicLoader: WINSPOOL.DRV/AddPrinterConnectionW
DynamicLoader: WINSPOOL.DRV/DeletePrinterConnectionW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrinterDriverExA
DynamicLoader: WINSPOOL.DRV/EnumPrinterDriversW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverExW
DynamicLoader: WINSPOOL.DRV/AddPrintProcessorW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorsW
DynamicLoader: WINSPOOL.DRV/GetPrintProcessorDirectoryW
DynamicLoader: WINSPOOL.DRV/EnumPrintProcessorDatatypesW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/SplDriverUnloadComplete
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: WINSPOOL.DRV/OpenPrinterW
DynamicLoader: WINSPOOL.DRV/OpenPrinterA
DynamicLoader: WINSPOOL.DRV/ResetPrinterW
DynamicLoader: WINSPOOL.DRV/StartDocPrinterW
DynamicLoader: WINSPOOL.DRV/FlushPrinter
DynamicLoader: WINSPOOL.DRV/GetPrinterDataW
DynamicLoader: WINSPOOL.DRV/SetPrinterDataW
DynamicLoader: WINSPOOL.DRV/AddJobW
DynamicLoader: WINSPOOL.DRV/ScheduleJob
DynamicLoader: WINSPOOL.DRV/WaitForPrinterChange
DynamicLoader: WINSPOOL.DRV/FindNextPrinterChangeNotification
DynamicLoader: WINSPOOL.DRV/PrinterMessageBoxW
DynamicLoader: WINSPOOL.DRV/ClosePrinter
DynamicLoader: WINSPOOL.DRV/AddFormW
DynamicLoader: WINSPOOL.DRV/DeleteFormW
DynamicLoader: WINSPOOL.DRV/GetFormW
DynamicLoader: WINSPOOL.DRV/SetFormW
DynamicLoader: WINSPOOL.DRV/EnumFormsW
DynamicLoader: WINSPOOL.DRV/EnumPortsW
DynamicLoader: WINSPOOL.DRV/EnumMonitorsW
DynamicLoader: WINSPOOL.DRV/AddPortW
DynamicLoader: WINSPOOL.DRV/ConfigurePortW
DynamicLoader: WINSPOOL.DRV/DeletePortW
DynamicLoader: WINSPOOL.DRV/GetPrinterW
DynamicLoader: WINSPOOL.DRV/DeletePrinterDriverPackageW
DynamicLoader: WINSPOOL.DRV/
DynamicLoader: LPK.dll/LpkEditControl
DynamicLoader: kernel32.dll/FlsAlloc
DynamicLoader: kernel32.dll/FlsGetValue
DynamicLoader: kernel32.dll/FlsSetValue
DynamicLoader: kernel32.dll/FlsFree
DynamicLoader: kernel32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: kernel32.dll/IsProcessorFeaturePresent
DynamicLoader: ole32.dll/StringFromGUID2
DynamicLoader: ADVAPI32.dll/OpenThreadToken
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: profapi.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: PROPSYS.dll/PSPropertyBag_ReadStrAlloc
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoGetApartmentType
DynamicLoader: ole32.dll/CoRegisterInitializeSpy
DynamicLoader: COMCTL32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoGetMalloc
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoRevokeInitializeSpy
DynamicLoader: COMCTL32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: ADVAPI32.dll/RegEnumKeyW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ADVAPI32.dll/InitializeSecurityDescriptor
DynamicLoader: ADVAPI32.dll/SetEntriesInAclW
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: ADVAPI32.dll/SetSecurityDescriptorDacl
DynamicLoader: ADVAPI32.dll/IsTextUnicode
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: SHELL32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_Size_ExW
DynamicLoader: SETUPAPI.dll/CM_Get_Device_Interface_List_ExW
DynamicLoader: COMCTL32.dll/
DynamicLoader: kernel32.dll/HeapSetInformation
DynamicLoader: kernel32.dll/GetUserDefaultUILanguage
DynamicLoader: kernel32.dll/GetSystemDefaultUILanguage
DynamicLoader: kernel32.dll/CreateActCtxW
DynamicLoader: kernel32.dll/ReleaseActCtx
DynamicLoader: kernel32.dll/ActivateActCtx
DynamicLoader: kernel32.dll/DeactivateActCtx
DynamicLoader: kernel32.dll/GetFileSizeEx
DynamicLoader: kernel32.dll/GetLongPathNameW
DynamicLoader: kernel32.dll/TryEnterCriticalSection
DynamicLoader: COMCTL32.dll/InitCommonControlsEx
DynamicLoader: COMCTL32.dll/RegisterClassNameW
DynamicLoader: RASAPI32.dll/RasConnectionNotificationW
DynamicLoader: UxTheme.dll/EnableThemeDialogTexture
DynamicLoader: UxTheme.dll/OpenThemeData
DynamicLoader: COMCTL32.dll/RegisterClassNameW
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/MonitorFromWindow
DynamicLoader: USER32.dll/MonitorFromRect
DynamicLoader: USER32.dll/MonitorFromPoint
DynamicLoader: USER32.dll/EnumDisplayMonitors
DynamicLoader: USER32.dll/EnumDisplayDevicesW
DynamicLoader: USER32.dll/GetMonitorInfoW
DynamicLoader: SHELL32.dll/
DynamicLoader: sechost.dll/NotifyServiceStatusChangeA
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ADVAPI32.dll/RegDeleteTreeA
DynamicLoader: ADVAPI32.dll/RegDeleteTreeW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: PROPSYS.dll/PSLookupPropertyHandlerCLSID
DynamicLoader: PROPSYS.dll/PSCreatePropertyStoreFromObject
DynamicLoader: PROPSYS.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/PropVariantToStringAlloc
DynamicLoader: ole32.dll/PropVariantClear
DynamicLoader: PROPSYS.dll/PropVariantToBoolean
DynamicLoader: PROPSYS.dll/InitPropVariantFromBuffer
DynamicLoader: PROPSYS.dll/PropVariantToBuffer
DynamicLoader: apphelp.dll/ApphelpCheckShellObject
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: COMCTL32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: sechost.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: srvcli.dll/NetShareGetInfo
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: COMCTL32.dll/
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: ole32.dll/CreateBindCtx
DynamicLoader: ole32.dll/CoTaskMemRealloc
DynamicLoader: ADVAPI32.dll/GetNamedSecurityInfoW
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: sechost.dll/ConvertStringSidToSidW
DynamicLoader: COMCTL32.dll/
DynamicLoader: sechost.dll/ConvertSidToStringSidW
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: COMCTL32.dll/
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
Performs HTTP requests potentially not found in PCAP.
url: swupmf.adobe.com:80//manifest/60/win/reader9rdr-en_US.upd
url: swupmf.adobe.com:80//manifest/60/win/AdobeUpdater.upd
url: swupmf.adobe.com:80//manifest/60/win/AdobeUpdater.upd
A process created a hidden window
Process: AcroRd32.exe -> "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US
Process: AcroRd32.exe -> "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US
The PDF file contains suspicious characteristics
single_page: PDF contains one page. Many malicious PDFs only have one page.
Sniffs keystrokes
SetWindowsHookExW: Process: explorer.exe(1632)
Likely virus infection of existing system binary
file: c:\users\user\appdata\local\adobe\updater6\autrans.xml_

Screenshots


Hosts

Direct IP Country Name
N 92.123.33.52 [VT] Europe
Y 8.8.8.8 [VT] United States
N 23.210.45.240 [VT] Netherlands

DNS

Name Response Post-Analysis Lookup
swupmf.adobe.com [VT] CNAME ssl.adobe.com.edgekey.net [VT]
A 92.123.33.52 [VT]
CNAME e4578.dscb.akamaiedge.net [VT]
A 23.210.45.240 [VT]

Summary

C:\Users\user\AppData\Local\Temp\IPSecTunnelDatasheet.pdf
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\Program Files (x86)\Common Files
C:\
C:\Program Files (x86)
C:\Program Files (x86)\desktop.ini
C:\Program Files (x86)\Common Files\Adobe
C:\Users\user\AppData\Local\Adobe
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\AdobeComFnt09.lst
C:\Program Files (x86)\Common Files\Adobe\Fonts\Reqrd\CMaps\*.*
C:\Program Files (x86)\Common Files\Adobe\Fonts\*.*
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Reqrd\CMaps\*.*
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\*.*
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CIDFont\*.*
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\*.*
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.pfm
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM
C:\Program Files (x86)\Common Files\Adobe\TypeSupport
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.mmm
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\mmm\ZX______.mmm
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.mmm
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\mmm\ZY______.mmm
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\*.*
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
C:\Users\user\AppData\Roaming
C:\Users
C:\Users\desktop.ini
C:\Users\user
C:\Users\user\AppData
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
C:\Users\
C:\Users\user\
C:\Users\user\AppData\
C:\Users\user\AppData\Roaming\
C:\Users\user\AppData\Roaming\Adobe\
C:\Users\user\AppData\Roaming\Adobe
C:\Users\user\AppData\Roaming\Adobe\Acrobat\
C:\Users\user\AppData\Roaming\Adobe\Acrobat
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\JavaScripts
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JavaScripts
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JavaScripts\*
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CIDFont
C:\Program Files (x86)\Common Files\Adobe\Fonts
C:\Windows\System32\spool\drivers\color\D65.camp
C:\Windows\System32\spool\drivers\color\Photo.gmmp
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Updater.api
C:\Windows\System32\Updater.api
C:\Windows\system\Updater.api
C:\Windows\Updater.api
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
C:\Users\user\AppData\Local\Temp
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\EScript.api
C:\Windows\System32\EScript.api
C:\Windows\system\EScript.api
C:\Windows\EScript.api
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
C:\Users\user\AppData\Local\
C:\Users\user\AppData\Local\Adobe\
C:\Users\user\AppData\Local\Adobe\Acrobat\
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\Updater
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll
C:\Users\user\AppData\Local\Adobe\Updater6
C:\Users\user\AppData\Local\Adobe\Updater6\Install
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
C:\Windows\System32
C:\Windows
C:\Users\user\AppData\Local\Adobe\Updater6\aumLib.log
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\ProgramData
C:\ProgramData\Adobe
C:\ProgramData\Adobe\Updater6
C:\ProgramData\Adobe\
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml
C:\ProgramData\Adobe\Updater6\
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\suppress_all.dat
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe
C:\Program Files (x86)\Adobe\Reader 9.0
C:\Program Files (x86)\Adobe\Reader 9.0\Reader
C:\Windows\imageres.dll
C:\Windows\sysnative\imageres.dll
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Windows\WindowsShell.Manifest
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\user\Documents
\Device\KsecDD
C:\Windows\SysWOW64\shell32.dll
\??\MountPointManager
C:\Users\user\AppData\Local\Microsoft\Windows\Caches
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\user\Documents\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Windows\Fonts
C:\Windows\Fonts\desktop.ini
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.1000.Manifest
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_UpdaterENU.dll
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_UpdaterLOC.dll
C:\Users\user\AppData\Local\Adobe\Updater6\aum.log
C:\Users\user\AppData\Local\Temp\
C:\Users\user\AppData\Local\Temp\AdobeUpdater6.rbt
C:\ProgramData\AdobeUpdater6.rbt
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.en_GB
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.en_US
C:\Program Files (x86)\Common Files\Adobe\Updater6\adobe_aum2pcd.dll
\??\Nsi
C:\ProgramData\Adobe\Updater6\AdobeUpdater.overrides_
C:\ProgramData\Adobe\Updater6\AdobeUpdater.overrides
C:\Users\user\AppData\Local\Adobe\ESD
C:\Users\user\AppData\Local\Adobe\ESD\Prefs.dat
C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
C:\Windows\System32\ras\*.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeMissingComps.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeMissingComps.xml
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\AUExpressTrans.xml
C:\Users\user\AppData\Local\Adobe\Updater6\AUExpressTrans.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\crl
C:\Windows\SysWOW64\propsys.dll
C:\Windows\sysnative\propsys.dll
C:\Windows\System32\ntshrui.dll
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\System32\
C:\Windows\SysWOW64\ntshrui.dll
C:\Windows\System32\*.*
C:\Windows\System32\en-US\ntshrui.dll.mui
C:\Users\user\AppData\Local\Adobe\Updater6\
C:\Windows\System32\tzres.dll
C:\Program Files (x86)\Common Files\Adobe\Updater6
C:\Users\user\AppData\Local\Adobe\Updater6\Data
C:\Users\user\AppData\Local\Adobe\Updater6\Data\AdobeUpdater_meta.txt
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.sig
C:\Users\user\AppData\Local\Adobe\Updater6\Data\AdobeUpdater.aum
C:\Users\user\AppData\Local\Adobe\Updater6\bobcache.dat
C:\Users\user\AppData\Local\Adobe\Updater6\bobcache.sig
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml.0
C:\Users\user\AppData\Local\Temp\IPSecTunnelDatasheet.pdf
C:\Windows\SysWOW64\en-US\MSCTF.dll.mui
C:\
C:\Program Files (x86)\desktop.ini
C:\Program Files (x86)
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\AdobeComFnt09.lst
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\AdobeSysFnt09.lst
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\Cache\AcroFnt09.lst
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll
C:\Users\desktop.ini
C:\Users
C:\Users\user
C:\Users\user\AppData
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
C:\Windows
C:\ProgramData\Adobe\Updater6
C:\ProgramData\Adobe\Updater6\AdobeESDGlobalApps.xml
C:\Users\user\AppData\Local\Adobe\Updater6\suppress_all.dat
C:\Windows\sysnative\imageres.dll
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\slideshow.ini
C:\Windows\WindowsShell.Manifest
C:\Windows\Globalization\Sorting\sortdefault.nls
\Device\KsecDD
C:\Windows\SysWOW64\shell32.dll
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db
C:\Users\user\Documents\desktop.ini
C:\Users\user\Desktop\desktop.ini
C:\Windows\Fonts\desktop.ini
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe.1000.Manifest
C:\Users\user\AppData\Local\Temp\AdobeUpdater6.rbt
C:\ProgramData\AdobeUpdater6.rbt
C:\Users\user\AppData\Local\Adobe\ESD\Prefs.dat
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer
C:\Users\user\AppData\Local
C:\Users\user\AppData\Local\Adobe
C:\Users\user\AppData\Local\Adobe\Updater6
C:\Users\user\AppData\Local\Adobe\Updater6\crl
C:\Windows\System32\ntshrui.dll
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\System32\
C:\Windows\System32\en-US\ntshrui.dll.mui
C:\Windows\System32\tzres.dll
C:\Users\user\AppData\Local\Adobe\Updater6\Data\AdobeUpdater_meta.txt
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml.0
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
C:\Users\user\AppData\Local\Adobe\Updater6\aumLib.log
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
C:\Users\user\AppData\Local\Adobe\Updater6\aum.log
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.sig
C:\Users\user\AppData\Local\Adobe\Updater6\Data\AdobeUpdater.aum
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml.0
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
C:\Users\user\AppData\Local\Adobe\Updater6\crl
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\Data\AdobeUpdater.aum
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml.0
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.sig
C:\Users\user\AppData\Local\Temp\AdobeUpdater6.rbt
C:\ProgramData\AdobeUpdater6.rbt
HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\AVPrivate
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Preview
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Preview
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Access
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Access
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\LayoutAndZoom
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\LayoutAndZoom
HKEY_CURRENT_USER
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\RememberedViews
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\RememberedViews
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AcroRd32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{70FAF614-E0B1-11D3-8F5C-00C04F9CF4AC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
HKEY_CURRENT_USER\Keyboard Layout\Toggle
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AdobeViewer
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\Launched
HKEY_CURRENT_USER\Software\Classes\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\MeasuringGeo
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\MeasuringGeo
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_CLASSES_ROOT\CLSID
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{00021401-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32
\xe7\xb5\x88\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Type 1 Installer\Type 1 Fonts
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\UsageMeasurement
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\UsageMeasurement
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Installer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\VersionMax
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\VersionMin
HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 9
HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 9\OptIn
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClusSvc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\ri
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0002
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0002\ProfileEnumMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0002\ICMProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\sRGB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\camp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\rip
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\General
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\General
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\Updater
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\Updater
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\9.0\InstallPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\InstallPath\(Default)
\xe7\xb5\x88\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\ENU_GUID
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer
HKEY_LOCAL_MACHINE\System
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
\xe1\xbf\xb0\xc2\x98EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\ENU_GUID
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000401
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\d
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000402
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\5
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000403
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000404
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\9
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000405
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000406
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000407
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\4
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_CLASSES_ROOT\Applications\AcroRd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\NoStartPage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\IsHostApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\UseExecutableForTaskbarGroupIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\TaskbarExceptionsIcons
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_LOCAL_MACHINE\Control Panel\Personalization\Desktop Slideshow
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\Win31FileSystem
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag\FoldersDependentOn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Adobe_Updater.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CLASSES_ROOT\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
HKEY_CLASSES_ROOT\Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\IconHandler
HKEY_CLASSES_ROOT\Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PropertyBag
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag\FoldersDependentOn
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag\FoldersDependentOn
HKEY_CLASSES_ROOT\CLSID\{BD84B380-8CA2-1069-AB1D-08000948F534}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\EnableFileTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\FileTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\EnableConsoleTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\ConsoleTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\MaxFileSize
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\FileDirectory
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\EnableFileTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\FileTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\EnableConsoleTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\ConsoleTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\MaxFileSize
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\FileDirectory
HKEY_USERS\S-1-5-21-120665959-548228820-2376508522-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xc5\x90\xc2\xaeEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ConfirmFileDelete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\PropertyHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(Default)
HKEY_CLASSES_ROOT\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing\(Default)
HKEY_CLASSES_ROOT\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\LoadWithoutCOM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40dd6e20-7c17-11ce-a804-00aa003ca9f6}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\ntshrui.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\DefaultSecurity
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\DefaultSecurity\SrvsvcDefaultShareInfo
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PROFILELIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Sharing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Sharing\UsersShareName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\Adobe_Updater.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Adobe_Updater.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater6
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater6
HKEY_CURRENT_USER\Control Panel\International\sDecimal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Language Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Hotkey
HKEY_CURRENT_USER\Keyboard Layout\Toggle\Layout Hotkey
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
HKEY_CURRENT_USER\Control Panel\International\sThousand
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\9.0\AdobeViewer\Launched
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\ProgID\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\InprocHandler32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\MaximumAllowedAllocationSize
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
\xe7\xb5\x88\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\VersionMax
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\VersionMin
HKEY_CURRENT_USER\Software\Adobe\CommonFiles\Usage\Reader 9\OptIn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\ri
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0002\ProfileEnumMode
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0002\ICMProfile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\sRGB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\camp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\RegisteredProfiles\rip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\InstallPath\(Default)
\xe7\xb5\x88\xc3\x8cEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\ENU_GUID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-120665959-548228820-2376508522-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{62AB5D82-FDC1-4DC3-A9DD-070D1D495D97}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
\xe1\xbf\xb0\xc2\x98EY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Acrobat Reader\9.0\Installer\ENU_GUID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ar-SA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bg-BG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ca-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-Hans
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cs-CZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\da-DK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\de-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\el-GR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\es-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fi-FI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fr-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\he-IL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hu-HU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\is-IS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ja-JP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ko-KR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nl-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\no
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nb-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pl-PL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pt-BR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rm-CH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ro-RO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ru-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hr-HR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sk-SK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sq-AL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sv-SE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\th-TH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tr-TR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ur-PK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\id-ID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uk-UA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\be-BY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sl-SI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\et-EE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lv-LV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lt-LT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tg-Cyrl-TJ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fa-IR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\vi-VN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hy-AM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\az-Latn-AZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\eu-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hsb-DE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mk-MK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tn-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\xh-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zu-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\af-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ka-GE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fo-FO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\hi-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mt-MT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\se-NO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ga-IE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ms-MY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kk-KZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ky-KG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sw-KE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tk-TM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\uz-Latn-UZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tt-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\pa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gu-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\or-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ta-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\te-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kn-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ml-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\as-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mr-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sa-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mn-MN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\bo-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cy-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\km-KH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lo-LA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gl-ES
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kok-IN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\syr-SY
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\si-LK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\iu-Latn-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\am-ET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\tzm-Latn-DZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ne-NP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fy-NL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ps-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\fil-PH
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\dv-MV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ha-Latn-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\yo-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\quz-BO
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\nso-ZA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ba-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\lb-LU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\kl-GL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ig-NG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ii-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\arn-CL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\moh-CA
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\br-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\ug-CN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\mi-NZ
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\oc-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\co-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gsw-FR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\sah-RU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\qut-GT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\rw-RW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wo-SN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\prs-AF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\gd-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000401
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\d
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000402
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\5
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000403
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\zh-TW
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000404
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\9
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000405
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000406
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000407
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000408
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\4
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000809
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\NoStartPage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\IsHostApp
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\AcroRD32.exe\UseExecutableForTaskbarGroupIcon
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Interval
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Shuffle
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\AnimationDuration
HKEY_CURRENT_USER\Control Panel\Personalization\Desktop Slideshow\Flags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\FileSystem\Win31FileSystem
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only
DisableUserModeCallbackFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-GB
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-GB
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag\FoldersDependentOn
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{59031A47-3F72-44A7-89C5-5595FE6B30EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cd-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{3abfb8f2-2ffd-11e7-a4cf-806e6f6e6963}\Generation
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{5e1375cc-b5ba-11e3-a2f5-806e6f6e6963}\Generation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\InitFolderHandler
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag\FoldersDependentOn
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag\FoldersDependentOn
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\EnableFileTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\FileTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\EnableConsoleTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\ConsoleTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\MaxFileSize
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASAPI32\FileDirectory
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\EnableFileTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\FileTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\EnableConsoleTracing
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\ConsoleTracingMask
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\MaxFileSize
\xc5\x90\xc2\xaeEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Adobe_Updater_RASMANCS\FileDirectory
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
\xc5\x90\xc2\xaeEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ConfirmFileDelete
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\NoFileFolderConnection
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Advanced\MaxUndoItems
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InProcServer32\LoadWithoutCOM
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\DefaultSecurity\SrvsvcDefaultShareInfo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Sharing\UsersShareName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater6
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater6
comctl32.dll.RegisterClassNameW
ole32.dll.CoInitializeEx
ole32.dll.CoUninitialize
ole32.dll.CoRegisterInitializeSpy
ole32.dll.CoRevokeInitializeSpy
user32.dll.GetGUIThreadInfo
oleaut32.dll.#4
oleaut32.dll.#6
oleaut32.dll.#2
oleaut32.dll.#7
shell32.dll.DllGetClassObject
gdi32.dll.GdiIsMetaPrintDC
uxtheme.dll.BufferedPaintInit
uxtheme.dll.BeginBufferedPaint
uxtheme.dll.EndBufferedPaint
kernel32.dll.SetCriticalSectionSpinCount
bibutils.dll.#3
sqlite.dll.sqlite3_open_v2
sqlite.dll.sqlite3_create_function
sqlite.dll.sqlite3_busy_handler
sqlite.dll.sqlite3_prepare_v2
sqlite.dll.sqlite3_step
sqlite.dll.sqlite3_reset
sqlite.dll.sqlite3_finalize
sqlite.dll.sqlite3_close
sqlite.dll.sqlite3_get_autocommit
sqlite.dll.sqlite3_exec
sqlite.dll.sqlite3_changes
sqlite.dll.sqlite3_bind_int64
sqlite.dll.sqlite3_bind_text
sqlite.dll.sqlite3_bind_null
sqlite.dll.sqlite3_bind_int
mscms.dll.CloseColorProfile
mscms.dll.DeleteColorTransform
mscms.dll.TranslateBitmapBits
mscms.dll.TranslateColors
mscms.dll.CheckBitmapBits
mscms.dll.InstallColorProfileW
mscms.dll.UninstallColorProfileW
mscms.dll.EnumColorProfilesW
mscms.dll.GetStandardColorSpaceProfileW
mscms.dll.GetColorProfileHeader
mscms.dll.GetColorDirectoryW
mscms.dll.CreateProfileFromLogColorSpaceW
mscms.dll.CreateMultiProfileTransform
mscms.dll.InternalGetDeviceConfig
mscms.dll.WcsOpenColorProfileW
mscms.dll.WcsGetDefaultColorProfileSize
mscms.dll.WcsGetDefaultColorProfile
mscms.dll.WcsGetDefaultRenderingIntent
mscms.dll.WcsCreateIccProfile
mscms.dll.GetColorProfileFromHandle
mscms.dll.WcsGetUsePerUserProfiles
updater.api.PlugInMain
escript.api.PlugInMain
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
adobeupdater.dll.AUMDownloadMissingComponents
adobeupdater.dll.AUMTriggerUpdateCheck
adobeupdater.dll.AUMDoPluginAction
adobeupdater.dll.AUMRegisterApplication
adobeupdater.dll.AUMUnRegisterApplication
ieframe.dll.IEIsProtectedModeProcess
msimg32.dll.AlphaBlend
comctl32.dll.#326
comctl32.dll.#331
kernel32.dll.GetNativeSystemInfo
winspool.drv.#218
winspool.drv.#217
winspool.drv.SetDefaultPrinterW
winspool.drv.GetDefaultPrinterW
winspool.drv.GetPrinterDriverPackagePathW
winspool.drv.CorePrinterDriverInstalledW
winspool.drv.GetCorePrinterDriversW
winspool.drv.UploadPrinterDriverPackageW
winspool.drv.InstallPrinterDriverFromPackageW
winspool.drv.#251
winspool.drv.AddPrinterConnection2W
winspool.drv.OpenPrinter2W
winspool.drv.DeletePrinterKeyW
winspool.drv.DeletePrinterDataExW
winspool.drv.EnumPrinterKeyW
winspool.drv.EnumPrinterDataExW
winspool.drv.GetPrinterDataExW
winspool.drv.SetPrinterDataExW
winspool.drv.DeletePrinterDataW
winspool.drv.EnumPrinterDataW
winspool.drv.SpoolerPrinterEvent
winspool.drv.SetPortW
winspool.drv.DocumentPropertySheets
winspool.drv.DevicePropertySheets
winspool.drv.IsValidDevmodeW
winspool.drv.IsValidDevmodeA
winspool.drv.AddPortExW
winspool.drv.DeletePrintProvidorW
winspool.drv.AddPrintProvidorW
winspool.drv.DeletePrintProcessorW
winspool.drv.DeleteMonitorW
winspool.drv.AddMonitorW
winspool.drv.StartDocDlgW
winspool.drv.AdvancedDocumentPropertiesW
winspool.drv.AdvancedDocumentPropertiesA
winspool.drv.DocumentPropertiesW
winspool.drv.DeviceCapabilitiesW
winspool.drv.DeletePrinterIC
winspool.drv.PlayGdiScriptOnPrinterIC
winspool.drv.CreatePrinterIC
winspool.drv.SetJobW
winspool.drv.GetJobW
winspool.drv.EnumJobsW
winspool.drv.AddPrinterW
winspool.drv.SetPrinterW
winspool.drv.GetPrinterDriverW
winspool.drv.GetPrinterDriverDirectoryW
winspool.drv.EnumPrintersW
winspool.drv.AddPrinterConnectionW
winspool.drv.DeletePrinterConnectionW
winspool.drv.AddPrinterDriverExW
winspool.drv.AddPrinterDriverExA
winspool.drv.EnumPrinterDriversW
winspool.drv.DeletePrinterDriverW
winspool.drv.DeletePrinterDriverExW
winspool.drv.AddPrintProcessorW
winspool.drv.EnumPrintProcessorsW
winspool.drv.GetPrintProcessorDirectoryW
winspool.drv.EnumPrintProcessorDatatypesW
winspool.drv.#207
winspool.drv.#209
winspool.drv.#211
winspool.drv.#212
winspool.drv.SplDriverUnloadComplete
winspool.drv.#213
winspool.drv.#214
winspool.drv.OpenPrinterW
winspool.drv.OpenPrinterA
winspool.drv.ResetPrinterW
winspool.drv.StartDocPrinterW
winspool.drv.FlushPrinter
winspool.drv.GetPrinterDataW
winspool.drv.SetPrinterDataW
winspool.drv.AddJobW
winspool.drv.ScheduleJob
winspool.drv.WaitForPrinterChange
winspool.drv.FindNextPrinterChangeNotification
winspool.drv.PrinterMessageBoxW
winspool.drv.ClosePrinter
winspool.drv.AddFormW
winspool.drv.DeleteFormW
winspool.drv.GetFormW
winspool.drv.SetFormW
winspool.drv.EnumFormsW
winspool.drv.EnumPortsW
winspool.drv.EnumMonitorsW
winspool.drv.AddPortW
winspool.drv.ConfigurePortW
winspool.drv.DeletePortW
winspool.drv.GetPrinterW
winspool.drv.DeletePrinterDriverPackageW
winspool.drv.#234
lpk.dll.LpkEditControl
ole32.dll.StringFromGUID2
advapi32.dll.OpenThreadToken
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
sechost.dll.ConvertSidToStringSidW
profapi.dll.#104
ole32.dll.CoTaskMemFree
ole32.dll.CoTaskMemAlloc
propsys.dll.PSPropertyBag_ReadStrAlloc
oleaut32.dll.#8
cryptbase.dll.SystemFunction036
ole32.dll.CreateBindCtx
ole32.dll.CoGetApartmentType
comctl32.dll.#236
ole32.dll.CoGetMalloc
comctl32.dll.#320
comctl32.dll.#324
comctl32.dll.#323
comctl32.dll.#388
oleaut32.dll.#500
comctl32.dll.#328
comctl32.dll.#334
setupapi.dll.CM_Get_Device_Interface_List_Size_ExW
advapi32.dll.RegEnumKeyW
setupapi.dll.CM_Get_Device_Interface_List_ExW
ole32.dll.CoCreateInstance
comctl32.dll.#332
advapi32.dll.InitializeSecurityDescriptor
advapi32.dll.SetEntriesInAclW
comctl32.dll.#386
ntmarta.dll.GetMartaExtensionInterface
advapi32.dll.SetSecurityDescriptorDacl
advapi32.dll.IsTextUnicode
comctl32.dll.#338
comctl32.dll.#339
shell32.dll.#102
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
kernel32.dll.HeapSetInformation
kernel32.dll.GetUserDefaultUILanguage
kernel32.dll.GetSystemDefaultUILanguage
kernel32.dll.CreateActCtxW
kernel32.dll.ReleaseActCtx
kernel32.dll.ActivateActCtx
kernel32.dll.DeactivateActCtx
kernel32.dll.GetLongPathNameW
kernel32.dll.TryEnterCriticalSection
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
advapi32.dll.RegDeleteTreeA
advapi32.dll.RegDeleteTreeW
iphlpapi.dll.GetAdaptersAddresses
dhcpcsvc.dll.DhcpRequestParams
oleaut32.dll.#200
comctl32.dll.#385
propsys.dll.PSLookupPropertyHandlerCLSID
propsys.dll.PSCreatePropertyStoreFromObject
propsys.dll.#417
propsys.dll.PropVariantToStringAlloc
ole32.dll.PropVariantClear
propsys.dll.PropVariantToBoolean
propsys.dll.InitPropVariantFromBuffer
propsys.dll.PropVariantToBuffer
apphelp.dll.ApphelpCheckShellObject
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
sechost.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
srvcli.dll.NetShareGetInfo
netutils.dll.NetApiBufferFree
ole32.dll.CoTaskMemRealloc
shell32.dll.#66
advapi32.dll.GetNamedSecurityInfoW
sechost.dll.ConvertStringSidToSidW
comctl32.dll.#329
comctl32.dll.#321
comctl32.dll.#387
comctl32.dll.#327
rpcrt4.dll.RpcBindingFree
advapi32.dll.UnregisterTraceGuids
cryptsp.dll.CryptReleaseContext
kernel32.dll.GetFileSizeEx
comctl32.dll.InitCommonControlsEx
uxtheme.dll.EnableThemeDialogTexture
uxtheme.dll.OpenThemeData
user32.dll.GetSystemMetrics
user32.dll.MonitorFromWindow
user32.dll.MonitorFromRect
user32.dll.MonitorFromPoint
user32.dll.EnumDisplayMonitors
user32.dll.EnumDisplayDevicesW
user32.dll.GetMonitorInfoW
"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US
"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US
Local\MSCTF.Asm.MutexDefault1
KxuNPSeFtMNxt6hdKaYh2A==
5cc/lvbQhsQNME+6NHD/xg==
UCKc3n1337ACyghraJlhBQ==
2AC1A572DB6944B0A65C38C4140AF2F4a44014B33B0
Pk769Neyb2LJ4tBTV/Fa7g==
IESQMMUTEX_0_208
2AC1A572DB6944B0A65C38C4140AF2F4a44014B33B8
KY7m32fYvtOkGCQqYdOICg==
\xe6\x91\x81\xe6\x89\xaf\xe5\x95\xa5\xe6\x91\xb0\xe7\x91\xa1\xe7\x89\xa56
2AC1A572DB6944B0A65C38C4140AF2F4bb0014B33B0
2AC1A572DB6944B0A65C38C4140AF2F4bb0014B33B8

PDF Information

Total Entropy 7.983620
Entropy In Streams 7.994873
Entropy Out of Streams 4.717416
Count of "%% EOF" 1
PDF Header %PDF-1.5
Data After EOF 0 bytes
File Size 60981 bytes
Number of Pages 1

Keyword Counts

Keyword Count
/ObjStm 1
/AcroForm 0
xref 0
obj 14
/JS 0
stream 11
endobj 14
/OpenAction 0
/JavaScript 0
endstream 8
/Page 1
/RichMedia 0
startxref 1
/JBIG2Decode 0
/EmbeddedFile 0
/Encrypt 0
/AA 0
/XFA 0
/Colors > 2^24 0
/Launch 0
trailer 0

This file is not on VirusTotal.

Process Tree


AcroRd32.exe, PID: 884, Parent PID: 2480
Full Path: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Command Line: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\user\AppData\Local\Temp\IPSecTunnelDatasheet.pdf"
explorer.exe, PID: 1632, Parent PID: 1496
Full Path: C:\Windows\explorer.exe
Command Line: C:\Windows\Explorer.EXE
Adobe_Updater.exe, PID: 2628, Parent PID: 884
Full Path: C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
Command Line: "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -doActionAppID=reader9rdr-en_US
Adobe_Updater.exe, PID: 2992, Parent PID: 884
Full Path: C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
Command Line: "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=1 -AU_DISPLAY_LANG=en_US -AU_LAUNCH_APPID=reader9rdr-en_US

Hosts

Direct IP Country Name
N 92.123.33.52 [VT] Europe
Y 8.8.8.8 [VT] United States
N 23.210.45.240 [VT] Netherlands

TCP

Source Source Port Destination Destination Port
192.168.35.21 49200 23.210.45.240 swupmf.adobe.com 80
192.168.35.21 49186 92.123.33.52 swupmf.adobe.com 80
192.168.35.21 49187 92.123.33.52 swupmf.adobe.com 80

UDP

Source Source Port Destination Destination Port
192.168.35.21 53447 8.8.8.8 53
192.168.35.21 58094 8.8.8.8 53

DNS

Name Response Post-Analysis Lookup
swupmf.adobe.com [VT] CNAME ssl.adobe.com.edgekey.net [VT]
A 92.123.33.52 [VT]
CNAME e4578.dscb.akamaiedge.net [VT]
A 23.210.45.240 [VT]

HTTP Requests

URI Data
http://swupmf.adobe.com/manifest/60/win/reader9rdr-en_US.upd
GET /manifest/60/win/reader9rdr-en_US.upd HTTP/1.1
Accept: *
User-Agent: Adobe Update Manager 6
Host: swupmf.adobe.com

http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd
GET /manifest/60/win/AdobeUpdater.upd HTTP/1.1
Accept: *
User-Agent: Adobe Update Manager 6
Host: swupmf.adobe.com

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

File name SharedDataEvents
Associated Filenames
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
File Size 3072 bytes
File Type SQLite 3.x database
MD5 306eb129b900e24635cd2930f0f04c2e
SHA1 0239e72d27c52b9abe95fad7090e9416d22e6534
SHA256 0ad230f05a7d07a7016c65d30976cd65d0ab78f6189e386ac3bf69b3c6893a1f
CRC32 B57E766A
Ssdeep 24:r2Rx/XYKQvGJF7ursClSDj1jEDcvYDj14c:yl2GL7msCMSgvYH
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name SharedDataEvents-journal
Associated Filenames
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
File Size 3088 bytes
File Type data
MD5 d43082e18110c03e9a3ea6d3fb8b8324
SHA1 690f297c0d177d535310e7b96754802c0d004fe4
SHA256 c8b7e4a8904cfc28e1887af568de675fdb0eb6b01750bbfe7b657f00c72de280
CRC32 95299AA1
Ssdeep 24:7+tdrMDj1jEDcvYDj14082Rx/XYKQvGJF7ursq:7MCSgvYhzl2GL7msq
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name SharedDataEvents
Associated Filenames
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
File Size 3072 bytes
File Type SQLite 3.x database
MD5 557b78535edca635d52f69e3fccb6710
SHA1 5755dd87fbce842639a113548889eed7f4187a6c
SHA256 a4a3df88fe9401beabe5824acd8f85358ee7ff5e1a58f1c9168cf115c1ebe25d
CRC32 D23013B0
Ssdeep 24:rPRx/XYKQvGJF7urshUDDj1aEDcv3oDj14c:dl2GL7msy7gv3oH
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name SharedDataEvents-journal
Associated Filenames
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
File Size 1024 bytes
File Type data
MD5 2f61c4d799b8fd3f192fab91954b3159
SHA1 021d6e96815f3df2927c1cb3d8f1b9967198e670
SHA256 1522680c641ff42ffb7ab9ab78021b5a33d5aed292c98f90e87c6bdeea52b72b
CRC32 366DADB3
Ssdeep 3:7FEG2l/+pell:7+/l/
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name SharedDataEvents-journal
Associated Filenames
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
File Size 1024 bytes
File Type data
MD5 373ba92cf89e5d44b8358ed1f8822567
SHA1 98185064c299c6d47cf11386e1cadd48200220f1
SHA256 932ed2dc2f0afbfb5f7c5240ab307ec4bf50f0a16f65b6a2e31c4e9593f628a9
CRC32 CB9C9B43
Ssdeep 3:7FEG2l/bvtm/xll:7+/l/bF
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name SharedDataEvents-journal
Associated Filenames
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
File Size 1024 bytes
File Type data
MD5 7d6ae66ec62412ec0cedf08f7cfaddba
SHA1 2c9119129c5b7a4f97364d95b20571fb717a73b0
SHA256 e0ce8b34586267b07db23f9eda769bdb46f3b21da7f7d00ca00fa16bb2518d8e
CRC32 750C40B4
Ssdeep 3:7FEG2l/3vcxll:7+/l/3
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name SharedDataEvents-journal
Associated Filenames
C:\Users\user\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents-journal
File Size 1024 bytes
File Type data
MD5 98bbd967ad304bbb91d49f4d5873fb1b
SHA1 c70505a0104eaf92993bd9adfe5e2f3a2b52a841
SHA256 115234a4a9a0a966e97e448a41bef1d3a16ce0bfbe8131ec93ff63b095eaee07
CRC32 39106A23
Ssdeep 3:7FEG2l/Bi/mlrll:7+/l/B
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 141 bytes
File Type XML 1.0 document, ASCII text
MD5 9cd49a3300bd539a43fe1d1d861bfbdf
SHA1 1f914131b57d8f6e644c3c650546b5da75fe820e
SHA256 d44d0ed609da468b3cf881eb46ddd379d1e53326036b190d8d8560fee73c532b
CRC32 F288FEE9
Ssdeep 3:vFWWMNHU8LdgC/Zw8b6Cw0IAucpkVkE2J5kHayRf/gMJ+vZE7bn:TMVBdxwle9uOk/23kHayt4M0M
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 164 bytes
File Type XML 1.0 document, ASCII text
MD5 f8b6f7bedff6f4a40d4ad073da387d24
SHA1 13eaa6d7067a6ec7ff8674f6d6018f14e6a8a6fd
SHA256 bb36a7632b594658beba34e81a077cf83332bc6d59afb535243191cef6db70ab
CRC32 C3B3F019
Ssdeep 3:vFWWMNHU8LdgC/Zw8b6Cw0IAucpkVkE2J5kHayRf/gMJ+vZEXsuJS7bn:TMVBdxwle9uOk/23kHayt4M0RuJY
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 197 bytes
File Type XML 1.0 document, ASCII text
MD5 7baaab500a5b342588416929ec58415b
SHA1 1fe14329ee015ced298f7fd691172642fd4c216f
SHA256 c901f4faeebef941d64c0af686d6c30da6b43dda9e3c71c2bbc89632ae6041ed
CRC32 9976FB2A
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrM:TMHdx7U14buJX1UI
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 226 bytes
File Type XML 1.0 document, ASCII text
MD5 f0dadee3baaed64da84a3b5eab72845a
SHA1 f3c8e23359c437a27bee87f487d776edfb12021b
SHA256 5cefbe85c95dcaec905c6ac3e7e2b028139d678111143dc8f41c6deff3221ab7
CRC32 5665246F
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1sPu1WDA:TMHdx7U14buJX1UC50
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>0</SilentCheck>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 261 bytes
File Type XML 1.0 document, ASCII text
MD5 2c37eb858ea506ad4c1f61dd51ecd7bb
SHA1 6c5d37f53d4fd3ab77b3fbe002ee5c40ab62a4ad
SHA256 8e3d4f3eb4cb482156f68e14dd00b4754472d259842c6620ec49b17f50e124de
CRC32 6B5AD32B
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1sPu1Wn7qj6kO:TMHdx7U14buJX1UC5G6kO
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>0</SilentCheck>
<ConnectionType>0</ConnectionType>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 279 bytes
File Type XML 1.0 document, ASCII text
MD5 4a731bf60bd15a04f09580cff994c5c2
SHA1 32d0c74c9b508978d598b1480b5a60db83544c0a
SHA256 36561dcc2adfb795352a8721813e9aa1fc669ef29bb9ce2e4fdb67142c82c320
CRC32 53DAA5A1
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1sPu1Wn7qjDrLl:TMHdx7U14buJX1UC5GDfl
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>0</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch></Launch>
</AdobeUpdater>
File name aum.log
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\aum.log
File Size 1168 bytes
File Type ASCII text, with CRLF line terminators
MD5 d7c17f5f7bcd403b0776b5b2c32b59e2
SHA1 46fb911a3b9451777fe8c8852858a4dab30306f2
SHA256 0a6c257c0bc4571b72479470d67f441214d6dac680e290039c8196b053126255
CRC32 3E6273C9
Ssdeep 24:KfJqMmMBmjmyZEQbZpCrOYpjZUTzp1QbVeprOZX2ZUTzamxcble2rx:CJlmMgmy6QbZYyY5iXLQbVepyZX2iXNc
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
2019-12-03T12:54:23: >>> Adobe Updater Log Begin >>>
2019-12-03T12:54:23: cmdline option: -logFile = C:\Users\user\AppData\Local\Adobe\Updater6\aum.log
2019-12-03T12:54:23: cmdline option: -logLevel = 2
2019-12-03T12:54:23: Display Language requested = 
2019-12-03T12:54:24: Valid AppID added from global xml file = reader9rdr-en_US
2019-12-03T12:54:24: Could not load adobe_aum2pcd.dll
2019-12-03T12:54:24: No Startup mode specified.
2019-12-03T12:54:31: GetAppIDUpdates: getting available update info for AppID: reader9rdr-en_US
2019-12-03T13:25:14: GetAppIDUpdates: getting .upd file: http://swupmf.adobe.com/manifest/60/win/reader9rdr-en_US.upd
2019-12-03T13:25:14: GetAppIDUpdates: GetManifestProcessingError = 3
2019-12-03T13:25:14: GetAppIDUpdates: getting available update info for AppID: AdobeUpdater
2019-12-03T13:25:15: GetAppIDUpdates: getting .upd file: http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd
2019-12-03T13:25:15: GetAppIDUpdates: GetManifestProcessingError = 3
2019-12-03T13:25:17: sLaunchMode is = 
2019-12-03T13:25:21: No manual/schedule workflow to process next
2019-12-03T13:25:31: <<< Adobe Updater Log End <<<


File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 288 bytes
File Type XML 1.0 document, ASCII text
MD5 93fcf39e287cf5fbca52977cdc0f603a
SHA1 f3bd010eb09f7b813e97c89ed1b890a215a1a49f
SHA256 1e20601dfcd501a475f2915d97be7328dbc455624194ad94325982a8f64289d7
CRC32 1A75FB6C
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1sPu1Wn7qjnoh:TMHdx7U14buJX1UC5GU
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>0</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch>Scheduled</Launch>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 288 bytes
File Type XML 1.0 document, ASCII text
MD5 f9a4946bf91b12edee40849b29357eb0
SHA1 a2a772a2dc65fb412df0f88dcbba9140f0ac2db3
SHA256 297be46b6f069a281f4c8620f89a70cddec0c4fc16465fb11349abf95c62a5e1
CRC32 7E4F9DB6
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1q51Wn7qjnoh:TMHdx7U14buJX1Ue2GU
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>1</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch>Scheduled</Launch>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 315 bytes
File Type XML 1.0 document, ASCII text
MD5 fb2893d2aec0a499d0bcc4650146f8a9
SHA1 8d8cbb03da38b2691170cfabd6f2c1ba6d311f09
SHA256 e000315912533e6c1747d3ec6758cce9b69f0957a7ef4c19409c074c48f96b28
CRC32 9BB8AA8D
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1q51Wn7qjno/N930:TMHdx7U14buJX1Ue2GQ0
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>1</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch>Scheduled</Launch>
<IsFirstRun>0</IsFirstRun>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 342 bytes
File Type XML 1.0 document, ASCII text
MD5 de29cfe2a583f1bbf7341aae0581b6f8
SHA1 47ac9e2a6c0869131ead8b879d7b3f49ff1f83cd
SHA256 d0b78193186991931de2e5350b72f60035a10c2866b7daffcc38c2dcc660f7f9
CRC32 60B4B5AA
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1q51Wn7qjno/N93TcL18G:TMHdx7U14buJX1Ue2GQQuG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>1</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch>Scheduled</Launch>
<IsFirstRun>0</IsFirstRun>
<InTrayIcon>1</InTrayIcon>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 333 bytes
File Type XML 1.0 document, ASCII text
MD5 460fb2f8982b60a8228e55996e71830b
SHA1 c6ea4c893e276acba8968a758fbbce393ed6017e
SHA256 38d89e2654a2ed63f66ff8340c9205b12ceef66352610ee365036c27ca88ffe7
CRC32 4F2F7158
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1q51Wn7qjDrLjN93TcL18G:TMHdx7U14buJX1Ue2GDfbQuG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>1</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch></Launch>
<IsFirstRun>0</IsFirstRun>
<InTrayIcon>1</InTrayIcon>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 375 bytes
File Type XML 1.0 document, ASCII text
MD5 9a065ebf69340fc35c331c841af4b195
SHA1 9717f3b3ae476d92ff1bc615a9e5572f38230541
SHA256 7db58f3748d4703b633d361f1e396b1bde35777219c1b04dd3a6780e695bf8f1
CRC32 B80FE42F
Ssdeep 6:TMVBdxwle9uOk/23kHayt4M0RuJASJ1rAG6FHrpL1q51Wn7qjDrLjN93TcL18jWU:TMHdx7U14buJX1Ue2GDfbQuCuPyQW0
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>1</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch></Launch>
<IsFirstRun>0</IsFirstRun>
<InTrayIcon>1</InTrayIcon>
<LastDateCheck>2019-12-03</LastDateCheck>
</AdobeUpdater>
File name AUTrans.xml_
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml.0
File Size 270 bytes
File Type XML 1.0 document, ASCII text
MD5 04ed38ce472563155aca49ef07663c34
SHA1 cbed1379d7eed337773af479ece0ade86f18b6d7
SHA256 216d48a7e5295961e74dd0b63fd6aeb7d28cf5bd0c266b696ccb7402e3125d7c
CRC32 31153431
Ssdeep 6:TMVBdx5R/GDWAoJ1CxERhFHCq3t5mKuLeyGQXbhvQE1Gj:TMHdx5Re671CxqXHCILm32e5i
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AUTransaction>
<AUClient AppID="AdobeUpdater">
<DisplayName>Adobe Updater</DisplayName>
<InstallPath>C:\Program Files (x86)\Common Files\Adobe\Updater6</InstallPath>
<State>3</State>
<Error>3</Error>
</AUClient>
</AUTransaction>
File name AUTrans.sig
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.sig
File Size 32 bytes
File Type data
MD5 778669d84d08308654ee2a5042e2f900
SHA1 35e619a6824ebad5027f949722a943bec2e5dc32
SHA256 38c7696d305e853163fa80279fc59c703d9b1b3096eac2c62efe5a3b4c2c7041
CRC32 C5C726F8
Ssdeep 3:IzXDdJ:OH
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name AdobeUpdater.aum
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\Data\AdobeUpdater.aum
File Size 0 bytes
File Type empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name AUTrans.xml_
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml_
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.xml
File Size 72 bytes
File Type XML 1.0 document, ASCII text
MD5 6cc0cef04360924ec91ce62905e33add
SHA1 1f162d34db290a5280da8bed04212077b66cbeac
SHA256 685b7da59e67b1d6ff9995907ac764936c39910b81ca20c4701810db5c7a1ebd
CRC32 BC90B0E1
Ssdeep 3:vFWWMNHU8LdgC/Z5R1JMK1iJMK3:TMVBdx5R/hGj
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AUTransaction></AUTransaction>
File name AUTrans.sig
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AUTrans.sig
File Size 32 bytes
File Type data
MD5 6a5ca88a70df39d042adffbb9ac761ca
SHA1 c5e2bc0973f6e6254770f3f90503514b3b2d8249
SHA256 c6a5723473734831e724d64103a05c8c42bf9b21d06da3c9d9cfcebf9e5b5cb8
CRC32 ABBFB1B3
Ssdeep 3:Xv6YRV4JQh:Xv5Rieh
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 406 bytes
File Type XML 1.0 document, ASCII text
MD5 8a3d93ee99f36597ef0aeff2ae50c0f6
SHA1 5da98bbd35d15ef70886a897a6c5339283ed87e4
SHA256 051a2d0b04f6b9d2584bb265cdcf810f40d3ca231b372abb03134a888ccab725
CRC32 731A8053
Ssdeep 12:TMHdx7U14buJX1Ue2GDfbQuCuPyQWUjTJA:2dx7/uJFUe2OfWuPyQWUjTG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang>en_US</DisplayLang>
<SilentCheck>1</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch></Launch>
<IsFirstRun>0</IsFirstRun>
<InTrayIcon>1</InTrayIcon>
<LastDateCheck>2019-12-03</LastDateCheck>
<InBackground>0</InBackground>
</AdobeUpdater>
File name AdobeUpdaterPrefs.dat
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat
File Size 401 bytes
File Type XML 1.0 document, ASCII text
MD5 d30c694365738a9a4980879308dadda2
SHA1 6978ca500f85eb05a03d6a2b1a7c35dff0a1a07a
SHA256 8acaf046077e7e6a24ddb18177b3195b364477ad6b544c061fd6cdda2da8082f
CRC32 8367C34E
Ssdeep 12:TMHdx7U14buJX1ye2GDfbQuCuPyQWUjTJA:2dx7/uJFye2OfWuPyQWUjTG
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
<?xml version="1.0" encoding="UTF-8" ?>
<AdobeUpdater>
<logFile>C:\Users\user\AppData\Local\Adobe\Updater6\aum.log</logFile>
<logLevel>2</logLevel>
<DisplayLang></DisplayLang>
<SilentCheck>1</SilentCheck>
<ConnectionType>0</ConnectionType>
<Launch></Launch>
<IsFirstRun>0</IsFirstRun>
<InTrayIcon>1</InTrayIcon>
<LastDateCheck>2019-12-03</LastDateCheck>
<InBackground>0</InBackground>
</AdobeUpdater>
File name aum.log
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\aum.log
File Size 2443 bytes
File Type ASCII text, with CRLF line terminators
MD5 df06e5a6c0be224b479361ed3db7b94b
SHA1 3e6d293535713dbe6ba728afd75f78679fbb6578
SHA256 951860786feb64132384700fbc9883db5c0cb127991279036ae44aa349c26071
CRC32 04BC3D51
Ssdeep 48:CJlmMgmy6QbZYyY5iXLQbVepyZX2iXNEe2rNJsPVzCOMnQbVe9yZXiiXdg72qqeD:5vCvu4MSbNtXSNAHYR
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
2019-12-03T12:54:23: >>> Adobe Updater Log Begin >>>
2019-12-03T12:54:23: cmdline option: -logFile = C:\Users\user\AppData\Local\Adobe\Updater6\aum.log
2019-12-03T12:54:23: cmdline option: -logLevel = 2
2019-12-03T12:54:23: Display Language requested = 
2019-12-03T12:54:24: Valid AppID added from global xml file = reader9rdr-en_US
2019-12-03T12:54:24: Could not load adobe_aum2pcd.dll
2019-12-03T12:54:24: No Startup mode specified.
2019-12-03T12:54:31: GetAppIDUpdates: getting available update info for AppID: reader9rdr-en_US
2019-12-03T13:25:14: GetAppIDUpdates: getting .upd file: http://swupmf.adobe.com/manifest/60/win/reader9rdr-en_US.upd
2019-12-03T13:25:14: GetAppIDUpdates: GetManifestProcessingError = 3
2019-12-03T13:25:14: GetAppIDUpdates: getting available update info for AppID: AdobeUpdater
2019-12-03T13:25:15: GetAppIDUpdates: getting .upd file: http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd
2019-12-03T13:25:15: GetAppIDUpdates: GetManifestProcessingError = 3
2019-12-03T13:25:17: sLaunchMode is = 
2019-12-03T13:25:21: No manual/schedule workflow to process next
2019-12-03T13:25:31: <<< Adobe Updater Log End <<<


2019-12-03T12:54:46: >>> Adobe Updater Log Begin >>>
2019-12-03T12:54:46: cmdline option: -logFile = C:\Users\user\AppData\Local\Adobe\Updater6\aum.log
2019-12-03T12:54:46: cmdline option: -logLevel = 2
2019-12-03T12:54:46: Display Language requested = en_US
2019-12-03T12:54:46: Valid AppID added from global xml file = reader9rdr-en_US
2019-12-03T12:54:46: Could not load adobe_aum2pcd.dll
2019-12-03T12:54:46: New AUM launched for schedule update...
2019-12-03T12:54:46: Entering normal workflow...
2019-12-03T12:55:20: GetAppIDUpdates: getting available update info for AppID: AdobeUpdater
2019-12-03T13:25:11: GetAppIDUpdates: getting .upd file: http://swupmf.adobe.com/manifest/60/win/AdobeUpdater.upd
2019-12-03T13:25:11: GetAppIDUpdates: GetManifestProcessingError = 3
2019-12-03T13:25:23: Result of GetOpenTransaction: = 3
2019-12-03T13:25:31: sLaunchMode is = 
2019-12-03T13:25:34: No manual/schedule workflow to process next
2019-12-03T13:25:34: bDoNormalWF=false
2019-12-03T13:25:34: bHasPendingMissingComp=false
2019-12-03T13:25:34: bProcessExpressTrans=true
2019-12-03T13:25:34: bProcessNormalTrans=false
2019-12-03T13:25:40: Quitting loop from normal WF, no other workflows to process
2019-12-03T13:25:48: <<< Adobe Updater Log End <<<


File name aumLib.log
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Updater6\aumLib.log
File Size 1049 bytes
File Type ASCII text, with CRLF line terminators
MD5 2ccfad45b04d5e10979b4e91c45c2a7b
SHA1 de0cd6ab477b2bd0922bb1dd453233a4fb130776
SHA256 fe11fbe988430080931e65826beddae013b70770049d65247dc9ebc3efb189d5
CRC32 A90D4E12
Ssdeep 12:EiJeAgUHA8+eWhAAMiXJXe5KchQQS4yRRjiW2IV5R2I3rFZAM1ClVeM1+b0dU9Nj:VJMI0hAGZ3DRjpTR2kFRiNO/PA2CRUFh
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
2019-12-03T14:05:48: >>> Adobe Updater Log Begin >>>
2019-12-03T14:05:48: logFile: = C:\Users\user\AppData\Local\Adobe\Updater6\aumLib.log
2019-12-03T14:05:48: logLevel: = 2
2019-12-03T14:05:48: Vista IE Protected Mode:No
2019-12-03T14:05:48: In AUMDoPluginAction(...)
2019-12-03T14:05:48: appIdentifierreader9rdr-en_US
2019-12-03T14:05:48: Has admin priv.
2019-12-03T14:05:48: ForkUpdater.
2019-12-03T14:05:48: return code = 0(ESD_ERR_OK)
2019-12-03T14:06:55: In AUMTriggerUpdateCheck(...)
2019-12-03T14:06:55: appIdentifierreader9rdr-en_US
2019-12-03T14:06:55: appFolderPathC:\Program Files (x86)\Adobe\Reader 9.0\Reader
2019-12-03T14:06:55: AUMTriggerType = 1
2019-12-03T14:06:55: appDisplayNameAdobe Reader 9
2019-12-03T14:06:55: appDisplayLangen_US
2019-12-03T14:06:55: bOverrideData= true
2019-12-03T14:06:55: Has admin priv.
2019-12-03T14:06:59: Trigger Update: AppIdentifier: reader9rdr-en_US
AppFolder: C:\Program Files (x86)\Adobe\Reader 9.0\Reader
Update Type: =  Scheduled Update
2019-12-03T14:07:11: Launching AUM.
File name updater.log
Associated Filenames
C:\Users\user\AppData\Local\Adobe\Acrobat\9.0\Updater\updater.log
File Size 347 bytes
File Type ASCII text, with CRLF line terminators
MD5 3b77ba058e4f703970b76c0460fa63c6
SHA1 f64bc996e52a73ce15e1276a3254b290464cb7a7
SHA256 1a3c8cf6e0dfaa2a2f697c22a9baee4c287a183e7f4a89265308e93c489b17fe
CRC32 C0E4A0BD
Ssdeep 6:P9AHVt5kD4hK8zfdxTvfWK85LEEEoOvA4FFNpOmHu4FFNplyRRjqXADv:Pi1L24IS/f3aLJ+oggglyRRjqs
ClamAV None
Yara None matched
CAPE Yara None matched
VirusTotal Search for Analysis
Submit file Display Text
 : Loading AUM Integration library at path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.
 : Successfully loaded AUM integration library
 : Successfully found all library entry points.  Library is valid.
 : Entering GetAppID()
 : AUMDoPluginAction returns => 0
 : Entering GetAppID()
 : AUMTriggerUpdateCheck returns => 0
Sorry! No CAPE files.
Process Name Adobe_Updater.exe
PID 2628
Dump Size 2373120 bytes
Module Path C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
Type PE image: 32-bit executable
MD5 1e25ca594f999ee389380d42eae62bef
SHA1 a8ff85cf4f24e2c8788f9dd44204668bd3d2690c
SHA256 2b39dfd96f10e2793e5c29b5a0a79330263293d39d6dae5c5009a9d15e26fea0
CRC32 21041D92
Ssdeep 49152:PCPPxPbfzhPimt2BZCUkax76FHB00W1eEw2ar6sCJl7QTE4YN:ob7h1Ukkau0W1eE28LN
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 2b39dfd96f10e2793e5c29b5a0a79330263293d39d6dae5c5009a9d15e26fea0
Process Name Adobe_Updater.exe
PID 2992
Dump Size 2373120 bytes
Module Path C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
Type PE image: 32-bit executable
MD5 026fc16b44b95c9a7307e75fec8551f7
SHA1 1c63e43d093edbc28857d33bd8e17395724b9485
SHA256 4704a2839255edc371b888d569e4caffd23d809e43d58a473be6bc3b6400cec1
CRC32 9EE952F6
Ssdeep 49152:PCPPxPbfzhPimt2BZCUkax76FHB00W1eEw2ar6sCxl7QTE4YY:ob7h1Ukkau0W1eE2ELY
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 4704a2839255edc371b888d569e4caffd23d809e43d58a473be6bc3b6400cec1
Process Name AcroRd32.exe
PID 884
Dump Size 333312 bytes
Module Path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
Type PE image: 32-bit executable
MD5 e771580f89349e977385722e5a5fbb25
SHA1 f3e1756abc93c7f408c9d862e91a85b79de31100
SHA256 23b4ca1b88aaba045711cfa66c4f04ca4c47fa47a3b316375ed08a0a08c18ce1
CRC32 C7E0A162
Ssdeep 1536:gSR9/xeujsuEkoP6VQgO5h9aJfXgY1zUTyr5hVa8:gmiS/oklO5h+XgTTSjM8
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename 23b4ca1b88aaba045711cfa66c4f04ca4c47fa47a3b316375ed08a0a08c18ce1
Process Name explorer.exe
PID 1632
Dump Size 2861568 bytes
Module Path C:\Windows\explorer.exe
Type PE image: 64-bit executable
MD5 0b2fbeba0f7a5e4f0eb8d3e9e98f24a7
SHA1 c46ff83449870820f20ebfe86193cc7be93a7684
SHA256 c307e056dc2ec779b0edb3044d9f3da4cfbe0ca8d4bf76e05c4d89a2f5566488
CRC32 55FFAD9F
Ssdeep 49152:kxrceI/lIRYraisQhFCUu8vYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2W:GrcPlIWNvYYYYYYYYYYYRYYYYYYYYYY4
ClamAV None
Yara None matched
CAPE Yara None matched
Dump Filename c307e056dc2ec779b0edb3044d9f3da4cfbe0ca8d4bf76e05c4d89a2f5566488

Comments



No comments posted

Processing ( 11.965 seconds )

  • 4.547 CAPE
  • 4.127 ProcDump
  • 1.999 BehaviorAnalysis
  • 0.42 Deduplicate
  • 0.366 Dropped
  • 0.338 Static
  • 0.089 TrID
  • 0.036 TargetInfo
  • 0.032 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.005 Strings
  • 0.001 Debug

Signatures ( 1.273 seconds )

  • 0.384 antidbg_windows
  • 0.085 decoy_document
  • 0.078 api_spamming
  • 0.076 stealth_timeout
  • 0.071 antiav_detectreg
  • 0.068 NewtWire Behavior
  • 0.032 mimics_filetime
  • 0.027 Doppelganging
  • 0.027 infostealer_ftp
  • 0.025 reads_self
  • 0.024 stealth_file
  • 0.023 antivm_generic_disk
  • 0.02 bootkit
  • 0.02 antivm_vbox_window
  • 0.019 infostealer_browser
  • 0.019 virus
  • 0.015 antisandbox_script_timer
  • 0.015 antianalysis_detectreg
  • 0.015 infostealer_im
  • 0.011 antivm_generic_scsi
  • 0.011 infostealer_mail
  • 0.01 hancitor_behavior
  • 0.009 antiav_detectfile
  • 0.009 ransomware_files
  • 0.007 antivm_vbox_keys
  • 0.006 infostealer_browser_password
  • 0.006 infostealer_bitcoin
  • 0.005 injection_createremotethread
  • 0.005 InjectionCreateRemoteThread
  • 0.005 ipc_namedpipe
  • 0.005 antivm_vmware_keys
  • 0.005 recon_fingerprint
  • 0.004 InjectionInterProcess
  • 0.004 injection_runpe
  • 0.004 antivm_generic_services
  • 0.004 InjectionProcessHollowing
  • 0.004 kibex_behavior
  • 0.004 shifu_behavior
  • 0.004 ransomware_message
  • 0.004 antivm_vbox_files
  • 0.004 antivm_xen_keys
  • 0.004 ransomware_extensions
  • 0.003 malicious_dynamic_function_loading
  • 0.003 uac_bypass_eventvwr
  • 0.003 antiemu_wine_func
  • 0.003 betabot_behavior
  • 0.003 Raccoon Behavior
  • 0.003 dynamic_function_loading
  • 0.003 persistence_autorun
  • 0.003 kovter_behavior
  • 0.003 antivm_parallels_keys
  • 0.003 ketrican_regkeys
  • 0.003 geodo_banking_trojan
  • 0.003 darkcomet_regkeys
  • 0.003 masquerade_process_name
  • 0.002 sets_autoconfig_url
  • 0.002 antivm_vbox_libs
  • 0.002 exploit_getbasekerneladdress
  • 0.002 recon_programs
  • 0.002 Vidar Behavior
  • 0.002 Extraction
  • 0.002 neshta_files
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_generic_diskreg
  • 0.002 antivm_vpc_keys
  • 0.001 stack_pivot_file_created
  • 0.001 tinba_behavior
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 disables_spdy
  • 0.001 antidebug_guardpages
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 exploit_heapspray
  • 0.001 rat_luminosity
  • 0.001 stack_pivot
  • 0.001 modifies_desktop_wallpaper
  • 0.001 exploit_gethaldispatchtable
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 exec_crash
  • 0.001 uac_bypass_cmstp
  • 0.001 InjectionSetWindowLong
  • 0.001 disables_wfp
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 antiav_bitdefender_libs
  • 0.001 securityxploded_modules
  • 0.001 antidbg_devices
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vmware_files
  • 0.001 bypass_firewall
  • 0.001 disables_browser_warn
  • 0.001 network_torgateway
  • 0.001 packer_armadillo_regkey
  • 0.001 limerat_regkeys
  • 0.001 rat_pcclient
  • 0.001 remcos_regkeys

Reporting ( 0.017 seconds )

  • 0.017 CompressResults
Task ID 115361
Mongo ID 5de5fe2638b1e1182f3b182e
Cuckoo release 1.3-CAPE
Delete